PRIVACY IN THE DEVELOPING WORLD—PHILIPPINES MONOGRAPH 1
Health Information Privacy in the Philippines: Trends
and Challenges in Policy and Practice
Privacy in the Developing World—Philippines Monograph Series
Carl A. T. Antonio, MD, MPHcand
Office of the City Health Officer
City Government of Pasay
Pasay City, Philippines
National Telehealth Center
University of the Philippines Manila
College of Public Health
University of the Philippines Manila
Ivy D. Patdu, MD, JD
National Telehealth Center
University of the Philippines Manila
Alvin B. Marcelo, MD, FPCS
National Telehealth Center
University of the Philippines Manila
Department of Surgery
College of Medicine and Philippine
University of the Philippines Manila
Abstract—CONTEXT: Evolution of the scope and context of
privacy and confidentiality brought about by use of information
and communications technology in healthcare. OBJECTIVE: To
review the legal, professional and ethical landscape of health
information privacy in the Philippines. METHODOLOGY:
Systematic review of literature and policy frameworks.
RESULTS: Philippine laws jurisprudence recognize and protect
privacy of health information as a general rule; impose upon
individual practitioners and institutions the obligation to uphold
such right; and may apply in both the traditional and eHealth
milieu. There is no existing policy framework that addresses
issues relating to [a] access to health information by non-health
professionals, [b] use of health information for non-health
purposes, and [c] rules relating to collection, storage and
utilization of electronically-derived or -stored information. A
privacy culture, on either the provider’s or client’s side, is also
lacking in the country. CONCLUSION: Technological
developments have outpaced policy and practice. There is a need
to unify the patchwork of regulations governing the privacy of
health information; advocate for a privacy culture among
professionals and patients alike; fortify the evidence base on
patient and provider perceptions of privacy; and develop and
improve standards and systems to promote health information
privacy at the individual and institutional levels.
Keywords-privacy, confidentiality, health information,
Privacy of personal information is a closely-guarded
individual right, such that any unauthorized access or breach is
considered a violation of this entitlement from both legal and
moral perspectives. The value of protecting privacy is
evidenced by the restrictions put in place regarding the people
the information may be shared with—often, only immediate
family members—and the care with which the physical
repositories of such information are secured.
However, a person entering a health provider-patient
relationship as the recipient of care is observed to willingly and
automatically shed that veil of protection, and allow a health
worker, who may be a complete stranger, access to the most
intimate details, the very private thoughts, the core of his being,
on the premise that this disclosure of relevant, though sensitive,
personal information by the patient will help the health
professional arrive at a logical and sound diagnosis and
Implicit in this interaction is the expectation that the
patient’s information will be held by the practitioner in strict
and full confidence, and will not be unnecessarily shared with
other parties, a reflection of the trust in the ethics of the
profession. As Hippocrates was supposed to have said, All that
may come to my knowledge in the exercise of my profession or
in daily commerce with men, which ought not to be spread
abroad, I will keep secret and will never reveal.1
Yet, over the intervening millennia, healthcare practice has
become more complex, challenging conventional
interpretations of this Hippocratic admonition.
Now more than ever, health professionals possess a certain
sense of compulsion to document every detail of a patient
consultation. Without doubt this has been brought about by the
intricacy of insurance reimbursement claims processes, but a
second factor is the rising amount of malpractice litigation
being lodged against health workers. Pre-service training
ingrains in the mind of future professionals this maxim: That
which is not written was not done.
This paper is part of a series of monographs produced by the Foundation
for Media Alternatives under the “Privacy in the Developing World” project
in cooperation with Privacy Asia (Privasia) and Privacy International, with
generous support from the Canadian International Development Research
This work is licensed under a Creative Commons Attribution-NoDerivs
3.0 Unported License. To view a copy of this license, visit
2 HEALTH INFORMATION PRIVACY @ PH
Technology is also changing the landscape of healthcare
practice. The evolution of electronic medical records and the
ubiquitous connectivity afforded by the Internet means that
health information is more readily accessible to anyone with
the right tools and can be easily linked across disparate
databases, by contrast patient files locked in cabinets or
drawers in individual physicians’ offices or dentists’ clinics.
Certain conditions, or even a constellation of signs and
symptoms pointing to a highly communicable disease, are
reportable to national health authorities. The growing field of
research and the onslaught of new illnesses have seen the
publication of case reports intended to educate other
professionals. In schools and hospitals, trainees openly discuss
details of patient cases with their seniors. Oftentimes, cases are
also integrated in informal face-to-face or electronic
conversations with colleagues to solicit advice for patient
management. All these further complicate the issue of health
In this paper, we examine the intricacies, boundaries and
limitations of the protection of health information privacy in
the Philippine context as seen from legal, professional, and
ethical perspectives. In addition to providing a systematic
review of the issue*, recommendations are presented pertaining
to healthcare practice and the institution, or enforcement, of
policies relevant to health information privacy.
II. PRIVACY AND CONFIDENTIALITY: CONCEPT
CLARIFICATION, CONCEPT MAPPING
While there is no one standard accepted definition of
privacy, this paper will adopt the official definition used by the
U.S. National Library of Medicine, to wit: “The state of being
free from intrusion or disturbance in one's private life or
affairs.”2 On the other hand, confidentiality refers to “[t]he
privacy of information and its protection against unauthorized
In brief, privacy pertains to an individual’s right to be free
from unwanted external scrutiny; whereas confidentiality
points to the duty that rests on those to whom private
information has been entrusted, that is, that they will not
unnecessarily disclose such privileged communication.
Rather liberal transfer of private information stems from the
fiduciary nature of the clinician-patient relationship: patients
(i.e., the holders of the right to privacy) trust that any and all
details they may share with their healthcare provider (i.e., the
bearers the duty of confidentiality) will be maintained as
private information. Inherent in this framework, as was
* In addition to published literature, this paper also benefited from inputs of a
diverse number of individuals (lay persons, health professionals, healthcare
organization) who participated in various meetings/for a where an earlier draft
version of this paper was presented. In particular, this is with reference to the
[i] 103rd Philippine Dental Association Annual Convention Scientific
Session; 2011 November 16-20; SMX Convention Center, Pasay City,
Philippines; [ii] Philippine Privacy Rights Training and Validation Workshop;
2012 March 18-19; La Breza Hotel, Quezon City, Philippines; [iii] 1st Health
Data Privacy Forum; 2012 March 22; Richmonde Hotel, Pasig City,
Philippines; and [iv] Privacy.Rights@PH: Issues in the Philippine Information
Society. A Public Forum; 2012 May 25; Information and Communications
Technology Office – National Computer Center Building, Quezon City,
proposed by Croll4, is that the information will be secured by
the clinician from unauthorized access, and that ultimately the
data gathered will be used to deliver safe, quality care that will
benefit the patient (Fig. 1). Implied in the model is the patient’s
consent to the storage, access, and sharing of his or her
The evolution of the health information landscape, as well
developments in the area of policy, however, has redefined the
scope and context of the privacy and confidentiality of health
III. THE HEALTH INFORMATION LANDSCAPE
Exchange of health information traditionally occurs in
clinics or offices of health workers and is documented in paper
forms. Auditory and visual privacy considerations are taken
into account in the construction and design of consultation
rooms (e.g., by installing screens, curtains, and partitions and
ensuring there is ample space between the office and the
waiting area). Details of the patient encounter are recorded by
the primary care provider in medical records, which are then
carefully handled by staff, stored in secure rooms (or at least, in
cabinets or drawers under lock and key), and accessed only by
The physical setting of the clinic and handling of medical
information thus evoke a sense of confidentiality and security,
and assure patients that the information they are sharing will
remain within the confines of the office and within the pages of
their file. The in-person interaction of the patient with
healthcare providers—from the admitting clerk to the
dispensing pharmacist—allows for the development of a
relationship of trust, and gives faces to the numerous people
who may access, or are accessing, his or her medical record.
The evolution of technology is changing the landscape of
privacy and confidentiality within the context of health
Figure 1. A model for privacy, confidentiality, and security within the
context of health information.4
PRIVACY IN THE DEVELOPING WORLD—PHILIPPINES MONOGRAPH 3
Telemedicine, or the delivery of health-related services and
information via telecommunications technologies such as
videoconferencing, email, phone calls or short messaging
systems (SMS), now makes possible virtual patient
consultations and specialist referrals involving parties
separated by physical distance.6 For instance, in many large
tertiary hospitals, junior residents send SMSs or place calls to
senior physicians (or even to co-residents in another
department) to make patient referrals.
The development of electronic medical records (EMR), on
the other hand, transcends the physical limitations of paper
files and presumably facilitates access to, and sharing of, health
information among providers of care; improves the accuracy
and quality of recorded data; and, more important, improves
the quality of care as a result of having health information
immediately available at all times for patient care.7 In addition,
EMR possesses the theoretical advantage over paper records of
being able to accumulate data that spans a patient’s lifetime.
While in many ways these developments contribute
towards enhancing the delivery of care to all people, they also
tend to redefine the scope of privacy and confidentiality within
the context of the provider-patient relationship.
First, there is now a broader audience for patient
information: whereas previously, only the patient’s primary
provider had access to their record, the use of health
information technology systems means that software
developers, programmers, network operators, and other
individuals operating behind the scenes to maintain the system
can, but may not necessarily, peer into an individual’s private
data. The emerging use of telecommunications networks to
interconnect healthcare professionals and clients (or other
healthcare professionals, as in referrals) may also pose a threat
to individual health data privacy in light of the non-uniform
adoption and application of privacy policies by individual
telecommunications companies and Internet service providers
(see the discussion by Torres-Cortez in an issue paper in this
Furthermore, the aggregation of patient data into large,
networked databases, which are intended to facilitate access by,
and link information from, different co-managing health
providers, exponentially increases the number of individuals
who may retrieve vital private patient information from
different point-of-access terminals, which may be located in
different geographic areas.8 The case of the “leaking breast
implant” discussed below shows that this threat is actually a
Another gray area that may have to be further examined is
the implication of the use of information and communications
technology to disseminate private health data for non-health
and non-educational purposes. Take for instance the “Cebu
canister scandal” discussed below, where a video of a surgical
procedure was posted on the Internet without the patient’s
Fourth, data transmitted through electronic channels (i.e.,
patient information, intended as well-meaning referrals to
colleagues, sent via email or SMS; or discussions of patient
cases on social networking sites by students and trainees in the
health professions) may theoretically be stored indefinitely.
There are even concerns that these types of data cannot be
permanently deleted, especially if they have been posted to or
shared on multiple sites.9,10 In the 2008 incident referred to as
the “Cebu canister scandal” attempts to ban the posting of the
procedure on video-sharing sites, copies of the full-length
footage can still be accessed online as of this writing (May
The magnitude and consequent impact of this health
information data exchange can be gleaned from information
technology usage patterns among Filipinos:
There are an estimated 29,700,000 (a penetration rate of
29.7%) Internet users as of June 2010.11
While the numbers vary from anywhere between 25% to
95%, surveys indicate that utilization of social
networking sites in the Philippines is high compared to
other countries, not only in the Asia-Pacific region but
also globally, earning the country the moniker “The
Social Networking Capital of the World.”11–14
In 2005, a total of 34.8 million cellular mobile telephone
subscribers (CMTS) were registered, translating to a
CMTS density of 41.3 per 100 population.15 Mobile
penetration in 2009 was estimated at 80%, or about 73
The National Telecommunications Commission (NTC)
estimates that an average of 250 million SMS messages
were sent per day in 2005, giving rise to claims that the
Philippines ranks number one globally in SMS usage
(although recent trends indicate that due to the rise of
social networking sites and app messaging the United
States has “unseated Philippines as the king of TXT
In the light of the fiduciary nature of the provider-patient
relationship, as well as the consent inherent in such contracts,
the vital issues, therefore, with respect to these technological
1. Are health workers and patients aware of the extent to
which private health information is available to and
accessible by people other than the patient and the
2. Will information regarding the use of health information
technologies (in item 1 above) adversely affect patients’
willingness to disclose relevant personal information
and damage the quality of care that patients receive?
† In addition to the items mentioned previously, emerging issues in health
information privacy include [i] access to health information of
applicants/workers by their employers, usually through a health maintenance
organization (employers justify that they have a right to access information
since they paid for the services of the consulting physician, as well as because
the health status of their worker may affect his/her performance on the job);
and [ii] collection of information by pharmacies/pharmaceutical companies on
the purchasing practice of patients as well as prescription patterns of
healthcare providers (through monitoring of information encoded in store
discount cards). There have been anecdotal reports of these issues, but there is
no sufficient documentary evidence available that will allow extensive
discussion of the above-mentioned concerns in this paper.
4 HEALTH INFORMATION PRIVACY @ PH
3. How will existing statutory and ethical guidelines be
applied in the context of health information system use
in patient care?
4. Are current local legal frameworks sufficient to guide
stakeholders on health information privacy and if not,
what gaps in policy need to be filled?
