1.

CHAPTER VII – SECURITY OF SENSITIVE PERSONAL INFORMATION

IN GOVERNMENT

Sec 22. Responsibility of the Agencies

➢ The government, its agencies and instrumentalities shall keep all
sensitive personal information secured under its standard practice that is
recommended by the commission. The head of every agency shall be
responsible for the compliance of security requirements while the
commission is responsible for monitoring and giving necessary
suggestions to satisfy the minimum standard.

Sec 23. Requirements Relating to Access by Agency Personnel to Sensitive

Personal Information
a) On-site and online access 3 the employees of the government shall have no
access to any sensitive personal information on any government property and
online facility unless given permission or security clearance from the head of
the agency
b) Off-site access 3 confidential personal information cannot be transported or
accessed from a location outside the government property unless a
request was filed and approved by the head of the agency in accordance of
the following guidelines:
1. Deadline for Approval or Disapproval 3 requests are submitted to
the head of an agency and shall be approved or disapproved within
two (2) business days after the date of submission of the request;
2. Limitation to One thousand (1,000) Records 3 Approved requests by
the head of the agency shall limit the access to not more than one
thousand (1,000) records at a time; and
3. Encryption 3 Any technologies or devices used to store,
transport or access sensitive personal information for purposes of off-
site access approved under this subsection must be secured through
the use of the most secure encryption standard recognized by the
Commission.

All requirements under this subsection shall be implemented not later than six
(6) months after the date of the enactment of this Act.

Sec 24. Applicability to Government Contractors

➢ An agency shall require a contractor and its employees to
register their personal information processing system with the
Commission in accordance with this Act and to comply with the
other provisions of this Act, including the immediately preceding
section, in the same manner as agencies and government employees
comply with such requirements.
2.

CHAPTER VIII – PENALTIES

Sec 25. Unauthorized Processing of Personal Information and Sensitive

Personal Information
➢ Unauthorized Processing
■ IMPRISONMENT: 1-3 YEARS
■ FINE: PHP 500,000-PHP 2,000,000

➢ Sensitive Personal Info:

■ IMPRISONMENT: 3-6 YEARS
■ FINE: PHP 500,000-PHP 4,000,000

Sec 26. Accessing Personal Information and Sensitive Personal Information

due to Negligence.

➢ Accessing Personal Info. Due to Negligence:

■
IMPRISONMENT: 1-3
YEARS
■
FINE: PHP 500,000-PHP
2,000,000
➢ Sensitive Personal Info:
■
IMPRISONMENT: 3-6
YEARS
■
FINE: PHP 500,000-PHP
4,000,000
Sec 27. Improper Disposal
of Personal Information and
Sensitive Personal
Information:
➢ Improper Disposal of
Personal Info:
■
IMPRISONMENT: 6
MONTHS-2 YEARS
■
FINE: PHP 100,000-PHP
500,000
➢ Sensitive Personal Info:
■
IMPRISONMENT: 1-3
YEARS
■
FINE: PHP 100,000-PHP
1,000,000
Sec 28. Processing of
Personal Information and
Sensitive Personal
Information for
Unauthorized Purposes:
➢ Unauthorized Purposes:
■
IMPRISONMENT: 1
YEAR & 6 MONTHS-5
YEARS
■
FINE: PHP 500,000-PHP
1,000,000
➢ Sensitive Personal Info:
■
IMPRISONMENT: 2-7
YEARS
■
FINE: PHP 500,000-PHP
2,000,000
Sec 29. Unauthorized
Access or Intentional
Breach.
■
IMPRISONMENT: 1-3
YEARS
■
FINE: PHP 500,000-PHP
2,000,000
Sec 30. Concealment of
Security Breaches Involving
Sensitive Personal
Information.
■
IMPRISONMENT: 1
YEAR & 6 MONTHS-5
YEARS
■
FINE: PHP 500,000-PHP
1,000,000
Sec 31. Malicious
Disclosure
■
IMPRISONMENT: 1
YEAR & 6 MONTHS-5
YEARS
■
FINE: PHP 100,000-PHP
500,000
Sec 32. Unauthorized
Disclosure
■
IMPRISONMENT: 6
MONTHS-2 YEARS
■
FINE: PHP 100,000-PHP
500,000
■ IMPRISONMENT: 1-3 YEARS
■ FINE: PHP 500,000-PHP 2,000,000

➢ Sensitive Personal Info:

