Data Privacy Rights Remain Despite COVID-19 Crisis

On providing financial aid and other relief packages to those affected by the enhanced community quarantine:

• All government offices, including local government units, should collect only the necessary personal details, such as those required according to usual accounting, auditing, and budgeting rules and regulations when disbursing public funds under other applicable laws and regulations.
• Employers are not required to obtain consent from affected workers when submitting requirements to government regulatory agencies mandated to distribute aid to said workers.

On disclosure by patient of personal data to the general public:

• If a COVID-19 patient (whether classified as confirmed, probable or suspect) would want to disclose his/her personal and health information to the public, that is his/her personal choice.
• Law requires that patient’s consent to public disclosure is freely given, such that any pressure or compulsion would contradict the voluntariness of the act. Patients should be made aware of the risks that may arise from the disclosure, including the risk of being subjected to violent physical attacks, discrimination and harassment.

On protecting patient data in health institutions:

• Health workers’ access to patient information should be on a “need-to-know” basis. This means that they are allowed only the minimum and necessary access to enable the performance of their functions.
• Health workers should only disclose patient information to proper authorities and in appropriate areas. Health workers should thus refrain from discussing patient data in public areas where unauthorized parties may pick up personal data, unless when providing treatment under compelling circumstances.
• Health institutions should ensure that adequate security measures are in place. Facilities should thus be equipped access controls such as locks and alarms, and encryption and password protection.