5. Should non-health professionals involved in handling
patient data be bound by codes of ethics similar to
IV. LEGAL AND ETHICAL FRAMEWORK18–21
The Philippines is at the gateway of a changing health
information landscape. The shift towards the use of health
information technology has been a global trend. The impact of
these changes on traditional notions of privacy and
confidentiality between health provider and patient is a
challenge. The international community has responded to the
requirements of the 21st century by adopting measures that
regulate or serve as guidelines in the utilization of technology
in healthcare, with many countries passing legislation to
address issues of data protection and the confidentiality of
The value of using electronic medical records is recognized
by governments in other parts of the world.22–24 While the
World Health Organization (WHO) does not provide a
standardized system for keeping medical records, it has already
provided guidelines particularly directed at developing
countries for the use of medical records and electronic health
records‡.5,7 Laws that failed to protect patient privacy in the
past are being updated to increase patients’ health professions
control over their medical information as well as allow for
damages in case of breach of confidentiality (e.g. American
Recovery and Reinvestment Act of 2009 (ARRA), which
updated the Health Insurance Portability and Accountability
Act). Data protection laws have been enacted in many
countries over the past twenty years.25
The reliance of world economies on electronic commerce
and the recognized importance of protecting information
privacy led to the endorsement of the Asia-Pacific Economic
Cooperation (APEC) Privacy Framework in 2005, which
provides guidelines for balancing the right to privacy of
individuals and the promotion of electronic commerce. The
framework is intended to regulate the flow of information in
developing market economies for socio-economic growth but it
contains principles that may be applicable in the health sector,
which admittedly deals with collection and storage of personal
Another pivotal point is telehealth services. Telemedicine,
intended to bridge the gap in accessibility of healthcare, is
being advocated in the Philippines as a national agenda. The
experiences of other countries that have earlier used
telemedicine show that privacy issues remain a central
concern.6,26 There is emphasis on the need for patient consent
as well as patient information, particularly as to the nature of a
telehealth consultation, and awareness of who will have access
‡ The World Health Organization is slated to issue a guidance document on
health data privacy in 2012/2013.
to consultation and to whom patient information will be
Using health information technology and telemedicine, and
storing patient data in electronic form all amplify the privacy
issues in the context of the relationship between health provider
The tradition of privacy and confidentiality within the
context of patient care is attributed to Hippocrates of Cos
around the 4th century B.C. when he admonished his
followers: All that may come to my knowledge in the exercise
of my profession or in daily commerce with men, which ought
not to be spread abroad, I will keep secret and will never
This proceeds from the distinct position of honour
conferred upon the physician as a “friend of mankind”, the
implicit understanding that full disclosure of information on the
part of the patient is a prerequisite to quality care and better
health outcomes, and that some of this information may be
sensitive or may lead to irreparable injury—physical or
moral—to the patient should it be shared with outsiders.
The duty of confidentiality for health providers and the
rights of patients to privacy are uncontested and universally
recognized.27–29 The same principles have been adopted by the
Philippine Medical Association30,31 and similar associations in
Physicians in the Philippines pledge a more modern version
of the oath upon being admitted to professional practice of by
the Professional Regulation Commission (PRC), and are
similarly bound to uphold the confidentiality of patient
information by the Code of Ethics of the Board of Medicine34
and the Philippine Medical Association (PMA).30
The principles of ethics are clear. Patients have a right to
expect that any information that may be obtained by a
healthcare provider will be kept confidential. The critical
question is how laws and government regulations should
respond to protect patients’ rights.
In the Philippines, a person’s right to privacy is enshrined
in no less than fundamental law. The Philippine Constitution
Section 3. (1) The privacy of communication and correspondence shall
be inviolable except upon lawful order of the court, or when public
safety or order requires otherwise, as prescribed by law. Xxx
This guarantee encompasses all aspects of a person’s
privacy, including the confidential nature of the relationship
between health provider and patient. The right of any person to
privacy is the general rule and it is only by way of exception
that this right is to be limited. Thus, unless a specific law or
order allows the disclosure of private information, a person can
always invoke the guarantee of the Constitution to the right of
privacy. Any statute, rule or regulation must be consistent with
the declarations of the Constitution.
A person’s general right to privacy is affirmed in the Civil
Code (Republic Act No. 386). It provides that every person
shall respect the dignity, personality, privacy and peace of
mind of another. The Civil Code likewise makes any person
who abuses the rights of another liable for damages. A
PRIVACY IN THE DEVELOPING WORLD—PHILIPPINES MONOGRAPH 5
physician may be held liable for failing to observe the general
mandate of the law that every person, in the performance of his
duties, act with justice, give everyone his due, and observe
honesty and good faith. Since a physician has an acknowledged
duty to maintain patient confidentiality, any injury that a
patient may incur as a direct result of the violation of this duty
will make the physician liable for damages.
The Revised Penal Code (Act No. 3185) criminalizes
“Revelation of Secrets”. Its provision protecting the secrets of
any person may find application in cases of government
physicians who have custody of patient records and who would
reveal private information about patients or any other employee
who may abuse their position to obtain confidential
information. Specific laws guarantee the right to privacy of
rape victims and minors in conflict with the law (i.e., Republic
Act No. 8505, Rape Victim Assistance and Protection Act of
1998; Republic Act No. 9344, Juvenile Justice and Welfare Act
The current legal framework readily shows that a person’s
general right to privacy is protected. This means that a person
who violates this right may be made civilly or criminally liable.
While these laws are not specifically directed the physician or
healthcare provider, they may be applied to hold accountable
any person who violates a patient’s right to privacy.
In addition to general provisions protecting the privacy of
all persons, doctor-patient confidentiality is an established
doctrine. Communication between doctor and patient is
generally considered privileged and should not be inquired into
even by the courts. The provision is intended to make sure that
information obtained by physicians in the course of treatment
will not be used to blacken the reputation of a patient. Section
24, Rule 128 of the Rules of Court provide:
Rule 128, Section 24: Disqualification by reason of privileged
communication. — The following persons cannot testify as to matters
learned in confidence in the following cases: xxx
(c) A person authorized to practice medicine, surgery or obstetrics
cannot in a civil case, without the consent of the patient, be examined
as to any advice or treatment given by him or any information which
he may have acquired in attending such patient in a professional
capacity, which information was necessary to enable him to act in
capacity, and which would blacken the reputation of the patient. xxx
The application of the above rule is very specific and is
only applicable when the inquiry is made on the physician who
managed the patient.
Specific reference to health information privacy can be
found in Republic Act No. 8504 (handling of information, both
the identity and status, of persons with HIV), Republic Act No.
9165 (confidentiality of records of those who have undergone
drug rehabilitation), and Republic Act No. 9262
(confidentiality of records pertaining to cases of violence
against women and their children), all of which clearly cater to
specific populations of patients who may come under the care
of health providers and which are, arguably, not applicable to
all instances of the physician-patient relationship. These
specific laws, however, extend the duty of confidentiality to
those who may have access to the private information,
including custodians of records.
It is, thus, apparent that the expectation of maintaining
privacy extends even to other healthcare providers§. This may
be attributed to the fact that hospitals have evolved, both in
identity and function, throughout history. Modern hospitals no
longer just provide facilities so that a doctor can treat the sick.
The public’s perception of the modern hospital is as a
multifaceted healthcare facility responsible for the quality of
medical care and treatment rendered. Hospitals now provide a
wide range of services, and it is inevitable that they gain access
to patient information. The same access is available to other
stakeholders in health like health maintenance organizations
and telehealth centers, which have likewise taken an active role
in health care delivery. Having access to and storing patient
records emphasize the need to extend the applicability of the
rules of confidentiality to healthcare providers.
The duty to respect patient privacy may be derived from
responsibilities that hospitals are expected to assume in
accordance with standards of care expected from and accepted
by other hospitals or other healthcare providers. In the absence
of specific legislation addressing hospital duty and liability, the
standards expected of hospitals may be based on accreditation
standards or principles in the Hospital Code of Ethics.
The Hospital Code of Ethics (35) provides for the primary
objectives of hospitals:
1.2 To provide the best possible facilities for the care of the sick and
injured at all times;
1.3 To constantly upgrade and improve methods for the care, the cure,
amelioration and prevention of disease; and
1.4 To promote the practice of medicine by Physicians within the
institution consistent with the acceptable quality of patient care.
The Court recognizes the inherent duties of hospitals and
has adopted the doctrine of corporate responsibility imposing
on hospitals the duty to see that it meets the standards of
responsibilities for the care of patients (Professional Services,
Inc. v. Agana, 513 SCRA 478, 2007). These standards should
include respect for patients’ right to privacy. As was pointed
out by Ng and Po19 and Bellosillo et al21, the duty to maintain
confidentiality does not rest solely with the medical provider
but extends to the hospital or health facility.
In order to obtain a licence to operate, the Department of
Health (DOH) requires that even prior to building the hospital,
the applicant must first secure a construction licence.36 At the
planning stage and during the design of the hospital, the DOH
considers whether the hospital seeking a licence adequately
addresses the need to maintain patients’ auditory and visual
privacy.37 Philippine Health Insurance Corporation (PHIC)
Accreditation sets as a standard the need for the organization to
document and follow policies and procedures for addressing
patients’ needs for confidentiality and privacy.38 Similarly,
accreditation standards such as that provided by Joint
Commission International (JCI) Accreditation Standards for
§ A review of the enabling professional laws and practice codes of other
healthcare providers in the Philippines revealed that there is no specific
mention of their duty in maintaining privacy/confidentiality of patient
information. However, this paper takes the position that the Constitutional
provision on the right to privacy is a sufficient general safeguard.
6 HEALTH INFORMATION PRIVACY @ PH
Hospitals39 include the requirement of confidentiality of patient
Standard PFR.1.6. Patient information is confidential.
Intent of PFR.1.6
Medical and other health information, when documented and
collected, is important for understanding the patient and his or her
needs and for providing care and services over time. This information
may be in paper or electronic form or a combination of the two. The
organization respects such information as confidential and has
implemented policies and procedures that protect such information
from loss or misuse. The policies and procedures reflect information
that is released as required by laws and regulations.
Staff respects patient confidentiality by not posting confidential
information on the patient’s door or at the nursing station and by not
holding patient-related discussions in public places. Staff are aware of
laws and regulations governing the confidentiality of information and
inform the patient about how the organization respects the
confidentiality of information. Patients are also informed about when
and under what circumstances information may be released and how
their permission will be obtained.
The organization has a policy that indicates if patients have access
to their health information and the process to gain access when
permitted. (Also see MCI.10, ME 2, and MCI.16, intent statement)
Measurable Elements of PFR.1.6
1. Patients are informed about how their information will be kept
confidential and about laws and regulations that require the release of
and/or require confidentiality of patient information.
2. Patients are requested to grant permission for the release of
information not covered by laws and regulations.
3. The organization respects patient health information as
confidential. (p. 63)
The standards that a hospital should ideally meet may likely
be imposed on other healthcare institutions providing health
services with access to patient information.
For example, under the Philippine AIDS Prevention and
Control Act of 1998, the duty of maintaining patient
confidentiality is imposed on all persons involved in handling
and maintaining patient records. The law extends the duty not
just to health professionals but also to health instructors, co-
workers, employers, recruitment agencies, insurance
companies, data encoders, and other custodians of medical
In view of the use of health information technology,
electronic medical records, or computerized systems for storing
patient information, the duty of hospitals or any other health
provider institutions to maintain and keep medical records
confidential entails greater responsibility. There is no
legislation specific to data protection in relation to medical
privacy. There have been initiatives to enact laws providing for
data protection and database security, in general (i.e. the
proposed Personal Data Protection Act of 2007).40
Any law or order that would involve storing personal
information in databases accessible to government would meet
with obstacles. In the Philippines, moves towards a National
Computerized Identification Reference System have been met
with resistance due to the premium placed on a person’s right
to privacy. There is distrust of any government move to store
personal information and while the Supreme Court ruled as
valid an executive order that provides uniform data collection
and format for their existing identification (ID) systems, these
are limited to only government agencies and government-
owned and controlled corporations with existing identification
systems (Kilusang Mayo Uno vs. Director-General, National
Economic Development Authority, 487 SCRA 623, 2006).
Implementation of any system that would collect, transmit
and store private patient information should have safeguards in
place. The current laws that protect in general electronic data
may be applied to holders or custodians of medical records.
The Electronic Commerce Act of 2000 provides that any
person with access to electronic data messages or documents
has the obligation of confidentiality or the duty not to convey
the information to, or share it with, any other person. Under
this law, unauthorized access to computer systems is
punishable by a fine and mandatory imprisonment.
The anti-wiretapping law (Republic Act No. 4200) may
also be applied where a person who is not authorized by parties
to a private communication record or communicate its
contents. The act would probably cover doctor-patient
communication which is privileged and confidential, and which
therefore should not be recorded or disclosed without consent.
From the preceding paragraphs, it is evident that the right to
privacy is zealously guarded under the Constitution. The
legislations, rules, and ethical principles address the right to
privacy in general, including the protection of electronic data,
and to a limited extent also provide for confidentiality in the
context of a physician-patient relationship.
Under the Constitution, this right to privacy shall be
inviolable except upon lawful order of the court, or when
public safety or order requires otherwise, as prescribed by law.
Thus, while the right of a patient to privacy is generally
honored even after death, there are established exceptions. The
limitations on the right to privacy proceed either from a
voluntary waiver on the part of the patient, or are imposed by
the State in the exercise of its police power to safeguard the
general welfare of the people.
The rule of the confidentiality of physician-patient
communication and patient records is not absolute; there are
exceptions under the following circumstances:
1. Upon patient consent or waiver:
a. Upon waiver or authority of the patient to release such
information. This stems from the recognition that the
information contained in medical records is the property of
the patient, while the medical records themselves are the
property of the hospital;
b. For purposes of insurance compensation. In addition to
the provisions of Presidential Decree No. 442, as amended
(Labor Code of the Philippines), individuals availing
themselves of insurance coverage also sign waivers
allowing the health maintenance organization or insurer
access to their medical records in exchange for claim of
benefits (i.e. Republic Act No. 7875, National Health
Insurance Act of 1995);
2. In the interest of public order and safety. Births and
deaths should be registered as provided for in Republic
PRIVACY IN THE DEVELOPING WORLD—PHILIPPINES MONOGRAPH 7
Act No. 3753 (Law on Registry of Civil Status).