■ IMPRISONMENT: 3-6 YEARS
■ FINE: PHP 500,000-PHP 4,000,000

Sec 27. Improper Disposal of Personal Informa tion and Sensitive Personal
Information:
➢ Improper Disposal of Personal Info:
■ IMPRISONMENT: 6 MONTHS-2 YEARS
■ FINE: PHP 100,000-PHP 500,000

➢ Sensitive Personal Info:

■ IMPRISONMENT: 1-3 YEARS
■ FINE: PHP 100,000-PHP 1,000,000

Sec 28. Processing of Personal Information and Sensitive Personal

Information for Unauthorized Purposes:
➢ Unauthorized Purposes:
■ IMPRISONMENT: 1 YEAR & 6 MONTHS-5 YEARS
■ FINE: PHP 500,000-PHP 1,000,000

➢ Sensitive Personal Info:

■ IMPRISONMENT: 2-7 YEARS
■ FINE: PHP 500,000-PHP 2,000,000

➢Sec 29. Unauthorized Access or Intentional Breach.

■ IMPRISONMENT: 1-3 YEARS
■ FINE: PHP 500,000-PHP 2,000,000

Sec 30. Concealment of Security Breaches Involving Sensitive Personal

Information.
■ IMPRISONMENT: 1 YEAR & 6 MONTHS-5 YEARS
■ FINE: PHP 500,000-PHP 1,000,000

Sec 31. Malicious Disclosure

■ IMPRISONMENT: 1 YEAR & 6 MONTHS-5 YEARS
■ FINE: PHP 100,000-PHP 500,000

Sec 32. Unauthorized Disclosure

■ IMPRISONMENT: 6 MONTHS-2 YEARS
■ FINE: PHP 100,000-PHP 500,000
 ➢ If Info. Controller or Processor:
■ IMPRISONMENT: 3-5 YEARS
■ FINE: PHP 500,000-PHP 2,000,000

Sec 33. Combination or series of act

■ IMPRISONMENT: 3-6 YEARS
■ FINE: PHP 1,000,000-PHP 5,000,000

Sec 34. Extent of Liability

➢ Offender is a corporation, partnership or any juridical person - The penalty
will be paid on the liable officers, as the case may be, who participated in, or enabled
the commission of the crime by their gross negligence.

1. Offender is a juridical person - the court may suspend or revoke any of its
rights under this Act.
2. Offender is alien - he or she shall be deported without further proceedings
after serving the penalties herein prescribed.
3. Offender is a public official or employee - If he or she is found guilty of any
of the acts mentioned in Sections 27 and 28 of this Act, he or she will
face permanent or temporary absolute disqualification from office, depending
on the circumstances.

Sec 35. Large-Scale

➢ When the personal information of at least one hundred (100) persons is
harmed, affected or involved as the result of the above mentioned
actions, the maximum penalty in the scale of penalties respectively
provided for the preceding offenses shall be imposed.

Sec 36. Offense Committed by Public Officer

➢ When the offender or the person responsible for the offense is a public
officer as defined in the Administrative Code of the Philippines in the
exercise of his or her duties, an accessory penalty consisting in the
disqualification to occupy public office for a term double the term of
criminal penalty imposed shall be applied.

Sec 37. Restitution

➢ Restitution for any aggrieved party shall be governed by the provisions of
the New Civil Code.
3.

CHAPTER IX - MISCELLANEOUS PROVISIONS

Sec 38. Interpretation

➢ Any doubt in the
interpretation of any
provision of this Act shall
be liberally interpreted
in a manner mindful of the
rights and interests of the
individual about whom
personal
information is processed.
Sec 39. Implementing Rules
and Regulations (IRR)
➢ The Commission will
promulgate the rules and
regulations to effectively
implement the
provisions of this Act within
the ninety (90) days from its
effectiveness.
Sec 40. Reports and
Information
➢ The President and
Congress will receive an
annual report regarding its
activities in
carrying out the provisions
of this Act. The
Commission will undertake
whatever efforts
it may determine to be
necessary or appropriate to
inform and educate the
public of data
privacy, data protection and
fair information rights and
responsibilities.
Sec 41. Appropriations
Clause
➢ An initial appropriation
of Twenty million pesos
(Php20,000,000.00) drawn
from the
national government will be
provided to the
Commissions. In the
succeeding years
Appropriations will be
included in the General
Appropriations Act. Upon
implementation
of this Act, it will receive
Ten million pesos
(Php10,000,000.00) per year
for five (5)
years drawn from the
national government.
Sec 42. Transitory Provision
➢ All Existing industries,
businesses and offices
affected by the
implementation of this Act
will be given one (1) year
from the IRR effective date,
or other period as
determined by
the Commission, to comply
with the Acts requirements.
Sec 43. Separability Clause
➢ If any provision or part
of this law is found invalid
or unconstitutional, the
remainder of
the law or the provision
would not be affected and
will remain valid and
subsisting.
Sec 44. Repealing Clause
➢ The provision of Section
7 of Republic Act No.9372,
or known as the "Human
Security
Act of2007," is hereby
amended by this Act. That
all other laws, decrees,
executive
orders, proclamations, and
administrative regulations or
sections thereof that are
inconsistent with this Act
are hereby repealed or
amended accordingly,
unless otherwise
expressly provided in this
Act.
Sec 38. Interpretation
➢ Any doubt in the interpretation of any provision of this Act shall be
liberally interpreted in a manner mindful of the rights and interests of the
individual about whom personal information is processed.

