Primary Health Care Information Mobile Application

The WHO defines Primary Health Care an essential health care made universally acceptable to individuals and families in the community by means acceptable to them through their full participation and at a cost that the community and country and afford at every stage of development.

The Four Pillars of Primary Health Care are:

1.     Active Community Participation

2.     Intra and Inter-sectoral linkages

3.     Use of appropriate technology

4.     Support mechanism made available

On numerous occasions, I have encountered queries from Public Health Workers that would entail request on more information regarding the health programs they are implementing on field.  This does not mean they have not understood their trainings and continuing medical education sessions.  As I remember on one conference I attended, the public health workers had so much inquiries and the concerned agency said that they do have a manual of operations for the services – BUT they health workers on the grass root level was not able receive or they are not aware of the existence of  a manual.

So I thought of an information application that is composed of

• ·      Provider to provider communication
• ·      Electronic Decision Support
• ·      Provider training
• ·      Reporting
• ·      Supply chain management

This includes information on

•  
• ·      Health programs
• ·      Roporting of adverse effects of medications
• ·      Reporting on Maternal and Infant Death
• ·      Information on Civil Registry and Vital Statistics
• ·      Information on Philhealth
• ·      Inventory of Medicine

 

One time registration for each facility. This registration will initiate the loading of all the information applicable for the area, like Maps, the Inter Local Health Zone (ILHZ), Referral Centers, etc

 The user interface include 9 different Icons, but the user can just utilize the Search Bar.

On using the Search Bar, the app loads all the information available in the app and those information that needs internet connectivity.

The first in-app capability is the DIRECTORY - the directory would give contact information of health facilities, referral center, specialty clinics available, prioritizing those which are NEAR the health center.

An example of the capability of the DIRECTORY would be, giving more information on a health facility like phone numbers, email address, address and a map.

PROGRAMS - this in-app cabality gives more information on health programs being implemented. This would give links to the Manual of Operations, Promotional Materials and the BEST FEATURE would be an easy way to contact the concerned agency. 

The CRVS or Civil Registration and Vital Statistics in-app would be the same as the programs but this would be about CRVS. his would give links to the Manual of Operations and the BEST FEATURE would be an easy way to contact the concerned agency. 

On POLICIES AND LAWS - This would be a "library" of Policies and Laws that are related to the practice of public health

The Medicine in app has the capabilities of a "library" of the compack meds and essential medicine", it gives more information about the drug. It also has the capability of an inventory and an the user can use this in app to alert the BFAD on adverse effect

The health center can also use this to track their dispensary. The input would be the number of a specific medicine dispensed on  day. This will be reflected on the in app inventory.

The in app inventory would include the medicine available in the health center, the date of replenishment and the number of items available. This in app, automatically alerts the concerned agency on the occasion when the items already need for replenishment.

The Alert in app includes, one tap communication to alert Maternal Death, Infant Death, Increase in incidence of a communicable disease and Alert on Adverse Effect. This in app directs all the alerts to the concerned agencies, there are three ways to connect - SMS, Call or Email. 

The REPORTS in app includes information on how to fill up reporting forms and manual of operations for each reporting for. 

The MESSAGES in app is a two way communication between the providers and the concerned agencies. The public health workers can easily send messages and alerts, the messages and alerts are are archived on this in app.

The PHIC in app would include information of PhilHealth - manual of operations, circulars,  more information on reporting tools, downloads and contact information of the concerned agency

How can telehealth bill support healthcare delivery in the Philippines?

In supporting the healthcare delivery in the Philippines we go back to the Aquino Health Agenda, which is the Universal Health Care or Kalusugang Pangkalahatan or KP. According to Secretary Enrique Ona in 2010 the health policy directions of KP are:

1) A roadmap towards universal health care through a refocused PhilHealth;

2) Particular attention to the construction, rehabilitation, and support of health facilities

3) Attainment of Millennium Development Goals 4, 5, and 6

4) Attain efficiency by using information technology (IT) in all aspects of health care

5) Increased attention to trauma, the 4th leading cause of death

6) More aggressive promotion of healthy lifestyle to prevent NCD

7) Attention to emerging diseases

8) Improve the access to quality affordable medicines

9) Continuing efforts in improving governance and regulation to eliminate graft and

corruption in all areas of health care

10) Improve the plight of health workers through interventions in health education,

placement, compensation, among others

I highlighted the use of information communication technologies as a form of support in delivering health care to the Filipinos for better health outcomes.

