IIUM Repository

Patient confidentiality, the law and the healthcare records in the view of the PDPA 2010

Zulhuda, Sonny (2014) Patient confidentiality, the law and the healthcare records in the view of the PDPA 2010. In: National Seminar on Medical Records Management, 9-10 September 2014, Kuala Lumpur. (Unpublished)

[img] PDF - Presentation
Restricted to Repository staff only

Download (2MB) | Request a copy
[img] PDF - Supplemental Material
Restricted to Repository staff only

Download (375kB) | Request a copy


The enactment of Personal Data Protection Act (PDPA) 2010 has changed the industrial landscape of the maintenance and usage of the medical and healthcare records. The introduction of PDPA into the medical industry has also effectively shifted the conventional paradigm of looking “medical records” as the “doctor’s secrets” towards a more open and transparent notion of treating them as the “patient’s right” to his own personal data. The legislation has prescribed new statutory rights to patients as well as new statutory duties for the records holders concerning the entire lifecycle of medical records – commencing from the data collection to its usage, disclosure and disposal. On top of that, the processes in between involving data sharing, security and risk management would have to be fairly and lawfully managed. It is therefore understood that, contrary to the conventional practice and belief, the existing law of confidentiality are unable to protect patients’ personal data the same way as the PDPA does. It is not too much to say that all the medical records practitioners at all stages of process critically need to understand this law. With this background, the presenter will speak on two big parts: firstly he would explore the salient features of the PDPA 2010 and how it affects the current medical records framework and practices. Secondly, the presenter will engage the audience to look into practical matters such as the seven data protection principles, requirements of data protection standards, as well as risk management and due diligence steps towards compliance. The objective of having this understanding is to enable us achieve not only the compliance of PDPA in the management of medical records, but also to better safeguard the patients’ rights to data privacy and confidentiality.

Item Type: Conference or Workshop Item (Speech/Talk)
Additional Information: 6473/41353
Uncontrolled Keywords: Personal data protection, patient’s confidentiality, medical records, data privacy
Subjects: K Law > K Law (General)
K Law > KBP Islamic Law > KBP1 Islamic law.Shariah.Fiqh > KBP490 Furūʻ al-fiqh. Substantive law. Branches of law. > KBP 3098 Medical legislation
T Technology > T Technology (General) > T55.4 Industrial engineering.Management engineering. > T58.6 Management information systems
Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button): Ahmad Ibrahim Kulliyyah of Laws > Department of Civil Law
Depositing User: Dr Sonny Zulhuda
Date Deposited: 13 Feb 2015 14:52
Last Modified: 19 Jun 2018 08:49
URI: http://irep.iium.edu.my/id/eprint/41353

Actions (login required)

View Item View Item


Downloads per month over past year