GENERAL
Quezon City General Hospital respects your privacy, and safeguards any information that you may share with us. This site provides information about the hospital for its citizens and the general public. This Privacy Policy applies to the website www.qcgh.org, or any successor site or page, and/or any other internet domain property of qcgh.org (collectively, “Website”).
You are not required to provide your personal information when you use this site. However, you may do so to contact the Hospital through any of the methods stated in the “Contact Us” page of the Website. The Hospital shall only use this information to communicate with you and provide you with the information or service you requested. The Hospital shall not share your information with any third party, except as specifically required or allowed by law.
You are not required to provide your personal information when you use this site. However, you may do so to contact the Hospital through any of the methods stated in the “Contact Us” page of the Website. The Hospital shall only use this information to communicate with you and provide you with the information or service you requested. The Hospital shall not share your information with any third party, except as specifically required or allowed by law.
EXTERNAL LINKS
The Website may contain external links. You are advised to verify the privacy practices and content of such other websites. The Hospital shall not be responsible for the content, or the manner of use or misuse of information made available by you to such other websites. We encourage you not to provide your personal information without assuring yourself of the privacy policy of such other websites.
ONLINE SERVICES
You may be asked to enter your personal information for out-patient department (OPD) and Persons with Disability (PWD) online services available on the Website, which may vary dependent upon the type of service registration. Any information you submit for such registration shall be subject to the same safeguards as if you had engaged in these services. Information collected pursuant to such online service shall be used in order to conduct the online service.
VISITOR DETAILS
You may correct, update, or remove any personal information you may have provided by communicating with the hospital Data Protection Officer (DPO) @ [email protected] . Should you have any questions or concerns regarding this Privacy Policy, kindly contact us through the same email address.
QCGH DATA PRIVACY NOTICE
(For Patients)
(For Patients)
The Quezon City General Hospital, an ISO certified government tertiary and teaching hospital respects and value the Right to Privacy of all its patients, hospital employees and stakeholders, for this reason, we ensure that all personal data and information are well-protected, private and confidential in compliance with the mandate of the National Privacy Commission (NPC) in relation to RA 10173 (Data Privacy Act of 2012 and its implementing rules and regulations). In order to ensure the safety and confidentiality all personal and sensitive information of our patients, as stated in the QCGH Privacy Policy, the aforementioned information can only be processed for legitimate purpose such as for medical treatment/diagnosis, research and personnel transactions.
What data (Personal and Sensitive Personal Information) are being collected by QCGH from patients?
What do QCGH will do with the personal and sensitive personal information they collected from patients?
Needed information are processed for the following purposes:
1. Medical Treatment and diagnosis of patients.
2. Processing of Philhealth and other Social Welfare discounts and financial privileges for patients.
3. Medical Research for resident trainees of the hospital.
4. Processing of medication, laboratory, and admission of patients.
5. Processing of medical records of patients.
6. Processing of employment application.
7. Processing of Salary, benefits, taxes, and other reportorial requirements as mandated by law.
8. Other legitimate processing which are necessary and as a consequence of the main functions and responsibilities of the hospital.
What data (Personal and Sensitive Personal Information) are being collected by QCGH from patients?
- Name, age, sex, birthday, civil status, citizenship, religion, occupation, current employment, address, email address, telephone/mobile:
- Medical conditions and medications or treatment used by patient.
- Government issued identification, licenses, and Board Passing Certificates
- Educational background and relevant training.
- Previous/current medical history, including where relevant, a family medical history.
- The name of the Health Maintenance Organization (HMO).
- The name of any health service provider or medical specialist, where applicable.
- The results of any laboratory tests and ancillary services which you provide: and
- Any other information that will assist us in providing you with better health care
What do QCGH will do with the personal and sensitive personal information they collected from patients?
Needed information are processed for the following purposes:
1. Medical Treatment and diagnosis of patients.
2. Processing of Philhealth and other Social Welfare discounts and financial privileges for patients.
3. Medical Research for resident trainees of the hospital.
4. Processing of medication, laboratory, and admission of patients.
5. Processing of medical records of patients.
6. Processing of employment application.
7. Processing of Salary, benefits, taxes, and other reportorial requirements as mandated by law.
8. Other legitimate processing which are necessary and as a consequence of the main functions and responsibilities of the hospital.
