Philippines: Developing an eHealth infrastructure
In 2019 alone, four house bills on eHealth were filed with the House of Representatives of the Republic of the Philippines ('the House'). The most prominent of these measures is House Bill No. 8 ('HB 8'), which seeks to establish the national health passport system. Mary Thel Mundin, Partner at Gatmaytan Yap Patacsil Gutierrez & Protacio (C&G Law), discusses the benefits and concerns surrounding the development of an eHealth infrastructure, and considers why this infrastructure may be deemed necessary.
The current state of Philippine healthcare and the development of eHealth in the Philippines
When it comes to the availability of healthcare services, Filipinos often experience a crisis in confidence brought about by various factors, such as high cost, poor accessibility, and lack of patient data or information.
A recent study shows that 40% of Filipinos are unsure whether they can pay for their medical bills, while 35% do not know whether they can afford regular checkups1. In a country where more than half of health spending comes from out of pocket payments2, this uncertainty greatly deters citizens from getting necessary healthcare.
According to the Philippine Department of Health ('the DOH'), only 13% of all healthcare providers and 40% of all tertiary hospitals are located in rural areas. As a result, 70% of the population in these places have little to no access to healthcare services3. However, even where health care is available, access is not so easily obtained. On average, it takes a Filipino 39 minutes to travel to the nearest health facility4- minutes that can mean life or death in the worst instances.
Lack of patient data or information
Moreover, even assuming healthcare is affordable and accessible, a problem still stems from the fact that patient data or information, which are necessary in order to provide adequate healthcare, is often incomplete, inaccurate, misplaced, or at times, simply unknown. Different healthcare providers all too often fail to harmonise their different data formats, therefore compromising the quality of information. Additionally, bureaucracy exacerbates the poor processing of data, with some estimates pegging data validation at more than a year to reach various levels5.
One key solution to the healthcare problems that has recently been gaining traction, is the development of a framework for eHealth in the Philippines. The DOH has taken the lead on this front, spearheading initiatives such as the Philippine eHealth Strategic Framework and Plan 2014-20206 and National eHealth Programme7, which aim to capitalise on IT to provide better healthcare services. On the back of these efforts, the DOH has also issued administrative issuances, which set mandatory health data standards to ensure interoperability8 and to identify the respective roles and responsibilities of the relevant government agencies9.
On the legislative side, lawmakers have introduced several bills to develop the country's eHealth system and services. Under HB 8, all Filipino citizens will be entitled to a health passport that shall contain their medical history, health-related benefits, and patient rights and privileges10. Additionally, the health passport can be used for free medical and dental diagnostic tests in government hospitals11. HB 8 also provides for other health infrastructure programmes, such as the digitisation of health centre records12 and monitoring of rural health units13.
Apart from HB 8, several bills also seek to create the legislative framework for the Philippine eHealth system. These measures are House Bills No. 61 ('HB 61'), House Bill No. 171 ('HB 171'), and House Bill No. 665 ('HB 665'), all of which propose to institutionalise the policy framework for eHealth infrastructure in the Philippines14. At the time of publication, these bills, along with HB 8, are pending consolidation before the House Committee on Health15.
Benefits of the eHealth System
Considering the current status of healthcare in the country, developing a framework for eHealth infrastructure can lead to a host of benefits, namely:
- improving communication and responsiveness within the health care system;
- addressing obstacles to equitable access of health care; and
- supporting other health initiatives, such as universal health care.
Firstly, developing eHealth infrastructure improves the flow of health information. The common thread of the above-mentioned measures and bills is the push towards standardising and consolidating information for easier access by healthcare providers. HB 8, for instance, aims to create a shareable database to consolidate medical records and evaluation results in rural areas16. Meanwhile, HB 61, HB 171, and HB 665 provide for programmes to ensure common standards and interoperability, including the creation of the appropriate infrastructure for health sector enterprises17. These measures will institutionalise the sharing of health information among stakeholders, ideally leading to more responsive and coordinated services.
Secondly, eHealth infrastructure leads to equitable health care access. As earlier mentioned, HB 8 intends to use the health passport in connection with free services from public hospitals. In addition, investing in eHealth can lead to a better IT infrastructure for health information. Initiatives that diagnose and treat patients using telecommunications are thus more likely to succeed, improving the delivery and the speed of services, especially in geographically isolated and disadvantaged areas18. A robust eHealth framework can also avoid duplication of services and efforts among government agencies with the private sector19. Efforts, such as the interoperability of systems20 and a health sector enterprise architecture21, prevent duplication by granting agencies and healthcare facilities access to the same health information. For patients, this avoids unnecessary costs brought about by different facilities repeating the same service. For the general public, this means more unified and data-driven public health initiatives from government agencies.
