February 20, 2020
Medics Editorial Team
Amid the all-out info drive on RA 10173, also known as The Data Privacy Act (DPA) of 2012, one of the examples used to illustrate how an individual’s right to privacy could be violated is featured in this doctor-patient situation.
A medical doctor in a private hospital in Manila recorded a conversation with his lady patient without the patient’s knowledge and prior consent.
Upon realizing what was happening, the patient immediately confronted the doctor and expressed her strong dismay, pointing out the physician’s lack of professionalism in recognizing his personal right to privacy. She said she could have given her consent anyway if only she was asked politely.
The doctor apologized and explained that his action was just meant to aid his recall, especially when he later examined the case, saying he just wanted to provide the best possible service, which the patient deserves.
The patient, however, demanded the doctor to delete the recorded conversation and canceled on the medical consultation. She said if the doctor does not even know the basic courtesy of asking for consent, then how can he expect to win the patients’ confidence in his competence as a medical practitioner.
RA 10173 is very explicit about the handling of personal data in any formas long as it is collected, processed and stored by any organization. Specifically, individual consent is emphasized and underscored, to protect any person from unsolicited and illegal actions that violate privacy.
All individuals, or data subjects as defined by the law, have the right to be informed that personal data has been, is being or will be collected and processed. The law is specific, thorough and definite. Any collection of personal data must include the following safety measures:
To protect your privacy, the Philippine data privacy law explicitly require organizations to notify and furnish you the following information before they enter your personal data into any processing system (or at the next practical opportunity at least):
The strictness and definitiveness of the data privacy provisions of the law imposes a higher level of accountability and preparedness for the medical practice. To ensure that the privacy of your patients is well-protected and your own integrity is never put at risk, the following basic measures should be considered.
The doctor-patient relationship is built on trust, as the personal condition, private details and health care program of the patient are placed in the hands of the doctor. Protecting that trust means taking the Data Privacy Act’s stipulations as precautionary inputs to secure not only your patient data but also the doctor-patient relationship.
Sources & References National Privacy Commission. Know Your Data Privacy Rights. Retrieved from https://www.privacy.gov.ph/know-your-rights/
Amihan. (2017, July). The Beginner’s Guide to RA 10173 (Data Privacy Act of 2012). Retrieved from
Tego Insurance. (2018, April). Privacy laws have just changed — here are 5 things doctors should know. Retrieved from
BetterHealth Channel. (2015, October). Confidentiality and privacy in healthcare. Retrieved from
SeriousMD. (2018, July). Data Privacy Act Registration. Retrieved from