“Legal and Ethical Aspects on

the Confidentiality of Workers

Medical Information”
ATTY. LORLYN D. ILAGAN
ACCREDITED DOLE SAFETY PRACTITIONER
Employee Medical Information
- Confidentiality
- Security
- Need to Know
Privacy of Personal Information
- individual right
- right to be left alone
Confidentiality of Employee Medical
Information
- Shared medical information by the employee to the medical practitioner shall be:

- held in strict and full confidence, and

- will not be unnecessarily shared with other parties.
“All that may come to my knowledge in
the exercise of my profession or in daily
- fiduciary relationship between the Patient (worker) commerce with men, which ought not to
be spread abroad, I will keep secret and
and the Medical Practitioner. will never reveal.”
… Hippocrates
Confidentiality vs Privacy:
Confidentiality- privacy of information and its protection
against unauthorized disclosure.

Privacy - The state of being free from intrusion or

disturbance in one's private life or affairs
- right to be left alone.

Source: U.S. National Library of Medicine

Confidentiality
- information about the employees health must remain
private and can be shared ONLY with other members of the
employee’s Health Care/Occupational Health team.

Refrain from immoral, unethical, and illegal practices.

Legal and Ethical Responsibilities
It is our responsibility to understand the legal and ethical
implications concerning the keeping of medical records.

Ethical responsibilities are based not on law, but rather, on

what is morally right or wrong.

Occupational Health Practitioners must respect the

employee’s rights.
R.A. 110581
Title: An Act Strengthening Compliance
With Occupational Safety and Health
Standards and Providing Penalties For
Violations Thereof.
Approved, August 17, 2018.
OSHS Rule 1050:
Notification and Keeping of Records of Accidents and/Or
Occupational Illnesses
Rule 1053.1 (1) All work accidents or occupational illnesses in
places of employment, resulting in disabling condition or
dangerous occurrences as defined in 1053.2 shall be reported by
the employer to the Regional Labor Office or duly authorized
representative using for DOLE/BWC/HSD-IP-6.xxxx
OSHS Rule 1050:
Notification and Keeping of Records of Accidents and/Or Occupational
Illnesses
Rule 1052.01:
Reports made by the employer shall be exclusively for the information
of the Regional Labor Office or duly authorized representative in
securing data to be used in connection with the performance of its
accident and illness prevention duties and activities and as a
requirement distinct from that of the Employer’s Compensation
Commission or any other law. The reports shall not be admissible as
evidence in any action or judicial proceedings in respect to such injury,
illness or death on account of which report is made and shall not be
made public or subject to public inspection except for prosecution for
violation under the Rule.
Rule 1960: Occupational Health Services
- Occupational Health Services
- Duties of Employers:
1965.01 (4) Maintain a health record of his programs and
activities and submit an annual medical record, xxx to the
Regional Labor Office xxx
Rule 1960: Occupational Health Services
- Occupational Health Services
- Duties of the Occupational Health Physician:
1965.02 (6) Maintain and analyze records of all medical
cases and to prepare and submit to the employer an
annual medical reports, xxx
Rule 1960: Occupational Health Services
- Occupational Health Services
- Duties of the Occupational Health Nurse:
1965.04 (5) Maintain a reporting and records system, and if
a physician is not available, prepare and submit an annual
medical reports, xxx
Rule 1960: Occupational Health Services
- Occupational Health Services
- Duties of the Occupational Health Practitioner:
1965.06 (4) Maintain a reporting and records system, and
prepare and submit an annual medical reports for the
employer, xxx
OSHA CFR Part 1910.1020:
Access to Employee Exposure and Medical
Records
- The purpose of this section is to provide
employees and their designated
representatives a right of access to
relevant exposure and medical records.
Applicability 1910.1020(b)(2)
- Applies to all employee exposure and medical
records, and analyses thereof, of such employees,
whether or not the records are mandated by specific
occupational safety and health standards.
Employee medical record 1910.1020(c)(6)

