SlideShare a Scribd company logo

Pdpa presentation

Download as PPTX, PDF
Alan Teh
Alan Teh

The document provides an overview of Malaysia's Personal Data Protection Act 2010. It discusses key aspects of the Act including the establishment of a Personal Data Protection Commissioner, the 7 data protection principles, and requirements around notice, consent, disclosure, security, retention, data integrity and access. It also discusses some examples of data breaches and penalties for non-compliance. The Act aims to regulate the processing of personal data and protect privacy as digital data and internet usage continues to grow significantly.

Health & MedicineBusiness
1 of 41
1
2 PERSONAL DATA PROTECTION ACT 2010
3 Personal Data Protection Act 2010 • Passed on 10 June 2010 • The Minister has appointed a Director General & created a PDP Dept • Once the PDPA comes into force the DG may assume the role of Data Protection Commissioner • Once the PDPA is brought into force - Data Users have 3 months to comply
4 Minister of Information Communication and Culture Appeal Mechanism Personal Data Protection Commissioner Data User Forum Advisory Committee Data User
5 Growth of computer networks & internet – Huge impact on society • Over the last 3 decades computer networks have made pervasive inroads in our everyday lives, both in business as well as the home • The internet came along and connected the world • Computer networks enabled efficient collection, manipulation and storage of data – and vast quantities of it too • Data can be stored anywhere in the world – not necessarily where it is collected • Gigabytes of personal data are accessed and used on daily basis • New threats affecting privacy and data protection (identity theft, facebook, twitter, friendster, etc)
6 Has your Personal Data been abused lately? • How many marketing sms’s do you receive in a day? • Has a bank offered you a pre-approved loan lately? • Does your telco send you “I love you” mms’s without your consent? • Did you get a season’s greeting from the Prime Minister lately? • Did you get an email telling you that you have won USD5 million in a European lottery? None of these activities may have had your consent
7 What is Personal data • Personal Data (PD) means any information which relates directly or indirectly to a data subject, who is identified or identifiable from that information  Examples : Name, Address, Photographs, IC, Bank Account details, Medical Records / History Some Definitions Data Subject (DS) – an individual who is the subject of the PD – includes patients and employees Data User (DU) – a person who processed any PD or has control over or authorizes the processing of any PD but does not include a data processor
8 Processing is defined widely • Processing – means collecting, recording, holding, storing and carrying out of operations with that data like organizations, adaptation, retrieval, use, disclosure, transmission, transfer, correction, erasure & destruction Collection Use Disclosure Destruction
9 Application of the PDPA • The act applies to : (a) personal data which is processed; (b) any person who processes and any person who has control over or authorizes the processing of any personal data in respect of commercial transactions and such a person is a “data user”; Commercial transactions – “... of a commercial nature, whether contractual or not, which includes any matters relating to the supply or exchange of goods or services, agency, investments, financing, banking and insurance, but does not include a credit reporting business carried out by a credit reporting agency under the Credit Reporting Agencies Act 2010”.
10 Personal Data Flow - patient HRM Discharge/Payment •HIS Patient Registration (demographics ) HRM PATIENT Clinical Information at Clinic Procedures •HIS •LIS •OIS 10 HRM HRM Clinical Information at Wards HRM
11 The PDPA – Who Does it NOT Apply To? • The PDPA does not apply to : The Federal Government The State Government  PD processed outside Malaysia UNLESS intended to be further processed in Malaysia
12 Healthcare Sector in Malaysia Current Position Pre PDPA 2010
13 Current Regulatory Position – Piecemeal Approach to Data Protection Private Healthcare & Services Act MMC Guide on Confidentiality Medical Act MMC Guide on Medical Records and Medical Reports MMA Code on Medical Ethics Patient’s Charter MMC Code of Professional Conduct
14 Pre-PDPA – How Personal Data was dealt with • PHFSA – hospitals must have a policy on Patients rights: Information concerning medical treatment and care; Be provided with patient’s medical report within a reasonable time • Reg 30 – patient’s MR is the property of Hospital . Patient has a right to request for medical report • Retention of MR is for the Limitation Period • Doctors have right of access to MR of old patients to defend civil actions
15 MMC Guidelines on Doctors • On medical records and reports Medical records belong to the hospital Information in MR belong morally and ethically to the patient  Doctors have obligation to provide comprehensive medical reports upon request by patient (for 2nd opinion, litigation etc) • Doctor patient confidentially No disclosure to 3rd parties without consent of patient Should not reveal patient PD in medical publications Drs must exert all powers to preserve patient confidentiality
16 MMC Guidelines for Doctors – Disclosure to 3rd Parties • Disclosure within Medical Teams Drs must obtain consent of Patient to share PD with other doctors Patient can refuse consent for sharing of PD between doctors • Disclosure to Employers, Insurers Dr must inform Patient and obtain consent before disclosure to these parties • Disclosure for Medical Teaching and medical audit Should anonymise PD as far as possible Doctors who decide to disclose PD must be prepared to explain and justify their decision (MMC Guideline)
17 PDPA
The 7 Data Protection Principles Under the PDPA General principle Notice & Choice Principle Access Principle PDPA Data Integrity Principle Disclosure Principle Retention Principle Security Principle 18
19 No PDP Principles What it covers 1 General Principle Consent of DS is required to process PD. For Sensitive Personal Data – explicit consent is required 2 Notice & Choice Principle DU give Notice to DS of the processing, description of PD, purpose, source of info and right to request access, 3P to whom DU discloses, how to limit the processing, whether it is obligatory or voluntary to supply PD 3 Disclosure Principle No disclosure of PD without consent of DS 4 Security Principle DU must take practical steps to protect PD (IT System & Internal processes) 5 Retention Principle PD should not be kept longer than necessary – must destroy after purpose is met 6 Data Integrity Principle DU must ensure Data processed is accurate, complete and upto-date having regard to the purpose of collection 7 Access Principle DS must have access and be able to correct if inaccurate
20 1. General Principle - consent • A data user cannot process any PD about a Data Subject unless the Data Subject has given his consent. • Consent can be expressed or implied • PD cannot be processed unless :  PD is processed for a lawful purpose directly related to the activity of the Data User The processing of PD is necessary for or directly related to that purpose Directly related to that purpose means the reason that the PD was collected. Eg: a person comes for a blood test and his consent is acquired to conduct all the necessary test. However, the consent shall not extend to the publication of his blood test results in a medical article. PD is adequate but not excessive in relation to that purpose Eg: a patients comes to ER to see the doctor for fever medication. It is not necessary to ask the patient of his grandparents, aunt, uncle’s names, IC, add etc. Distinction between consent for medical purpose and other purpose
21
22 2. Notice & Choice Principle • A DS is required to give written consent to DU: That PD is being processed and provide a description of the PD being processed The purposes for which the PD is collected and processed  DS’s right to request access to and request correction of the PD Disclosure to any 3rd parties that may be made
23 3. Disclosure principle • No Personal Data shall be disclosed without the consent of the DS: For any other purpose other than the original purpose as disclosed to the DS at the time of collection A purpose directly related to the purpose above To any party other than a 3rd party already notified to the DS (under Notice Principle) • Disclosure for the purpose of research, discussions in medical meetings / seminars :This disclosure is allowed as long as the data that is being disclosed cannot be related to a particular person • Note: Disclosure to the Ministry of Health – this is a compulsory disclosure and thus shall be exempted.
24 Case note - disclosure Improper disclosure of SPD to Government Agency The complainant had medical tests at a pathology clinic and asked that the results be provided only to their treating medical specialist and solicitor. The tests results were to be part of a claim that the complainant was making to a federal government agency. The complainant later became aware that the clinic had provided the results directly to that government agency. DS complained to the Data Commissioner The clinic advised the clinic staff to send directly to the government agency noted on the complainant’s form. The clinic contended that this was an isolated error. As this information was disclosed for a purpose other than the primary purpose for which it was collected. The commissioner formed the view that the disclosure was an interference with the complainant’s privacy. The clinic paid compensation to the DS.
25 The security principle need to be adequate but it shouldn’t be unreasonable.
26 4. Security Principle • DU shall take practical steps to protect PD from any Loss, misuse, modification Unauthorized or accidental access or disclosure Alteration or destruction Having regard to location, IT systems and mode of transfer of PD • Hospital IT systems such as the HMIS, HIS and LIS need strict policies • Transfer to 3rd party service providers such as outside lab and transfers of PD overseas Security issues : use of portable devices (laptops, USB, External hard drive, CD, DVD) Transmission of patient info via fax Medical devices storage function Remote access to MR Doctors have to comply with Hospital’s policies regarding PDPA requirements
27
28 Sony fined GBP 250,000 for Breach of Security • A cyber attack on the SONY’s PlayStation Network in April 2011 put a huge number of consumers at risk of identity theft including credit card details • It could have been prevented if Sony’s software was up-to-date and technical developments hadn’t made passwords unsecure • “There’s no disguising that this is a business that should have known better,” said the ICO’s data protection director David Smith • It is a company that trades on its technical expertise and there is no doubt in my mind that they had access to both the technical expertise and the resources to keep this information safe.
29 Data Processor • Where PD is processed on behalf of DU the DU shall ensure that the Data Processor :  Provides guarantees in respect of technical and security measures governing the processing; and  Takes reasonable steps to ensure compliance with those measures  Eg: The IT system in SDMC PC – system designed for SDH and they do have access to our patient records. Data Processor = Outsourced Service Providers
30 5. Retention Principle
31 Retention Principle • PD shall not be kept longer than is necessary for the fulfillment of the original purpose • DU has duty to take all reasonable steps to ensure that PD is : • Destroyed (must be done in a proper manner); or • Permanently deleted …… if it is no longer required for the purpose for which it was processed QUESTION : how long is long?  Depends on the nature of your business and the commercial reasons to keep data  7 years / 25 years / hospital policy
32
33 6. Data Integrity Principle
34 Data Integrity Principle • DU has duty to take all reasonable steps to ensure that PD is : • Accurate • Complete • Not misleading; and • Kept up to date
35 7. Access Principle • A data subject shall be given access to his personal data upon Data Access Request • All information that is being processed by or on behalf of the Data User • Entitled to an intelligible copy of the PD • Access can be just to view or get a copy • Subject to some exceptions Under the PDPA, patient may now get access to his entire MR
36 Case note Who can access PD Hospital prepared a health report for an insurance company Patient wanted a copy under access principle Hospital refused DC held that all PD held by the hospital, including report should be provided to the data subject Regardless for whom it was prepared
37
38 GE Healthcare Admits Sending NHS Patient Data to US • Personal details of 600,000 patients were sent to the US following a mistake made by the NHS’s IT provider, GE Healthcare • GE Healthcare admitted that the error had occurred after it had obtained more patient data than it needed, but stressed that there was no need to worry • Overloaded in PD • GE Healthcare recently discovered that they obtained more patient data from diagnostic imaging products than they needed to perform services to their customers
39 NHS Trust fined 325,000 for data breach • Brighton and Sussex University Hospital NHS Trust has been fined 400,000 euros following a serious breach of the UK Data Protection Act • Highly sensitive personal data belonging to tens of thousands of patients and staff, including some relating to HIV and Genito Urinary Medicine patients, on hard drives sold on an Internet auction site in October and November 2010 • The Data breach occurred when an individual engaged by the Trust’s IT service provider, was tasked to destroy approximately 1000 hard drives • The individual sold 4 hard drives on an internet auction in December 2010
40 Offences and Penalties • If a body corporate commits an offence under the PDPA, any person who at the time of the offence was a director, CEO, COO, Manager etc may be charged jointly or severally with the company • Liability also is attached to Senior Management for acts or omissions of any employee acting in the course of their employment. • Section 5 (1) Anyone who contravenes the Personal Data Protection Principles commits and offence and shall, on conviction, be liable to a fine not exceeding RM300,000 or to imprisonment for a term not exceeding 2 years or to both  Penalties for other offences ranges from RM100k to RM500k with imprisonment ranging from 1 – 3 years  Eg. For unlawful collection or selling of PD – 500k and 3 years
41 THANK YOU