Background:

There is a wide gap in the providing and access to health service, especially in geographically isolated and disadvantaged areas.

The distribution of health human resources mostly favor the urban areas.

There is limited access to information and specialist consultation on the Doctors in marginalised areas.

Advances in information and communications technologies (ICT) have potential to address such situations. 

The Telehealth Bill Proposes a the creation of a National Telehealth System (single, coordinated, country-wide effort) to:

• govern the practice and promote the development of telehealth
• facilitate inter-agency and inter-sectoral collaboration
• covers both the public and private sectors

With Telehealth as an accepted practice of utilising ICT for health however there are concerns on taking advantage of ICTs for health care 

• Accountability

• Privacy and Confidentiality

• Monitoring

• Governance

• Policy and Standards

• Responsible Governing body

Telehealth Act to serve as a policy framework based on:

• State policy to protect and promote right to health
• State policy to promote and develop the use of ICT
• Aquino Administration's Kalusugan Pangkalahatan (KP) to provide universal health care for all Filipinos

Benefits:

• Promotes and develops telehealth as a means to address health gaps
• Provides direct benefits to both health care recipients (patients) and providers (doctors)
• Delivery of quality health care service to all Filipinos
• Forward thinking measure to set parameters and rules in the field of telehealth
• Centralization of databases for immediate decision-making and research in the long run

I find that the bill is just a summary of what the practice of telehealth and ehealth.  It needs more research and should be updated to address the pressing concerns on data privacy, standards and policies.

Assignment:
Pick two sections in the proposed bill. Evaluate and suggest revisions if any. 

SECTION 5. Telehealth as an Authorized Procedure – The delivery of health care via telehealth is recognized and encouraged as a safe, practical, and necessary practice in the Philippines. All health care providers shall be encouraged to participate in telehealth pursuant to the Telehealth Act. In using telehealth procedures, health care providers shall comply with all applicable State guidelines and shall follow established State rules that are consistent with accepted safe clinical norms, as well as security, confidentiality, and privacy protections for health information.

The Department of Health (DOH) and Philippine Health Insurance Corporation (PHIC) shall require telehealth practitioners in both originating and distant sites to undergo accreditation, through the National Telehealth Reference Center.

The Department of Health (DOH) and Philippine Health Insurance Corporation (PHIC) shall require telehealth practitioners in both originating and distant sites to undergo accreditation, through the National Telehealth Reference Center.

–National Telehealth Reference Center refers to the main agency responsible for developing accreditation mechanisms for telehealth and telemedicine systems, maintaining national databases and case registries, training and assistance, and continuing education for all telehealth practitioners

Evaluation and Suggestion:

The Medical Act of 1959 has defined individuals engaged in the practice of medicine as follows: 1) who shall physically examine and diagnose, treat, operate or prescribe any remedy.

The definition of terms should be updated and policies must be in place on the practice of Telehealth. The provider and the consumer must be protected.

We need to define first ethical and legal framework of the practice of Telehealth in the Philippines.

Even if there is an agency responsible for the accreditation of Telehealth practitioners, policies and standards should be defined.

SECTION 7. Lead Agency – The Department of Health (DOH) shall be the lead agency in implementing this Act. For purposes of achieving the objectives of this Act, the DOH shall:

(1) Establish a National Telehealth Board

(2) Ensure the continuing relevance of the National Telehealth Reference Center (NTRC) in terms of development, implementation, and quality assurance of related health programs

(3) Coordinate with the Department of Science and Technology (DOST)

SECTION 8. National Telehealth Board – To ensure the implementation of this Act and to serve as the executive body of the National Telehealth System, the National Telehealth Board shall be created and made an integral part of the Office of the Secretary of the DOH.

The Board shall be composed of twelve members and shall be co-chaired by the DOH and the DOST Secretaries. Other members of the Board shall be as follows:

(1) the Executive Director of the National Institutes of Health (NIH), as vice-chair;

(2) the Executive Director of the National Telehealth Reference Center, as an ex-officio member;

(3) an Undersecretary of the Department of Interior and Local Government;

(4) a representative of the League of Municipalities in the Philippines;

(5) a representative of the League of Provinces in the Philippines;

(6)a representative of the Philippine Health Insurance Corporation (PHIC);

(7) a representative of the Association of Municipal Health Officers of the Philippines (AMHOP);

(8) a representative of any accredited medical organization; and

(9) two community representatives of underserved areas, as recommended by the NTRC

Evaluation and Suggestion:

The board is not well represented by stakeholders.