Reporting of certain communicable diseases is
mandatory under Republic Act No. 3573 (Law of
Reporting of Communicable Diseases). Executive Order
No. 212 requires medical practitioners to report
treatment of patients for serious and less serious
physical injuries. Likewise, by virtue of Presidential
Decree No. 603, as amended (Child and Youth Welfare
Code), practitioners are required to report cases of child
abuse or maltreatment. Prescription and dangerous drugs
dispensed by pharmacies are recorded and retained in
books for inspection by appropriate authorities. The
landmark U.S. case of Whalen v. Roe (492 U.S. 589,
1977), as discussed in the case of Kilusang Mayo Uno
vs. Director-General, National Economic Development
Authority (487 SCRA 623, 2006), provides an
instructive case of the State’s exercise of its police
powers with respect to regulated drugs and substances.
Testing of certain populations for dangerous drugs is
mandatory and reportable. Upon court order under very
specific circumstances, a person may be compelled to be
tested for HIV, or submit himself or herself to a mental
and physical examination (as provided in the 1997 Rules
of Civil Procedure). Under Republic Act No. 9745 or
the Anti-Torture Act of 2009, a person claiming torture
by the authorities is given the right to a physical
examination and psychological evaluation, to be
contained in a medical report; such reports are, however,
to be considered public documents. The Code on
Sanitation of the Philippines (Presidential Decree No.
856) authorizes the Court and police authorities to order
the performance of an autopsy on the remains of an
3. Upon lawful order of the court or a quasi-judicial body.
Release of health information may occur upon service of
a valid subpoena, warrant, or adjudicative order from a
court, a law enforcement agency, an administrative
agency authorized by law, or an arbitration panel.
However, disclosure in court of health information is
limited by the provisions of the Rules on Evidence, as
upheld in Lim vs. Court of Appeals (214 SCRA 273,
1992), and Krohn vs. Court of Appeals (G.R. No.
108854, June 14, 1994); and
4. For research purposes. The National Ethical Guidelines
for Health Research permits review of medical records
without consent for purposes of research provided the
data are de-identified or anonymized and are non-
sensitive. Ultimately, however, determining which data
are non-sensitive rests upon the Institutional Ethics
Review Committees, and not on individual investigators
A careful perusal of Table 1, which summarizes the legal
and ethical provisions related to privacy and confidentiality of
health information, leads to the following observations.
First, the right to privacy is a basic human right that is
guaranteed by the Constitution that may be invoked even in the
absence of specific legislation. Patients are protected by the
Constitution from unnecessary disclosure of any private
information in their medical record. The right to privacy in
general is nonetheless protected by existing laws. The
collection, transmission, use, and storage of electronic data,
which would include electronic medical records, are to be
secured. Unauthorized use or access is punishable. The
existence of provisions in specific statutes guaranteeing the
confidentiality of patient information in special circumstances
merely reiterates the boundaries laid down in the fundamental
law concerning patient privacy, and adds to penalties that may
accrue to violators.
Second, medical privacy, which includes the confidentiality
of doctor-patient communication and health information, is
recognized. Physicians adhere to a code of ethics that includes
as a principle the right of patients to privacy and the
corresponding duty of health providers to maintain patient
confidentiality. Healthcare providers, including hospitals and
health institutions, likewise have an ethical obligation to
maintain the confidentiality of health information, and are
expected to abide by standards that protect patient privacy.
The codes of ethics intensify the protection of the right to
privacy and confidentiality by providing for administrative
sanctions that may be imposed upon professionals who engage
in unethical conduct.
Third, there is no legislation that directly addresses the
privacy issues specific to health information technology or
inherent in telehealth services. Under the current legal and
ethical framework, protection of patient privacy relies heavily
on self-regulation by health providers**.
V. CASE STUDIES: GAPS IN HEALTH INFORMATION
Two relatively recent incidents brought the public’s
attention to the issue of health information privacy and are
practice in the country.
The first pertains to the posting on the Internet of a video
clip documenting the extraction of a metal canister spray from
the rectum of a patient in Cebu City and the accompanying
jeering and jubilation of health staff inside the operating room.
The ensuing public outrage resulted in the preventive
suspension of some hospital medical personnel, but the cases
filed before the PRC failed due to a technicality. In addition,
the person who first posted the video on YouTube was never
identified, and to date (May 2012), the three-minute footage
can still be accessed online.42–58
In what has become known as the “Cebu Spray Scandal” or
“Black Suede Scandal” the obvious points of contention are [a]
recording and dissemination of a medical procedure, and [b]
presence in the operating theater of hospital staff other than
those directly involved in the procedure, all of these [c] without
the patient’s consent.
** As of this writing (May 2012), the proposed Philippine Data Privacy Act is
being discussed in a Congressional bicameral conference to harmonize the
versions emanating from the Senate and House of Representatives. Likewise,
the Department of Health is in the process of drafting an Administrative Order
on health information privacy.
8 HEALTH INFORMATION PRIVACY @ PH
Case Study 1: “Cebu Spray Scandal”42-58
In mid 2008, a three-minute footage went viral on the video-sharing website
YouTube showing what appears to be an operation involving the extraction of
a metal spray bottle canister from the rectum of an unidentified patient. The
operating room was crowded with giggling medical staff, all of them shown
on the video with their cellular phones on hand to document the procedure.
While the canister was being extracted, somebody shouted “Baby out!” after
which the room broke into laughter and applause. One medical staff even
opened the canister and sprayed its contents inside the room, resulting to
further laughter from those in attendance.
The circumstances related to the incident only became clear a few weeks
after the video has circulated in emails and mobile phones and has been
lengthily discussed in various Internet forums. A 39-year-old homosexual
florist from Cebu City underwent minor operation on January 3, 2008 at the
Vicente Sotto Memorial Medical Center (VSMMC) for extraction of a foreign
body lodged in his rectum. He was allegedly asleep at the time of the
operation, and was not made aware that the procedure was going to be filmed,
nor was he informed post facto that the medical staff took a footage of his
operation. He claimed that he only learned of the existence of the YouTube
video when it was brought to his attention by their barangay captain, who saw
the video on YouTube.
As a response to the public outrage generated by the incident, various
investigating bodies were formed – the hospital, Department of Health
(DOH), National Bureau of Investigation (NBI), House of Representatives –
to determine the culpability of those involved in the operation, as well as to
identify the person who first uploaded the video.
Without denying any liability, the hospital and relatives of medical
personnel involved were quick to point out that the public should focus on the
successful outcome of the operation; that those involved were, in fact, first
rate health professionals and calling for a revocation of their licenses was an
excessive punishment; and that the incident was an isolated case of mischief.
While some nurses and doctors were initially placed on a three-month
preventive suspension, the case filed with the Professional Regulation
Commission was eventually dismissed on the basis of a technicality. The
identity of the person who first uploaded the video on YouTube was never
discovered, and the incident, which died a natural death, became a mere
footnote in the annals of Philippine medical history.
Certainly, procedural lapses contributed to the violation of
the patient’s privacy, but the culpability of the persons
involved in the incident is difficult to determine because the
evidence (i.e., the video clip) itself does not clearly identify the
extent of the participation of each person who was inside the
operating theatre at the time. Complicating the matter further is
the fact that there were other people inside the operating room
were nursing interns undergoing training at the hospital, but
who were not involved in the ongoing procedure.
Furthermore, the anonymity assured by the Internet,
compounded by the availability of computer shops offering
Internet access in almost every corner of the country and the
rapid replication of the video by various media and Web sites,
precludes identification of the hospital staff who first posted
the video online, and of those who continue to disseminate the
video even after the original has been taken down by YouTube.
The second case involved the public disclosure and
discussion of circumstances surrounding the admission of a
high-ranking politician to a tertiary medical centre, which was
not part of the official press release from his office, nor the
medical bulletin issued by the politician’s attending physician.
Investigation by the hospital and the National Bureau of
Investigation (NBI) suggested that non-medical hospital
personnel had accessed the patient’s record and leaked these it
to journalists. No conclusion has yet been reached in this
Case Study 2: “Leaked” News59-73
It was meant to be a critique of the possibility that the Palace is keeping
information about the President’s state of health from the public. Philippine
Star columnist Jarius Bondoc wrote in his July 3, 2009 column:
“If Gloria Macapagal Arroyo can make secret a trip to
Colombia, more so the real aim of her overnight stay at Asian
Hospital. The post-travel self-quarantine for A(H1N1) is a
handy cover for gynecological procedures. The President has
been suffering dysfunctional bleeding, likely due to polyps or
myoma in the uterus. She had first walked into the hospital
one dawn in 2008 for D&C (dilation and curettage) and left
at dusk. News then was that she had an executive check.
She’s had three follow-ups this year, the last in June.
Menopause is inducing abnormal tissue growth and hormonal
imbalance, a source said.
“Wednesday dawn Arroyo checked in again — for less
serious causes. She needed mammoplastic repair of leaking
breast implants done in the ’80s. Occasion too to have
doctors take out an inguinal cyst (in the groin), and laser off
extra hair growth in that area and the armpits. Though a bit
groggy, Arroyo was set to check out yesterday afternoon.
“Hospitalizing a President isn’t easy. Patients in five
rooms at the VIP 10th floor had to be moved, to billet
bodyguards and cooks; P4,000@, or total P20,000 a day.
Arroyo was given two connecting suites, P18,000@, or total
P36,000 a day, one for her, the other for the family.” (59)
The ensuing investigation initiated by the hospital and the National Bureau
of Investigation pointed to the possibility that an obstetrician-gynecologist
was the source of the information, and that she was able to access hospital
records with the help of three other non-medical hospital staff (the hospital
policy at that time was that doctors are not allowed to access computers; only
non-medical staff are provided passwords and the clearance to access any
The obstetrician-gynecologist, who was not part of the team attending to
the President at the time, denied involvement in the case. Columnist Bondoc
was also claimed to have said that Asian Hospital was not the source of the
As of this writing, the case remains unresolved.
Whether or not information regarding the health status of
the highly-placed public authorities is a matter of public
concern (and hence should be disclosed) or of national security
(meaning it is classified information) lies outside the purview
of the current paper. But what the case of the leaked
information highlights is the real possibility of unlimited access
to patient files in a centralized electronic medical records
database by outsiders who are not directly involved in the care
of the patient. In fact, counsel for the physician accused of
leaking the information pointed out that about 76 hospital staff
had access to the politician’s medical record during her
Regardless of the intent—whether for educational or
entertainment purposes as in the first of these cases, or out of
curiosity or in return for a sum of money as in the second—
these two cases demonstrate that even in the presence of legal
and ethical safeguards instances that result in violation of the
patient’s right to privacy still occur, though most are perhaps
on a scale sufficient warranting media attention. The
pervasiveness of tsismis (gossip) in Filipino culture74–76 may
lead a nurse assigned to a well-known celebrity to talk about
her patient’s case with her family and friends. A group of
medical students, over the course of dinner at a public
restaurant, may similarly discuss a novel case assigned to their
PRIVACY IN THE DEVELOPING WORLD—PHILIPPINES MONOGRAPH 9
The fact that not one person has been held criminally liable
for infringement of this fundamental human right, and that
culpability is difficult to establish especially in large
institutions where medical records are accessible by virtually
all staff, does not aid the cause of privacy.
VI. TOWARDS AN ACTION AGENDA FOR HEALTH
The foregoing discussion has brought to the fore the
following key issues with respect to health information privacy
in the Philippines.
First, while the right to privacy is guaranteed by the
Constitution and protected by existing laws, there currently is
Philippines. Instead, what is available are general statutory
provisions (see the Legal and Ethical Framework section
above) and guidance documents5,7,38, which individual
institutions and providers may adapt for use in their facilities.
With respect to existing legislation, the provisions are either
too generic (encompassing privacy of communication in
general) or too focused (mandating privacy and confidentiality
in specific circumstances). Implementation and enforcement
are difficult to monitor, specifically because, as shown in Table
1, the policy is scattered across several statutes. On the other
hand, the arbitrary nature of the adoption of policies
concerning medical records poses a threat to maintaining the
integrity of health records and of ensuring that breaches of
confidentiality in the healthcare provider-patient relationship
do not occur. This is even more true in the face of rapid
technological advancements that are altering the health
The Philippines could take a cue from developed countries
as New Zealand’s Health Information Privacy Code77;
Australia’s Privacy Act of 199878; the Pan-Canadian Health
Information Privacy and Confidentiality Framework79; and the
United States’ Health Insurance Portability and Accountability
the rules governing collection, storage and utilization of health
information; [b] the roles and responsibilities of the different
stakeholders; [c] the scope and limit of health information
privacy; and [d] the safeguards (policy, administrative,
institutional, environmental, and technical) to maintain health
All of these instruments also share as common policies
restrictions on the use and disclosure of identifiable patient
information by, and to, individuals and institutions other than
the patient and provider. In essence, health information, when
necessary, is shared on a “need to know” basis, and the patient
is informed of such disclosure. Administrative measures
relating to implementation (e.g. designation of dedicated
privacy officers, training of workforce) and enforcement (e.g.
filing and resolution of grievance, penalties) are also covered in
In the absence of such a law, and given that the process of
enacting legislation involving such a contentious issue is so
protracted, individual institutions and organizations utilizing
health information may need to look at developing and
instituting their own privacy policies.
As previously stated, privacy of communications, which
extends to health information, is a fundamental human right
guaranteed by the Constitution. It also forms a basic bioethical
principle that governs the provider-patient relationship.
There have been several attempts to introduce legislation on
the Patient’s Bill of Rights in the Philippines (Table 2 and
Table 3), all of which have met with little success. In general,
the blockage is concerns on the part of stakeholders, who either
argue that the enactment of such laws is unnecessary (because
existing laws sufficiently protect the rights of patients), or that
the passage of these laws will lead to the practice of “defensive
medicine” and a concurrent increase in healthcare costs to
protect the interests of healthcare providers. 81
While individuals and organizations have articulated their
concern for upholding the right to privacy and
confidentiality31,82,38, it is highly likely that, as was shown in
the case studies, adherence to this right is the exception rather
than the norm81. Thus, codifying the patient’s rights is
Many of our rights as patients have already been articulated by the
courts. Nonetheless, they often remain difficult for patients and
providers alike to understand and especially difficult for sick people to
exercise. Thus, it is helpful to collect all major patient rights into one
document for both education and enforcement ease and to provide an
effective and fair mechanism to permit patients to actually exercise
their rights in the real world, with their physicians and hospitals (p.