Sec 39. Implementing Rules and Regulations (IRR)

➢ The Commission will promulgate the rules and regulations to effectively
implement the provisions of this Act within the ninety (90) days from its
effectiveness.

Sec 40. Reports and Information

➢ The President and Congress will receive an annual report regarding its
activities in carrying out the provisions of this Act. The Commission will
undertake whatever efforts it may determine to be necessary or appropriate to
inform and educate the public of data privacy, data protection and fair
information rights and responsibilities.

Sec 41. Appropriations Clause

➢ An initial appropriation of Twenty million pesos (Php20,000,000.00)
drawn from the national government will be provided to the Commissions. In
the succeeding years Appropriations will be included in the General
Appropriations Act. Upon implementation of this Act, it will receive Ten
million pesos (Php10,000,000.00) per year for five (5) years drawn from the
national government.

Sec 42. Transitory Provision

➢ All Existing industries, businesses and offices affected by the
implementation of this Act will be given one (1) year from the IRR effective
date, or other period as determined by the Commission, to comply with the
Acts requirements.

Sec 43. Separability Clause

➢ If any provision or part of this law is found invalid or unconstitutional, the
remainder of the law or the provision would not be affected and will remain
valid and subsisting.

Sec 44. Repealing Clause

➢ The provision of Section 7 of Republic Act No.9372, or known as the
"Human Security Act of2007," is hereby amended by this Act. That all other
laws, decrees, executive orders, proclamations, and administrative regulations
or sections thereof that are inconsistent with this Act are hereby repealed or
amended accordingly, unless otherwise expressly provided in this Act.

Sec 45. Effectivity Clause

 ➢ The Act became effective fifteen (15) days after the publication in at least
two (2) national newspapers of general circulation.
4.

Benefits and
Challenges of
Technology
Benefits of Technology:
a. Ease of Workflow
Entering data into a
computerized system is
much less time-consuming
than paper-based
methods, and it reduces the
risk of errors in patient data
and financial details.
Accessing
patient records digitally
also allows medical
coding experts to work
from home,
increasing efficiency and
productivity.
b. Technological Devices
Improved Care and
Efficiency
There are a lot of
technological devices and
equipment which improved
the efficiency
and care of the patients,
it includes the portable
defibrillator, drug
management
technology, MR system,
electronic IV monitors, as
well as devices made for the
patients
contacting the doctors or
nurse, the kinds of digital
devices made for patients
who are
placed in the patient9s
rooms or wards in hospitals.
In case of emergency, the
patients can
click the button of these
devices. It informs the
doctors or nurses on time to
come for the
patient. With this kind of
device, without wasting
time the doctor can reach
the patients
and save their lives.
The following are only a
few of the technical
devices that have been
introduced to
healthcare:
i. Artificial Intelligence
Artificial Intelligence (AI)
technologies are being
used to listen in on
patient-
doctor conversations and
recording everything in a
complete file. AI amplifies
the
expertise of trained doctors
with additional layers of
real-time data, information
and insights, making it
possible to cut down errors
and increase precision. With
the help of AI, which can
instantly provide
information on the patient9s
past and
present health as well as
make suggestions that
would help in diagnosis,
medical
professionals are able to
provide swift care to more
patients.
ii. Sensors and Wearable
Technolog
Benefits and Challenges of Technology
Benefits of Technology:
a. Ease of Workflow
Entering data into a computerized system is much less time-consuming
than paper-based methods, and it reduces the risk of errors in patient data and
financial details. Accessing patient records digitally also allows medical
coding experts to work from home, increasing efficiency and productivity.

