1 Encryption The use of an algorithmic process that transforms data into another

1. Encryption: The use of an algorithmic process that transforms data into another form. This makes a low probability of assigning meaning thereto without a use of a confidential process or key.2. Health Care Provider: This is an institution devoted primarily to the management and care of patients or health care professionals. Any Doctor of Medicine, nurse, midwife, dentist, or other health care practitioner are considered.3. Issuances: This an official write-up or documentation of statements, notices, announcements, and communication.4. National Privacy Commission “NPC”: A independent agency under DPA, its task is to administer and implement the provisions of the and monitor and ensures compliances of the Philippines with international standards for data protection.5. Outpatient: A patient receiving medical care or services without being admitted. They are also patients who consults and receiver health cate services in the health care facility without being admitted.6. Persons to Obtain Consent: This consent is to be obtained by a duly authorized staff who is responsible of the patient upon implementing the PHIE.7. The Consent Form: “Consent for Participation” to PHIE is to be used by participating health care providers.8. Highly Communicable Disease and Special Conditions: For patients with special conditions or highly communicable diseases. Additional documents are also required to be signed by the patient, attending physician and head of the facility.9. Disciplinary Process: If a person violated any policy or protocol, personal data breach or security incident, a health facility shall give this person due process. Government owned facilities, any disciplinary or termination process shall be based with the Civil Service Rules10. Storage Security: Data that is stored in a portable data storage must be encrypted.11. User Identification: A unique user identification within the policy and procedure PHCP. This should be kept private and should not be assigned to a group or individual and should not be reused.12. Computer Loss: If computer loss occurs, all data should be deleted and reset until the unit is retrieved.13. Bringing of devices outside the health policy: Devices that is registered in the health facility shall be brought outside its premises, unless patient encounter events outside the facility.14. Business continuity and Disaster Recovery: Health facilities shall implement policies for business continuity and disaster recovery.15. Anti- virus Software: All computers should have an industry- standard anti-virus software having automatic update feature turned on. This shall be configured regularly and shall will automatically download updates to ensure the ability to identify latest threats.