Once basic, uniform rights in health care are established, we can
return to the urgent task of providing access to health care for all... It
seems correct to view universal access to decent health care as our
primary goal. But rights in health care are critical, since without them
citizens may wind up with access to a system that is indifferent to both
their suffering and their rights (p. 104).
Second, the Philippines seems to lack a “privacy culture”††.
The synergistic action of the culture of tsismis widely prevalent
in the Philippines coupled with the ubiquity of Internet and
cellular phone access throughout the country is a real and
present danger to patient information privacy. Monitoring the
actions of each health provider outside the workplace (i.e.
emails, SMS, or postings to social networking sites) would
prove to be difficult and impractical. What is needed is a
change in individual behaviour that would result in self-
regulation and self-censorship in the context of securing, or
sharing, private information entrusted healthcare providers by
This could mean the adoption of codes of ethics and
conduct by professional organizations which recognize the
wider scope of privacy and confidentiality of information in a
wired world; or the education of trainees and professionals on
health information privacy by integrating the issue into
academic and continuing professional development courses
†† There is concern that privacy may be a developmental or cultural issue, as
can be gleaned from its prominence in the more developed economies and its
relative absence countries where a strong sense of community (which
effectively blurs the distinction between personal and communal ownership)
10 HEALTH INFORMATION PRIVACY @ PH
(e.g. oral presentations at symposia, conduct of press
conferences or publication and dissemination of information
Relevant to upholding privacy is the security of health
information. Whereas paper-based records could easily be kept
under lock and key, access restricted by providing only limited
pages or sections to interested parties, electronic medical
records accessible through a network of computers in a large
hospital complicate the issue. Individuals and institutions
transitioning to electronic medical records must understand and
search for the presence of such security measures as role-based
access control, data encryption, and authentication mechanisms
in the systems they are purchasing or developing.8,84
Positioning computer screens away from common or general
areas, using strong access codes, and inculcating in health staff
the habit of locking their access terminals are practical ways to
reduce the chances of unauthorized access to medical records at
the facility level. More importantly, however, developers of
electronic medical records and operators of networks that
transmit health information in the first place must ensure the
security of information in systems they are developing.
The pervasiveness of the issue of health information
privacy requires urgent, sustainable action at the national level
coupled with implementation at the institutional and individual
level. Adopting policies, developing standards, and promoting
behavioural change all require a basis of public opinion that is
sufficiently strong as to leverage action by the legislature,
regulatory agencies, professional organizations, academia,
healthcare institutions, and individual healthcare providers. The
fact that numerous attempts at passing a patient’s rights bill
have all stagnated at the Committee level reflects the relatively
low value of the issue of privacy as compared with other
competing societal concerns. Advocating for health
information privacy may not only mean raising the issue at
press conferences or in legislative sessions, but also gaining the
support of a wider base of stakeholders (e.g. patient advocacy
groups and professional organizations). Giving the issue a
credible face is also necessary to sustain and focus interest.
This paper appears to be the first attempt at defining the
Philippine health information privacy context. While a trove of
information was unearthed in the preparation of the
manuscript, more questions arose that were left unanswered
due to the exigency of the project.
In particular, the preceding discussion on health
information privacy rests on an untested assumption: that the
Filipino and Western concepts of privacy are identical. While
upscale clinics and hospitals in urban areas take great pains to
ensure that consultation rooms are separated adequately from
common and waiting areas, the situation is very different in
rural areas, where a thin sheet is all that shields a patient from
the eyes (but not ears) of waiting folks. It goes without saying
that generating critical mass is necessary to propel forward
policy and behavioural change presupposing that the subject of
change (i.e., privacy) is an issue which the object of change
(i.e., patients) cares about and is concerned with.
‡‡ Promotion of privacy is a core competency in the Philippine nursing
curricula, and is integrated as part of the course on jurisprudence and ethics
for physicians and dentists.
Furthermore, there is a paucity of scientifically validated
information on the perceptions, attitudes, and knowledge of
patients and health professionals (both in individual practice
and as part of health institutions) on health information
privacy, particularly within the context of new information and
communications technologies. In addition, while privacy and
confidentiality are prescribed components of teaching
curricula85–87, the integration and actual application of this
concept into professional schools and teaching hospitals is
Health information privacy in the Philippines has evolved
in parallel with advances in technology, but the underlying
principle remains the same: health workers must ensure the
protection at all times of their patient’s privacy. Technological
developments, however, have outpaced policy and practice.
There is a need to unify the patchwork of regulations governing
privacy; fortify the evidence base on patient and provider
perceptions of privacy; and develop and improve standards and
systems to promote health information privacy at the individual
and institutional levels. Ultimately, it must be stressed that the
quest for privacy is but one critical component in improving
the overall quality of care available to Filipinos.
 The Hippocratic Oath. U.S. National Library of Medicine Web site.
[Online] National Library of Medicine, National Institutes of Health,
June 24, 2010. [Cited: October 22, 2011.] Translated by Michael North,
National Library of Medicine, 2002.
 Privacy - MeSH. National Center for Biotechnology Information Web
site. [Online] National Center for Biotechnology Information, U.S.
National Library of Medicine. [Cited: October 23, 2011.]
 Confidentiality - MeSH. National Center for Biotechnology Information
Web site. [Online] National Center for Biotechnology Information, U.S.
National Library of Medicine. [Cited: October 23, 2011.]
 Croll, P. Privacy, security and access with sensitive health information.
[ed.] E Hovenga, et al. Health Informatics - An Overview. Amsterdam :
IOS Press, 2010, pp. 167-175.
 World Health Organization. Medical Records Manual: A Guide for
Developing Countries. Manila : WHO Western Pacific Regional Office,
2002. 92 9061 005 0.
 Fleming, David A. Ethics Conflicts in Rural Communities: Health
Information Technology. [ed.] William A Nelson. Handbook for Rural
Health Care Ethics: A Practical Guide for Professionals. Lebanon :
University Press of New England, 2009, 13, pp. 275-303. Avialable
online at http://dms.dartmouth.edu/cfm/resources/ethics/.
 World Health Organization. Electronic Health Records: Manual for
Developing Countries. Manila : WHO Western Pacific Regional Office,
2009. ISBN 92 9061 2177.
 Anderson, Ross J. Security in Clinical Information Systems. London :
British Medical Association, 1996. p. 34. version 1.1.
 Aelterman, Sven. Nothing on the Internet is ever, ever deleted. Sorrell
College of Business Portal. [Online] April 19, 2011. [Cited: October 26,
 Green, Roger. Nothing Ever Really Goes Away on the Internet. Times
Union Web site. [Online] January 23, 2011. [Cited: October 26, 2011.]
 Asia Marketing Research, Internet Usage, Population Statistics and
Facebook Information. Internet World Stats Web site. [Online] July 23,
PRIVACY IN THE DEVELOPING WORLD—PHILIPPINES MONOGRAPH 11
2011. [Cited: October 26, 2011.]
 Sotckdale, Charles and McIntyre, Dougals A. The Ten Nations Where
Facebook Rules The Internet. 24/7 Wall St. Web site. [Online] May 9,
2011. [Cited: October 31, 2011.] http://247wallst.com/2011/05/09/the-
 Russell, Jon. Philippines named social networking capital of the world.
Asian Correspondent Web site. [Online] May 15, 2011. [Cited: October
31, 2011.] http://asiancorrespondent.com/54475/philippines-named-the-
 abs-cbnNEWS.com. Filipino internet users most engaged in social
media: survey. ABS-CBN News Web site. [Online] April 9, 2010. [Cited:
October 31, 2011.] http://www.abs-
 Virola, Romulo A. ICT Statistics: Show me the data! National
Statistical Coordination Board Web site. [Online] August 14, 2006.
[Cited: October 26, 2011.]
 Russell, Jon. The rise of the mobile phone in the Philippines. Asian
Correspondent Web site. [Online] October 18, 2010. [Cited: October 31,
 Sharma, Chetan. US Wireless Market Update Q2 2011. Chetan
Sharma Web site. [Online] August 18, 2011. [Cited: October 31, 2011.]
 Ng, Peter P and Po, Philipp U. Health Laws of the Philippines. 2006
Revised Edition. Manila : Philippine College of Medical Researchers
Foundation, Inc., 2006. Third Printing, May 2006. ISBN 971-93294-1-6.
 —. Medical Laws and Jurisprudence (Legal Aspects of Medical Practice
– LAMP). 2006 Revised Edition. Manila : Philippine College of Medical
Researchers Foundation, Inc., 2006. Third Printing, May 2006. ISBN
 De Belen, Rustico T. Medical Jurisprudence. 1st Edition. Quezon City :
C & E Publishing, Inc., 2009. ISBN 978-971-584-806-0.
 Bellosillo, Josue N, et al. Basics of Philippine Medical Jurisprudence
and Ethics. Quezon City : Central Books Supply, Inc., 2010. ISBN 978-
 Childs, Dan, Chang, Haeree and Grayson, Audrey. President-Elect
Urges Electronic Medical Records in 5 Years. ABC News Web site.
[Online] January 9, 2009. [Cited: November 2, 2011.]
 Congressional Research Service Reports for the People. The Health
Information Technology for Economic and Clinical Health (HITECH)
Act. Open CRS Web site. [Online] February 23, 2009. [Cited: November
12, 2011.] http://opencrs.com/document/R40161/.
 NHS Connecting for Health. NHS Connecting for Health Web site.
[Online] Department of Health Informatics Directorate. [Cited:
November 21, 2011.] http://www.connectingforhealth.nhs.uk/.
 International Privacy Laws. Information Shield Web site. [Online]
[Cited: November 12, 2011.]
 The European Files: The telemedicine challenge in Europe. European
Commission Information Society Web site. [Online] June-July 2010.
[Cited: November 12, 2011.]
 WMA International Code of Medical Ethics. World Medical Association
Web site. [Online] October 2006. [Cited: November 12, 2011.]
 WMA Declaration of Lisbon on the Rights of the Patient. World
Medical Association Web site. [Online] October 2005. [Cited: November
12, 2011.] http://www.wma.net/en/30publications/10policies/l4/.
 A Declaration on the Promotion of Patients’ Rights in Europe. World
Health Organization Web site. [Online] June 28, 1994. [Cited:
November 12, 2011.]
Promulgated during the European Consultation on the Rights of Patients
held in Amsterdam, The Netherlands on 28-30 March 1994.
 Code of Ethics of the Philippine Medical Association. Philippine
Medical Association Web site. [Online] [Cited: November 1, 2011.]
 Philippine Medical Association Declaration of the Rights and
Obligations of the Patient. Confederation of Medical Associations in
Asia and Oceania Web site. [Online] [Cited: November 1, 2011.]
 AMA Code of Medical Ethics. American Medical Association Web site.
[Online] June 2001. [Cited: November 12, 2011.] http://www.ama-
 AMA Code of Ethics - 2004. Editorially Revised 2006. Australian
Medical Association Web site. [Online] November 2006. [Cited:
November 12, 2011.] http://ama.com.au/codeofethics.
 Board of Medicine Code of Ethics. Professional Regulation Commission
Web site. [Online] [Cited: November 1, 2011.]
 Hospital Code of Ethics. Philippine Hospital Association Web site.
[Online] [Cited: June 8, 2008.] http://pha.ph/coe.htm.
 DOH Administrative Order No. 147, s. 2004, Re: Amending
Administrative Order No. 70-A, s. 2002 re: Revised Rules and
Regulations Governing the Registration, Licensure and Operation of
Hospitals and Other Health Facilities in the Philippines. Manila,
Philippines : Department of Health, April 28, 2004.
 Guidelines in the Planning and Design of a Hospital and other Health
Facilities. Department of Health Web site. [Online] 2004. [Cited: June
28, 2008.] http://doh.gov.ph/BHFS/planning_and_design.pdf.
 Orientation of Hospitals on Benchbook Self-Assessment and
Accreditation Process Manual II. PhilHealth Web site. [Online] [Cited:
November 7, 2011.]
 Joint Commission International Accreditation Standards for Hospitals.
4th s.l. : Joint Commission International, Januay 1, 2011.
 14th Congress - Senate Bill No. 1371. Senate of the Philippines Web
site. [Online] [Cited: November 12, 2011.]
 Philippine Health Research Ethics Board. National Ethical
Guidelines for Health Research. Taguig City : Philippine Council for
Health Research and Development, Department of Science and
Technology, 2006. p. 118.
 Sun.Star. Cebu hospital apologizes for surgery 'spectacle'. GMA News
Web site. [Online] April 16, 2008. [Cited: November 2, 2011.]
 —. Cebu hospital to name docs in 'surgery scandal'. GMA News Web
site. [Online] April 18, 2008. [Cited: November 2, 2011.]
 Joshi, Mohit. Philippine hospital to file charges in surgery video
scandal. Top News Web site. [Online] April 18, 2008. [Cited: November
2, 2011.] http://www.topnews.in/health/philippine-hospital-file-charges-
 abs-cbnNEWS.com. Ombudsman: Charge docs, nurses in Cebu
'canister scandal'. ABS-CBN News Web site. [Online] May 26, 2008.
[Cited: November 2, 2011.] http://www.abs-
 Napallacan, Jhunnex and Asutilla, Carine M. Suspension of doctors,
nurses sought for operation scandal. Inquirer Global Nation Web site.
[Online] May 7, 2008. [Cited: November 2, 2011.]
12 HEALTH INFORMATION PRIVACY @ PH
 Gay man in Cebu canister scandal shuns media. ZamboTimes Web site.
[Online] May 10, 2008. [Cited: November 2, 2011.]