How does QCGH storage, retain, dispose the data they have collected?
All printout (hard copies) of personal and sensitive personal information that the hospital collect are stored in a locked filing cabinets while the soft copies are securely stored in our QCGH Hospital Information System. We ensure that all offices in the hospital are safety locked after office hours wherein accessibility to confidential files limited only to authorized employees and/or personnel in order to ensure that all personal and sensitive personal information that the hospital collected are kept safe, secure, and confidential.
Disposal as stated in the QCGH Data Policy, all personal and sensitive personal information are retained within the hospital system and data bases for a minimum of five (5) years or more retention period if the law requires for a longer retention period for your personal date information.
All documents containing the personal and sensitive personal information of our patients are shredded to ensure that the personal and sensitive personal information contained in the documents are not leaked to any person.
Data Sharing of Personal Information
Considering that QCGH is a research and training government hospital under Quezon City Government, there are personal and medical information of patient’s treatment and medication that are shared to different research associations and institutions to provide better learning and services of the hospital and its personnel.
The hospital is also mandated by law and its contractual obligations to submit and provide personal and sensitive personal information of its patient to different government institutions (GSIS, CSC, PCSO, DOH, Phil health and BIR) and companies as part of the hospital’s reportorial requirements.
What are the Patients and Employees Individual Rights that are being respected and protected by QCGH in relation to the Data Privacy Law?
Under the Data privacy Act of 2012, the following are the rights of an individual to maintain the privacy of personal information:
1. Rights to Information - pertains to the right of patients to be informed that their sensitive and personal information may only be used for legitimate purpose only.
2. Rights to Damages - right to be identified for the violation of the Right to Privacy of the concerned patients
3. Right to Data Portability
4. Right to Object
5. Right to File a Complaint
6. Right to Access
7. Right to Correct
8. Right to Erase
Processing of Personal Data
Throughout the local government’s data processing system, Personal Data is collected, created, stored, used, disclosed, and diagnosed.
A. Collection
The local government process the following information on Data Subjects
All printout (hard copies) of personal and sensitive personal information that the hospital collect are stored in a locked filing cabinets while the soft copies are securely stored in our QCGH Hospital Information System. We ensure that all offices in the hospital are safety locked after office hours wherein accessibility to confidential files limited only to authorized employees and/or personnel in order to ensure that all personal and sensitive personal information that the hospital collected are kept safe, secure, and confidential.
Disposal as stated in the QCGH Data Policy, all personal and sensitive personal information are retained within the hospital system and data bases for a minimum of five (5) years or more retention period if the law requires for a longer retention period for your personal date information.
All documents containing the personal and sensitive personal information of our patients are shredded to ensure that the personal and sensitive personal information contained in the documents are not leaked to any person.
Data Sharing of Personal Information
Considering that QCGH is a research and training government hospital under Quezon City Government, there are personal and medical information of patient’s treatment and medication that are shared to different research associations and institutions to provide better learning and services of the hospital and its personnel.
The hospital is also mandated by law and its contractual obligations to submit and provide personal and sensitive personal information of its patient to different government institutions (GSIS, CSC, PCSO, DOH, Phil health and BIR) and companies as part of the hospital’s reportorial requirements.
What are the Patients and Employees Individual Rights that are being respected and protected by QCGH in relation to the Data Privacy Law?
Under the Data privacy Act of 2012, the following are the rights of an individual to maintain the privacy of personal information:
1. Rights to Information - pertains to the right of patients to be informed that their sensitive and personal information may only be used for legitimate purpose only.
2. Rights to Damages - right to be identified for the violation of the Right to Privacy of the concerned patients
3. Right to Data Portability
4. Right to Object
5. Right to File a Complaint
6. Right to Access
7. Right to Correct
8. Right to Erase
Processing of Personal Data
Throughout the local government’s data processing system, Personal Data is collected, created, stored, used, disclosed, and diagnosed.
