- This topic has 13 replies, 14 voices, and was last updated 3 years, 8 months ago by
Kaung Khant Tin.
2021-05-13 at 8:49 pm #27329
KeymasterPlease share what you have learned from this week topic with your friends here. This could be infographic picture or text summarization.
For attaching Images purpose. Please UPLOAD to Prnt or any tools you want and mention uploaded LINK in the topic. or use this code <img src=”POST YOUR LINK” alt=”” />
2021-05-23 at 12:12 pm #27442
Auswin Rojanasumapong
ParticipantThis week I have learned about personal information and ethical issue. While the personal information obtained from the patients is useful for public health, the privacy and the security of the information must be balanced to do no harm and to provide the most benefit for all.
From three case discussions, my opinion on each case is:
Case 1. My history of working with information systems depend on both paper-based and electronic-based system. We mainly use paper-based and store all of the data in electronic-based (scan written medical record into digital images and store them in the hospital server). The paper-based provide easy management and reduce time to learn electronic system for older staffs with limited digital literacy, while electronic-based is easier to access from the entire hospital. The downside of this system is the redundancy and the hospital take risk from both system vulnerabilities.
Case 2. Adhoc remedial measures should be telling the truth to the 78 patients that the data were leaked, and offer proper compensation for the mistakes made. Sustainable remedial measures should be establishing information management policies in the hospital about storing patient data, security of the data, and the timeframe of the data should be kept in the system. There should be a clear protocol for document shredding, and they might change the data system to a high-security electronic-based system.
Case 3. Establish a protocol for data security in the system, such as limit the people who can access the database (limit users), limit places that can access the database (intranet, access by specified client computers or closed-system), and update the security of the database system to the latest version.
From the webinar, there are important points that should be raised are
– Awareness building about the personal information that should comply with the regulation for the data manager, and know their rights about personal information privacy for the consumers.
– Increase digital literacy to both consumers and workers in the system.
– Proper laws and regulations, including a penalty to protect consumers from violating personal information privacy by the criminal. -
2021-05-23 at 3:24 pm #27454
Saravalee Suphakarn
ParticipantPlease follow this link http://prnt.sc/13aohfz for my wrap-this week.
2021-05-24 at 11:04 am #27455
Pongsakorn Sadakorn
ParticipantI earned a lot about personal information and ethical issue. From the webinar, we agree that digital literacy is important for enforcing PDPA.
Moreover, I have known the definition of Personally identifiable information (PII) in terms of privacy objective and security risk. Although PDPA has been postponed, the government should prepare and follow the instructions of PDPA by using Record of Processing Activity.
2021-05-25 at 9:50 am #27469
Rawinan Soma
Participant -
2021-05-25 at 11:30 am #27470
Kridsada Sirichaisit
Participant -
2021-05-26 at 5:38 pm #27545
Sittidech Surasri
ParticipantThis week, we have been learnt about code of ethics for health information professionals, special lecture from Asst. Prof. Sotarat Thammaboosadee on personal health information concerns of PDPA and discussion on the provided case studies:
– Doorstep Dispensaree Ltd. (Pharmacy),
– Cork University Maternity Hospital (Cork hospital fined €65k after patients’ personal data found in public recycling facility) and,
– Health Ministry of Brazi (Brazil’s Health Ministry’s Data Leak Exposed 243 Million Medical Records for More Than 6 Months)
It was summarized that the patient data was breached according to the poor storage system and did not comply with the requirements of GDPR for both case studies; Dorrstep Dispensaree and Cork University Maternity Hospital, and another one that Brazilian health records were breached according to the weak IT system (encoding technique) and did not comply with the requirements of GDPR.All participants were requested to share their experiences and questions. The followings are the example that they have been shared:
– Patient data/result was captured and shared on social media by the medical student.
– How to increase awareness of health workers who are working with personal data.
– International research; using or collecting patient data
– Patient data sharing by Doctor and nurse using mobile application; Line for medical care communication
– HIS system did not comply with PDPA
– Banking notice
– Data exchange: “Thai Refer” application for referral purpose
– Cookies pop-up
– The punishment fine rate between private and public sectors
– Blackmail
– Loss of personal identifiable information
– Passcode on the sticky note
– How to initiate or implement about ROPA, template?
We also learnt that Thai-PDPA will be effective in July 2022. -
2021-05-27 at 11:46 pm #27510
Wachirawit Supasa
Participant -
2021-05-29 at 11:33 am #27541
Navinee Kruahong
Participant -
2021-05-29 at 6:23 pm #27548
Sila Klanklaeo
ParticipantI have known about GDPR, PDPA, PII, and ethical issues. From the webinar. PDPA is important for personal data.
2021-05-29 at 10:58 pm #27553
Khaing Zin Zin Htwe
ParticipantPlease check my wrap-up.
2021-05-30 at 8:10 pm #27578
ParticipantIn this week I have learnt about personal data protection regulation (PDPA) Or the Personal Information Act. Personal information is any information that makes it possible to directly or indirectly identify that person, but if these data without preventive measures It is possible for this information to be leaked and when it is leaked. The Privacy of the data owner will be violated
GDPA or General Data Protection Regulation is the regulation of Data protection in EU. This regulation is protecting a wide range of personal information, such as individual names and national identity codes. In addition, the law protects information that a person’s activities. That can be done online and offline Including location information (Location), IP addresses, cookies and other information. At various companies to monitor user behavior when accessing the Internet.
As per case study discussion, I have summarized as follow;
For case study #1 They should change SOPs for protect personal information, use an E-information system to help storage.
Case study #2 They should specifically destroy document to deidentified personal data
And case study #3 The government should update security system, SOPs and limited access level -
2021-05-31 at 11:28 am #27588
Phone Suu Khaing
ParticipantPlease see my wrap up here.
https://prnt.sc/13m8x3g -
2021-06-02 at 5:01 pm #27612
Kaung Khant Tin
ParticipantHere’s my wrap-up. Please follow this link. https://prnt.sc/13pqkvp
You must be logged in to reply to this topic. Login here