- a record concerning the

health status of an employee
which is made or maintained
by a physician, nurse, or other
health care personnel, or
technician xxxx
Employee medical record, includes:
1910.1020(c)(6)(i)(A-F)
1. Medical and employment questionnaires or histories (including
job description and occupational exposures),
2. The results of medical examinations
3. Medical opinions, diagnoses, progress notes, and
recommendations,
4. First aid records,
5. Descriptions of treatments and prescriptions, and
6. Employee medical complaints.
Employee medical record, does not include
1910.1020(c)(6)(ii)
1. Physical specimens
2. Records concerning health insurance claims
3. Records created solely in preparation for litigation which are privileged
from discovery under the applicable rules of procedure or evidence; or
4. Records concerning voluntary employee assistance programs
Preservation of records 1910.1020(d)(1)(i)
Unless a specific occupational safety and health standard provides a
different period of time, each employer shall assure the preservation
and retention of records as follows:
- "Employee medical records." The medical record for each employee
shall be preserved and maintained for at least the duration of
employment plus thirty (30) years.

Note: Subject to existing regulations, all medical records, whether in

electronic and/or paper format, shall be stored for fifteen (15) years. For
medico-legal cases, records shall be stored for a lifetime. (Health Privacy
Code)
Preservation of records (Exemptions)
1910.1020(d)(1)(i)(A-C)
1. Health insurance claims records maintained separately
2. First aid records (not including medical histories) of one-time
treatment
3. The medical records of employees who have worked for less
than (1) year
 Access to medical records
1910.1020(e)(1)(i)

Whenever an employee or designated representative

requests access to a record, the employer shall assure that
access is provided in a reasonable time, place, and manner.
Each employer shall, upon request, assure the access of each
employee to employee medical records of which the
employee is the subject, (with exceptions):
Access to medical records (Exception)
1910.1020(e)(2)(ii)(D)
Whenever an employee requests access to his or her
employee medical records, and a physician
representing the employer believes that direct
employee access to information contained in the
records regarding a specific diagnosis of a terminal
illness or a psychiatric condition could be
detrimental to the employee's health, the employer
may inform the employee that access will only be
provided to a designated representative of the
employee having specific written consent, and deny
the employee's request for direct access to this
information only.
Written Consent: 1910.1020(e)(2)(ii)(B)
Each employer shall, upon request,
assure the access of each designated
representative to the employee
medical records of any employee who
has given the designated
representative specific written
consent.
Specific written consent 1910.1020(c)(12)
means a written authorization containing the following:
1. The name and signature of the employee authorizing the release of medical
information,
2. The date of the written authorization,
3. The name of the individual or organization that is authorized to release the medical
information,
4. The name of the designated representative (individual or organization) that is authorized
to receive the released information,
5. A general description of the medical information that is authorized to be released,
6. A general description of the purpose for the release of the medical information, and

7. A date or condition upon which the written authorization will expire (if less than one
year).
Written consent: When invalid
1910.1020(c)(12)(ii)
A written authorization does not operate to authorize the release
of medical information not in existence on the date of written
authorization, unless the release of future information is expressly
authorized, and does not operate for more than one year
from the date of written authorization.
1910.1020(c)(12)(iii)
A written authorization may be revoked in writing prospectively at
any time.
Laws:
Law – a body of rules, regulations, and
legal opinions of conduct and action that
are made by controlling authority and are
legally binding
Protection of Privacy: Philippines Laws
- Art. III Bill of Rights, Section 3. (1)
“The privacy of communication and correspondence
shall be inviolable except upon lawful order of the
court, or when public safety or order requires
otherwise, as prescribed by law.”
Protection of Privacy: Philippines Laws

- R.A. 386 (The Civil Code of the Philippines) Article

26, Chapter 2:

“Art. 26. Every person shall respect the dignity,

personality, privacy and peace of mind of his
neighbors and other persons.”
Protection of Privacy: Philippines Laws

- R.A. 386 (The Civil Code of the Philippines) Article 19,

Chapter 2:

“Art. 19. Every person must, in the exercise of his rights and
in the performance of his duties, act with justice, give
everyone his due, and observe honesty and good faith.”
Protection of Privacy: Philippines Laws
- R.A. 3815 (The Revised Penal Code of the
Philippines) Arts. 290, 291, 292
“Art. 290. Discovering secrets through seizure
of correspondence.”
“Art. 291. Revealing secrets with abuse of
office.”
“Art. 292. Revelation of industrial secrets.”
Protection of Privacy: Philippine Laws

Republic Act No. 10173 (Data Privacy Act of 2012)

Section 13. Sensitive Personal Information and Privileged
Information.