A. Collection
The local government process the following information on Data Subjects
a. Personal Data is being used for purpose not authorized by law or the Data Subject.
b. The Personal Data is no longer necessary for the purposes for which they were collected.
c. The Data Subject withdraws consent or objects to the Processing and there is no other legal ground or overriding legitimate interest for the Processing by the local government.
d. The Personal Data concerns private information that is prejudicial to Data Subject, unless justified by freedom of speech, of expression, or of the press or otherwise authorized;
e. The Processing is unlawful, or
f. The Data Subject’s right has been violated.
The DPO may notify third parties who have previously received such processed Personal Data that the Data Subject has been withdrawn his or her consent or the Processing thereof upon reasonable request by the Data Subject.
Transmissibility of Right of Data Subjects - The lawful heirs and assigns of the Data Subject may invoke the rights of the Data Subject to which he or she is an heir or an assignee, at any time after the death of the Data Subject is incapacitated or incapable of exercising his/her rights.
Data Portability - Where his or her Personal Data is processed by the local government through electronic means and in a structured and commonly used format, the Data Subject shall have the right to obtain a copy of such data in an electronic or structural format that is commonly used and allows for further use by
the Data Subject. The exercise of this right shall primarily take into account the right Data Subject to have control over his or her Personal Data being processed based on consent or contract, for commercial purpose, or through automated means. The DPO shall regularly monitor and implement the National Privacy Commission’s issuance specifying the electronic format referred to above, as well as the technical standards, modalities, procedures and other rules for their transfer.
Right to file Complaint - In case the Data Subject suspects a violation of the rights under the relevant laws, she may file a complaint directly with the PIC
Right to Access - The Data Subject has the Right to reasonable access to, upon demand the following :
1. Contents of his or her Personal Data;
2. Source from which Personal Data were obtained;
3. Names and addresses of recipients of her Personal Data were processed;
4. Manner by which his or her Personal Data were processed;
5. Reason for the disclosure of the Personal Data to recipients, if any;
6. Information on automated processes where the Personal Data will or is likely to, he made as the sole basis for any decision that significantly affects or will affect the Data Subject;
7. Date when Personal Data concerning the Data Subject were last accessed and modified;
8. The designation, name or identity, and address of the DPO.
Right to Rectification - The Data Subject has the right to dispute the inaccuracy or rectify the error in his or her Personal Data, and the local government shall inform its personnel employee to correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable.
If the Personal Data has been corrected, the local government shall ensure the accessibility of both the new and the retracted Personal Data by the intended recipients thereof; provided that the recipients or third parties shall have previously received such processed Personal data shall be informed of its inaccuracy and its rectification, upon reasonable request of the Data Subject.
Right to Erasure or Blocking - The Data Subject shall have the right to suspend, withdraw or order the blocking , removal or destruction of his or her Personal Data from the local government’s filing system:
1. The right may be exercised upon discovery and substantial of any of the following;
- The Personal data is incomplete, outdated, false, or unlawfully obtained;
- Purpose for which they are being or will be processed, including Processing for direct marketing, profiling, or historical, statistical or scientific purpose;
- Basis of Processing, when Processing is not based on the consent of the Data Subject;
- Scope and method of the Personal Data Processing;
- The recipients or classes of recipients to whom the Personal Data may be disclosed or shared;
- Methods utilized for automated access, if the same is allowed by the Data Subject, and the extent to which such access is authorized, including meaningful information about the logic involved, as well as the significance, and the envisaged consequences of such Processing for the Data Subject;
- The identity and content details of the DPO;
- The period for which the Personal Data will be stored; and
- The existence of their rights as Data Subject, including the right to access, correction, and to object to the Processing, as well as the right to lodge a complaint before the National Privacy Commission
2. Right to object - The Data Subject shall have the right to object to the processing of his or her Personal data, including processing for direct marketing, automated processing or profiling, The Data Subject shall also be notified and give an opportunity to withhold consent to the processing in case of changes or any amendment to the information supplied or declared to the Data Subject in the preceding paragraph.