Considering that the private sector holds the key to the advancement of health informatics in the Philippines. Though technology is at hand, infrastructure require so much investment to make systems work in our areas considering that we are typhoon-prone and with geographically isolated islands. Governance and leadership to spearhead and sustain these changes are also issues.

References

Telehealth Bill

https://one.telehealth.ph/beta/2012/06/21/telehealth-bill-to-regulate-practice-in-ph/

http://news.idg.no/cw/art.cfm?id=21BD5827-1A64-6A71-CE9A5CEBE5E9C6DD 

Is the Data Privacy Act adequate to protect confidential health information?

When I read the Data Privacy Act the first time, I did not quite understand it.  But I really had to understand it because it’s not only a requirement for class but I also need it for work.

Going back to the question, YES it is adequate, but INCOMPLETE when applied to health.

There are four things that we do with data.

1. We gather or collect data, through different means – interview, surveys, or related literature and so on.
2. We process data – from data, we form information, through these information we have knowledge. 
3. We also store data through different means – through physical copies or electronic copy.
4. And we also exchange data

For me adequacy on the Data Privacy Act would mean that all these four actions are taken into consideration in that law, provisions that protects the “DATA SUBJECT” when his data is gathered, processed, collected, stored and exchanged.  To manage all these there should be entities that should be responsible in safeguarding the DATA SUBJECT and his data.

For health care, from data gathering to point where you need to get the patients consent, it all boils down to the patient’s safety.  To achieve this, confidentiality must not be broken when data exchanged from the patient to his health care provider.  There must be trust and privacy must be provided all the time.  To achieve all these there must be the proper security in the patient’s health information. Anytime that there will be a breach of security is a an opportunity for anyone to harm the patient.

IS IT ADEQUATE? YES! As I compare it to the Model State Public Health Privacy Act of the United States which according to Dr. Lawrence O Gostin of Georgetown Law Center “Protecting public health requires the acquisition, use, and storage of extensive health-related information about individuals. The electronic accumulation and exchange of personal data promises significant public health benefits but also threatens individual privacy; breaches of privacy can lead to individual discrimination in employment, insurance, and government programs. Individuals concerned about privacy invasions may avoid clinical or public health tests, treatments, or research. The Model State Public Health Privacy Act provides strong privacy safeguards for public health data while preserving the ability of state and local public health departments to act for the common good”.

I say that the the Data Privacy is ADEQUATE but INCOMPLETE.  I suggest that more specific ruling over health care data, health information can do so much as well as damage to the person

So, how adequate is the Data Privacy Act?  I am not an expert on Law, so I purposely just copied the text from the law and change the font style of the provisions that I want to put emphasize in, rather than interpreting it.

On Chapter II of the Data Privacy Act, on Section 7 the National Privacy Commision is responsible to safeguard that the and the data subjects are protected.

THE NATIONAL PRIVACY COMMISSION

SEC. 7. Functions of the National Privacy Commission. – To administer and implement the provisions of this Act, and to monitor and ensure compliance of the country with international standards set for data protection, there is hereby created an independent body to be known as the

In Chapter III, these were discussed.

The collection, processing, use, storage and the length of time the data is stored given that the data subject has given his consent as Criteria for Lawful Processing of Personal Information

(a) Collected for specified and legitimate purposes determined and declared before, or as soon as reasonably practicable after collection, and later processed in a way compatible with such declared, specified and legitimate purposes only; (b) Processed fairly and lawfully; (c) Accurate, relevant and, where necessary for purposes for which it is to be used the processing of personal information, kept up to date; inaccurate or incomplete data must be rectified, supplemented, destroyed or their further processing restricted; (d) Adequate and not excessive in relation to the purposes for which they are collected and processed; (e) Retained only for as long as necessary for the fulfillment of the purposes for which the data was obtained or for the establishment, exercise or defense of legal claims, or for legitimate business purposes, or as provided by law; and (f) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected and processed: Provided, That personal information collected for other purposes may lie processed for historical, statistical or scientific purposes, and in cases laid down in law may be stored for longer periods:Provided, further,That adequate safeguards are guaranteed by said laws authorizing their processing.  The personal information controller must ensure implementation of personal information processing principles set out herein.