Lastly, eHealth infrastructure supports other health legislation, such as the Universal Health Care Act, which implements a host of health-related measures including expanding immediate eligibility and access to health services to all Filipinos22. Critical provisions of the Universal Health Care Act require the integration of local health systems into province-wide and city-wide systems23, and facilitating a health information system that respects patient privacy and confidentiality in accordance with the Data Privacy Act of 2012 (Republic Act No. 10173) ('the Act')24. These measures all require the integration of new existing systems with IT capabilities, hence, the necessity for a framework for eHealth infrastructure.
Quite clearly, a stronger policy framework for eHealth infrastructure will improve access to healthcare, in turn creating better health outcomes and restoring confidence in the Philippine health care system. That said, there are a number of concerns in implementing this initiative, not the least of which are its privacy and security implications, especially in light of the Philippines' still-developing IT infrastructure. Some of these concerns are further discussed below.
Concerns for the introduction of an eHealth system
Despite the benefits promised by eHealth advocates, concerns have been raised regarding the introduction and implementation of such a system in the Philippines. The country's emerging data privacy and cybersecurity regulatory framework, coupled with the limited IT capabilities and geographic landscape, makes rolling out an eHealth system difficult. To overcome these, the Philippine government must think of a way to systemically implement the changes while maintain the integrity of the system.
A previous attempt at a national computerised identification system was declared unconstitutional by the Supreme Court of the Philippines ('the Supreme Court') in 199825. While the Supreme Court recognised that information systems which make use of computers facilitate important social objectives, such as better law enforcement, faster delivery of public services, more efficient management of credit and insurance programmes, improvement of telecommunications, and streamlining of financial activities, it held that the broadness, vagueness, and over-breadth of the measure put the Filipino peoples' right to privacy in clear and present danger, which under Philippine law, are sufficient grounds to invalidate legislation. The Supreme Court further cautioned that any intrusion into the right to privacy must be accompanied by proper safeguards and well-defined standards to prevent unconstitutional invasions.
Notably, however, data privacy frameworks and regulations have come a long way since then, especially with the introduction of the Act, the Implementing Rules and Regulations of Republic Act No. 10173, and other issuances of the National Privacy Commission ('NPC') (collectively, 'the DPA Laws'). The DPA Laws provide 'safeguards and well-defined standards' that were lacking in previous proposed measures. Moreover, the NPC, which has issued advisories and opinions specific to the Government26 and the healthcare industry27, has frequently been cited as a coordinating agency in the implementation of various pieces of legislation, including the eHealth bills28 pending before the House. In fact, the recently passed Republic Act No. 11055, or the Philippine Identification System Act, lists the Chairman of the NPC as one of the members of the council responsible for ensuring implementation of the system29. The statute also contains provisions meant to safeguard the national identification system, including the information gathered30.
Still, given the lofty goals of the eHealth initiative, the NPC should work on the development of procedures and policies to address the requirements and repercussions of implementing an eHealth system. Under Philippine law, information about an individual's health is classified as sensitive personal information, which is granted greater protection and requires stricter compliance with the DPA Laws. In fact, the processing of sensitive personal information is generally prohibited, except in cases indicated under the DPA Laws including, but not limited to, if necessary to protect the life and health of the individual31, if existing laws and regulations provide for it32, or if the individual data subject provides consent33.
Furthermore, even when the processing of this information is permitted by law, the persons or entities involved in the processing may not have the necessary policies, procedures, or systems in place to ensure that the information being processed is protected with adequate safeguards as required by law. For example, an eHealth measure that grants a private healthcare institution access to sensitive personal information collected by a different institution may not have an efficient regulatory framework within which to operate. As such, while the data sharing between the institutions may be expressly authorised under the eHealth programme, the DPA Laws, which require that adequate safeguards for data privacy and security are in place and that any processing adheres to the principles of transparency, legitimate purpose, and proportionality, may not actually be complied with34. In this regard, requiring far-flung hospitals to comply with DPA Laws when processing information may be difficult given, for example, their personnel's possible limited experience with data privacy regulations. To address this, the NPC and the eHealth regulators may need to supplement the eHealth programme with implementing guidelines that would balance and operationalise the fulfilment of data privacy regulations, while providing adequate and timely healthcare services.
The dependence on IT also makes the eHealth system vulnerable, and poses questions on the integrity of the system. Despite cybersecurity and cybercrime measures already introduced through Philippine laws35, the Government cannot guarantee that each entity that is permitted access to the personal data will be able to secure the database against attacks. The Government also cannot guarantee that the healthcare institutions that are supposed to participate in the eHealth system have adequate access to the technology required to host these services. Moreover, given that a database capable of hosting the health-related information needs to be constantly updated and synced across various devices, the database will likely need to be built and accessed online. The difficulty of complying with the eHealth initiative, in the context of other laws and regulations that protect the rights of the individuals and entities engaged in the initiative, may discourage involvement from both individuals and health care institutions.