a. Technological Devices Improved Care and Efficiency

There are a lot of technological devices and equipment which
improved the efficiency and care of the patients, it includes the portable
defibrillator, drug management technology, MR system, electronic IV
monitors, as well as devices made for the patients contacting the doctors or
nurse, the kinds of digital devices made for patients who are placed in
the patient9s rooms or wards in hospitals. In case of emergency, the patients
can click the button of these devices. It informs the doctors or nurses on time
to come for the patient. With this kind of device, without wasting time the
doctor can reach the patients and save their lives.
The following are only a few of the technical devices that have been
introduced to healthcare:
i. Artificial Intelligence
 Artificial Intelligence (AI) technologies are being used to
listen in on patient-doctor conversations and recording everything in
a complete file. AI amplifies the expertise of trained doctors with
additional layers of real-time data, information and insights, making it
possible to cut down errors and increase precision. With the help of
AI, which can instantly provide information on the patient9s past and
present health as well as make suggestions that would help in
diagnosis, medical professionals are able to provide swift care to more
patients.

i. Sensors and Wearable Technology

ii. Smart electronic

devices are worn on
the body and
transmit information
to a
iii. mobile application to
help the patient and
physician track health
stats, such as the
iv. amount of sleep, heart
rate, and physical
activity. In
 cardiology, there are
wearable
v. devices that can
provide information
on heart rhythm and
the patient9s cardiac
vi. behaviors, as well as
information like
blood pressure,
breathing patterns,
and
vii. blood glucose levels.
viii.
ix. iii. Telemedicine
x.
xi. Telemedicine is a
growing field that
 allows people in rural
settings, with limited
xii. access, to get the help
they need without
having to travel far.
The implementation
xiii. of these options
means less crowded
waiting rooms and
shorter waiting times
for
xiv. patients who are
physically in the
doctor9s office.
However, certain
types of
 xv. illnesses and
problems require a
face-to-face physical
assessment and
cannot be
xvi. diagnosed through
telemedicine.
xvii.
xviii. iv. 3D Printing
xix.
xx. Today, it is possible
to reproduce bones
and some internal
organs using 3D
xxi. printing technology.
These artificial organs
 and bones can then be
introduced into
xxii. the body of the patient
to replace diseased or
problematic areas.
With a 3D model,
xxiii. it is significantly
easier for a surgeon
to have a closer
look at the problem
and
xxiv. simulate a variety of
solutions or possible
operations that can
be undertaken
 xxv. before performing the
actual surgery on the
patient.
xxvi.
xxvii. v. Nanotechnology
xxviii.
xxix. Scientists are using
nanoparticles to
target tumors, in
drug delivery
systems, to
xxx. improve medical
imaging, for
implants and
regenerative
medicine, well as
 xxxi. research tools for drug
discovery and
biomedical science.
xxxii.
xxxiii. c. Digitalization of
Health Records
xxxiv.
xxxv. The old system of
paper records required
medical practitioners
and nurses to create
and
xxxvi. complete files for
their patients, often
leading to long wait
times in order to
collect,
 xxxvii. retrieve and update
the correct data. An
electronic health
record (EHR) is a
digital
xxxviii. version of a patient9s
paper chart. EHRs are
real-time, patient-
centered records that
make
xxxix. information available
instantly and securely
to authorized users.
xl.
xli. EHR contains the
following:
Smart electronic devices are worn on the body and transmit
information to a mobile application to help the patient and
physician track health stats, such as the amount of sleep, heart rate,
 and physical activity. In cardiology, there are wearable devices
that can provide information on heart rhythm and the
patient9s cardiac behaviors, as well as information like blood
pressure, breathing patterns, and blood glucose levels.

iii. Telemedicine
Telemedicine is a growing field that allows people in rural
settings, with limited access, to get the help they need without having
to travel far. The implementation of these options means less crowded
waiting rooms and shorter waiting times for patients who are
physically in the doctor9s office. However, certain types of
illnesses and problems require a face-to-face physical assessment and
cannot be diagnosed through telemedicine.

iv. 3D Printing
Today, it is possible to reproduce bones and some internal
organs using 3D printing technology. These artificial organs and
bones can then be introduced into the body of the patient to replace
diseased or problematic areas. With a 3D model, it is significantly
easier for a surgeon to have a closer look at the problem and
simulate a variety of solutions or possible operations that can be
undertaken before performing the actual surgery on the patient.

v. Nanotechnology
Scientists are using nanoparticles to target tumors, in drug
delivery systems, to improve medical imaging, for implants and
regenerative medicine, well as research tools for drug discovery and
biomedical science.

c. Digitalization of Health Records

The old system of paper records required medical practitioners and nurses to create
and complete files for their patients, often leading to long wait times in order
to collect, retrieve and update the correct data. An electronic health record
(EHR) is a digital version of a patient9s paper chart. EHRs are real-time, patient-
centered records that make information available instantly and securely to authorized
users.