Recommended

Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
MSC Malaysia Cybercentre @ Bangsar South City
 
PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)
Hairul Hafiz Hasbullah
 
Personal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacyPersonal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data Privacy
legalPadmin
 
Personal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochurePersonal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochure
Jean Luc Creppy
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
khenghoe
 
PDPA Compliance Preparation
PDPA Compliance PreparationPDPA Compliance Preparation
PDPA Compliance Preparation
LawPlus Ltd.
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)
Benjamin Ang
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
BCC - Solutions for IBM Collaboration Software
 

Recommended

Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
MSC Malaysia Cybercentre @ Bangsar South City
 
PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)
Hairul Hafiz Hasbullah
 
Personal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacyPersonal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data Privacy
legalPadmin
 
Personal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochurePersonal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochure
Jean Luc Creppy
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
khenghoe
 
PDPA Compliance Preparation
PDPA Compliance PreparationPDPA Compliance Preparation
PDPA Compliance Preparation
LawPlus Ltd.
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)
Benjamin Ang
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
BCC - Solutions for IBM Collaboration Software
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
Naomi Holmes
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
Amber Gupta
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
Vicky Dallas
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection ActSaimaRafiq
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
grahamwell
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
Data protection
Data protectionData protection
Data protection
RaviPrashant5
 
GDPR
GDPRGDPR
GDPR
Gopi PD
 
Complying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical GuideComplying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical Guide
Daniel Li
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
Caroline Boscher
 
Data protection
Data protectionData protection
Data protectionLewis Silkin
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
Amiit Keshav Naik
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographic
Marketing Team at Crown Worldwide Group
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
G Prachi
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR
The Pathway Group
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
sp_krishna
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overview
Jane Lambert
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
Acquia
 
Data protection act
Data protection act Data protection act
Data protection act Iqbal Bocus
 
Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711Quotient Consulting
 

More Related Content

What's hot

GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
Naomi Holmes
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
Amber Gupta
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
Vicky Dallas
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection ActSaimaRafiq
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
grahamwell
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
Data protection
Data protectionData protection
Data protection
RaviPrashant5
 