General Rule:
The processing of sensitive personal information and privileged
information shall be prohibited ... (with exceptions)
Protection of Privacy: Philippine Laws
- R.A. 8504 (Philippine AIDS Prevention and Control Act of 1998)

- “Sec. 30. Medical confidentiality. – All health professionals,

medical instructors, workers, employers, recruitment agencies,
insurance companies, data encoders, and other custodians of any
medical record, file, data, or test results are directed to strictly
observe confidentiality in the handling of all medical information,
particularly the identity and status of persons with HIV.”.
Protection of Privacy: Philippine Laws
- R.A. 8504 (Philippine AIDS Prevention and Control Act of
1998)
Section 31. Exceptions to the mandate of confidentiality. –
Medical confidentiality shall not be considered breached in
the following cases:
(a) when complying with reportorial requirements in
conjunction with the AIDSWATCH programs provided in Sec.
27 of this Act;
Protection of Privacy: Philippine Laws
-R.A. 8504 (Philippine AIDS Prevention and Control Act of
1998) cont…
Section 31. Exceptions to the mandate of confidentiality. –
Medical confidentiality shall not be considered breached in the
following cases:
(b) when informing other health workers directly involved or
about to be involved in the treatment or care of a person with
HIV/AIDS: Provided, That such treatment or care carry the risk of
HIV transmission: Provided, further, That such workers shall be
obliged to maintain the shared medical confidentiality;
Protection of Privacy: Philippine Laws
- R.A. 8504 (Philippine AIDS Prevention and Control Act of 1998) cont…
Section 31. Exceptions to the mandate of confidentiality. – Medical
confidentiality shall not be considered breached in the following cases:
(c) when responding to a subpoena duces tecum and subpoena ad
testificandum issued by a Court with jurisdiction over a legal proceeding
where the main issue is the HIV status of an individual: Provided, That the
confidential medical record shall be properly sealed by its lawful custodian
after being double-checked for accuracy by the head of the office or
department, hand delivered, and personally opened by the judge:
Provided, further, That the judicial proceedings be held in executive
session.
Protection of Privacy: Philippine Laws
- R.A. 7277 (Magna Carta of Disabled Persons)
SECTION 33. Employment Entrance Examination. Upon an offer
of employment, a disabled applicant may be subjected to medical
examination, on the following occasions:
(a) all entering employees are subjected to such an examination
regardless of disability;
(b) information obtained during the medical condition or history of
the applicant is collected and maintained on separate forms and in
separate medical files and is treated as a confidential medical record
Protection of Privacy: Philippine Laws
- DOLE Advisory No. 05 (Guidelines for the Implementation of a
Workplace Policy and Program on Hepatitis B)
◦ Confidentiality
“Job applicants and workers shall not be compelled to disclose their
Hepatitis B status and other related medical information. Co-workers
shall not be obliged to reveal any personal information about fellow
workers. Access to personal data relating to a worker’s Hepatitis B
status shall be bound by the rules of confidentiality and shall be
strictly limited to medical personnel or if legally required.”
Protection of Privacy: Philippine Laws
- DOLE Department Order No. 53-03: IRR on Drug Free Workplace &
R.A. 9165 (The Comprehensive Dangerous Drugs Act)
“requires an employer to maintain confidential all information
relating to drug tests or the identification of drug users in the
workplace, except when required by law or overriding public health
and safety concerns, or when authorized in writing by the person
concerned.”
Protection of Privacy: Philippine Laws
- R.A. 4200, (The Anti-Wiretapping Law)
Section 1. It shall be unlawful for any person, not being authorized
by all the parties to any private communication or spoken word, to
tap any wire or cable, or by using any other device or arrangement,
to secretly overhear, intercept, or record such communication or
spoken word by using a device commonly known as a dictaphone or
dictagraph or detectaphone or walkie-talkie or tape recorder, or
however otherwise described.
Protection of Privacy: Philippine Laws
- R.A. 8792 (Electronic Commerce Act of 2000)
“provides that any person with access to electronic data messages
or documents has the obligation of confidentiality or the duty not to
convey the information to, or share it with, any other person. Under
this law, unauthorized access to computer systems is punishable by
law.”
Protection of Privacy: Philippine Laws
- Section 24, Rule 128 of the Rules of Court
“Rule 128, Section 24: Disqualification by reason of privileged
communication. — The following persons cannot testify as to
matters learned in confidence in the following cases: xxx
(c) A person authorized to practice medicine, surgery or obstetrics
cannot in a civil case, without the consent of the patient, be
examined as to any advice or treatment given by him or any
information which he may have acquired in attending such patient in
a professional capacity, which information was necessary to enable
him to act in capacity, and which would blacken the reputation of
the patient. xxx “
What are Sensitive Personal Information
(R.A. 10173, Sec. 13 (l)
(1) About an individual’s race, ethnic origin, marital status, age, color, and
religious, philosophical or political affiliations;
(2) About an individual’s health, education, genetic or sexual life of a
person, or to any proceeding for any offense committed or alleged to have
been committed by such person, the disposal of such proceedings, or the
sentence of any court in such proceedings;
(3) Issued by government agencies peculiar to an individual which
includes, but not limited to, social security numbers, previous or current
health records, licenses or its denials, suspension or revocation, and tax
returns; and
(4) Specifically established by an executive order or an act of Congress to
be kept classified.
What is a Privilege Communication
Definition of Privilege Communication:
- Privileged information refers to any and all forms of data which
under the Rules of Court and other pertinent laws constitute
privileged communication.

