[ PHIC PHILHEALTH CIRCULAR NO. 10, S. 2010, February 22, 2010 ]
GUIDELINES ON THE PUBLIC ACCESS AND VIEWING OF INFORMATION FROM THE PHILHEALTH DATABASES
A. Rationale
The Corporation has recognized the need to identify shareable information from the major databases that the members and other stakeholders can access and view once the application systems are made available on the internet or through other means. It is imperative to address this need in order to:
- protect the database from cyber terrorism, hacking and other threats;
- prevent unauthorized use of information for malicious purposes by unfriendly entities; and
- prevent confidential information from being accessed.
B. Definitions
The following terms and phrases are defined within the context of the Corporation:
- Member information - refers to information from the databases of the Corporation which is made accessible to the members without violating any laws or instruments issued by the Government and the Corporation, and without endangering the security of the databases of the Corporation;
- Non-shareable information - refers to information from the databases of the Corporation which cannot be accessed and viewed by the members , as well as the public, and is accessible only to the authorized offices of the Corporation, unless required upon lawful order of the court;
- Conditionally shareable information - refers to information on a particular member from the databases of the Corporation which is shareable to the health care providers under certain conditions, unless required upon lawful order of the court; and
- Public information - refers to information available to the public;
- Concerned office - the organizational unit either from PRO or Head Office authorized to provide information from the databases of the Corporation to the members, employers, sponsors, organized groups and to the accredited health care providers.
C. Member Information
The members shall be allowed to access and view only their own information from the databases of the Corporation categorized as shareable, which include the following:
1. Complete Name consisting of First Name, Middle Name and Last Name including Suffix;
2. Maiden Name (if married female);
3. Complete Address consisting of Street, Barangay, Municipality/City and Province;
4. Zip Code;
5. Date of Birth;
6. Age;
7. Sex (Male, Female);
8. Marital Status;
9. List of Dependents consisting of First Name, Middle Name and Last Name including Suffix;
10. Date of Birth of Dependents;
11. Relationship of Dependents to members;
12. PhilHealth Identification Number;
13. Member Category;
14. Group Name, Branch and Center (if Organized Group Member);
15. Benefits/Claims Utilization;
16. History of Diseases;
17. History of Confinement;
18. Claim Status;
19. List of Contributions; and
20. Employer History and respective PhilHealth Employer Number (PEN)/PhilHealth Organized Group Number (POGN), if applicable;
21. History of Member Category.
D. Conditionally Shareable Information
The health care providers shall be allowed to access and view the following information from the databases of the Corporation under certain conditions:
1. Complete Name of member;
2. Date of Birth;
3. PhilHealth Identification Number (PIN);
4. Yes if eligible or No if not;
5. If dependents, Complete Name with Date of Birth;
1. The conditionally shareable information of the member shall be provided to the health care providers only if the member is their direct patient and has letter of authorization to access his/her records.
2. The provision of conditionally shareable information to the health care provider shall be in accordance with the country s existing laws and instruments covering health care information.
The organized Group/Employers/Sponsors shall access and view only the following information of its direct members:
1. Complete Name of the member consisting of First Name, Middle Name and Last Name including Suffix;
2. Maiden Name (if married female);
3. Complete Address of the member consisting of Street, Barangay, Municipality/City, and Province;
4. Zip Code;
5. List of Dependents of the member consisting of First Name, Middle Name and Last Name including Suffix;
6. PhilHealth Identification Number;
7. List of Contributions of the member; and
8. History of Member Category.
The relatives and other duly authorized representatives are not allowed to access and view information of the respective member online except when a request is made to the concerned office with a letter of authorization from the member duly notarized in accordance with PhilHealth Circular No. 9, s-2006.
E. Non-shareable Information
All the information not included in the list under Section C and D of these guidelines shall not be accessible to the members and to the public, except to the concerned offices and authorized personnel of the Corporation.
Access to non-shareable information will be covered by an authority issued by the Head of Office and shall be governed by existing rules and regulations of the Corporation pertinent to use of information.
F. Public Information
The PhilHealth corporate website shall contain information such as accreditation of health care providers for public consumption.
G. Information Management
The following guidelines shall govern the handling of information from the databases of the Corporation:
1. The Member Management Group (MMG) shall categorize the databases of the Corporation into the following types in accordance with these guidelines subject to approval by the EXECOM and the President and CEO of the Corporation: Member; Conditionally Shareable; Non-shareable; and Public.
2. The ITMD shall also implement the necessary security and data protection measures, such as but not limited to the following:
a. Requiring interested members to register for online services at the PhilHealth Members Assistance Center (PMAC);
b. Sending to registered members through email their user accounts and passwords to enable login to online systems;
c. Requiring each registered member to enter his username, password, PIN and birthdate for verification of his identity during login; and
d. Acquiring and installing special security equipment and systems for the online access of other stakeholders.
3. The Corporate Affairs Group with inputs provided by the Corporate Planning Department shall serve as the authorized office to recommend access to information not included in these guidelines.
H. Disclaimer
All information released by the Corporation is official on the date of its publication, however, any discrepancy such as wrong spelling, wrong applicable period of posting and incomplete data found by the members and accredited health care providers including employers, organized groups and sponsors shall be subject to further verification by the Corporate Affairs Group and the Operations Sector.
I. Effectivity
This Order shall take effect once the Online System is in place.
(SGD.) DR. REY B. AQUINO
President and CEO