GDPR
GDPRGDPR
GDPR
Gopi PD
 
Complying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical GuideComplying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical Guide
Daniel Li
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
Caroline Boscher
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
Amiit Keshav Naik
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographic
Marketing Team at Crown Worldwide Group
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
G Prachi
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR
The Pathway Group
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
sp_krishna
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overview
Jane Lambert
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
Acquia
 

What's hot (20)

GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Data protection
Data protectionData protection
Data protection
 
GDPR
GDPRGDPR
GDPR
 
Complying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical GuideComplying with Singapore Personal Data Protection Act - A Practical Guide
Complying with Singapore Personal Data Protection Act - A Practical Guide
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
Data protection
Data protectionData protection
Data protection
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issues
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographic
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_india
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overview
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
 

Viewers also liked

Data protection act
Data protection act Data protection act
Data protection act Iqbal Bocus
 
Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711Quotient Consulting
 
Presentation ICT2
Presentation ICT2Presentation ICT2
Presentation ICT2safa
 
Tindak Malaysia: The Die Is Cast
Tindak Malaysia: The Die Is CastTindak Malaysia: The Die Is Cast
Tindak Malaysia: The Die Is Cast
Alan Teh
 
PMPASKL 52nd AGM and ASM
PMPASKL 52nd AGM and ASMPMPASKL 52nd AGM and ASM
PMPASKL 52nd AGM and ASM
Alan Teh
 
Stem congress brochure 180912
Stem congress brochure 180912Stem congress brochure 180912
Stem congress brochure 180912Alan Teh
 
Role of cancer genomics and next generation sequencing.pptx 2
Role of cancer genomics and next generation sequencing.pptx 2Role of cancer genomics and next generation sequencing.pptx 2
Role of cancer genomics and next generation sequencing.pptx 2Alan Teh
 
Survey results on EMR
Survey results on EMRSurvey results on EMR
Survey results on EMR
Alan Teh
 
MOH1Care
MOH1CareMOH1Care
MOH1Care
Alan Teh
 
Cyberlaw
CyberlawCyberlaw
Cyberlaw
Shanmugam Thiagoo
 
Impact of ict on privacy and personal data
Impact of ict on privacy and personal dataImpact of ict on privacy and personal data
Impact of ict on privacy and personal data
mohd kamal
 
Understanding your heart health with your helo
Understanding your heart health with your heloUnderstanding your heart health with your helo
Understanding your heart health with your helo
Alan Teh
 
Lower Urinary Tract Symptoms in Men for GPs
Lower Urinary Tract Symptoms in Men for GPsLower Urinary Tract Symptoms in Men for GPs
Lower Urinary Tract Symptoms in Men for GPs
Alan Teh
 
Multiple Myeloma
Multiple MyelomaMultiple Myeloma
Multiple Myeloma
Alan Teh
 
Legal Framework of Internet Banking
Legal Framework of Internet BankingLegal Framework of Internet Banking
Legal Framework of Internet BankingMahyuddin Khalid
 
Hacking and Hacktivism
Hacking and HacktivismHacking and Hacktivism
Hacking and Hacktivism
rashidirazali
 
GST for Doctors
GST for DoctorsGST for Doctors
GST for Doctors
Alan Teh
 
Consent
ConsentConsent
Consent
Alan Teh
 
Protecting Data Privacy
Protecting Data PrivacyProtecting Data Privacy
Protecting Data Privacy
Directorate of Information Security | Ditjen Aptika
 

Viewers also liked (20)

Data protection act
Data protection act Data protection act
Data protection act
 
Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711
 
Presentation ICT2
Presentation ICT2Presentation ICT2
Presentation ICT2
 
Tindak Malaysia: The Die Is Cast
Tindak Malaysia: The Die Is CastTindak Malaysia: The Die Is Cast
Tindak Malaysia: The Die Is Cast
 
PMPASKL 52nd AGM and ASM
PMPASKL 52nd AGM and ASMPMPASKL 52nd AGM and ASM
PMPASKL 52nd AGM and ASM
 
Stem congress brochure 180912
Stem congress brochure 180912Stem congress brochure 180912
Stem congress brochure 180912
 
Role of cancer genomics and next generation sequencing.pptx 2
Role of cancer genomics and next generation sequencing.pptx 2Role of cancer genomics and next generation sequencing.pptx 2
Role of cancer genomics and next generation sequencing.pptx 2
 
Survey results on EMR
Survey results on EMRSurvey results on EMR
Survey results on EMR
 
MOH1Care
MOH1CareMOH1Care
MOH1Care
 
Cyberlaw
CyberlawCyberlaw
Cyberlaw
 
Chapter 1
Chapter 1Chapter 1
Chapter 1
 
Impact of ict on privacy and personal data
Impact of ict on privacy and personal dataImpact of ict on privacy and personal data
Impact of ict on privacy and personal data
 
Understanding your heart health with your helo
Understanding your heart health with your heloUnderstanding your heart health with your helo
Understanding your heart health with your helo
 
Lower Urinary Tract Symptoms in Men for GPs
Lower Urinary Tract Symptoms in Men for GPsLower Urinary Tract Symptoms in Men for GPs
Lower Urinary Tract Symptoms in Men for GPs
 
Multiple Myeloma
Multiple MyelomaMultiple Myeloma
Multiple Myeloma
 
Legal Framework of Internet Banking
Legal Framework of Internet BankingLegal Framework of Internet Banking
Legal Framework of Internet Banking
 
Hacking and Hacktivism
Hacking and HacktivismHacking and Hacktivism
Hacking and Hacktivism
 
GST for Doctors
GST for DoctorsGST for Doctors
GST for Doctors
 
Consent
ConsentConsent
Consent
 
Protecting Data Privacy
Protecting Data PrivacyProtecting Data Privacy
Protecting Data Privacy
 

Similar to Pdpa presentation

Protection of patient data in EU vs. US
Protection of patient data in EU vs. USProtection of patient data in EU vs. US
Protection of patient data in EU vs. US
Erik R. Ranschaert, MD, PhD
 
Information governance
Information governanceInformation governance
Information governance
Gerardo Medina
 
Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...
3GDR
 
Confidentiality and Data Protection in Health Care
Confidentiality and Data Protection in Health CareConfidentiality and Data Protection in Health Care
Confidentiality and Data Protection in Health Care
Vaileth Mdete
 
Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient InformationData Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
ClinosolIndia
 
PHIE Privacy Guidelines
PHIE Privacy GuidelinesPHIE Privacy Guidelines
PHIE Privacy Guidelines
Romsty
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity Architects
WSO2
 
Imac 2011
Imac 2011Imac 2011
Imac 2011sebmojo
 
Master thesis defence Merve Şimşek
Master thesis defence Merve ŞimşekMaster thesis defence Merve Şimşek
Master thesis defence Merve Şimşek
MIPLM
 
Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015
Patrick Doyle
 
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104 Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
Upekha Vandebona
 
