De Los Santos Medical Center (“DLSMC”) is committed to uphold the safety and confidentiality of the Personal Data of our patients, staff, interns and applicants. This Privacy Notice (“Notice”) therefore seeks to inform you of our policies regarding the collection, use, disclosure, retention, sharing and destruction of Personal Data that we receive from our customers and clients, as well as from our own DLSMC personnel.
DLSMC has developed this Notice to ensure that all appropriate standards for personal data protection are in compliance with Republic Act No. 10173 or the Data Privacy Act of 2012 (“DPA”), its Implementing Rules and Regulations, and other applicable and related laws and regulations, which include issuances of the National Privacy Commission (the “NPC”) on personal data privacy protection (collectively, the “Privacy Laws”) that are put in place and implemented efficiently and effectively.
What is Personal Data and Why We Collect It
Under the DPA, your Personal Information includes any information, whether recorded in a material form or not, from which your identity is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information, would directly identify you as an individual. These may include, but not limited to, information which may be used for identification purposes (e.g. names, addresses, e-mail addresses, phone numbers and government identifiers), other personal circumstances, contact information, your educational and medical background.
Your Personal Information also includes Sensitive Personal Information, which refers to the following:
a. Your race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
b. Your health, education, genetic or sexual life, any proceeding for an offense committed or allegedly have been committed by you, the disposal of such proceedings, or the sentence of any court in such proceedings;
c. Personal identifiers (i.e. IDs) issued by a government agency peculiar to you as mentioned above; and
d. Other information established by the law to be kept classified.
As a health institution, the specific Personal Information that we will obtain from you shall include (but not necessarily limited to) the following: your home/office address, contact details, e-mail address, race, ethnic origin, age (including birthdate), your health information (including medical information, biometrics [such as height and weight], biological information (such as blood type), medication, genetic [including family medical history] or sexual life), religion, PhilHealth number, Social Security System number, Government Service Insurance System number, and insurance details.
We collect your Personal Information, primarily, to provide medical services or for employment purposes. We also provide information to our clients, partners and service providers who aid us in providing you with timely and efficient services.
We may also use your Personal Information, secondarily, in circumstances when you would reasonably expect such use or disclosure of your Personal Information.
Rest assured that you may withdraw your consent (subject to the applicable Privacy Laws) to the processing of your Personal Information at any time by contacting us in writing.
How and When We Collect Your Personal Information Your Personal Information may be obtained in various ways including through interviews, from application forms or correspondences, by telephone or e-mail, via our website at http://delossantosmed.ph, and from third party providers. Nevertheless, most of the Personal Information we have are those that you have given us yourself. Usually, we ask you to provide us your Personal Information when:
a. you avail of, or apply for, our services by filling out application forms or other information forms through any of our available channels (e.g. online, during admission, or through our medical personnel and representatives);
b. you provide personal information to your doctor/s who may have referred you to DLSMC for diagnosis and treatment, whether as an in-patient or out-patient;
c. you get in touch with us to inquire about something, file a complaint, or request for a service;
d. you take part in our research and surveys;
e. you participate in various activities sponsored by us or any other organization acting on our behalf, such as symposia, conferences, focus group discussions, promotional events and the like;
f. you apply for an internship program or medical training with us to fulfill your academic and clinical requirements; and
g. you apply for a job with us.
Use and Processing of Personal Information
The following categories generally describe the ways by which DLSMC processes your Personal Information. While this is not intended to be a very specific and detailed listing of each process per category, all the ways by which we process your Personal Information fall under one of these categories:
a. Your diagnosis and treatment: we use your Personal Information, particularly your medical background and information to provide medical care and services, including diagnostics and treatment. DLSMC will disclose your Personal Information to our physicians and healthcare providers, our affiliates, subsidiaries, related entities and authorized partners (including third party providers) as part of our regular business operations for these purposes.
b. For benefits, payments and claims: We may process your Personal Information for purposes of billing and payment for medical and other related services rendered. Bills may be collected from you, your insurance company, Philippine Health Insurance Corporation, your company or any third party provider. For this purpose, we may have to disclose the nature and type of your treatment and other related information that will be required for settlement.
c. For our business operations: Your Personal Information will be processed as part of DLSMC’s operations. This includes our general business management operations, quality control and assessment, employee and/or staff evaluation and financial performance reporting.
d. Performance of a legal obligation: Under the law, DLSMC is required to share your Personal Information to government authorities in certain instances. For example, we may be required to provide documentary and/or testimonial evidence in court proceedings that may require the disclosure of your Personal Information. We may also be required to provide your Personal Information to government authorities in certain circumstances.
e. Marketing and other legitimate commercial purposes. We may also use your Personal Information to contact you with newsletters, information campaigns, marketing or promotional materials and other information that may be related to the services we provide, and also to further improve the quality of our services.