EHR contains the following:

● Patient's demographic, billing, and insurance information
● Physical history and physicians orders
● Medication allergy lists
● Nursing assessments, notes, and graphics of vital signs
● Laboratory and radiology results
● Trending labs, vital signs, results, and activities pages for easy reference
● Inks to important clinical information and support
● Reports for quality and safety personnel.

d. Care is Advanced Through Medical Apps

With apps being rapidly developed for all aspects of our life, healthcare apps aren’t
far behind for both healthcare professionals and patient use. These application
programs offer health-related services for smartphones and tablets and are
accessible to patients everywhere. While some apps offer better health awareness,
others assist communication between patient and care providers. Mobile health apps
can assist with these areas:
● Fitness and weight-loss
● Medical reference
● Medication management
● Mental health
● Personal health records
● Womens health

e. Improved Public Health

EHRs provide invaluable data to clinical researchers, helping to advance

medical knowledge and the development of treatments for common health
problems (like viral outbreaks). A standardized health IT system can provide insights
into how widespread an outbreak is, enabling preventative measures (such as
increased flu shot production) to be put in place much more quickly.

Challenges of Technology

Question: What will the future of healthcare challenges look like? How will
businesses navigate new hurdles?

Answer: Technology has shaped healthcare in irreversible ways. Innovations

like electronic health records aid convenience and access to information. But, these
advantages also comes with new challenges. Hospitals and other healthcare
organizations must continuously check for updates and avoid new types of medical
malpractice suits. They will also need to consider how business practices and patient
care intersect.
5.

1. The Challenge of Interoperability

● Electronic Health Records (EHRs) allows primary healthcare providers to
access relevant patient data instantly.
● Around 95% percent of hospitals use EHRs- interoperability, which
proves to be a challenge for them.
● Most of the healthcare team and some hospitals would reveal that
interoperability is a mess wherein patient identification isnt standardized,
often making it impossible to match a person with their records . Nearly
anyone can input information into a patient’s EHR, but withdrawing data isn’t
always possible.
● How to avoid:
➔ One solution is to implement cloud-based EHRs which
centralize the database while still providing the necessary security.

2. Keeping up with the Old Tech

● Many facilities still use the out-of-date technology
● Outdated software creates security holes and allows hacks to easily access
the system.
● Example: Hackers had taken down the NHS9s system in 2017.
● Although it is easier to upgrade a computer to the next operating
system in line, it is, however hard for medical equipment running an
older OS and upgrading it isn’t as straightforward.
● How to avoid:
➔ To upgrade when possible, the facility’s IT department should be
fluent in every operating system that’s currently in use.

3. User-Unfriendly Interfaces
● As medical technology is advancing by leaps and bound, one thing left in
the dark ages is user interface. These devices might change the world but it
won’t matter if they’re too difficult to use.
● If there is too much data on the screen at once, or the interface
doesn’t help users navigate, no one is going to use it.
● How to avoid:
➔ Engage with manufacturers during the research and
development phase and let them know what’s needed.
 ➔ Take the time to learn how unfriendly interfaces work.

4. Exacerbating Malpractice Claims

● Medical technology has made many practices easier but it overcomplicates
others.
● Example #1: There was a case from 2013 wherein a 16 year old patient was
supposed to take a single dose of antibiotics before a routine procedure,
there was a lack of interoperability in this case and a lack of interoperability
meant that everyone who saw the patient between admissions and when he
complained of anxiety- thought that he needed to take another dose. So
what happened to the patient was that he took nearly 39 times of the
recommended dose of this medication.
● Example #2: The Health Management Associates, LLC, is
another example of malpractice claims wherein they had agreed to
pay more than $260 million to settle lawsuits surrounding
emergency room misconduct because allegations claim the
organization forced physicians to make unnecessary admissions.
● How to avoid:
➔ To be diligent when inputting information into a patient9s
health record.

