To continue to create value for readers of this web-blog, I shall be offering through a series of posts on the Malaysia Act 709 Personal Data Protection Act 2010 (PDPA). The Act was passed by the Parliament on May 2010 and gazetted into law in June 2010.
Malaysia is not the only country with a new act of law on privacy of data, so do take a look at the list from http://www.informationshield.com/intprivacylaws.html (this link will open in a new tab of your current browser window) which contains a number of international privacy related laws by country and region.
So much has been written already on PDPA ever since 2010, and readers can easily surf the Internet to know about this Act. So it is pointless for me to repeat topics to create awareness about this Act, for example the 7 Principles according to the PDPA requirements, and offenses and liabilities of PDPA. In fact you can scrutinise a copy of this Act which is available from “The Download List” at http://mrpalsmy.com/resources-2/the-download-list/ (this link will lead you to the act on the page “The Download List” in a new tab of your current browser window).
My concern is to examine PDPA through this series of posts, both the direct and indirect impact to healthcare in general and Health Information Management (HIM) / Medical Records (MR) practices specifically.
My plan is bring you what I understand and give my interpretation as I see it from the requirements of PDPA, right from the start of the Act 709 documentation, section by section. As I dissect the Act 709, I hope to bring you examples of both the direct and indirect impact(s), gaps in data processing and protection from within and outside this Act, perhaps make an attempt to identify a hospital’s organisational maturity plan for PDPA, and of example techniques for acceptable use of personal data against the PDPA which are amongst some areas of concern I have given thought to, and which I hope to cover in due course.
I believe that Health Information Management (HIM) / Medical Records (MR) practitioners are already aware for the need to ensure proper governance of data and information even before PDPA was an act of law in Malaysia. While I already know, and I am sure you also already know too that the PDPA is aimed at regulating the processing of the personal data of an individual who is involved in commercial transactions, I still think it is wiser to be informed about PDPA although HIM / MR practitioners have been and are still required and regulated by professional ethics, guidelines, regulations and best practices of their organisation (hospital) to provide protection to the individual’s personal data and thereby protect the interest of the individual concerned.
I shall be as non-technical in preparing the posts (as after all I am not a solicitor) and I hope to cater to the local HIM / MR management and executives who are dealing with day to-day personal healthcare related data processing. At the end of the series of the posts, I hope you and me will have a better understanding of what is PDPA, why it is important, where it fits into the hospital as an organisation and how to take the necessary steps to address it.