Hipaa inservice
Hipaa inserviceHipaa inservice
Hipaa inservice
Kelly Snyder
 
Care data against
Care data againstCare data against
Care data against3GDR
 
HIPAA INSERVICE 2017
HIPAA INSERVICE 2017 HIPAA INSERVICE 2017
HIPAA INSERVICE 2017
Meg Oser
 
Technology, policy, privacy and freedom
Technology, policy, privacy and freedomTechnology, policy, privacy and freedom
Technology, policy, privacy and freedom
G Prachi
 
HIPAA Privacy and Security
HIPAA Privacy and SecurityHIPAA Privacy and Security
HIPAA Privacy and Security
Parsons Behle & Latimer
 
What’s Up eDoc?: A Health IT Privacy Primer
What’s Up eDoc?: A Health IT Privacy PrimerWhat’s Up eDoc?: A Health IT Privacy Primer
What’s Up eDoc?: A Health IT Privacy Primer
MaRS Discovery District
 
Data Privacy and consent management .. .
Data Privacy and consent management .. .Data Privacy and consent management .. .
Data Privacy and consent management .. .
ClinosolIndia
 
Data privacy and consent management (K.sailaja).pptx
Data privacy and consent management (K.sailaja).pptxData privacy and consent management (K.sailaja).pptx
Data privacy and consent management (K.sailaja).pptx
kandalamsailaja17
 

Similar to Pdpa presentation (20)

Protection of patient data in EU vs. US
Protection of patient data in EU vs. USProtection of patient data in EU vs. US
Protection of patient data in EU vs. US
 
Information governance
Information governanceInformation governance
Information governance
 
Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...
 
Confidentiality and Data Protection in Health Care
Confidentiality and Data Protection in Health CareConfidentiality and Data Protection in Health Care
Confidentiality and Data Protection in Health Care
 
Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient InformationData Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
 
PHIE Privacy Guidelines
PHIE Privacy GuidelinesPHIE Privacy Guidelines
PHIE Privacy Guidelines
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity Architects
 
Imac 2011
Imac 2011Imac 2011
Imac 2011
 
Master thesis defence Merve Şimşek
Master thesis defence Merve ŞimşekMaster thesis defence Merve Şimşek
Master thesis defence Merve Şimşek
 
Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015
 
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104 Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
 
Hipaa inservice
Hipaa inserviceHipaa inservice
Hipaa inservice
 
Care data against
Care data againstCare data against
Care data against
 
HIPAA INSERVICE 2017
HIPAA INSERVICE 2017 HIPAA INSERVICE 2017
HIPAA INSERVICE 2017
 
Technology, policy, privacy and freedom
Technology, policy, privacy and freedomTechnology, policy, privacy and freedom
Technology, policy, privacy and freedom
 
HIPAA Privacy and Security
HIPAA Privacy and SecurityHIPAA Privacy and Security
HIPAA Privacy and Security
 
What’s Up eDoc?: A Health IT Privacy Primer
What’s Up eDoc?: A Health IT Privacy PrimerWhat’s Up eDoc?: A Health IT Privacy Primer
What’s Up eDoc?: A Health IT Privacy Primer
 
Data Privacy and consent management .. .
Data Privacy and consent management .. .Data Privacy and consent management .. .
Data Privacy and consent management .. .
 
Data privacy and consent management (K.sailaja).pptx
Data privacy and consent management (K.sailaja).pptxData privacy and consent management (K.sailaja).pptx
Data privacy and consent management (K.sailaja).pptx
 
Data Management Protection Acts
Data Management Protection ActsData Management Protection Acts
Data Management Protection Acts
 

More from Alan Teh

Talk on Prostate Cancer, KL
Talk on Prostate Cancer, KLTalk on Prostate Cancer, KL
Talk on Prostate Cancer, KL
Alan Teh
 
Guide to GST for Healthcare services (16 Nov)
Guide to GST for Healthcare services (16 Nov)Guide to GST for Healthcare services (16 Nov)
Guide to GST for Healthcare services (16 Nov)
Alan Teh
 
1st Joine ESMO-MOS Conference
1st Joine ESMO-MOS Conference1st Joine ESMO-MOS Conference
1st Joine ESMO-MOS Conference
Alan Teh
 
Dialogue with Datuk Seri Gopal Sri Ram
Dialogue with Datuk Seri Gopal Sri RamDialogue with Datuk Seri Gopal Sri Ram
Dialogue with Datuk Seri Gopal Sri Ram
Alan Teh
 
Guide to GST for Healthcare Services (Malaysia)
Guide to GST for Healthcare Services (Malaysia)Guide to GST for Healthcare Services (Malaysia)
Guide to GST for Healthcare Services (Malaysia)
Alan Teh
 
eKlinikmd sponsored edition 2014
eKlinikmd sponsored edition 2014 eKlinikmd sponsored edition 2014
eKlinikmd sponsored edition 2014
Alan Teh
 
The Malaysian Calendar 2014
The Malaysian Calendar 2014The Malaysian Calendar 2014
The Malaysian Calendar 2014
Alan Teh
 
HRI Workshop February 2014
HRI Workshop February 2014HRI Workshop February 2014
HRI Workshop February 2014
Alan Teh
 
Obstructive Sleep Apnoea
Obstructive Sleep ApnoeaObstructive Sleep Apnoea
Obstructive Sleep Apnoea
Alan Teh
 
Health metropolis the star e paper metro central - 6 sep 2013 - page #4
Health metropolis the star e paper metro central - 6 sep 2013 - page #4Health metropolis the star e paper metro central - 6 sep 2013 - page #4
Health metropolis the star e paper metro central - 6 sep 2013 - page #4Alan Teh
 
10th apchg 2nd ann (13 august)
10th apchg 2nd ann (13 august)10th apchg 2nd ann (13 august)
10th apchg 2nd ann (13 august)
Alan Teh
 
Haemostasis workshop final announcement
Haemostasis workshop final announcementHaemostasis workshop final announcement
Haemostasis workshop final announcementAlan Teh
 
Haemostasis workshop final announcement
Haemostasis workshop final announcementHaemostasis workshop final announcement
Haemostasis workshop final announcement
Alan Teh
 
Introductory bioinformatics workshop flyer
Introductory bioinformatics workshop flyerIntroductory bioinformatics workshop flyer
Introductory bioinformatics workshop flyer
Alan Teh
 
AFH 2012 flyer
AFH 2012 flyerAFH 2012 flyer
AFH 2012 flyer
Alan Teh
 
Annualreport2012
Annualreport2012Annualreport2012
Annualreport2012Alan Teh
 
Agmmins2011
Agmmins2011Agmmins2011
Agmmins2011Alan Teh
 
Taknak 1care forum sitiawan
Taknak 1care forum sitiawanTaknak 1care forum sitiawan
Taknak 1care forum sitiawan
Alan Teh
 
1 Care Concept Caper
1 Care Concept Caper 1 Care Concept Caper
1 Care Concept Caper
Alan Teh
 
Healthcare forum on 1Care
Healthcare forum on 1CareHealthcare forum on 1Care
Healthcare forum on 1Care
Alan Teh
 

More from Alan Teh (20)

Talk on Prostate Cancer, KL
Talk on Prostate Cancer, KLTalk on Prostate Cancer, KL
Talk on Prostate Cancer, KL
 