 Philippines: Ang Ladlad Welcomes Suspension of 2 Doctors, Nurse in
Rectal Surgery Scandal. IGLHRC Web site. [Online] May 20, 2008.
[Cited: November 2, 2011.] http://www.iglhrc.org/cgi-
 Cheng, Willard. Cover-up feared in Cebu rectal YouTube scandal.
ABS-CBN News Web site. [Online] September 23, 2008. [Cited:
November 2, 2011.] http://www.abs-
 Natavio, Johanna. Civil Service Commission declares suspension vs.
nurse on canister scandal illegal. PhilStar Web site. [Online] February 5,
2009. [Cited: November 2, 2011.]
 Mayol, Ador Vincent, Asutilla, Carine M and Napallacan, Jhunnex.
Black Suede Aftermath: ‘Danilo’ mulls civil raps; DOH-7 can’t find
staff. Inquirer Global Nation Web site. [Online] June 1, 2010. [Cited:
November 2, 2011.]
 Matibag, Gino C. Body spray scandal dismissed. AllVoices Web site.
[Online] September 2, 2010. [Cited: November 2, 2011.]
 Case dismissed. SunStar Cebu Web site. [Online] September 3, 2010.
[Cited: November 2, 2011.] http://www.sunstar.com.ph/cebu/case-
 Teves, Oliver. Philippine hospital recommends penalties for medical
staff in videotaped surgery. Northern Mindanao Health Online Web site.
[Online] [Cited: November 2, 2011.]
 Cudis, Nancy R. Vicente Sotto Memorial Medical Center names out.
Northern Mindanao Health Online Web site. [Online] [Cited: November
2, 2011.] http://onlinemindanao.com/health/news/surgery-scandal.html.
 Anong opinion nyo sa Cebu-Doctors Scandal Video. [Online] [Cited:
November 2, 2011.] http://tambayan.1.forumer.com/a/anong-opinion-
 Cebu Canister Scandal. [Online] [Cited: November 2, 2011.]
 Cebu Hospital Scandal Video. [Online] [Cited: November 2, 2011.]
 Bondoc, Jarius. Thanked by Arroyo, trumped by Customs. PhilStar
Web site. [Online] July 3, 2009. [Cited: November 2, 2011.]
 The Philippine Star. GMA quarantined at Asian Hospital. PhilStar Web
site. [Online] July 1, 2009. [Cited: November 2, 2011.]
 Luci, Charissa M. Palace confirms biopsy. Manila Bulletin Web site.
[Online] July 3, 2009. [Cited: November 2, 2011.]
 abs-cbnNEWS.com. Arroyo admits she has breast implants. ABS-CBN
News Web site. [Online] July 3, 2009. [Cited: November 2, 2011.]
 Burgonio, TJ. Palace makes a clean breast of Arroyo implant.
Inquirer.net. [Online] July 4, 2009. [Cited: November 2, 2011.]
 Romero, Paolo. Breast, groin biopsy but no surgery for GMA - Palace.
PhilStar Web site. [Online] July 4, 2009. [Cited: November 2, 2011.]
 Araneta, Sandy. The President's health: NBI looking into 'implant' leak.
NewsFlash Web site. [Online] July 7, 2009. [Cited: November 2, 2011.]
 Burgonio, TJ and Santos, Tina. NBI: Hospital not Palace asked for
leak probe. Inquirer.net. [Online] July 8, 2009. [Cited: November 2,
 GMANews.TV. Probe on leak of Arroyo ‘boob job’ not a Palace order -
NBI. GMA News Web site. [Online] July 7, 2009. [Cited: November 2,
 abs-cbnNEWS.com. Gov't nosing into records of boob job exposé
writer? ABS-CBN News Web site. [Online] July 9, 2009. [Cited:
November 2, 2011.] http://www.abs-cbnnews.com/nation/07/07/09/govt-
 —. Did doctor leak Arroyo boob job news? ABS-CBN News Web site.
[Online] July 9, 2009. [Cited: November 2, 2011.] http://www.abs-
 Araneta, Sandy. Asian Hospital doctor denies implant info leak.
NewsFlash Web site. [Online] July 15, 2009. [Cited: November 2, 2011.]
 —. NBI probe on GMA breast implant unfair - doctor. PhilStar Web
site. [Online] September 22, 2009. [Cited: November 2, 2011.]
 Real reason of GMA's self quarantine at Asian Hospital? [Online]
[Cited: November 2, 2011.] http://tsikot.com/forums/politics-economy-
 GMA Boobs Augmentation. [Online] [Cited: November 2, 2011.]
 Evans, Ken. Manila Fortuna. Milton Keynes : AuthorHouse UK Ltd.,
2011. ISBN 978-1-4567-7401-1 (sc)/ISBN 978-1-4567-7402-8 (c).
 Licuanan, Patricia. A Moral Recovery Program: Building a People --
Building a Nation. [Online] [Cited: November 2, 2011.]
 Nadal, Kevin L. Filipino American Psychology: A Handbook of
Theory, Reasearch, and Clinical Practice. s.l. : John Wiley and Sons,
2011. ISBN 9781118019771.
 Tiongco, Beatriz B. Report on the public hearing of the Committee on
Health and Demography joint with the Committees on Social Justice and
Finance on patient's rights and medical malpractice on September 28,
2004, 10:30am, Sen. Tanada Room, Senate of the Philippines. Senate of
the Philippines Web site. [Online] [Cited: November 7, 2011.]
 Memorandum of Agreement on the Rights and Obligations of Patients.
Philippine Hospital Association Web site. [Online] [Cited: November 7,
 Annas, George J. American Bioethics: Crossing Human Rights and
Health Law Boundaries. Oxford : Oxford University Press, 2005. ISBN
 Health Information Privacy Code 1994 (2008 Revised Edition).
Auckland : Office of the Privacy Commissioner, 2008. ISBN 0-478-
 Health serivce providers. Office of the Australian Privacy Commissioner
Web site. [Online] Office of the Australian Privacy Commissioner,
Australian Government. [Cited: November 7, 2011.]
 Pan-Canadian Health Information Privacy and Confidentiality
Framework. Health Canada Web site. [Online] August 9, 2005. [Cited:
November 7, 2011.] http://www.hc-sc.gc.ca/hcs-sss/pubs/ehealth-
 Health Information Privacy. U.S. Department of Health and Human
Services Web site. [Online] U.S. Department of Health and Human
Services . [Cited: November 7, 2011.] http://www.hhs.gov/ocr/privacy/.
PRIVACY IN THE DEVELOPING WORLD—PHILIPPINES MONOGRAPH 13
 Security and Privacy Issues with Health Care Information Technology.
Meingast, Marci, Roosta, Tanya and Sastry, Shankar. 2006,
Proceedings of the 28th IEEE, pp. 5453-5458. EMBS Annual
International Conference; New York City, USA, Aug 30-Sept 3, 2006;
 CHED Memorandum Order No. 10, s. 2006, Re: Policies, Standards and
Guidelines for Medical Education. Pasig City : Commission on Higher
 CHED Memorandum Order No. 5, s. 2008, Re: Policies and Standards
for the Bachelor of Science in Nursing (BSN) Program. Pasig City :
Commission on Higher Education, 2008.
 CHED Memorandum Order No. 33, s. 2006, Re: Policies, Standards and
Guidelines for Dental Education. Pasig City : Commission on Higher
 DOH Administrative Order No, 2008-0009. Department of Health Web
site. [Online] [Cited: October 25, 2011.] www.doh.gov.ph/files/ao2008-
 PhilHealth Circular No. 030, s. 2000. PhilHealth Web site. [Online]
[Cited: October 25, 2011.]
 13th Congress - House Bill No.261. House of Representatives Web site.
[Online] [Cited: November 7, 2011.]
 13th Congress - Senate Bill No. 3. Senate of the Philippines Web site.
[Online] [Cited: November 7, 2011.]
 13th Congress - Senate Bill No. 588. Senate of the Philippines Web site.
[Online] [Cited: November 7, 2011.]
 14th Congress - Senate Bill No. 812. Senate of the Philippines Web site.
[Online] [Cited: November 7, 2011.]
 14th Congress - Senate Bill No. 2371. Senate of the Philippines Web
site. [Online] [Cited: November 7, 2011.]
 15th Congress - Senate Bill No. 146. Senate of the Philippines Web site.
[Online] [Cited: November 7, 2011.]
14 HEALTH INFORMATION PRIVACY @ PH
TABLE I. NATIONAL LEGAL AND ETHICAL FRAMEWORK AFFECTING PRIVACY AND CONFIDENTIALITY WITHIN THE CONTEXT OF THE PHYSICIAN-PATIENT
A. Right to Privacy in General
1987 Philippine Constitution
Section 3 (1), Article III: The privacy of communication and correspondence shall be inviolable except upon lawful
order of the court, or when public safety or order requires otherwise, as prescribed by law. xxx
An Act to Ordain and Institute the
Civil Code of the Philippines, [NEW
CIVIL CODE] Republic Act No. 386,
(June 18, 1949).
Art. 19. Every person must, in the exercise of his rights and in the performance of his duties, act with justice, give
everyone his due, and observe honesty and good faith.
Art. 20. Every person who, contrary to law, wilfully or negligently causes damage to another, shall indemnify the latter
for the same.
Art. 21. Any person who wilfully causes loss or injury to another in a manner that is contrary to morals, good customs
or public policy shall compensate the latter for the damage.
Art. 26. Every person shall respect the dignity, personality, privacy and peace of mind of his neighbors and other
persons. The following and similar acts, though they may not constitute a criminal offense, shall produce a cause of
action for damages, prevention and other relief:
(1) Prying into the privacy of another's residence:
(2) Meddling with or disturbing the private life or family relations of another;
(3) Intriguing to cause another to be alienated from his friends;
(4) Vexing or humiliating another on account of his religious beliefs, lowly station in life, place of birth, physical
defect, or other personal condition.
Art. 32 Any public officer or employee, or any private individual, who directly or indirectly obstructs, defeats, violates
or in any manner impedes or impairs any of the following rights and liberties of another person shall be liable to the
latter for damages:
(11) The privacy of communication and correspondence...
Art. 2176. Whoever by act or omission causes damage to another, there being fault or negligence, is obliged to pay for
the damage done. Such fault or negligence, if there is no pre-existing contractual relation between the parties, is called a
quasi-delict and is governed by the provisions of this Chapter.
An Act Revising the Penal Code and
Other Penal Laws [REVISED PENAL
CODE], Act No. 3815, (1932).
Art. 228. Opening of closed documents. — Any public officer not included in the provisions of the next preceding
article who, without proper authority, shall open or shall permit to be opened any closed papers, documents or objects
entrusted to his custody, shall suffer the penalties or arresto mayor, temporary special disqualification and a fine of not
exceeding 2,000 pesos.
Art. 229. Revelation of secrets by an officer. — Any public officer who shall reveal any secret known to him by reason
of his official capacity, or shall wrongfully deliver papers or copies of papers of which he may have charge and which
should not be published, shall suffer the penalties of prision correccional in its medium and maximum periods,
perpetual special disqualification and a fine not exceeding 2,000 pesos if the revelation of such secrets or the delivery of
such papers shall have caused serious damage to the public interest; otherwise, the penalties of prision correccional in
its minimum period, temporary special disqualification and a fine not exceeding 50 pesos shall be imposed.
Art. 230. Public officer revealing secrets of private individual. — Any public officer to whom the secrets of any private
individual shall become known by reason of his office who shall reveal such secrets, shall suffer the penalties of arresto
mayor and a fine not exceeding 1,000 pesos.
Art. 290. Discovering secrets through seizure of correspondence. — The penalty of prision correccional in its minimum
and medium periods and a fine not exceeding 500 pesos shall be imposed upon any private individual who in order to
discover the secrets of another, shall seize his papers or letters and reveal the contents thereof.
If the offender shall not reveal such secrets, the penalty shall be arresto mayor and a fine not exceeding 500 pesos.
The provision shall not be applicable to parents, guardians, or persons entrusted with the custody of minors with respect
to the papers or letters of the children or minors placed under their care or study, nor to spouses with respect to the
papers or letters of either of them.
Art. 291. Revealing secrets with abuse of office. — The penalty of arresto mayor and a fine not exceeding 500 pesos
shall be imposed upon any manager, employee, or servant who, in such capacity, shall learn the secrets of his principal
or master and shall reveal such secrets.
B. Right to Privacy in Relation to the Healthcare System
The Medical Act of 1959, Republic
Act No. 2382, (June 20, 1959)
Section 24: Grounds for reprimand, suspension or revocation of registration certificate. Any of the following shall be
sufficient ground for reprimanding a physician, or for suspending or revoking a certificate of registration as physician:
(12) Violation of any provision of the Code of Ethics as approved by the Philippine Medical Association.
An Act Promulgating Policies and
Prescribing Measures for the
Section 2 (b) (1): The State shall extend to every person suspected or known to be infected with HIV/AIDS full
protection of his/her human rights and civil liberties. Towards this end, xxx the right of privacy of individuals with HIV
PRIVACY IN THE DEVELOPING WORLD—PHILIPPINES MONOGRAPH 15
Prevention and Control of HIV/AIDS
in the Philippines, Instituting a
Nationwide HIV/AIDS Information
and Educational Program, Establishing
a Comprehensive HIV/AIDS
Monitoring System, Strengthening the
Philippine National Aids Council, and
for Other Purposes, “Philippine AIDS
Prevention and Control Act of 1998”,
Republic Act No. 8504, (February 13,
shall be guaranteed.
Section 3(n): “Medical Confidentiality” – refers to the relationship of trust and confidence created or existing between a
patient or a person with HIV and his attending physician, consulting medical specialist, nurse, medical technologist and
all other health workers or personnel involved in any counselling, testing or professional care of the former; it also
applies to any person who, in any official capacity, has acquired or may have acquired such confidential information.