5. Overcomplicated Asset Tracking

● Asset tracking through EHRs can be both a blessing and a curse.
● Medical workers can use EHRs to find anything with a barcode or
tracking chip (RFID).
● However, physicians often complain that poorly designed
system impede with work, making them slave to EHRs.
● Problem: lies within the EHRs themselves, experts designed the
system to facilitate billing, not improve patient care though it should
be able to do both.
● How to reduce the problem (since EHRs aren9t avoidable):
➔ Physicians can reduce the strain and chance of technology
burnout by participating in training offered by providers.

6. Overall Implementation
● Implementing technology in medicine has a steep learning curve for
hospitals and the healthcare team because those who need it most may not
have the time to learn how to use it.
● Without a comprehensive understanding, trying to use medical
technology can lead to practitioner error and malpractice.
● Technology is going to change and shape the medical industry for decades
to come and hospital administrators, medical professionals, and IT teams need
to tackle this challenge head-on. Those who do not adapt will be left behind,
struggling to keep up with the tidal wave of innovation that9s sweeping
through healthcare.
6.
Current Technology: Issues and Dilemma
In the healthcare setting, the seemingly simple maxim, <First do no harm= proves to
be far more complex when considered in the rapidly advancing medical
technology, constant budget constraints, and new health threats.

4 General categories of Ethical Issues in IT Applications:

● Privacy: about collecting, storing and disseminating information about
individuals.
● Accuracy: involves the authenticity, fidelity and validity of information that
is collected and processed.
● Property: relates to the ownership and value of information.
● Accessibility: revolves around who should have access to information and
whether fees should be paid for such access.

At a time when emerging technologies such as big data and artificial

intelligence (AI) are challenging the fundamental notion of what a healthcare
provider is, the battle to stop a worldwide pandemic reveals just how difficult
ethical issues in healthcare can become when resources are strained.

VIDEO PRESENTATION LINK: https://www.youtube.com/watch?

v=VDrWbjgM3Ik

Data safety - prevents accidental data loss through failure or destruction of equipment
or accidental deletion.

Data security - refers to the protection of data from unauthorised access and strategies
to keep data secure from hacking and viruses.

Four major ethical issues facing the healthcare industry in 2020:

A. Data Protection and Privacy
● Privacy and Confidentiality
- The right of an individual to keep information about themselves
from being disclosed to others; the claim of individuals to be let alone
from surveillance or interference from other individuals,
organizations, or the government (Rognehaugh, 1999).
 - Information of a patient should be released to others only with
the patient's permission or allowed by law.
○ When a patient is unable to do so because of age, mental
incapacity the decisions about information sharing should
be made by the legal representative or legal guardian of the
patient. Information shared because of clinical interaction is
considered confidential and must be protected.

- EHR creates a centralized, shareable record of a patient9s entire

medical history, allow for the automation of healthcare provider
workflows; and enable advanced medical assessment tools.
○ EHRs carry large amounts of personal data, they also have
higher risk of privacy violation.

– Protecting patient data is a core responsibility of healthcare

providers, and the federal law restricting release of medical
¬¬information strictly regulates the handling of sensitive patient
health information.

- The key to preserving confidentiality:

○ Allow only authorized individuals to have access to
information. The user's access is based on pre-established role-
based privileges.
○ The administrator identifies the user, determines the level
of information to be shared and assigns usernames and
passwords.
○ The user should be aware that they will be accountable
for the use and misuse of the information they view.
☐ They have access to the information they need
to carry out their responsibilities.
○ Hence assigning user privileges is a major aspect of
medical record security.
- Although controlling access to health information is important but is
not sufficient for protecting confidentiality. Additional security steps
such as strong privacy and security policies are essential to secure
patient's information.

Security measures done to prevent security and privacy breach:

1. Enhance Administrative Control

● Update policies and procedures
● Guide employees through the stringent privacy and security training process
● Run background checks on all employees

2. Monitor Physical and System Access

● Create physically inaccessible systems to unauthorized individuals
● Have exigencies in place for data recovery or restoration
● Provide identification and verification requirements to all system users
● Access the list of authorized users
● Supply passwords and personal identification numbers (PINs)
 ● Provide automatic software shutdown routines

3. Identify Workstation Usage

● Set privacy filters at each workstation
● Distinguish the different capabilities of different workstations

4. Audit and Monitor System Users

● Identify any weakness in the system
● Detect any security breach or attempt at a breach
● Regularly audit all authorized users
● Issue specific punishments to employees not following compliance
guidelines

5. Employ Device and Media Controls

● Construct a security plan for data disposal
● Remove data from reusable hardware
● Track all reprocessed hardware
● Backup all data from all hardware

6. Apply Data Encryption

● Disguise all data inside medical files through cryptography
7.

