January 28, 2022

Volume XII, Number 28

Advertisement
Advertisement

January 28, 2022

Subscribe to Latest Legal News and Analysis

January 27, 2022

Subscribe to Latest Legal News and Analysis

January 26, 2022

Subscribe to Latest Legal News and Analysis

January 25, 2022

Subscribe to Latest Legal News and Analysis

Philippines NPC Investigating COVID-19 Related Breaches

On April 25, 2020, the Philippines National Privacy Commission (“NPC”) issued a statement that it is investigating several breach notifications it has received relating to the unauthorized disclosure of sensitive personal information of confirmed and suspected COVID-19 patients (the “Statement”).

According to MLex, a communications officer for the NPC has confirmed that the regulator will focus primarily on remedial measures rather than on the imposition of fines as it investigates the 17 breach notifications reports it received between March 15 and April 23, 2020.

In the Statement, the NPC calls upon health institutions and their data protection officers to strengthen the protection of patient data and outlines eight measures that can be implemented to further this objective, including:

  1. Regularly remind officials and employees of their ethical and legal duty to protect patient data (e.g., via strategically placed posters and print outs, and by emphasizing that unauthorized disclosure of health data is a prohibited act);

  2. Implement access controls for patient data based on least privileges (i.e., on a “need-to-know” basis);

  3. Install physical access controls to health facilities (e.g., locks and alarm systems);

  4. Ensure proper disclosure of patient data to verified authorities/individuals and in appropriate areas;

  5. Protect computer displays from unauthorized or accidental viewing (e.g., via utilizing privacy screens, strategically angling monitors and enabling password protection);

  6. Lock away storage media containing patient data when not in use and utilize encryption and password protection for such media;

  7. Encrypt patient data while in transit and at rest; and

  8. Select secure communication platforms for patient communications and medical care team collaboration.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume X, Number 122
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement
Advertisement