Section 30, Article VI: Medical Confidentiality - All health professionals, medical instructors, workers, employers,
recruitment agencies, insurance companies, data encoders, and other custodians of any medical record, file, data, or test
results are directed to strictly observe confidentiality in the handling of all medical information, particularly the identity
and status of persons with HIV.
Section 31, Article VI: Exceptions to the Mandate of Confidentiality – Medical confidentiality shall not be considered
breached in the following cases:
(a) when complying with reportorial requirements in conjunction with the AIDSWATCH programs provided in
Section 27 of this Act;
(b) when informing other health workers directly involved or about to be involved in the treatment or care of a person
with HIV/AIDS: Provided, That such treatment or care carry the risk of HIV transmission: Provided, further, That such
workers shall be obliged to maintain the shared medical confidentiality;
(c) when responding to a subpoena duces tecum and subpoena ad testificandum issued by a Court with jurisdiction
over a legal proceeding where the main issue is the HIV status of an individual: Provided, That the confidential medical
record shall be properly sealed by its lawful custodian after being double-checked for accuracy by the head of the office
or department, hand delivered and personally opened by the judge: Provided, further, That the judicial proceedings be
held in executive session.
Section 33, Article VI: Penalties for Violation of Confidentiality – Any violation of medical confidentiality as provided
in Sections 30 and Section 32 of this Act shall suffer the penalty of imprisonment for six (6) months to four (4) years,
without prejudice to administrative sanctions such as fines and suspension or revocation of the violator’s license to
practice his/her profession, as well as the cancellation or withdrawal of the license to operate any business entity and
the accreditation of hospitals, laboratories and clinics.
An Act Instituting the Comprehensive
Dangerous Drugs Act of 2002,
Repealing Republic Act No. 6425,
Otherwise Known as the Dangerous
Drugs Act of 1972, as Amended,
Providing Funds Therefor, and for
Other Purposes, “Comprehensive
Dangerous Drugs Act of 2002”,
Republic Act No. 9165, (June 7, 2002)
Section 36. Authorized Drug Testing. The following shall be subjected to undergo drug testing:
(a) Applicants for driver's license. – No driver's license shall be issued or renewed to any person unless he/she
presents a certification that he/she has undergone a mandatory drug test and indicating thereon that he/she is free
from the use of dangerous drugs;
(b) Applicants for firearm's license and for permit to carry firearms outside of residence. – All applicants for firearm's
license and permit to carry firearms outside of residence shall undergo a mandatory drug test to ensure that they are
free from the use of dangerous drugs: Provided, That all persons who by the nature of their profession carry firearms
shall undergo drug testing;
(c) Students of secondary and tertiary schools. – Students of secondary and tertiary schools shall, pursuant to the
related rules and regulations as contained in the school's student handbook and with notice to the parents, undergo a
random drug testing: Provided, That all drug testing expenses whether in public or private schools under this Section
will be borne by the government;
(d) Officers and employees of public and private offices. – Officers and employees of public and private offices,
whether domestic or overseas, shall be subjected to undergo a random drug test as contained in the company's work
rules and regulations, which shall be borne by the employer, for purposes of reducing the risk in the workplace. Any
officer or employee found positive for use of dangerous drugs shall be dealt with administratively which shall be a
ground for suspension or termination, subject to the provisions of Article 282 of the Labor Code and pertinent
provisions of the Civil Service Law;
(e) Officers and members of the military, police and other law enforcement agencies. – Officers and members of the
military, police and other law enforcement agencies shall undergo an annual mandatory drug test;
(f) All persons charged before the prosecutor's office with a criminal offense having an imposable penalty of
imprisonment of not less than six (6) years and one (1) day shall have to undergo a mandatory drug test; and
(g) All candidates for public office whether appointed or elected both in the national or local government shall
undergo a mandatory drug test.
In addition to the above stated penalties in this Section, those found to be positive for dangerous drugs use shall be
subject to the provisions of Section 15 of this Act.
Section 40. Records Required for Transactions on Dangerous Drug and Precursors and Essential Chemicals. –
a) Every pharmacist dealing in dangerous drugs and/or controlled precursors and essential chemicals shall maintain and
keep an original record of sales, purchases, acquisitions and deliveries of dangerous drugs, indicating therein the
(1) License number and address of the pharmacist;
(2) Name, address and license of the manufacturer, importer or wholesaler from whom the dangerous drugs have
(3) Quantity and name of the dangerous drugs purchased or acquired;
(4) Date of acquisition or purchase;
(5) Name, address and community tax certificate number of the buyer;
(6) Serial number of the prescription and the name of the physician, dentist, veterinarian or practitioner issuing the
(7) Quantity and name of the dangerous drugs sold or delivered; and
(8) Date of sale or delivery.
16 HEALTH INFORMATION PRIVACY @ PH
A certified true copy of such record covering a period of six (6) months, duly signed by the pharmacist or the owner
of the drugstore, pharmacy or chemical establishment, shall be forwarded to the Board within fifteen (15) days
following the last day of June and December of each year, with a copy thereof furnished the city or municipal health
Section 60. Confidentiality of Records Under the Voluntary Submission Program. – Judicial and medical records of
drug dependents under the voluntary submission program shall be confidential and shall not be used against him for any
purpose, except to determine how many times, by himself/herself or through his/her parent, spouse, guardian or relative
within the fourth degree of consanguinity or affinity, he/she voluntarily submitted himself/herself for confinement,
treatment and rehabilitation or has been committed to a Center under this program.
Section 64. Confidentiality of Records Under the Compulsory Submission Program. – The records of a drug dependent
who was rehabilitated and discharged from the Center under the compulsory submission program, or who was charged
for violation of Section 15 of this Act, shall be covered by Section 60 of this Act. However, the records of a drug
dependent who was not rehabilitated, or who escaped but did not surrender himself/herself within the prescribed period,
shall be forwarded to the court and their use shall be determined by the court, taking into consideration public interest
and the welfare of the drug dependent.
Section 72. Liability of a Person Who Violates the Confidentiality of Records. – The penalty of imprisonment ranging
from six (6) months and one (1) day to six (6) years and a fine ranging from One thousand pesos (P1,000.00) to Six
thousand pesos (P6,000.00), shall be imposed upon any person who, having official custody of or access to the
confidential records of any drug dependent under voluntary submission programs, or anyone who, having gained
possession of said records, whether lawfully or not, reveals their content to any person other than those charged with the
prosecution of the offenses under this Act and its implementation. The maximum penalty shall be imposed, in addition
to absolute perpetual disqualification from any public office, when the offender is a government official or employee.
Should the records be used for unlawful purposes, such as blackmail of the drug dependent or the members of his/her
family, the penalty imposed for the crime of violation of confidentiality shall be in addition to whatever crime he/she
may be convicted of.
An Act Defining Violence Against
Women and Their Children, Providing
for Protective Measures for Victims,
Prescribing Penalties Therefore, and
for Other Purposes, “Anti-Violence
Against Women and Their Children
Act of 2004”, Republic Act No. 9262,
(March 8, 2004)
Section 44. Confidentiality. – All records pertaining to cases of violence against women and their children including
those in the barangay shall be confidential and all public officers and employees and public or private clinics to
hospitals shall respect the right to privacy of the victim. Whoever publishes or causes to be published, in any format, the
name, address, telephone number, school, business address, employer, or other identifying information of a victim or an
immediate family member, without the latter's consent, shall be liable to the contempt power of the court.
Any person who violates this provision shall suffer the penalty of one (1) year imprisonment and a fine of not more
than Five Hundred Thousand pesos (P500,000.00).
Rules of Court and Administrative Rules
Revised Rules of Evidence, Rules of
Court, (March 14, 1989)
Section 24 (c), Rule 128: Disqualification by reason of privileged communication. — The following persons cannot
testify as to matters learned in confidence in the following cases: A person authorized to practice medicine, surgery or
obstetrics cannot in a civil case, without the consent of the patient, be examined as to any advice or treatment given by
him or any information which he may have acquired in attending such patient in a professional capacity, which
information was necessary to enable him to act in capacity, and which would blacken the reputation of the patient
Department of Health Guidelines in
the Planning and Design of a Hospital
and other Health Facilities (2004)
Auditory and Visual Privacy: A hospital and other health facilities shall observe acceptable sound level and adequate
visual seclusion to achieve the acoustical and privacy requirements in designated areas allowing the unhampered
conduct of activities.
Philippine Health Insurance
Corporation Benchbook Self-
Assessment and Accreditation Process
1.3.b.1 Standard: The organization documents and follows policies and procedures for addressing patients’ needs for
confidentiality, privacy, security, religious counseling and communication
Criteria: The hospital systematically determines, monitors and improves the extent to which patients’ needs for
confidentiality, privacy, security, counseling and communication are addressed.
1.5.b.1 Standard: The organization’s personnel discharge their functions according to codes of ethical behavior and
other relevant professional and statutory standards.
Criteria: The organization identifies and monitors personnel compliance with the code of ethics relevant to their
Lim vs. Court of Appeals (G.R. No.
91114, September 25, 1992)
This rule on the physician-patient privilege is intended to facilitate and make safe full and confidential disclosure by the
patient to the physician of all facts, circumstances and symptoms, untrammeled by apprehension of their subsequent
and enforced disclosure and publication on the witness stand, to the end that the physician may form a correct opinion,
and be enabled safely and efficaciously to treat his patient. It rests in public policy and is for the general interest of the
Since the object of the privilege is to protect the patient, it may be waived if no timely objection is made to the
In order that the privilege may be successfully claimed, the following requisites must concur:
“1. the privilege is claimed in a civil case;
2. the person against whom the privilege is claimed is one duly authorized to practice medicine, surgery or obstetrics;
3. such person acquired the information while he was attending to the patient in his professional capacity;
4. the information was necessary to enable him to act in that capacity; and
5. the information was confidential, and, if disclosed, would blacken the reputation (formerly character) of the patient.”
The physician may be considered to be acting in his professional capacity when he attends to the patient for
PRIVACY IN THE DEVELOPING WORLD—PHILIPPINES MONOGRAPH 17
curative, preventive, or palliative treatment. Thus, only disclosures which would have been made to the physician to
enable him “safely and efficaciously to treat his patient” are covered by the privilege. It is to be emphasized that “it is
the tenor only of the communication that is privileged. The mere fact of making a communication, as well as the date of
a consultation and the number of consultations, are therefore not privileged from disclosure, so long as the subject
communicated is not stated.”
One who claims this privilege must prove the presence of these aforementioned requisites.
Krohn vs. Court of Appeals (G.R. No.
108854, June 14, 1994)
The treatise presented by petitioner on the privileged nature of the communication between physician and patient, as
well as the reasons therefor, is not doubted. Indeed, statutes making communications between physician and patient
privileged are intended to inspire confidence in the patient and encourage him to make a full disclosure to his physician
of his symptoms and condition. Consequently, this prevents the physician from making public information that will
result in humiliation, embarrassment, or disgrace to the patient. For the patient should rest assured with the knowledge
that the law recognizes the communication as confidential, and guards against the possibility of his feelings being
shocked or his reputation tarnished by their subsequent disclosure. The physician-patient privilege creates a zone of
privacy, intended to preclude the humiliation of the patient that may follow the disclosure of his ailments. Indeed,
certain types of information communicated in the context of the physician-patient relationship fall within the
constitutionally protected zone of privacy, including a patient’s interest in keeping his mental health records
confidential. Thus, it has been observed that the psychotherapist-patient privilege is founded upon the notion that
certain forms of antisocial behavior may be prevented by encouraging those in need of treatment for emotional
problems to secure the services of a psychotherapist. xxx
In the instant case, the person against whom the privilege is claimed is not one duly authorized to practice medicine,
surgery or obstetrics. He is simply the patient’s husband who wishes to testify on a document executed by medical
practitioners. Plainly and clearly, this does not fall within the claimed prohibition. Neither can his testimony be
considered a circumvention of the prohibition because his testimony cannot have the force and effect of the testimony
of the physician who examined the patient and executed the report.
Kilusang Mayo Uno vs. Director-
General, National Economic
Development Authority (487 SCRA
623, 654- 656, 2006)
The dissenting opinion cites three American decisions on the right to privacy, namely, Griswold v. Connecticut, U.S.
Justice Department v. Reporters Committee for Freedom of the Press, and Whalen v. Roe. The last two decisions
actually support the validity of EO 420, while the first is inapplicable to the present case.
In Griswold, the U.S. Supreme Court declared unconstitutional a state law that prohibited the use and distribution of
contraceptives because enforcement of the law would allow the police entry into the bedrooms of married couples.
Declared the U.S. Supreme Court: “Would we allow the police to search the sacred precincts of the marital bedrooms
for tell-tale signs of the use of contraceptives? The very idea is repulsive to the notions of privacy surrounding the
marriage relationship.” Because the facts and the issue involved in Griswold are materially different from the present
case, Griswold has no persuasive bearing on the present case.
In U.S. Justice Department, the issue was not whether the State could collect and store information on individuals
from public records nationwide but whether the State could withhold such information from the press. The premise of
the issue in U.S. Justice Department is that the State can collect and store in a central database information on citizens
gathered from public records across the country. In fact, the law authorized the Department of Justice to collect and
preserve fingerprints and other criminal identification records nationwide. The law also authorized the Department of
Justice to exchange such information with “officials of States, cities and other institutions.” The Department of Justice
treated such information as confidential. A CBS news correspondent and the Reporters Committee demanded the
criminal records of four members of a family pursuant to the Freedom of Information Act. The U.S. Supreme Court
ruled that the Freedom of Information Act expressly exempts release of information that would “constitute an
unwarranted invasion of personal privacy,” and the information demanded falls under that category of exempt
With the exception of the 8 specific data shown on the ID card, the personal data collected and recorded under EO
420 are treated as “strictly confidential” under Section 6(d) of EO 420. These data are not only strictly confidential but
also personal matters. Section 7, Article III of the 1987 Constitution grants the “right of the people to information on
matters of public concern.” Personal matters are exempt or outside the coverage of the people’s right to information on
matters of public concern. The data treated as “strictly confidential” under EO 420 being private matters and not matters
of public concern, these data cannot be released to the public or the press. Thus, the ruling in U.S. Justice Department
does not collide with EO 420 but actually supports the validity EO 420.