- Conversation or working relationship which takes place between

two parties within the context of a protective relationship such as
between healthcare provider and a patient.
Exemptions to Privacy Protection
(Sec. 13, Data Privacy Act)
1. Data subject consent
◦ Form of waiver or consent:
- written What is an e-signature?
- electronic - printed name at the
bottom of an e-mail;
- recorded
- a digitized copy of a
- by authority or agent
handwritten signature;
- a biometric mark;
- a sound; or
- digital structure
Exemptions to Privacy Protection
(Sec. 13, Data Privacy Act)
2. Existing Laws and Regulations

a. under Republic Act No. 3753 (Law c. under Executive Order No. 212,
on Registry of Civil Status), births and medical practitioners shall report
deaths should be registered. treatment of patients for serious and
b. under Republic Act No. 3573 (Law less serious physical injuries
of Reporting of Communicable d. Presidential Decree No. 603, as
Diseases), reporting of certain amended (Child and Youth Welfare
communicable diseases is mandatory. Code), practitioners should report
. cases of child abuse or maltreatment.
Exemptions to Privacy Protection
(Sec. 13, Data Privacy Act)
2. Existing Laws and Regulations (cont…)
e. Prescription and dangerous f. Specific Cases: Testing of certain
drugs dispensed by pharmacies populations for dangerous drugs is
are recorded and retained in mandatory and reportable.
books for inspection by g. 1997 Rules of Civil Procedure:
appropriate authorities. Upon court order under very specific
(Kilusang Mayo Uno vs. Director- circumstances, a person may be
compelled to be tested for HIV, or
General, National Economic submit himself or herself to a mental
Development Authority (487 and physical examination.
SCRA 623, 2006
Exemptions to Privacy Protection
(Sec. 13, Data Privacy Act)
2. Existing Laws and Regulations (cont…)