Criteria for Lawful Processing of Personal Information. – The processing of personal information shall be permitted only if not otherwise prohibited by law, and when at least one of the following conditions exists:

(a) The data subject has given his or her consent;

(b) The processing of personal information is necessary and is related to the fulfillment of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract;

(c) The processing is necessary for compliance with a legal obligation to which the personal information controller is subject;

(d) The processing is necessary to protect vitally important interests of the data subject, including life and health;

(e) The processing is necessary in order to respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority which necessarily includes the processing of personal data for the fulfillment of its mandate; or

(f) The processing is necessary for the purposes of the legitimate interests pursued by the personal information controller or by a third party or parties to whom the data is disclosed, except where such interests are overridden by fundamental rights and freedoms of the data subject which require protection under the Philippine Constitution.

SEC. 13. Sensitive Personal Information and Privileged Information. – The processing of sensitive personal information and privileged information shall be prohibited, except in the following cases:

(a) The data subject has given his or her consent, specific to the purpose prior to the processing, or in the case of privileged information, all parties to the exchange have given their consent prior to processing;

(b) The processing of the same is provided for by existing laws and regulations: Provided, That such regulatory enactments guarantee the protection of the sensitive personal information and the privileged information: Provided, further,That the consent of the data subjects are not required by law or regulation permitting the processing of the sensitive personal information or the privileged information;

(c) The processing is necessary to protect the life and health of the data subject or another person, and the data subject is not legally or physically able to express his or her consent prior to the processing;

(d) The processing is necessary to achieve the lawful and noncommercial objectives of public organizations and their associations: Provided, That such processing is only confined and related to the bona fide members of these organizations or their associations: Provided, further, That the sensitive personal information are not transferred to third parties: Provided, finally, That consent of the data subject was obtained prior to processing;

(e) The processing is necessary for purposes of medical treatment, is carried out by a medical practitioner or a medical treatment institution, and an adequate level of protection of personal information is ensured; or

(f) The processing concerns such personal information as is necessary for the protection of lawful rights and interests of natural or legal persons in court proceedings, or the establishment, exercise or defense of legal claims, or when provided to government or public authority.

Furthermore, on Chapter IV the rights of the data subject is discussed thoroughly.

SEC. 16. Rights of the Data Subject. – The data subject is entitled to:

(a) Be informed whether personal information pertaining to him or her shall be,

are being or have been processed;

(b) Be furnished the information indicated hereunder before the entry of his or her personal information into the processing system of the personal information controller, or at the next practical opportunity:

(1) Description of the personal information to be entered into the system;

(2) Purposes for which they are being or are to be processed;

(3) Scope and method of the personal information processing;

(4) The recipients or classes of recipients to whom they are or may be disclosed;

(5) Methods utilized for automated access, if the same is allowed by the data subject, and the extent to which such access is authorized;

(6) The identity and contact details of the personal information controller or its representative;

(7) The period for which the information will be stored; and

(8) The existence of their rights, i.e., to access, correction, as well as the right to lodge a complaint before the Commission.

Any information supplied or declaration made to the data subject on these matters shall not be amended without prior notification of data subject: Provided, That the notification under subsection (b) shall not apply should the personal information be needed pursuant to a subpoena or when the collection and processing are for obvious purposes, including when it is necessary for the performance of or in relation to a contract or service or when necessary or desirable in the context of an employer-employee relationship, between the collector and the data subject, or when the information is being collected and processed as a result of legal obligation;

(c) Reasonable access to, upon demand, the following:

(1) Contents of his or her personal information that were processed;

(2) Sources from which personal information were obtained;

(3) Names and addresses of recipients of the personal information;

(4) Manner by which such data were processed;

(5) Reasons for the disclosure of the personal information to recipients;

(6) Information on automated processes where the data will or likely to be made as the sole basis for any decision significantly affecting or will affect the data subject;

(7) Date when his or her personal information concerning the data subject were last accessed and modified; and

(8) The designation, or name or identity and address of the personal information controller;

(d) Dispute the inaccuracy or error in the personal information and have the personal information controller correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable. If the personal information have been corrected, the personal information controller shall ensure the accessibility of both the new and the retracted information and the simultaneous receipt of the new and the retracted information by recipients thereof: Provided, That the third parties who have previously received such processed personal information shall he informed of its inaccuracy and its rectification upon reasonable request of the data subject;

(e) Suspend, withdraw or order the blocking, removal or destruction of his or her personal information from the personal information controller’s filing system upon discovery and substantial proof that the personal information are incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or are no longer necessary for the purposes for which they were collected. In this case, the personal information controller may notify third parties who have previously received such processed personal information; and

(f) Be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information.