Guide to GST for Healthcare services (16 Nov)
Guide to GST for Healthcare services (16 Nov)Guide to GST for Healthcare services (16 Nov)
Guide to GST for Healthcare services (16 Nov)
 
1st Joine ESMO-MOS Conference
1st Joine ESMO-MOS Conference1st Joine ESMO-MOS Conference
1st Joine ESMO-MOS Conference
 
Dialogue with Datuk Seri Gopal Sri Ram
Dialogue with Datuk Seri Gopal Sri RamDialogue with Datuk Seri Gopal Sri Ram
Dialogue with Datuk Seri Gopal Sri Ram
 
Guide to GST for Healthcare Services (Malaysia)
Guide to GST for Healthcare Services (Malaysia)Guide to GST for Healthcare Services (Malaysia)
Guide to GST for Healthcare Services (Malaysia)
 
eKlinikmd sponsored edition 2014
eKlinikmd sponsored edition 2014 eKlinikmd sponsored edition 2014
eKlinikmd sponsored edition 2014
 
The Malaysian Calendar 2014
The Malaysian Calendar 2014The Malaysian Calendar 2014
The Malaysian Calendar 2014
 
HRI Workshop February 2014
HRI Workshop February 2014HRI Workshop February 2014
HRI Workshop February 2014
 
Obstructive Sleep Apnoea
Obstructive Sleep ApnoeaObstructive Sleep Apnoea
Obstructive Sleep Apnoea
 
Health metropolis the star e paper metro central - 6 sep 2013 - page #4
Health metropolis the star e paper metro central - 6 sep 2013 - page #4Health metropolis the star e paper metro central - 6 sep 2013 - page #4
Health metropolis the star e paper metro central - 6 sep 2013 - page #4
 
10th apchg 2nd ann (13 august)
10th apchg 2nd ann (13 august)10th apchg 2nd ann (13 august)
10th apchg 2nd ann (13 august)
 
Haemostasis workshop final announcement
Haemostasis workshop final announcementHaemostasis workshop final announcement
Haemostasis workshop final announcement
 
Haemostasis workshop final announcement
Haemostasis workshop final announcementHaemostasis workshop final announcement
Haemostasis workshop final announcement
 
Introductory bioinformatics workshop flyer
Introductory bioinformatics workshop flyerIntroductory bioinformatics workshop flyer
Introductory bioinformatics workshop flyer
 
AFH 2012 flyer
AFH 2012 flyerAFH 2012 flyer
AFH 2012 flyer
 
Annualreport2012
Annualreport2012Annualreport2012
Annualreport2012
 
Agmmins2011
Agmmins2011Agmmins2011
Agmmins2011
 
Taknak 1care forum sitiawan
Taknak 1care forum sitiawanTaknak 1care forum sitiawan
Taknak 1care forum sitiawan
 
1 Care Concept Caper
1 Care Concept Caper 1 Care Concept Caper
1 Care Concept Caper
 
Healthcare forum on 1Care
Healthcare forum on 1CareHealthcare forum on 1Care
Healthcare forum on 1Care
 

Recently uploaded

The Normal Electrocardiogram - Part I of II
The Normal Electrocardiogram - Part I of IIThe Normal Electrocardiogram - Part I of II
The Normal Electrocardiogram - Part I of II
MedicoseAcademics
 
The POPPY STUDY (Preconception to post-partum cardiovascular function in prim...
The POPPY STUDY (Preconception to post-partum cardiovascular function in prim...The POPPY STUDY (Preconception to post-partum cardiovascular function in prim...
The POPPY STUDY (Preconception to post-partum cardiovascular function in prim...
Catherine Liao
 
Phone Us ❤85270-49040❤ #ℂall #gIRLS In Surat By Surat @ℂall @Girls Hotel With...
Phone Us ❤85270-49040❤ #ℂall #gIRLS In Surat By Surat @ℂall @Girls Hotel With...Phone Us ❤85270-49040❤ #ℂall #gIRLS In Surat By Surat @ℂall @Girls Hotel With...
Phone Us ❤85270-49040❤ #ℂall #gIRLS In Surat By Surat @ℂall @Girls Hotel With...
Savita Shen $i11
 
Tom Selleck Health: A Comprehensive Look at the Iconic Actor’s Wellness Journey
Tom Selleck Health: A Comprehensive Look at the Iconic Actor’s Wellness JourneyTom Selleck Health: A Comprehensive Look at the Iconic Actor’s Wellness Journey
Tom Selleck Health: A Comprehensive Look at the Iconic Actor’s Wellness Journey
greendigital
 
New Directions in Targeted Therapeutic Approaches for Older Adults With Mantl...
New Directions in Targeted Therapeutic Approaches for Older Adults With Mantl...New Directions in Targeted Therapeutic Approaches for Older Adults With Mantl...
New Directions in Targeted Therapeutic Approaches for Older Adults With Mantl...
i3 Health
 
HOT NEW PRODUCT! BIG SALES FAST SHIPPING NOW FROM CHINA!! EU KU DB BK substit...
HOT NEW PRODUCT! BIG SALES FAST SHIPPING NOW FROM CHINA!! EU KU DB BK substit...HOT NEW PRODUCT! BIG SALES FAST SHIPPING NOW FROM CHINA!! EU KU DB BK substit...
HOT NEW PRODUCT! BIG SALES FAST SHIPPING NOW FROM CHINA!! EU KU DB BK substit...
GL Anaacs
 
Surgical Site Infections, pathophysiology, and prevention.pptx
Surgical Site Infections, pathophysiology, and prevention.pptxSurgical Site Infections, pathophysiology, and prevention.pptx
Surgical Site Infections, pathophysiology, and prevention.pptx
jval Landero
 
POST OPERATIVE OLIGURIA and its management
POST OPERATIVE OLIGURIA and its managementPOST OPERATIVE OLIGURIA and its management
POST OPERATIVE OLIGURIA and its management
touseefaziz1
 
Pulmonary Thromboembolism - etilogy, types, medical- Surgical and nursing man...
Pulmonary Thromboembolism - etilogy, types, medical- Surgical and nursing man...Pulmonary Thromboembolism - etilogy, types, medical- Surgical and nursing man...
Pulmonary Thromboembolism - etilogy, types, medical- Surgical and nursing man...
VarunMahajani
 
Couples presenting to the infertility clinic- Do they really have infertility...
Couples presenting to the infertility clinic- Do they really have infertility...Couples presenting to the infertility clinic- Do they really have infertility...
Couples presenting to the infertility clinic- Do they really have infertility...
Sujoy Dasgupta
 
Factory Supply Best Quality Pmk Oil CAS 28578–16–7 PMK Powder in Stock
Factory Supply Best Quality Pmk Oil CAS 28578–16–7 PMK Powder in StockFactory Supply Best Quality Pmk Oil CAS 28578–16–7 PMK Powder in Stock
Factory Supply Best Quality Pmk Oil CAS 28578–16–7 PMK Powder in Stock
rebeccabio
 