Whalen v. Roe is the leading American case on the constitutional protection for control over information. In Whalen,
the U.S. Supreme Court upheld the validity of a New York law that required doctors to furnish the government reports
identifying patients who received prescription drugs that have a potential for abuse. The government maintained a
central computerized database containing the names and addresses of the patients, as well as the identity of the
prescribing doctors. The law was assailed because the database allegedly infringed the right to privacy of individuals
who want to keep their personal matters confidential. The U.S. Supreme Court rejected the privacy claim, and declared:
Disclosures of private medical information to doctors, to hospital personnel, to insurance
companies, and to public health agencies are often an essential part of modern medical practice even
when the disclosure may reflect unfavorably on the character of the patient. Requiring such disclosures
to representatives of the State having responsibility for the health of the community does not
automatically amount to an impermissible invasion of privacy. (Emphasis supplied)
Compared to the personal medical data required for disclosure to the New York State in Whalen, the 14 specific
data required for disclosure to the Philippine government under EO 420 are far less sensitive and far less personal. In
fact, the 14 specific data required under EO 420 are routine data for ID systems, unlike the sensitive and potentially
embarrassing medical records of patients taking prescription drugs. Whalen, therefore, carries persuasive force for
upholding the constitutionality of EO 420 as non-violative of the right to privacy.
Subsequent U.S. Supreme Court decisions have reiterated Whalen. In Planned Parenthood of Central Missouri v.
Danforth, the U.S. Supreme Court upheld the validity of a law that required doctors performing abortions to fill up
forms, maintain records for seven years, and allow the inspection of such records by public health officials. The U.S.
Supreme Court ruled that “recordkeeping and reporting requirements that are reasonably directed to the preservation of
18 HEALTH INFORMATION PRIVACY @ PH
maternal health and that properly respect a patient’s confidentiality and privacy are permissible.”
Again, in Planned Parenthood of Southeastern Pennsylvania v. Casey, the U.S. Supreme Court upheld a law that
required doctors performing an abortion to file a report to the government that included the doctor’s name, the woman’s
age, the number of prior pregnancies and abortions that the woman had, the medical complications from the abortion,
the weight of the fetus, and the marital status of the woman. In case of state-funded institutions, the law made such
information publicly available. In Casey, the U.S. Supreme Court stated: “The collection of information with respect to
actual patients is a vital element of medical research, and so it cannot be said that the requirements serve no purpose
other than to make abortion more difficult.”
Professional Services, Inc. v. Agana
(513 SCRA 478, 2007)
With the passage of time, more duties were expected from hospitals, among them: (1) the use of reasonable care in the
maintenance of safe and adequate facilities and equipment; (2) the selection and retention of competent physicians; (3)
the overseeing or supervision of all persons who practice medicine within its walls; and (4) the formulation, adoption
and enforcement of adequate rules and policies that ensure quality care for its patients. Thus, in Tucson Medical Center,
Inc. v. Misevich, it was held that a hospital, following the doctrine of corporate responsibility, has the duty to see that it
meets the standards of responsibilities for the care of patients.
C. Right to Privacy and Electronic Data
An Act Providing for the Recognition
and Use of Electronic Commercial and
Non-Commercial Transactions and
Documents, Penalties for Unlawful
Use Thereof and Other Purposes,
"Electronic Commerce Act of 2000",
Republic Act No. 8792, (June 14,
Sec. 5. Definition of Terms. - For the purposes of this Act, the following terms are defined, as follows:
c. “Electronic Data Message” refers to information generated, sent, received or stored by electronic, optical or similar
d. “Information and Communication System” refers to a system intended for and capable of generating, sending,
receiving, storing or otherwise processing electronic data messages or electronic documents and includes the computer
system or other similar device by or in which data is recorded or stored and any procedures related to the recording or
storage of electronic data message or electronic document.
e. “Electronic Signature” refers to any distinctive mark, characteristic and/or sound in electronic form, representing the
identity of a person and attached to or logically associated with the electronic data message or electronic document or
any methodology or procedures employed or adopted by a person and executed or adopted by such person with the
intention of authenticating or approving an electronic data message or electronic document.
f. “Electronic Document” refers to information or the representation of information, data, figures, symbols or other
modes of written expression, described or however represented, by which a right is established or an obligation
extinguished, or by which a fact may be proved and affirmed, which is received, recorded, transmitted, stored,
processed, retrieved or produced electronically.
g. “Electronic Key” refers to a secret code which secures and defends sensitive information that crosses over public
channels into a form decipherable only with a matching electronic key.
Sec. 7. Legal Recognition of Electronic Documents. – Electronic documents shall have the legal effect, validity or
enforceability as any other document or legal writing, and –xxx
SEC. 31. Lawful Access. - Access to an electronic file, or an electronic signature of an electronic data message or
electronic document shall only be authorized and enforced in favor of the individual or entity having a legal right to the
possession or the use of the plaintext, electronic signature or file and solely for the authorized purposes. The electronic
key for identity or integrity shall not be made available to any person or party without the consent of the individual or
entity in lawful possession of that electronic key.
SEC. 32. Obligation of Confidentiality. - Except for the purposes authorized under this Act, any person who obtained
access to any electronic key, electronic data message, or electronic document, book, register, correspondence,
information, or other material pursuant to any
powers conferred under this Act, shall not convey to or share the same with any other person.
SEC. 33. Penalties. - The following Acts shall be penalized by fine and/or imprisonment, as follows:
(a) Hacking or cracking which refers to unauthorized access into or interference in a computer system/server or
information and communication system; or any access in order to corrupt, alter, steal, or destroy using a computer or
other similar information and communication devices, without the knowledge and consent of the owner of the computer
or information and communications system, including the introduction of computer viruses and the like, resulting in the
corruption, destruction, alteration, theft or loss of electronic data messages or electronic document shall be punished by
a minimum fine of one hundred thousand pesos (P100,000.00) and a maximum commensurate to the damage incurred
and a mandatory imprisonment of six (6) months to three (3) years;
(b) Piracy or the unauthorized copying, reproduction, dissemination, distribution, importation, use, removal, alteration,
substitution, modification, storage, uploading, downloading, communication, making available to the public, or
broadcasting of protected material, electronic signature or copyrighted works including legally protected sound
recordings or phonograms or information material on protected works, through the use of telecommunication networks,
such as, but not limited to, the internet, in a manner that infringes intellectual property rights shall be punished by a
minimum fine of one hundred thousand pesos (P100,000.00) and a maximum commensurate to the damage incurred
and a mandatory imprisonment of six (6) months to three (3) years;
(c) Violations of the Consumer Act or Republic Act No. 7394 and other relevant or pertinent laws through transactions
covered by or using electronic data messages or electronic documents, shall be penalized with the same penalties as
provided in those laws; (d) Other violations of the provisions of this Act, shall be penalized with a maximum penalty of
one million pesos (P1,000,000.00) or six (6) years imprisonment.
An Act to Prohibit and Penalize Wire
Tapping and Other related Violations
of the Privacy of Communication, and
for Other Purposes, Republic Act No.
Section 1. It shall be unlawful for any person, not being authorized by all the parties to any private communication or
spoken word, to tap any wire or cable, or by using any other device or arrangement, to secretly overhear, intercept, or
record such communication or spoken word by using a device commonly known as a dictaphone or dictagraph or
detectaphone or walkie-talkie or tape recorder, or however otherwise described:
PRIVACY IN THE DEVELOPING WORLD—PHILIPPINES MONOGRAPH 19
4200, (June 19, 1965)
It shall also be unlawful for any person, be he a participant or not in the act or acts penalized in the next preceding
sentence, to knowingly possess any tape record, wire record, disc record, or any other such record, or copies thereof, of
any communication or spoken word secured either before or after the effective date of this Act in the manner prohibited
by this law; or to replay the same for any other person or persons; or to communicate the contents thereof, either
verbally or in writing, or to furnish transcriptions thereof, whether complete or partial, to any other person: Provided,
That the use of such record or any copies thereof as evidence in any civil, criminal investigation or trial of offenses
mentioned in Sec. 3 hereof, shall not be covered by this prohibition.
Sec. 2. Any person who wilfully or knowingly does or who shall aid, permit, or cause to be done any of the acts
declared to be unlawful in the preceding Sec. or who violates the provisions of the following Sec. or of any order issued
thereunder, or aids, permits, or causes such violation shall, upon conviction thereof, be punished by imprisonment for
not less than six months or more than six years and with the accessory penalty of perpetual absolute disqualification
from public office if the offender be a public official at the time of the commission of the offense, and, if the offender is
an alien he shall be subject to deportation proceedings.
D. Exceptions to the Right to Privacy
Republic Act No. 3573, Law of
Reporting of Communicable Diseases
Mandatory reporting of individuals and health facilities of notifiable diseases to local and national health authorities.
Law on Registry of Civil Status,
Republic Act No. 3753, (November
Sec. 5. Registration and Certification of Birth. — The declaration of the physician or midwife in attendance at the birth
or, in default thereof, the declaration of either parent of the newborn child, shall be sufficient for the registration of a
birth in the civil register. Such declaration shall be exempt from the documentary stamp tax and shall be sent to the
local civil registrar not later than thirty days after the birth, by the physician, or midwife in attendance at the birth or by
either parent of the newly born child.
Sec. 6. Death certificate and register. — No human body shall be buried unless the proper death certificate has been
presented and recorded in the office of the local civil registrar. The physician who attended the deceased or, in his
default the health officer concerned, or in default of the latter, any member of the family of the deceased or any person
having knowledge of the death, shall report the same to the local health authorities, who shall issue a death certificate
and shall order the same to be recorded in the office of the local civil registrar.
An Act Regulating the Practice of
Pharmacy and Setting Standards of
Pharmaceutical Education in the
Philippines and for Other Purposes,
Republic Act No. 5921, (June 21,
Section 32: Record books for prescription. All prescriptions dispersed in the drugstore shall be recorded in the book
kept for the purpose indicating therein, among others, the name of the manufacturer, the original stock, lot and control
numbers of the main ingredients of the prescriptions, which book shall be open to inspection by the proper authorities at
any time of the day when the pharmacy is open to the public and must be preserved for a period of not less than two
years the last entry in it has been made. All prescription shall be attached to said book for prescriptions and numbered
consecutively and shall be preserved for the same length of time as the prescription book.
A Decree Instituting a Labor Code
Thereby Revising and Consolidating
Labor and Social Laws to Afford
Protection to Labor, Promote
Employment and Human Resources
Development and Insure Industrial
Peace Based on Social Justice, “Labor
Code of the Philippines”, Presidential
Decree No. 442, as amended, (May 1,
Art. 187. Attending physician. Any physician attending an injured or sick employee shall comply with all the
regulations of the System and submit reports in prescribed forms at such time as may be required concerning his
condition or treatment. All medical information relevant to the particular injury or sickness shall, on demand, be made
available to the employee or the System. No information developed in connection with treatment or examination for
which compensation is sought shall be considered as privileged communication.
The Child and Youth Welfare Code,
Presidential Decree No. 603,
(December 10, 1974)
Article 166. Report of Maltreated or Abused Child. - All hospitals, clinics and other institutions as well as private
physicians providing treatment shall, within forty-eight hours from knowledge of the case, report in writing to the city
or provincial fiscal or to the Local Council for the Protection of Children or to the nearest unit of the Department of
Social Welfare, any case of a maltreated or abused child, or exploitation of an employed child contrary to the provisions
of labor laws. It shall be the duty of the Council for the Protection of Children or the unit of the Department of Social
Welfare to whom such a report is made to forward the same to the provincial or city fiscal.
Violation of this provision shall subject the hospital, clinic, institution, or physician who fails to make such report to
a fine of not more than two thousand pesos.
In cases of sexual abuse, the records pertaining to the case shall be kept strictly confidential and no information
relating thereto shall be disclosed except in connection with any court or official proceeding based on such report. Any
person disclosing confidential information in violation of this provision shall be punished by a fine of not less than one
hundred pesos nor more than five thousand pesos, or by imprisonment for not less than thirty days nor more than one
year, or both such fine and imprisonment, at the discretion of the court.
Executive Order No. 212, amending
Presidential Decree No. 169 (July 10,
Section 1. The attending physician of any hospital, medical clinic, sanitarium or other medical establishments, or any
other medical practitioner, who has treated any person for serious or less serious physical injuries as these injuries are
defined in Articles 262, 263, 264 and 265 of the Revised Penal Code shall report the fact of such treatment promptly to
the nearest government health authority
An Act Instituting a National Health
Insurance Program for all Filipinos and
Establishing The Philippine Health
Insurance Corporation for the Purpose,
“National Health Insurance Act of
1995”, Republic Act No. 7875,
(February 10, 2004)
Section 16 (m): to supervise the provision of health benefits with the power to inspect medical and financial records of
health care providers and patients who are participants in or members of the Program, and the power to
enter and inspect accredited health care institutions, subject to the rules and regulations to be promulgated by the
Rules of Court and Administrative Rules
20 HEALTH INFORMATION PRIVACY @ PH
Rule 28. Physical and Mental
Examination of Persons, 1997 Rules of
Civil Procedure, Rules of Court (April
SECTION 1. When examination may be ordered.—In an action in which the mental or physical condition of a party is
in controversy, the court in which the action is pending may in its discretion order him to submit to a physical or mental
examination by a physician.
SEC. 2. Order for examination.—The order for examination may be made only on motion for good cause shown and
upon notice to the party to be examined and to all other parties, and shall specify the time, place, manner, conditions
and scope of the examination and the person or persons by whom it is to be made.