SEC. 17. Transmissibility of Rights of the Data Subject. – The lawful heirs and assigns of the data subject may invoke the rights of the data subject for, which he or she is an heir or assignee at any time after the death of the data subject or when the data subject is incapacitated or incapable of exercising the rights as enumerated in the immediately preceding section.

SEC. 18. Right to Data Portability. – The data subject shall have the right, where personal information is processed by electronic means and in a structured and commonly used format, to obtain from the personal information controller a copy of data undergoing processing in an electronic or structured format, which is commonly used and allows for further use by the data subject. The Commission may specify the electronic format referred to above, as well as the technical standards, modalities and procedures for their transfer.

SEC. 19. Non-Applicability. – The immediately preceding sections are not applicable if the processed personal information are used only for the needs of scientific and statistical research and, on the basis of such, no activities are carried out and no decisions are taken regarding the data subject:Provided,That the personal information shall be held under strict confidentiality and shall be used only for the declared purpose. Likewise, the immediately preceding sections are not applicable to processing of personal information gathered for the purpose of investigations in relation to any criminal, administrative or tax liabilities of a data subject.

On chapter V, the security was further discussed.

            (c) The determination of the appropriate level of security under this section must take into account the nature of the personal information to be protected, the risks represented by the processing, the size of the organization and complexity of its operations, current data privacy best practices and the cost of security implementation. Subject to guidelines as the Commission may issue from time to time, the measures implemented must include:

(1) Safeguards to protect its computer network against accidental, unlawfuInl or unauthorized usage or interference with or hindering of their functioning or availability;

(2) A security policy with respect to the processing of personal information;

(3) A process for identifying and accessing reasonably foreseeable vulnerabilities in its computer networks, and for taking preventive, corrective and mitigating action against security incidents that can lead to a security breach; and

(4) Regular monitoring for security breaches and a process for taking preventive, corrective and mitigating action against security incidents that can lead to a security breach.

(d) The personal information controller must further ensure that third parties processing personal information on its behalf shall implement the security measures required by this provision.

In chapter VI, the accountability of the information controller was discussed,

SEC. 21. Principle of Accountability. – Each personal information controller is responsible for personal information under its control or custody, including information that have been transferred to a third party for processing, whether domestically or internationally, subject to cross-border arrangement and cooperation.

And was the responsibilities of the agencies was discussed, the limitations and encryption was also included.

            SEC 22. Responsibility of Heads of Agencies. – All sensitive personal information maintained by the government, its agencies and instrumentalities shall be secured, as far as practicable, with the use of the most appropriate standard recognized by the information and communications technology industry, and as recommended by the Commission. The head of each government agency or instrumentality shall be responsible for complying with the security requirements mentioned herein while the Commission shall monitor the compliance and may recommend the necessary action in order to satisfy the minimum standards.

SEC. 23. Requirements Relating to Access by Agency Personnel to Sensitive Personal Information. – (a) On-site and Online Access – Except as may be allowed through guidelines to be issued by the Commission, no employee of the government shall have access to sensitive personal information on government property or through online facilities unless the employee has received a security clearance from the head of the source agency.

(b) Off-site Access – Unless otherwise provided in guidelines to be issued by the Commission, sensitive personal information maintained by an agency may not be transported or accessed from a location off government property unless a request for such transportation or access is submitted and approved by the head of the agency in accordance with the following guidelines:

(1) Deadline for Approval or Disapproval – In the case of any request submitted to the head of an agency, such head of the agency shall approve or disapprove the request within two (2) business days after the date of submission of the

request. In case there is no action by the head of the agency, then such request is considered disapproved;

(2) Limitation to One thousand (1,000) Records – If a request is approved, the head of the agency shall limit the access to not more than one thousand (1,000) records at a time; and

(3) Encryption – Any technology used to store, transport or access sensitive personal information for purposes of off-site access approved under this subsection shall be secured by the use of the most secure encryption standard recognized by the Commission.

The requirements of this subsection shall be implemented not later than six (6) months after the date of the enactment of this Act.

SEC. 24. Applicability to Government Contractors. – In entering into any contract that may involve accessing or requiring sensitive personal information from one thousand (1,000) or more individuals, an agency shall require a contractor and its employees to register their personal information processing system with the Commission in accordance with this Act and to comply with the other provisions of this Act including the immediately preceding section, in the same manner as agencies and government employees comply with such requirements.