Ozempic: Preoperative Management of Patients on GLP-1 Receptor Agonists
Ozempic: Preoperative Management of Patients on GLP-1 Receptor Agonists Ozempic: Preoperative Management of Patients on GLP-1 Receptor Agonists
Ozempic: Preoperative Management of Patients on GLP-1 Receptor Agonists
Saeid Safari
 
BRACHYTHERAPY OVERVIEW AND APPLICATORS
BRACHYTHERAPY OVERVIEW AND APPLICATORSBRACHYTHERAPY OVERVIEW AND APPLICATORS
BRACHYTHERAPY OVERVIEW AND APPLICATORS
Krishan Murari
 
BENIGN PROSTATIC HYPERPLASIA.BPH. BPHpdf
BENIGN PROSTATIC HYPERPLASIA.BPH. BPHpdfBENIGN PROSTATIC HYPERPLASIA.BPH. BPHpdf
BENIGN PROSTATIC HYPERPLASIA.BPH. BPHpdf
DR SETH JOTHAM
 
Hemodialysis: Chapter 3, Dialysis Water Unit - Dr.Gawad
Hemodialysis: Chapter 3, Dialysis Water Unit - Dr.GawadHemodialysis: Chapter 3, Dialysis Water Unit - Dr.Gawad
Hemodialysis: Chapter 3, Dialysis Water Unit - Dr.Gawad
NephroTube - Dr.Gawad
 
Prix Galien International 2024 Forum Program
Prix Galien International 2024 Forum ProgramPrix Galien International 2024 Forum Program
Prix Galien International 2024 Forum Program
Levi Shapiro
 
ARTIFICIAL INTELLIGENCE IN HEALTHCARE.pdf
ARTIFICIAL INTELLIGENCE IN HEALTHCARE.pdfARTIFICIAL INTELLIGENCE IN HEALTHCARE.pdf
ARTIFICIAL INTELLIGENCE IN HEALTHCARE.pdf
Anujkumaranit
 
Lung Cancer: Artificial Intelligence, Synergetics, Complex System Analysis, S...
Lung Cancer: Artificial Intelligence, Synergetics, Complex System Analysis, S...Lung Cancer: Artificial Intelligence, Synergetics, Complex System Analysis, S...
Lung Cancer: Artificial Intelligence, Synergetics, Complex System Analysis, S...
Oleg Kshivets
 
Physiology of Special Chemical Sensation of Taste
Physiology of Special Chemical Sensation of TastePhysiology of Special Chemical Sensation of Taste
Physiology of Special Chemical Sensation of Taste
MedicoseAcademics
 
Charaka Samhita Sutra sthana Chapter 15 Upakalpaniyaadhyaya
Charaka Samhita Sutra sthana Chapter 15 UpakalpaniyaadhyayaCharaka Samhita Sutra sthana Chapter 15 Upakalpaniyaadhyaya
Charaka Samhita Sutra sthana Chapter 15 Upakalpaniyaadhyaya
Dr KHALID B.M
 

Recently uploaded (20)

The Normal Electrocardiogram - Part I of II
The Normal Electrocardiogram - Part I of IIThe Normal Electrocardiogram - Part I of II
The Normal Electrocardiogram - Part I of II
 
The POPPY STUDY (Preconception to post-partum cardiovascular function in prim...
The POPPY STUDY (Preconception to post-partum cardiovascular function in prim...The POPPY STUDY (Preconception to post-partum cardiovascular function in prim...
The POPPY STUDY (Preconception to post-partum cardiovascular function in prim...
 
Phone Us ❤85270-49040❤ #ℂall #gIRLS In Surat By Surat @ℂall @Girls Hotel With...
Phone Us ❤85270-49040❤ #ℂall #gIRLS In Surat By Surat @ℂall @Girls Hotel With...Phone Us ❤85270-49040❤ #ℂall #gIRLS In Surat By Surat @ℂall @Girls Hotel With...
Phone Us ❤85270-49040❤ #ℂall #gIRLS In Surat By Surat @ℂall @Girls Hotel With...
 
Tom Selleck Health: A Comprehensive Look at the Iconic Actor’s Wellness Journey
Tom Selleck Health: A Comprehensive Look at the Iconic Actor’s Wellness JourneyTom Selleck Health: A Comprehensive Look at the Iconic Actor’s Wellness Journey
Tom Selleck Health: A Comprehensive Look at the Iconic Actor’s Wellness Journey
 
New Directions in Targeted Therapeutic Approaches for Older Adults With Mantl...
New Directions in Targeted Therapeutic Approaches for Older Adults With Mantl...New Directions in Targeted Therapeutic Approaches for Older Adults With Mantl...
New Directions in Targeted Therapeutic Approaches for Older Adults With Mantl...
 
HOT NEW PRODUCT! BIG SALES FAST SHIPPING NOW FROM CHINA!! EU KU DB BK substit...
HOT NEW PRODUCT! BIG SALES FAST SHIPPING NOW FROM CHINA!! EU KU DB BK substit...HOT NEW PRODUCT! BIG SALES FAST SHIPPING NOW FROM CHINA!! EU KU DB BK substit...
HOT NEW PRODUCT! BIG SALES FAST SHIPPING NOW FROM CHINA!! EU KU DB BK substit...
 
Surgical Site Infections, pathophysiology, and prevention.pptx
Surgical Site Infections, pathophysiology, and prevention.pptxSurgical Site Infections, pathophysiology, and prevention.pptx
Surgical Site Infections, pathophysiology, and prevention.pptx
 
POST OPERATIVE OLIGURIA and its management
POST OPERATIVE OLIGURIA and its managementPOST OPERATIVE OLIGURIA and its management
POST OPERATIVE OLIGURIA and its management
 
Pulmonary Thromboembolism - etilogy, types, medical- Surgical and nursing man...
Pulmonary Thromboembolism - etilogy, types, medical- Surgical and nursing man...Pulmonary Thromboembolism - etilogy, types, medical- Surgical and nursing man...
Pulmonary Thromboembolism - etilogy, types, medical- Surgical and nursing man...
 
Couples presenting to the infertility clinic- Do they really have infertility...
Couples presenting to the infertility clinic- Do they really have infertility...Couples presenting to the infertility clinic- Do they really have infertility...
Couples presenting to the infertility clinic- Do they really have infertility...
 