DELETION - Personal Data that is no longer needed must be deleted after the legal period to store the same. There may be an indication of interest that merit protection or historical significance of this data to individual cases. If so, the data must remain on file until the interests that merit protection have been classified legally as if data subject in working not to delete his/her data.
FACTUAL ACCURACY : UP - TO - DATENESS OF DATA - Personal data on file must be accurate, relevant, complete and when necessary for the purpose collected and processed, kept up to the date. Data that is inaccurate or
incomplete must be corrected, supplemented, destroyed, or in special case, restricted from further processing.
CONFIDENTIALITY AND DATA SECURITY - All personal data is subject to data privacy. It must be treated as confidential on a personal level and secured with suitable organizational, physical, and technical measures to prevent unauthorized access, illegal processing or distribution, as well as accidental loss, modification, or destruction.
Right to Informed - The Data Subject has the right to be informed whether personal pertaining to him or her shall be, are being or have been processed.
The Data Subject shall be notified and furnished with information indicated hereunder before the entry of his or her Personal Data into the records of the local government, or at the next practical opportunity.
1. We hereby certify that all information provided here is complete, true and correct, and the Medical Certificate or its authorized personnel is hereby authorized to verify the same through an official inquiry, if needed.
2. We understand that any wilful misinformation and/or withholding of information requested in this form shall automatically disqualify the availment of form.
3. Except for a valid medical reason, We understand that any and all personal information is protected under Republic Act 10173 on Data Privacy Act of 2012. In relation to the availment, we agree and give consent to the following:
- We allow the Medical center to disclose the personal information we provided and collected during my stay to donors who provided donations to the Medical Centers.
- We allow the Medical Center to use my personal information for possible use in articles or other promotional materials published electronically or in print by the Medical Center.
- We authorize the Medical Center and its personnel to process all information we provided, including collecting, validating, recording, organizing, storing, updating, modifying, retrieving, consolidating, sharing, or using information and/or documents provided in any other way to pursue its legitimate interest in relation to any application to the Medical Center.
- We understand that the Medical Center may keep my information for historical and statistical purposes.
4. We understand that all applications are subject for evaluation and do not guarantee approval.
For questions and inquiries, you may reach the QCGH Data Privacy Officer by clicking the link www.qcgh.org/dataprivacyinquiries
Types of Data We Collect
- Data that identifies you
- Health, biometric, biological and medical information
- Financial information relevant to the settlement of your bill (e.g. insurance details)
- Contact details
- Other sensitive personal information that may affect our delivery of healthcare services
How we use your data
- To provide you with medical care
- To communicate with you
- For billing and payments
- To comply with legal requirements
- To coordinate with your healthcare professionals
- To send you marketing messages
- To improve our services
Third parties who process your data
These third parties help us deliver our services:
- Health and Medical Services, Medical Consultants, Metro Pacific Health Corporation
- Payments: PhilHealth, HMOs, Payment Channels
Knows your rights
Our role in your privacy
If you are a client or patient of Quezon City General Hospital (QCGH), this policy applies to you. It is only natural to want assurance that your data will be in safe hands. We consider your privacy extremely important; through this policy, we will explain which of your data we process and how we handle these data.
Our responsibilities
We act the “personal information controller” of your personal data processes for the provision of healthcare and healthcare services.
YOUR RESPONSIBILITIES
TYPES OF DATA WE COLLECT
Data that identifies you
Health, biometric, biological and medical information
Financial information
Contact details
Other sensitive personal information that may affect our delivery of healthcare services or that we may collect when you access public areas within our premises.
HOW WE USE YOUR DATA
We process data about all patients at our hospital. By “process,” we mean, for example, that we will save or add to your data, or that we will share them with your healthcare providers (e.g. your physicians), and delete them at a later dates. If your receive treatment at our hospital, we will process your health and medical information in your patient record. Under no circumstances will we process more data than needed to provide you with the appropriate care.
Your personal information helps us understand your health history and current health needs to provide you with appropriate medical treatment and services. This includes everything from diagnosing your condition to planning your care and treatment. Your information may be used and accessed by our employees and medical consultants (i.e.your physicians or the healthcare professionals involved in the interpretation of your test results) who are involved in or who have a supporting role in your care and treatment to ensure that you receive the best possible care. These employees and consultants have a statutory duty and/or ethical and professional duties of confidentiality.