SEC. 3. Report of findings—If requested by the party examined, the party causing the examination to be made shall
deliver to him a copy of a detailed written report of the examining physician setting out his findings and conclusions.
After such request and delivery, the party causing the examination to be made shall be entitled upon request to receive
from the party examined a like report of any examination, previously or thereafter made, of the same mental or physical
condition. If the party examined refuses to deliver such report, the court on motion and notice may make an order
requiring delivery on such terms as are just, and if a physician fails or refuses to make such a report the court may
exclude his testimony if offered at the trial.
SEC. 4. Waiver of privilege.—By requesting and obtaining a report of the examination so ordered or by taking the
deposition of the examiner, the party examined waives any privilege he may have in that action or any other involving
the same controversy, regarding the testimony of every other person who has examined or may thereafter examine him
in respect of the same mental or physical examination.
Philippine National AIDS Council
Resolution No. 1, Rules and
Regulations Implementing the
Philippine AIDS Prevention and
Control Act of 1994 (RA 8504), (April
Sec. 41. Medical Confidentiality. Medical confidentiality shall protect and uphold the right to privacy of an individual
who undergoes HIV testing or is diagnosed to have HIV. It includes safeguarding all medical records obtained by health
professionals, health instructors, co-workers, employers, recruitment agencies, insurance companies, data encoders, and
other custodians of said record, file, or data.
Confidentiality shall encompass all forms of communication that directly or indirectly lead to the disclosure of
information on the identity or health status of any person who undergoes HIV testing or is diagnosed to have HIV. This
information may include but is not limited to the name, address, picture, physical description or any other characteristic
of a person which may lead to his/her identification.
To safeguard the confidentiality of a person's HIV/AIDS record, protocols and policies shall be adopted by concerned
officials, agencies and institutions.
Sec. 42. Exceptions to the Mandate of Confidentiality. The requirement for medical confidentiality shall be waived in
the following instances:
a. When responding to a subpoena duces tecum and subpoena ad testificandum issued by a court with jurisdiction over
legal proceedings where the main issue is the HIV status of an individual;
b. When complying with the reporting requirements for AIDSWATCH as provided in Sec. 39 of this IRR; and
c. When informing other health workers directly involved or about to be involved in the treatment or care of a person
with HIV/AIDS and such treatment or care carry the risk of HIV transmission
Health workers who are exposed to invasive procedures and may potentially be in contact with blood and bodily
fluids likely to transmit HIV shall be informed of the HIV status of a person, even without his/her consent. This
information is vital to their protection against acquiring and transmitting the HIV infection through safe practices and
procedures in accordance with Secs. 21 and 24 of this IRR.
Those who are not at risk of transmission, must not be informed of a person’s HIV status.
All health workers shall maintain shared medical confidentiality.
DOH Administrative Order No, 2008-
0009, Adopting the 2008 Revised List
of Notifiable Diseases, Syndromes and
Health-Related Events and Conditions,
(February 12, 2008)
The policy encompasses all individuals and health facilities, both government and private, in all levels of government
(sitio, barangay/village, municipal, city, provincial, regional and national).
- This order mandated the submission of case-based investigation report to the Provincial Health Office, Centers
for Health Development, and the National Epidemiology Center within 24 hours of detection of immediately
PhilHealth Circular No. 030, s. 2000,
Strict Compliance to Republic Act
3573, the Law on Reporting
Communicable Diseases, (September
This is in keeping with Section 2 of RA 3573 that states, every person having knowledge of the occurrence of any case
of reportable or communicable diseases shall immediately notify the nearest health station either by telephone, by
messenger or by written notice, specifying the disease and the name and address of the person affected.
The immediate disclosure of the above information and any other diseases publicly declared by the Secretary of
Health to be communicable and dangerous to the public health will enable the health agencies concerned to prepare for
E. Ethical Principles
All that may come to my knowledge in the exercise of my profession or in daily commerce with men, which ought not
to be spread abroad, I will keep secret and will never reveal.
WMA Declaration of Lisbon on the
Rights of the Patient
Right to confidentiality
a. All identifiable information about a patient's health status, medical condition, diagnosis, prognosis and treatment and
all other information of a personal kind must be kept confidential, even after death. Exceptionally, descendants may
have a right of access to information that would inform them of their health risks.
b. Confidential information can only be disclosed if the patient gives explicit consent or if expressly provided for in the
law. Information can be disclosed to other health care providers only on a strictly "need to know" basis unless the
patient has given explicit consent.
c. All identifiable patient data must be protected. The protection of the data must be appropriate to the manner of its
storage. Human substances from which identifiable data can be derived must be likewise protected.
International Code of Medical Ethics,
World Medical Association
A physician shall respect a patient's right to confidentiality. It is ethical to disclose confidential information when the
patient consents to it or when there is a real and imminent threat of harm to the patient or to others and this threat can be
only removed by a breach of confidentiality.
PRIVACY IN THE DEVELOPING WORLD—PHILIPPINES MONOGRAPH 21
Administrative Oath for Physicians
I hereby solemnly swear that I will support and defend the Constitution of the Philippines;
That I will obey the laws, legal order and decree promulgated by the duly constituted authorities of the Republic of
the Philippines and that I impose this obligation upon myself voluntarily, without mental reservation or purpose of
I further solemnly swear that at all times and places, I will adhere to the ethical and professional rules generally
accepted by the medical profession in the Philippines;
And that I will faithfully discharge to the best of my ability the duties and obligations incumbent upon a legally
authorized medical practitioner.
Code of Ethics, Professional
Regulation Commission Board of
Section 6, Article II: The medical practitioner should guard as a sacred trust anything that is confidential or private in
nature that he may discover or that may be communicated to him in his professional relation with his patients, even
after their death. He should never divulge this confidential information, or anything that may reflect upon the moral
character of the person involved, except when it is required in the interest of justice, public health, or public safety.
Section 2, Article VII: Violation of anyone of the provisions of this Code of Ethics shall constitute unethical and
unprofessional conduct and therefore a sufficient ground for the reprimand, suspensions, or revocation of the certificate
of registration of the offending physician in accordance with the provisions of Section 24, paragraph (12) of the
Medical Act of 1959, Republic Act 2382.
Code of Ethics, Philippine Medical
Section 6, Article 2: The physician should hold as sacred and highly confidential whatever may be discovered or
learned pertinent to the patient even after death, except when required in the promotion of justice, safety and public
PMA Code of Ethics Implementing
2. Pursuant to the Medical Act of 1959, the Code of Ethics issued by the Philippine Medical Association shall be
complied with by all physicians, whether such physicians are members of the association or not. Violations of the Code
of Ethics shall constitute unethical practice and unprofessional conduct and shall be grounds for reprimand, suspension
or expulsion from the association for cases filed with the Commission on Ethics of the association and shall be grounds
for reprimand, suspension or revocation of license for cases filed before the Professional Regulation Commission,
subject to the rules of procedures and policies of said bodies.
Philippine Medical Association
Declaration on the Rights and
Obligations of the Patient
The patient has the right to privacy and protection from unwarranted publicity. This right to privacy shall include the
patient's right not to be subjected to exposure, private or public, either by photography, publications, video-taping,
discussion, medical teaching or by any other means that would otherwise tend to reveal his person and identity and the
circumstances under which he was, he is, or he will be, under medical or surgical care or treatment.
a. All identifiable information about a patient's health status, medical condition, diagnosis, prognosis and treatment
and all other information of a personal kind, must be kept confidential, even after death. Except, in cases when
descendants may have a right of access to information that would inform them of their health risks.
b. All identifiable patient data must be protected. The protection of the data must be appropriate as to the manner
of its storage. Human substance from which identifiable data can be derived must be likewise protected.
c. Confidential information can be disclosed in the following cases:
(1) when his mental or physical condition is in controversy in a court litigation and the court in its discretion orders
him to submit to physical or mental examination by a physician;
(2) when the public health and safety so demand;
(3) when the patient or, in his incapacity, his legal representative expressly gives the consent;
(4) when his medical or surgical condition, without revealing his identity, is discussed in a medical or scientific
forum for expert discussion for his benefit or for the advancement of science and medicine.
(5) when it is otherwise required by law.
Hospital Code of Ethics, Philippine
1. The Primary objective of the hospital are the following:
1.2 To provide the best possible facilities for the care of the sick and injured at all times;
1.3 To constantly upgrade and improve methods for the care, the cure, amelioration and prevention of disease; and
1.4 To promote the practice of medicine by Physicians within the institution consistent with the acceptable quality of
22 HEALTH INFORMATION PRIVACY @ PH
TABLE 1. SOME PROPOSED LEGISLATIVE MEASURES ON PATIENT RIGHTS IN THE PHILIPPINES.90-95
House Bill No. 261, An Act Declaring the Rights and Obligations of Patients
and Establishinga Grievance Mechanism for Violations Thereof and for Other
Purposes (Magna Carta of Patients Rights and Obligations)
Filed by Hon. Rodriguez D. Dadivas
(1st District, Capiz) during the 1st Regular Session, Thirteenth Congress
Pending in the Committee (7/27/2004)
Senate Bill No. 3, An Act Declaring the Rights and Obligations of Patients and
Establishing a Grievance Mechanism for Violations Thereof and for Other
Purposes (Magna Carta of Patient's Rights and Obligations)
Filed by Hon. Juan M. Flavier and Hon. Edgardo J. Angara during the 1st
Regular Session, Thirteenth Congress (6/30/2004)
Pending in the Committee (7/27/2004)
Senate Bill No. 588, An Act Declaring the Rights of Patients and Prescribing
Penalties for Violations Thereof (Magna Carta of Patients' Rights)
Filed by Hon. Manuel B. Villar Jr.during the 1st Regular Session, Thirteenth
Pending in the Committee (8/11/2004)
Senate Bill No. 812, An Act Declaring the Rights and Obligations of Patients
and Establishing a Grievance Mechanism for Violations Thereof and for Other
Purposes (Magna Carta oof Patient's Rights and Obligations)
Filed by Hon. Ramon A. Revilla Jr.during the 1st Regular Session, Fourteenth
Pending in the Committee (9/3/2007)
Senate Bill No. 2371, An Act Proclaiming the Rights and Obligations of
Patients, Providing a Grievance Mechanism Thereof and for Other Purposes
(Magna Carta of Patient's Rights and Obligations of 2008)
Filed by Hon. Pia S. Cayetano during the 1st Regular Session, Fourteenth
Pending in the Committee (6/4/2008)
Senate Bill No. 146, An Act Proclaiming the Rights and Obligations of
Patients, Providing a Grievance Mechanism Thereof and for Other Purposes
(Magna Carta of Patients Rights and Obligations)
Filed by Hon. Pia S. Cayetano during the 1st Regular Session, Fifteenth
Pending in the Committee (8/2/2010)
PRIVACY IN THE DEVELOPING WORLD—PHILIPPINES MONOGRAPH 23
TABLE 2. COMPARISON OF THE PROVISIONS OF THE PHILIPPINE MEDICAL ASSOCIATION DECLARATION ON THE RIGHTS AND OBLIGATIONS OF THE PATIENT AND
SENATE BILL NO. 146 (PROPOSED MAGNA CARTA OF PATIENT’S RIGHTS AND OBLIGATIONS).31,95
Senate Bill No. 146
9. Right to Privacy and Confidentiality. The patient has
the right to privacy and protection from unwarranted
Section 4 (i): Right to Privacy and Condifentiality. The
patient has the right to privacy and protection from
Scope of the right to
This right to privacy shall include the patient's right not
to be subjected to exposure, private or public, either by
photography, publications, video-taping, discussion,
medical teaching or by any other means that would
otherwise tend to reveal his person and identity and the
circumstances under which he was, he is, or he will be,
under medical or surgical care or treatment.
The right to privacy shall include the patient's right not
to be subjected to exposure, private or public, either by
photography, publications, video-taping, discussion, or
by any other means that would otherwise tend to reveal
his person and identity and the circumstances under
which he was, he is, or he will be, under medical or
surgical care or treatment.
a. All identifiable information about a patient's health
status, medical condition, diagnosis, prognosis and
treatment and all other information of a personal kind,
must be kept confidential, even after death. Except, in
cases when descendants may have a right of access to
information that would inform them of their health risks.
All identifiable information about a patient's health
status, medical condition, diagnosis, prognosis and
treatment, and all other information of a personal kind,
must be kept confidential even after death, Provided,
That descendants may have a right of access to
information that will inform them of their health risks
b. All identifiable patient data must be protected. The
protection of the data must be appropriate as to the
manner of its storage. Human substance from which
identifiable data can be derived must be likewise
All identifiable Patient data must also be protected. The
protection of the data must be appropriate as to the
manner of its storage. Human substance from which
identifiable data can be derived must be likewise
Exceptions to the right
to privacy and
c. Confidential information can be disclosed in the
(1) when his mental or physical condition is in
controversy in a court litigation and the court in its
discretion orders him to submit to physical or mental
examination by a physician;
Confidential information can be disclosed in the
i. When the patient's medical or physical condition is in
controversy in a court litigation and the court, in its
discretion, orders the patient to submit to physical or
mental examination of a physician;
(2) when the public health and safety so demand;
ii. When public health or safety so demands;
(3) when the patient or, in his incapacity, his legal
representative expressly gives the consent;
iii. When the Patient, or in his incapacity, his/her legal
representative, expressly gives the consent;
(4) when his medical or surgical condition, without
revealing his identity, is discussed in a medical or
scientific forum for expert discussion for his benefit or
for the advancement of science and medicine.
iv. When the patient's medical or surgical condition is
discussed in a medical or scientific forum for expert
discussion for his/her benefit or for the advancement of
science and medicine, Provided however, That the
identity of the Patient should not be revealed; and
(5) when it is otherwise required by law.
v. When it is otherwise required by law.