h. Under Republic Act No. 9745 i. Code on Sanitation of the

or the Anti-Torture Act of 2009, a Philippines (Presidential Decree
person claiming torture by the No. 856) authorizes the Court
authorities is given the right to a and police authorities to order
physical examination and the performance of an autopsy
psychological evaluation, to be on the remains of an individual.
contained in a medical report.
 2.f. Specific cases (Drug testing)
“Comprehensive Dangerous Drugs Act of 2002”, Republic Act No. 9165, Section 36.
Authorized Drug Testing. The following shall be subjected to undergo drug testing:
(a) Applicants for driver's license
(f) All persons charged before the
(b) Applicants for firearm's license and for prosecutor's office with a criminal offense
permit to carry firearms outside of residence having an imposable penalty of
imprisonment of not less than six (6) years
(c) Students of secondary and tertiary and one (1) day shall have to undergo a
schools mandatory drug test;
(d) Officers and employees of public and (g) All candidates for public office whether
private offices appointed or elected both in the national
or local government shall undergo a
(e) Officers and members of the military, mandatory drug test.
police and other law enforcement agencies
Exemptions to Privacy Protection
(Sec. 13, Data Privacy Act)
3. To protect the life and health of data subject
- subpoena, warrant, or adjudicative order from a
court, a law enforcement agency, an administrative
agency authorized by law, or an arbitration panel.
Exemptions to Privacy Protection
(Sec. 13, Data Privacy Act)
4. Lawful and non-commercial objectives of public organizations
and associations
- if the processed personal information are used only for the needs
of scientific and statistical research, provided that the personal
information shall be held under strict confidentiality and
used only for the declared purpose
Exemptions to Privacy Protection
(Sec. 13, Data Privacy Act)
5. Medical treatment
- “Philippine AIDS Prevention and Control Act of 1998”,
Republic Act No. 8504:
Section 31, Article VI Exceptions to the Mandate of
Confidentiality when informing other health workers directly
involved or about to be involved in the treatment or care of a
person with HIV/AIDS: Provided, That such treatment or care
carry the risk of HIV transmission: Provided, further, That such
workers shall be obliged to maintain the shared medical
confidentiality;
Exemptions to Privacy Protection
(Sec. 13, Data Privacy Act)
5. Medical treatment
In compliance with Act No. 3573 also known as the “Law on Reporting of
Communicable Diseases”, all notifiable diseases, syndromes, events and
conditions shall be immediately collected and reported to the local and
national authorities.

Conforming to Executive Order No. 292 (s.1987), relevant information on

the country’s health situation shall be collected, analyzed and
disseminated by appropriate authorities provided that health information
of patients shall be protected and shall statistical data shall only be
provided.
Exemptions to Privacy Protection
(Sec. 13, Data Privacy Act)
6. Protection of lawful rights and interest of natural or legal person
in court proceedings;
- “Philippine AIDS Prevention and Control Act of 1998”, Republic Act No. 8504
Section 31, Article VI: Exceptions to the Mandate of Confidentiality (c) :
(c) when responding to a subpoena duces tecum and subpoena ad testificandum
issued by a Court with jurisdiction over a legal proceeding where the main issue
is the HIV status of an individual: Provided, That the confidential medical record
shall be properly sealed by its lawful custodian after being double-checked for
accuracy by the head of the office or department, hand delivered and
personally opened by the judge: Provided, further, That the judicial proceedings
be held in executive session.
Exemptions to Privacy Protection
(Sec. 13, Data Privacy Act)
7. Establishment, exercise or defense of legal claims

◦ For purposes of insurance compensation

*Republic Act No. 7875, National Health Insurance Act of 1995
 Exemptions to Privacy Protection
(Sec. 4, Data Privacy Act)
8. When the personal information are provided to governments or public
authority
(a) Information about any individual who is or was an officer or employee of a
government institution that relates to the position or functions of the
individual, including:
(1) The fact that the individual is or was an officer or employee of the
government institution;
(2) The title, business address and office telephone number of the individual;
(3) The classification, salary range and responsibilities of the position held by
the individual; and
(4) The name of the individual on a document prepared by the individual in
the course of employment with the government;
How to handle Medical Information
1. Employees must be informed about how their medical
information will be kept confidential and about laws and regulations
that require the release of and/or require confidentiality of their
information.
2. Employees must grant authority or permission for the release of
information not covered by laws and regulations.
3. The company must respect and treat the employees’ health
information as confidential.
Ethical Responsibilities of Health
Practitioner
Morals - formed from personal values and
reflect one’s concept of right and wrong
(developed through the influence of family,
culture, and society)
– acting morally toward others involves treating
them the way you would like to be treated.
Ethics
Ethics – set of principles dealing with right and
wrong
- knowledge of what is right and wrong
conduct
- Provide a standard of conduct or code of
behavior
Code of Ethics, (PMA and BON)
Philippine Medical Association, Section 6, Article 2:
The physician should hold as sacred and highly confidential
whatever may be discovered or learned pertinent to the patient
even after death, except when required in the promotion of justice,
safety and public health.
Board Of Nursing, Article II (3):
Personal information acquired in the process of giving nursing care
shall be held in strict confidence.
Hippocratic Oath…

“All that may come to my knowledge in the

exercise of my profession or in daily
commerce with men, which ought not to
be spread abroad, I will keep secret and
will never reveal.”