We may share your information with other affiliated clinics or hospitals if you are referred to them. But, we will only share your information after you have consented to it.
We may use the contact information to communicate important information about your appointments, test results and health status.
We will process your relevant financial information (such as your credit card information or other information relevant to your mode of payment), insurance or HMO details, and PhilHealth details to ensure that you are
properly billed, that your health insurance benefits under PhilHealth and your insurance or HMO are deducted from your bills, and for the payment and settlement of your bills.
We are required under various regulations to share health information to the Department of Health, PhilHealth, etc. For instance, we are required to report to the DOH selected non-communicable diseases, communicable,
infectious and other notifiable diseases, including those that pose a serious health and security threat to the public. We are also required to share information on your diagnosis and treatment to the PhilHealth to accord you the benefits that may be due to you under the National Health Insurance.
Your medical doctors practice in our institution as consultants. Therefore, they are considered as third parties with whom we must necessarily share your information to provide the medical care you need.
We may send your messages to provide health education contest, information about our hospital and the services we offer, information and tools that may help you make informed decisions about your health, feedback forms to assess the quality of our services, etc.
We will process your personal information to standardize your information in the hospital, allowing that we will improve our operations and services. By standardizing your information, we mean that we will reformat and re-organize you information (including those that we are already keeping) so that your information will follow a standardized format thereby allowing us to clean up our records and enhancing patient safety and coordination of care.
We will process your name ( First, Middle, and Last), date of birth, address, gender, information on your government issued IDs (e.g. PhilHealth, number) and phone number to unify our records and create a unique patient ID for each of our patients. This unique patient ID will be the hospital’s foundation for unifying its disparate patient records and for cleaning up and updating its patients’ records.
To know more about what these legal bases mean, please read the information on the last page of this Notice.
- Access and/or correct the information we hold on you
- Complain about us
- Other rights as specified in the Data Privacy Act.
Our role in your privacy
If you are a client or patient of Quezon City General Hospital (QCGH), this policy applies to you. It is only natural to want assurance that your data will be in safe hands. We consider your privacy extremely important; through this policy, we will explain which of your data we process and how we handle these data.
Our responsibilities
We act the “personal information controller” of your personal data processes for the provision of healthcare and healthcare services.
YOUR RESPONSIBILITIES
- Read this Privacy Policy
- If you provide us with personal information about other people, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. By submitting the information, you confirm that you have the right to authorize us to process it on your behalf in accordance with this Privacy Policy.
TYPES OF DATA WE COLLECT
Data that identifies you
- Your name, age and birth date, marital status, PhilHealth number, the details of your valid government identification card, etc.
Health, biometric, biological and medical information
- Your height, weight, blood type, current symptoms, medical history (including family medical history), information about your lifestyle (e.g. consumption of alcohol or tobacco products), vital signs (temperature, blood pressure, heart rate, ect.), diagnostic information, treatment information (details of surgeries, medications prescribed, doses, administration times and other treatments). If you have been admitted to the hospital we will also collect information on your medical condition and changes in your condition, treatment responses and outcomes, discharge status and follow-up care instructions.
Financial information
- Credit/debit card details, details of your employer, etc.
Contact details
- Your contact number and email address and home address, as well as the contact details of your next of kin or emergency contact
Other sensitive personal information that may affect our delivery of healthcare services or that we may collect when you access public areas within our premises.
- Your religion, race and ethic origin, CCTV footage (please refer to our separate CCTV Surveillance Notice)
HOW WE USE YOUR DATA
We process data about all patients at our hospital. By “process,” we mean, for example, that we will save or add to your data, or that we will share them with your healthcare providers (e.g. your physicians), and delete them at a later dates. If your receive treatment at our hospital, we will process your health and medical information in your patient record. Under no circumstances will we process more data than needed to provide you with the appropriate care.