Finally, another significant issue to consider with the eHealth system is that adoption is not likely to be widespread in the Philippines. How many health care institutions and facilities will willingly change their existing IT infrastructure to make it compatible with a national eHealth system? How many individuals will actually voluntarily sign-up for a service that asks for their personal data, including their medical history? An attempt to answer this question was introduced in HB 8, which proposed that parents or legal guardians of children born after the effectivity of the law should be required to enroll their children in the health passport programme36. However, there is no coercive force in the proposed legislation, or in any of the other bills on this matter, that requires such registration. Effectively, there appears to be no mandatory registration imposed on individuals and institutions. Poor opt-in turnout may turn the eHealth initiative into a costly experiment for the Government and the Filipino people.
The Philippine eHealth system moving forward
A quick glance at the issues above may give the impression that the Philippines has inadequate mechanisms, both legal and infrastructural, to support eHealth initiatives. Nonetheless, the different eHealth initiatives show promise in curing longstanding ills of the Philippine healthcare system, and are well worth exploring. Implementing the eHealth initiatives in a way that benefits the Filipino people requires a concerted effort, not only among lawmakers and regulators, but also healthcare providers and ultimately the general public itself.
Mary Thel Mundin Partner
Gatmaytan Yap Patacsil Gutierrez & Protacio (C&G Law), Makati City
1. Filipinos Unsure of Capacity to Meet Medical Needs, available at: https://news.mb.com.ph/2019/06/26/filipinos-unsure-of-capacity-to-meet-medical-needs/
2. Universal Health Care Law and What It Means to PH Development, available at: https://pia.gov.ph/news/articles/1023412
3. HB 61, Explanatory Note. See also About us – eHealthPH, available at: http://ehealth.ph/about-us
4. National eHealth Context (Overview), available at: http://ehealth.doh.gov.ph/index.php/contact-us#openModal9 See also Chapter 1: The Philippine Health System at a Glance, available at: https://www.doh.gov.ph/sites/default/files/basic-page/chapter-one.pdf
5. National eHealth Context (Overview), available at: http://ehealth.doh.gov.ph/index.php/contact-us#openModal9
6. Philippine eHealth Strategic Framework and Plan 2014-2010, available at: http://ehealth.doh.gov.ph/index.php/contact-us#openModal11 See also A Briefer on the Philippine eHealth Strategic Framework and Plan, available at: http://www.pchrd.dost.gov.ph/index.php/downloads/category/81-plenary?download=359:philippine-ehealth-strategic-framework-and-plan-briefer
7. National eHealth Context (Overview), available at: http://ehealth.doh.gov.ph/index.php/contact-us#openModal9 See also About us – eHealthPH, available at: http://ehealth.ph/about-us
8. See DOH Administrative Order No. 2013-0025, Clause VI-B.
9. See DOH Administrative Order No. 2015-0037, Clause VIII.
10. HB 8, sec. 4.
11. HB 8, sec. . We note that there appears to be two sections 5 in HB 8, so we have renumbered the pertinent sections accordingly.
12. HB 8, sec. .
13. HB 8, sec. .
14. HB 61, sec. 3; See also HB 171, sec. 3, and HB 665, sec. 3.
15. Electronic Health Bills Pushed in the House, available at: http://www.congress.gov.ph/press/details.php?pressid=11743
16. HB 8, sec. .
17. See HB 61, Article V. See also HB 171, sec. 10 and HB 665, sec. 11.
18. HB 171, Explanatory Note.
19. HB 665, Explanatory Note.
20. HB 665, sec. 12.
21. HB 665, sec. 11.
22. Republic Act No. 11223, sec. 6.
23. Republic Act No. 11223, sec. 19.
24. Republic Act No. 11223, sec. 36.
25. See Ople v. Torres, G.R. No. 127685, July 23, 1998.
26. For example, NPC Circular No. 16-02, on Data Sharing Agreements Involving Government Agencies.
27. For example, NPC Advisory Opinion No. 2018-044, NPC Advisory Opinion No. 2018-053, NPC Advisory Opinion No. 2018-056, and NPC Advisory Opinion No. 2018-072.
28. See HB 61, sec. 17; HB 171, sec. 7; and HB 665, sec. 8.
29. See Philippine Identification System Act, sec. 16.
30. Id. at sec. 18.
31. See DPA, sec. 13(c).
32. See DPA, sec. 13(b).
33. See DPA, sec. 13(a).
34. See DPA Implementing Rules and Regulations, Rule IV, sec. 20(a).
35. See Republic Act No. 10175, otherwise known as the Cybercrime Prevention Act of 2012.
36. See HB 8, sec. .