Other uses and disclosures of your Personal Information
Outside of the purposes stated above, other uses and disclosures of your Personal Information will be only made:
a. with your express consent,
b. in case of an emergency, or
c. when otherwise permitted or required by law. Such circumstances include the disclosure of your Personal Information pursuant to an order of a court or tribunal, or when such disclosure is required under existing laws and regulations.
Likewise, we may use and disclose your Personal Information to:
a. your visitors when they wish to inquire about you in the patient directory, and
b. other people involved in, or interested in your healthcare, such as your family members, loved ones or any other person you identify as being involved in your healthcare. In case you are not capable of agreeing or objecting to such disclosure, we will use our judgment in determining whether the use or disclosure is in your best interest.
In these cases, we ensure that your Personal Data is disclosed on a confidential basis, and is always subject to the applicable Privacy Laws.
We will never share, rent or sell your personal information to third party providers not affiliated with DLSMC except in limited circumstances as noted in this policy.
Who has access to your Personal Information?
The following will have access to your Personal Information:
a. Healthcare professionals including but not limited to members of DLSMC’s medical staff, nurses and other healthcare providers, either pursuant to an employment contract or any other arrangement. They will have access to your Personal Information because they are authorized to enter information into your medical records, as well as to review or update the same.
b. All departments and units in DLSMC who will need your personal information in the performance of their functions. For example, certain treatments or procedures require that your Personal Information be shared across different departments of DLSMC.
c. Any member of a volunteer, religious or charitable/non-profit organization who is allowed to provide assistance within DLSMC. This includes priests, pastors or heads of other religious organizations who provide religious rites to patients or the deceased.
d. All of our non-medical employees, staff or personnel who may need access to your information in the performance of their duties. For example, our employees will access your Personal Information in order to prepare your billing statement. Likewise, your medical information will be needed for your dietary needs during your confinement.
e. All entities operating within the premises of DLSMC, including, but not limited to housekeeping and security. DLSMC may share your personal information with these entities for the purposes stated above.
How do we secure and protect your Personal Data?
Our Privacy Notice applies to your Personal Information that we have collected. DLSMC creates and maintains a record of your Personal Information in its offices to serve you better. Under the DPA, DLSMC is likewise required to protect your Personal Information, and to process such data only in accordance with the following data privacy principles:
a. Transparency: We are obligated to inform you of the nature, purpose and extent of why we are processing of your Personal Information, including the risks and safeguards involved, the identity of the persons involved in the processing of your personal data, your rights as data subject, and how these rights can be exercised. b. Legitimate purpose: We will only process your Personal Information for a legitimate purpose, compatible with our declared and specified purpose, and not contrary to the law, accepted morals and public policy. c. Proportionality: We will process your Personal Information as adequate, relevant, suitable, necessary and not excessive in relation to the declared and specific purpose.
When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to dispose or permanently anonymize the said data. However, most of the personal information is or will be stored in files that will be kept by us for the minimum period provided under existing laws and regulations.
How can I access my Personal Data?
You may gain access to the Personal Data that we have lawfully collected from you in order to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Data, please contact us in writing and we will respond to you within a reasonable timeframe. Please take note that our ability to respond to your request may depend on the circumstances regarding our collection of your Personal Information.
We may charge a reasonable administrative fee for providing a copy of your Personal Data.
In order to protect your Personal Data, we may require identification from you before releasing the requested information.
On another note, we may be restricted by law or certain regulations from giving you access to your personal information.
Links to Other Websites
Our website may contain links that enable you to easily visit other websites of interest. However, once you have clicked a link that leads you away from our site, please take note that we do not have any control over other websites. Therefore, we cannot be responsible for the protection and privacy of any information that you have provided whilst visiting such sites. Moreover, such sites are not governed by this privacy statement. Therefore, we advise you to exercise caution and read the privacy statement (if applicable) of the website/s that you are visiting.
You are afforded certain rights in relation to your Personal Data under the Privacy Laws, in particular, the DPA. As such, we constantly ensure that we have your consent to continue to collect, use, disclose, retain and dispose your Personal Data for the purposes that we have identified. You have the right to be informed of these specific rights, to object to the processing of your Personal Data, to access, update and correct your Personal Data, and to withdraw your consent and/or edit your consent preferences at any time.
Address: 201 E. Rodriguez Sr. Blvd., Quezon City 1112 Philippines
Telephone: +632 89-DLSMC (89-35762) ext. 3808
Your rights to your personal information are provided in Section 34 of the DPA, which you may access here: (https://privacy.gov.ph/data-privacy-act/).
You may also contact the National Privacy Commission through the following contact details:
Address: 5th Floor, East Banquet Hall, Delegation Building
Philippine International Convention Center, Pasay City, Metro Manila 1307
Phone: +632 9399638715 / +632 9451534299