If you talk about electronic medical records, HIPAA is something that would inevitably come up. This is because HIPAA is a US federal law: the Health Insurance Portability and Accountability Act of 1996.
SeriousMD is Compliant with Both HIPAA and the Philippines' Data Privacy Act (DPA)
While HIPAA is a US-centric regulation, its security standards are widely recognized and followed internationally.
β
SeriousMD chose to adopt these HIPAA benchmarks, which cover data encryption, access controls, audit logs, and breach notification protocols, to ensure the highest level of data protection for all users.
The Philippines' Data Privacy Law
The Philippines does have a law protecting patient privacy and sensitive information:
The Data Privacy Act of 2012 (DPA) or Republic Act No. 10173, enforced by the National Privacy Commission (NPC), is the governing law on data privacy in the Philippines.
Sensitive Personal Information: The DPA explicitly classifies information concerning an individual's health as Sensitive Personal Information, which is afforded the highest level of protection.
Enforcement: The NPC is an independent body mandated to administer and implement the DPA. It actively monitors, investigates, and imposes penalties on organizations and individuals (including doctors and clinics) found to be non-compliant.
In summary, SeriousMD's compliance with global standards (like HIPAA) and local law (the DPA) means we observe a double layer of requirements for keeping your patient data private and secure.
The SeriousMD Advantage: Helping You Comply with the NPC
As the doctor, you are the Personal Information Controller (PIC) and are ultimately accountable to the NPC for the security of your patient data. SeriousMD, as your Personal Information Processor (PIP), provides the technology to meet many of the DPA's and NPC's technical and organizational requirements, thereby easing your compliance burden.
Here is how the platform directly addresses key DPA/NPC compliance mandates:
NPC/DPA Compliance Requirement | How SeriousMD Helps You Comply |
Implement Technical Security Measures | SeriousMD enforces encryption (for data both in transit and at rest), firewalls, and multi-factor authentication to prevent unauthorized access, which are mandatory security requirements under the DPA. |
Maintain Audit Logs | The platform automatically maintains audit trails of all activity and access to patient records, a critical requirement for a PIC/PIP to monitor for breaches and demonstrate accountability to the NPC. |
Role-Based Access Control | You can set specific user roles (e.g., Doctor, Secretary, Intern) with limited access permissions. This ensures your staff only views the patient data necessary for their job ("need-to-know" basis), a key organizational security measure. |
Secure Disposal/Destruction of Data | SeriousMD provides clear mechanisms for data destruction and ensures that data is disposed of securely on its cloud infrastructure, following NPC guidelines on retention and disposal. |
Outsourcing/Third-Party Accountability | By contracting with SeriousMD, you fulfill your obligation to ensure that your PIP is capable of implementing the appropriate data protection measures, as outlined in our Privacy Policy and Terms of Service. |
In sum, SeriousMD's compliance with HIPAA standards means that it observes the requirements set by that legislation for keeping healthcare data private and secure. For more information on these security standards, see the Privacy Rule and Security Rule sections of the HIPAA.