Factory Supply Best Quality Pmk Oil CAS 28578–16–7 PMK Powder in Stock
Factory Supply Best Quality Pmk Oil CAS 28578–16–7 PMK Powder in StockFactory Supply Best Quality Pmk Oil CAS 28578–16–7 PMK Powder in Stock
Factory Supply Best Quality Pmk Oil CAS 28578–16–7 PMK Powder in Stock
 
Ozempic: Preoperative Management of Patients on GLP-1 Receptor Agonists
Ozempic: Preoperative Management of Patients on GLP-1 Receptor Agonists Ozempic: Preoperative Management of Patients on GLP-1 Receptor Agonists
Ozempic: Preoperative Management of Patients on GLP-1 Receptor Agonists
 
BRACHYTHERAPY OVERVIEW AND APPLICATORS
BRACHYTHERAPY OVERVIEW AND APPLICATORSBRACHYTHERAPY OVERVIEW AND APPLICATORS
BRACHYTHERAPY OVERVIEW AND APPLICATORS
 
BENIGN PROSTATIC HYPERPLASIA.BPH. BPHpdf
BENIGN PROSTATIC HYPERPLASIA.BPH. BPHpdfBENIGN PROSTATIC HYPERPLASIA.BPH. BPHpdf
BENIGN PROSTATIC HYPERPLASIA.BPH. BPHpdf
 
Hemodialysis: Chapter 3, Dialysis Water Unit - Dr.Gawad
Hemodialysis: Chapter 3, Dialysis Water Unit - Dr.GawadHemodialysis: Chapter 3, Dialysis Water Unit - Dr.Gawad
Hemodialysis: Chapter 3, Dialysis Water Unit - Dr.Gawad
 
Prix Galien International 2024 Forum Program
Prix Galien International 2024 Forum ProgramPrix Galien International 2024 Forum Program
Prix Galien International 2024 Forum Program
 
ARTIFICIAL INTELLIGENCE IN HEALTHCARE.pdf
ARTIFICIAL INTELLIGENCE IN HEALTHCARE.pdfARTIFICIAL INTELLIGENCE IN HEALTHCARE.pdf
ARTIFICIAL INTELLIGENCE IN HEALTHCARE.pdf
 
Lung Cancer: Artificial Intelligence, Synergetics, Complex System Analysis, S...
Lung Cancer: Artificial Intelligence, Synergetics, Complex System Analysis, S...Lung Cancer: Artificial Intelligence, Synergetics, Complex System Analysis, S...
Lung Cancer: Artificial Intelligence, Synergetics, Complex System Analysis, S...
 
Physiology of Special Chemical Sensation of Taste
Physiology of Special Chemical Sensation of TastePhysiology of Special Chemical Sensation of Taste
Physiology of Special Chemical Sensation of Taste
 
Charaka Samhita Sutra sthana Chapter 15 Upakalpaniyaadhyaya
Charaka Samhita Sutra sthana Chapter 15 UpakalpaniyaadhyayaCharaka Samhita Sutra sthana Chapter 15 Upakalpaniyaadhyaya
Charaka Samhita Sutra sthana Chapter 15 Upakalpaniyaadhyaya
 