B. Eugenics

 Eugenics literally means “good creation” It is the practice or advocacy of

improving the human species by selectively mating people with specific
desirable hereditary traits.
 It aims to reduce human suffering by “breeding out” disease,
disabilities and so-called undesirable characteristics from the human
population.
 Early supporters of eugenics believed people inherited mental illness,
criminal tendencies and even poverty, and that these conditions could be
bred out of the gene pool.
 Modern eugenics, better known as human genetic engineering, changes or
removes genes to prevent disease, cure disease or improve your body in
some significant way.
 Modern genetic engineering also comes with a potential cost. As
technology advances, people could routinely weed-out what they consider
undesirable traits in their offspring.
 Genetic testing already allows parents to identify some diseases in
their child in utero which may cause them to terminate the pregnancy.
 It is controversial since what exactly constitutes “negative traits” is open to
interpretation, and many people feel that all humans have the right to be
born regardless of disease, or that the laws of nature shouldn9t be
tampered with.

Ethical challenges of Eugenics

a. Coercion
It is morally objectionable for governments or institutions or any
third party to compel or coerce anyone's reproductive behavior. The right
to reproduce without interference from third parties is one of the
fundamental freedoms recognized by international law and moral theories
from a host of ethical traditions. However, the goals of obtaining perfection,
avoiding disease, or pursuing health with respect to individuals need not
involve coercion or force.
 A couple may wish to have a baby who has no risk of
inheriting Tay-Sachs disease or transmitting sickle cell disease. Or they may
want a child with a particular hair color or sex. If their choice is free and
informed, then there is no reason to think that such a choice is immoral on
grounds of force or coercion.

Part 2 (Current Technology: Issues and Dilemma)

b. Subjectivity of Perfection
Some who find the pursuit of perfection morally objectionable worry
about more than coercion. They note that it is simply not clear which traits or
attributes are properly perceived as perfect or optimal. The decision about
what trait or behavior is good or healthy depends on the environment,
culture, and circumstances that a child will face.

c. Equality
Another objection to allowing eugenic desires to influence parenting is
that this will lead to fundamental social inequalities. Allowing parental
choice about the genetic makeup of their children may lead to the
creation of a genetic “overclass” with unfair advantages over those whose
parents did not or could not afford to endow them with the right biological
dispositions and traits. Or it may lead to homogenization in society where
diversity and difference disappear in a rush to produce only perfect
people, leaving anyone with the slightest disability or deficiency at a distinct
disadvantage.
8.

C. Implementing Artificial Intelligence and Robotics Ethically

● Understanding <Artificial Intelligence= or in abbreviated form <AI= refers
to the ability of computers to mimic human intelligence and learning and it is
widely used in society, but its precise meaning is contested in both scholarly
work and legal documents.
● Few subtypes of AI: (1) Machine Learning (ML) - a subset of AI
has been the most popular approach of current AI healthcare applications
in recent times since it allows computational systems to learn from data and
improve their performance without being explicitly programmed. (2) Deep
learning - a subset of ML employs artificial neural networks with
multiple layers to identify patterns in very large datasets.
● The growing use of AI and robotics also raises issues of healthcare
technology ethics

○Knowledge authentication - examples are security question, username

and PIN.
■ Advantages
● easily entered using keyboard
● only the customer knows the answer to questions

■ Disadvantages
● level of security depends on employee or user
following password policy
○ Possession authentication - examples are mobile, security token and
swipe card.
■ Advantages
● quick and reliable
■ Disadvantages
● can lose item or can be stolen

○ Physical (biometric) authentication - examples are fingerprint, voice

recognition, signature.
■ Advantages
 ● Cannot be lost, forgotten, used by another person or
easily forged

■ Disadvantages
● can be expensive and unreliable

● AI used for health-related predictive analysis relies on large, diverse

datasets, including EHRs.
● Robotics are already heavily used in healthcare; robot-assisted
surgeries are now commonplace, and robotic prosthetics are advancing
rapidly.
● Robotic health workers offer a potential answer to labor shortages, but
their use could dehumanize those they9re meant to serve and those they
replace.
● The evolution of robotics in healthcare beyond compensatory measures and
into human enhancements raises issues of access and fairness for patients
and challenges the definition of a healthcare provider.

