THE National Privacy Commission (NPC) flagged “dismal” privacy standards in the health sector, particularly its management of contact-tracing information during the pandemic.
The commission in a statement Saturday said that the sector’s poor compliance with data privacy standards is the primary cause of data breaches this year.
A July to September analysis of privacy issues found that no company monitored in the health sector fulfilled the minimum requirement of registering with the commission.
In the 10 months to October, 64% of breaches in the industry were caused by human error.
NPC said that in contrast, human error accounted for 39% of breaches among all sectors monitored, making it the second highest source of data breaches after malicious attacks, with 48%.
Privacy Commissioner Raymund E. Liboro described the findings as “worrisome” as health institutions help manage the country’s contact-tracing efforts during the pandemic.
He said that the public refuses to disclose personal information because they fear that their data will be misused.
“We must then intensify work in improving our processes to build trust,” he said.
The commission is investigating several businesses, including supermarkets and drugstore chains, for allegedly mishandling contact tracing forms, after reports of contact tracing forms left visible to others and of data has been used for purposes outside of contact tracing.
The NPC has also warned organizations against collecting unnecessary information like signatures in contact tracing forms.
Business groups last month asked the government to suspend the Data Privacy Act, which protects patient confidentiality. The groups encouraged COVID-19 patients to voluntarily disclose information.
Mr. Liboro had said that there is no scientific basis backing the naming of infected individuals as an effective public health response, calling the request “anti-poor.”
The NPC held a capacity-building webinar for data protection officers in the health sector on Oct. 15. — Jenina P. Ibañez