Pdpa presentation

  • 1. 1
  • 3. 3 Personal Data Protection Act 2010 • Passed on 10 June 2010 • The Minister has appointed a Director General & created a PDP Dept • Once the PDPA comes into force the DG may assume the role of Data Protection Commissioner • Once the PDPA is brought into force - Data Users have 3 months to comply
  • 4. 4 Minister of Information Communication and Culture Appeal Mechanism Personal Data Protection Commissioner Data User Forum Advisory Committee Data User
  • 5. 5 Growth of computer networks & internet – Huge impact on society • Over the last 3 decades computer networks have made pervasive inroads in our everyday lives, both in business as well as the home • The internet came along and connected the world • Computer networks enabled efficient collection, manipulation and storage of data – and vast quantities of it too • Data can be stored anywhere in the world – not necessarily where it is collected • Gigabytes of personal data are accessed and used on daily basis • New threats affecting privacy and data protection (identity theft, facebook, twitter, friendster, etc)
  • 6. 6 Has your Personal Data been abused lately? • How many marketing sms’s do you receive in a day? • Has a bank offered you a pre-approved loan lately? • Does your telco send you “I love you” mms’s without your consent? • Did you get a season’s greeting from the Prime Minister lately? • Did you get an email telling you that you have won USD5 million in a European lottery? None of these activities may have had your consent
  • 7. 7 What is Personal data • Personal Data (PD) means any information which relates directly or indirectly to a data subject, who is identified or identifiable from that information  Examples : Name, Address, Photographs, IC, Bank Account details, Medical Records / History Some Definitions Data Subject (DS) – an individual who is the subject of the PD – includes patients and employees Data User (DU) – a person who processed any PD or has control over or authorizes the processing of any PD but does not include a data processor
  • 8. 8 Processing is defined widely • Processing – means collecting, recording, holding, storing and carrying out of operations with that data like organizations, adaptation, retrieval, use, disclosure, transmission, transfer, correction, erasure & destruction Collection Use Disclosure Destruction
  • 9. 9 Application of the PDPA • The act applies to : (a) personal data which is processed; (b) any person who processes and any person who has control over or authorizes the processing of any personal data in respect of commercial transactions and such a person is a “data user”; Commercial transactions – “... of a commercial nature, whether contractual or not, which includes any matters relating to the supply or exchange of goods or services, agency, investments, financing, banking and insurance, but does not include a credit reporting business carried out by a credit reporting agency under the Credit Reporting Agencies Act 2010”.
  • 10. 10 Personal Data Flow - patient HRM Discharge/Payment •HIS Patient Registration (demographics ) HRM PATIENT Clinical Information at Clinic Procedures •HIS •LIS •OIS 10 HRM HRM Clinical Information at Wards HRM
  • 11. 11 The PDPA – Who Does it NOT Apply To? • The PDPA does not apply to : The Federal Government The State Government  PD processed outside Malaysia UNLESS intended to be further processed in Malaysia
  • 12. 12 Healthcare Sector in Malaysia Current Position Pre PDPA 2010
  • 13. 13 Current Regulatory Position – Piecemeal Approach to Data Protection Private Healthcare & Services Act MMC Guide on Confidentiality Medical Act MMC Guide on Medical Records and Medical Reports MMA Code on Medical Ethics Patient’s Charter MMC Code of Professional Conduct
  • 14. 14 Pre-PDPA – How Personal Data was dealt with • PHFSA – hospitals must have a policy on Patients rights: Information concerning medical treatment and care; Be provided with patient’s medical report within a reasonable time • Reg 30 – patient’s MR is the property of Hospital . Patient has a right to request for medical report • Retention of MR is for the Limitation Period • Doctors have right of access to MR of old patients to defend civil actions
  • 15. 15 MMC Guidelines on Doctors • On medical records and reports Medical records belong to the hospital Information in MR belong morally and ethically to the patient  Doctors have obligation to provide comprehensive medical reports upon request by patient (for 2nd opinion, litigation etc) • Doctor patient confidentially No disclosure to 3rd parties without consent of patient Should not reveal patient PD in medical publications Drs must exert all powers to preserve patient confidentiality
  • 16. 16 MMC Guidelines for Doctors – Disclosure to 3rd Parties • Disclosure within Medical Teams Drs must obtain consent of Patient to share PD with other doctors Patient can refuse consent for sharing of PD between doctors • Disclosure to Employers, Insurers Dr must inform Patient and obtain consent before disclosure to these parties • Disclosure for Medical Teaching and medical audit Should anonymise PD as far as possible Doctors who decide to disclose PD must be prepared to explain and justify their decision (MMC Guideline)
  • 18. The 7 Data Protection Principles Under the PDPA General principle Notice & Choice Principle Access Principle PDPA Data Integrity Principle Disclosure Principle Retention Principle Security Principle 18
  • 19. 19 No PDP Principles What it covers 1 General Principle Consent of DS is required to process PD. For Sensitive Personal Data – explicit consent is required 2 Notice & Choice Principle DU give Notice to DS of the processing, description of PD, purpose, source of info and right to request access, 3P to whom DU discloses, how to limit the processing, whether it is obligatory or voluntary to supply PD 3 Disclosure Principle No disclosure of PD without consent of DS 4 Security Principle DU must take practical steps to protect PD (IT System & Internal processes) 5 Retention Principle PD should not be kept longer than necessary – must destroy after purpose is met 6 Data Integrity Principle DU must ensure Data processed is accurate, complete and upto-date having regard to the purpose of collection 7 Access Principle DS must have access and be able to correct if inaccurate
  • 20. 20 1. General Principle - consent • A data user cannot process any PD about a Data Subject unless the Data Subject has given his consent. • Consent can be expressed or implied • PD cannot be processed unless :  PD is processed for a lawful purpose directly related to the activity of the Data User The processing of PD is necessary for or directly related to that purpose Directly related to that purpose means the reason that the PD was collected. Eg: a person comes for a blood test and his consent is acquired to conduct all the necessary test. However, the consent shall not extend to the publication of his blood test results in a medical article. PD is adequate but not excessive in relation to that purpose Eg: a patients comes to ER to see the doctor for fever medication. It is not necessary to ask the patient of his grandparents, aunt, uncle’s names, IC, add etc. Distinction between consent for medical purpose and other purpose
  • 21. 21
  • 22. 22 2. Notice & Choice Principle • A DS is required to give written consent to DU: That PD is being processed and provide a description of the PD being processed The purposes for which the PD is collected and processed  DS’s right to request access to and request correction of the PD Disclosure to any 3rd parties that may be made
  • 23. 23 3. Disclosure principle • No Personal Data shall be disclosed without the consent of the DS: For any other purpose other than the original purpose as disclosed to the DS at the time of collection A purpose directly related to the purpose above To any party other than a 3rd party already notified to the DS (under Notice Principle) • Disclosure for the purpose of research, discussions in medical meetings / seminars :This disclosure is allowed as long as the data that is being disclosed cannot be related to a particular person • Note: Disclosure to the Ministry of Health – this is a compulsory disclosure and thus shall be exempted.
  • 24. 24 Case note - disclosure Improper disclosure of SPD to Government Agency The complainant had medical tests at a pathology clinic and asked that the results be provided only to their treating medical specialist and solicitor. The tests results were to be part of a claim that the complainant was making to a federal government agency. The complainant later became aware that the clinic had provided the results directly to that government agency. DS complained to the Data Commissioner The clinic advised the clinic staff to send directly to the government agency noted on the complainant’s form. The clinic contended that this was an isolated error. As this information was disclosed for a purpose other than the primary purpose for which it was collected. The commissioner formed the view that the disclosure was an interference with the complainant’s privacy. The clinic paid compensation to the DS.
  • 25. 25 The security principle need to be adequate but it shouldn’t be unreasonable.
  • 26. 26 4. Security Principle • DU shall take practical steps to protect PD from any Loss, misuse, modification Unauthorized or accidental access or disclosure Alteration or destruction Having regard to location, IT systems and mode of transfer of PD • Hospital IT systems such as the HMIS, HIS and LIS need strict policies • Transfer to 3rd party service providers such as outside lab and transfers of PD overseas Security issues : use of portable devices (laptops, USB, External hard drive, CD, DVD) Transmission of patient info via fax Medical devices storage function Remote access to MR Doctors have to comply with Hospital’s policies regarding PDPA requirements
  • 27. 27
  • 28. 28 Sony fined GBP 250,000 for Breach of Security • A cyber attack on the SONY’s PlayStation Network in April 2011 put a huge number of consumers at risk of identity theft including credit card details • It could have been prevented if Sony’s software was up-to-date and technical developments hadn’t made passwords unsecure • “There’s no disguising that this is a business that should have known better,” said the ICO’s data protection director David Smith • It is a company that trades on its technical expertise and there is no doubt in my mind that they had access to both the technical expertise and the resources to keep this information safe.
  • 29. 29 Data Processor • Where PD is processed on behalf of DU the DU shall ensure that the Data Processor :  Provides guarantees in respect of technical and security measures governing the processing; and  Takes reasonable steps to ensure compliance with those measures  Eg: The IT system in SDMC PC – system designed for SDH and they do have access to our patient records. Data Processor = Outsourced Service Providers
  • 31. 31 Retention Principle • PD shall not be kept longer than is necessary for the fulfillment of the original purpose • DU has duty to take all reasonable steps to ensure that PD is : • Destroyed (must be done in a proper manner); or • Permanently deleted …… if it is no longer required for the purpose for which it was processed QUESTION : how long is long?  Depends on the nature of your business and the commercial reasons to keep data  7 years / 25 years / hospital policy
  • 32. 32
  • 33. 33 6. Data Integrity Principle
  • 34. 34 Data Integrity Principle • DU has duty to take all reasonable steps to ensure that PD is : • Accurate • Complete • Not misleading; and • Kept up to date
  • 35. 35 7. Access Principle • A data subject shall be given access to his personal data upon Data Access Request • All information that is being processed by or on behalf of the Data User • Entitled to an intelligible copy of the PD • Access can be just to view or get a copy • Subject to some exceptions Under the PDPA, patient may now get access to his entire MR
  • 36. 36 Case note Who can access PD Hospital prepared a health report for an insurance company Patient wanted a copy under access principle Hospital refused DC held that all PD held by the hospital, including report should be provided to the data subject Regardless for whom it was prepared
  • 37. 37
  • 38. 38 GE Healthcare Admits Sending NHS Patient Data to US • Personal details of 600,000 patients were sent to the US following a mistake made by the NHS’s IT provider, GE Healthcare • GE Healthcare admitted that the error had occurred after it had obtained more patient data than it needed, but stressed that there was no need to worry • Overloaded in PD • GE Healthcare recently discovered that they obtained more patient data from diagnostic imaging products than they needed to perform services to their customers
  • 39. 39 NHS Trust fined 325,000 for data breach • Brighton and Sussex University Hospital NHS Trust has been fined 400,000 euros following a serious breach of the UK Data Protection Act • Highly sensitive personal data belonging to tens of thousands of patients and staff, including some relating to HIV and Genito Urinary Medicine patients, on hard drives sold on an Internet auction site in October and November 2010 • The Data breach occurred when an individual engaged by the Trust’s IT service provider, was tasked to destroy approximately 1000 hard drives • The individual sold 4 hard drives on an internet auction in December 2010
  • 40. 40 Offences and Penalties • If a body corporate commits an offence under the PDPA, any person who at the time of the offence was a director, CEO, COO, Manager etc may be charged jointly or severally with the company • Liability also is attached to Senior Management for acts or omissions of any employee acting in the course of their employment. • Section 5 (1) Anyone who contravenes the Personal Data Protection Principles commits and offence and shall, on conviction, be liable to a fine not exceeding RM300,000 or to imprisonment for a term not exceeding 2 years or to both  Penalties for other offences ranges from RM100k to RM500k with imprisonment ranging from 1 – 3 years  Eg. For unlawful collection or selling of PD – 500k and 3 years