○ Issues and Dilemma: Example 2

■ Jackson Health System in Florida reported that paper
medical records were lost while in transit to or from a location
where they were electronically scanned, and notified the 1,407
patients affected in January 2013. Organization officials maintained
that the documents did not contain Social Security numbers or
financial data.
■ Jackson Health System offered credit and identity
protection services to affected individuals and implemented new
security measures, such as managerial approval for paper record
releases, installation of security cameras, and response training for
missing medical documents.
9.
● The use of AI in the clinical practice of healthcare has huge potential to
transform it for the better, but it also raises ethical challenges we now
address which includes: (1) Informed consent to use, (2) Safety and
transparency, (3) Algorithmic fairness and biases and, (4) Data privacy.

1. Informed consent to use

 Health AI applications, such as imaging, diagnostics, and
surgery, will transform the patient3clinician relationship.
 But how will the use of AI to assist with the care of patients
interface with the principles of informed consent?
 This is a pressing question that has not received enough
attention in the ethical debate, even though informed
consent will be one of the most immediate challenges in
integrating AI into clinical practice
 There is a need to examine under what circumstances (if
at all) the principles of informed consent should be deployed
in the clinical AI space. To what extent do clinicians have a
responsibility to educate the patient around the complexities
of AI, including the form(s) of ML used by the system, the
kind of data inputs, and the possibility of biases or other
shortcomings in the data that is being used? Under what
circumstances must a clinician notify the patient that AI is
being used at all?

2. Safety and transparency

 Safety is one of the biggest challenges for AI in healthcare.
 To use one well-publicized example, IBM Watson for
Oncology uses AI algorithms to assess information from
patients9 medical records and help physicians explore cancer
treatment options for their patients.
 However, it has recently come under criticism by
reportedly giving “unsafe and incorrect” recommendations for
cancer treatments.
 The problem seems to be in the training of Watson for
Oncology: instead of using real patient data, the software
 was only trained with a few “synthetic” cancer cases,
meaning they were devised by doctors.
 To realize the potential of AI, stakeholders, particularly AI
developers, need to make sure two key things:
a. Reliability and validity of the datasets
- First, the used datasets need to be reliable and valid.
- The slogan “garbage in, garbage out” applies to AI in
this area.
 Meaning “The better the training data (labeled
data) is, the better the AI will perform”.
 In addition, the algorithms often need further
refinement to generate accurate results.

b. Transparency
- Second, in the service of safety and patient
confidence some amount of transparency must be
ensured.
- While in an ideal world all data and the algorithms
would be open for the public to examine, there may
be some legitimate issues relating to protecting
investment/intellectual property and also not increasing
cybersecurity risk.
- Third party or governmental auditing may
represent a possible solution.
10.
Part 3 (Current Technology: Issues and Dilemma)
1. Algorithmic fairness and biases
 AI has the capability to improve healthcare not only in
high-income settings, but to democratize expertise, <globalize=
healthcare, and bring it to even remote areas.
 However, any ML system or human-trained algorithm will
only be as trustworthy, effective, and fair as the data that it is
trained with. AI also bears a risk for biases and thus
discrimination.
 It is therefore vital that AI makers are aware of this risk
and minimize potential biases at every stage in the process of
product development.
 In particular, they should consider the risk for biases when
deciding (1) which ML technologies/procedures they want
to use to train the algorithms and (2) what datasets
(including considering their quality and diversity) they want to
use for the programming.
 Several real-world examples have demonstrated that
algorithms can exhibit biases that can result in injustice with
regard to ethnic origins and skin color or gender.
 Biases can also occur regarding other features such as age or
disabilities. The explanations for such biases differ and may be
multifaceted.
 In the health sector, where phenotype- and sometimes
genotype-related information are involved, biased AI could,
for instance, lead to false diagnoses and render treatments
ineffective for some subpopulations and thus jeopardize their
safety.
 For example, imagine an AI-based clinical decision
support (CDS) software that helps clinicians to find the
best treatment for patients with skin cancer. However, the
algorithm was predominantly trained on Caucasian patients.
 Thus, the AI software will likely give less accurate or
even inaccurate recommendations for subpopulations for
 which the training data was underinclusive such as African
American.

2. Data privacy
 So, for some agency and hospitals the personal data of
their patients is provided by some Health applications
which uses AI. Chances that data sharing happened for the
clinical self-testing that aims to help with the diagnosis
and detection for such disease. However, patients were not
properly informed about the processing of their data as part of
the test.
 In this situation it highlighted the potential for harm to privacy
rights when developing technological solutions.