HIPAA in the Philippine Context

Informatics and data privacy are crucial topics when it comes to healthcare. Integrating the latest technologies also means making sure the healthcare providers, institutions and systems developers adhere to policies and regulations that affect IT integration. Nurses are generally consumers of IT technologies, though they can also be developers of healthcare systems. It is imperative that nurses know not just the basics of informatics, but also, the legal implications of being consumers or developers of healthcare systems.

HIPAA or the Health Insurance Portability and Accountability Act is a US legislation that provides guidelines on how informatics can be integrated into healthcare by highlighting security, privacy and compliance. This regulation guides healthcare practitioners and systems developers in building healthcare-related IT systems.

How is HIPAA relevant in the Philippine context?

In the Philippine Data Privacy Act (DPA) of 2012, the term “current data privacy best practices”  appears on Section 20 (c) – appropriate level of security of personal information. Although HIPAA is not specifically mentioned in the DPA, it can be considered as one of the  industry best practices in the field of health informatics. Thus, when implementing any health IT system in the Philippines, developers and integrators must take into consideration the HIPAA guidelines.

One of the provisions of HIPAA that can be relevant in the Philippines is the presence of business associate agreement (BAA). If the IT system used by the healthcare provider or institution is not homegrown or not developed in-house, there should be an agreement between the third party vendor and the provider/institution. This is to protect personal and sensitive health information by making the data processor accountable in the health data processing. BAA can be likened to the agreement between the data controller and data processor as stipulated in the Data Privacy Act. Even though the term “business associate agreement” is not specifically mentioned in the DPA, the concept is still applicable and highly relevant especially in the field of Philippine healthcare informatics.

Links

https://www.hhs.gov/hipaa/index.html

https://www.privacy.gov.ph/data-privacy-act/

Leave a Reply

Your email address will not be published. Required fields are marked *