- To provide you with medical care
Your personal information helps us understand your health history and current health needs to provide you with appropriate medical treatment and services. This includes everything from diagnosing your condition to planning your care and treatment. Your information may be used and accessed by our employees and medical consultants (i.e.your physicians or the healthcare professionals involved in the interpretation of your test results) who are involved in or who have a supporting role in your care and treatment to ensure that you receive the best possible care. These employees and consultants have a statutory duty and/or ethical and professional duties of confidentiality.
We may share your information with other affiliated clinics or hospitals if you are referred to them. But, we will only share your information after you have consented to it.
- To communicate with you
We may use the contact information to communicate important information about your appointments, test results and health status.
- For billing and payments
We will process your relevant financial information (such as your credit card information or other information relevant to your mode of payment), insurance or HMO details, and PhilHealth details to ensure that you are
properly billed, that your health insurance benefits under PhilHealth and your insurance or HMO are deducted from your bills, and for the payment and settlement of your bills.
- To comply with legal requirements
We are required under various regulations to share health information to the Department of Health, PhilHealth, etc. For instance, we are required to report to the DOH selected non-communicable diseases, communicable,
infectious and other notifiable diseases, including those that pose a serious health and security threat to the public. We are also required to share information on your diagnosis and treatment to the PhilHealth to accord you the benefits that may be due to you under the National Health Insurance.
- To coordinate your care with your healthcare professionals.
Your medical doctors practice in our institution as consultants. Therefore, they are considered as third parties with whom we must necessarily share your information to provide the medical care you need.
- To send you marketing messages
We may send your messages to provide health education contest, information about our hospital and the services we offer, information and tools that may help you make informed decisions about your health, feedback forms to assess the quality of our services, etc.
- To improve our operation and services
We will process your personal information to standardize your information in the hospital, allowing that we will improve our operations and services. By standardizing your information, we mean that we will reformat and re-organize you information (including those that we are already keeping) so that your information will follow a standardized format thereby allowing us to clean up our records and enhancing patient safety and coordination of care.
We will process your name ( First, Middle, and Last), date of birth, address, gender, information on your government issued IDs (e.g. PhilHealth, number) and phone number to unify our records and create a unique patient ID for each of our patients. This unique patient ID will be the hospital’s foundation for unifying its disparate patient records and for cleaning up and updating its patients’ records.
- Other uses that an exempt from the coverage of the Data Privacy Act
- For specific and research studies,
- For teaching and training our future doctors-specialist, healthcare professionals, and students in the medical and other healthcare fields, and
- For purposes of our business operations and financial performance reporting, statistical analysis, etc.
To know more about what these legal bases mean, please read the information on the last page of this Notice.
YOUR PRIVACY RIGHTS AND CHOICES
You have the right to access the information we hold about you
This includes the right to inquire upon:
For more information on the matters for which may demand access, please refer to the Data Privacy Act of 2012 and its implementing rules.
You have the right to make us correct any inaccurate information about you.
You have the right to lodge a compliant regarding our use of your data.
Please tell us first, so we have a chance to address your concerns. If we fail to do this, you may lodge your complaint with the National Privacy Commission.
Please note that you have other rights under the Data Privacy Act of 2012, in addition to those which we have listed in this Notice.
THIRD PARTIES WHO PROCESS YOUR DATA
We use third parties to provide and deliver our health care services to you. Because of this, it is necessary for us to share your data with these third parties. Your data is shared only when strictly necessary and where there are safeguards. If these data needs to be transferred to a third-party in another country, we will conduct a risk assessment to ensure there is an adequate level of protection. We will usually include these obligations in our contacts with third parties. In addition, all data transfers whether within or outside of the Philippines are encrypted. Below are the third-parties who help us process your data.
Health and Medical Services
You have the right to access the information we hold about you
This includes the right to inquire upon:
- The contents of your personal information that we process
- Where we obtained your personal information
- Names and addresses of those who received your personal information
- Manner by which we process or processed your personal information
- Any automated process we empty when your data will or likely be made for the sole basis for decisions affecting, or that may affect you, etc.
For more information on the matters for which may demand access, please refer to the Data Privacy Act of 2012 and its implementing rules.
You have the right to make us correct any inaccurate information about you.
You have the right to lodge a compliant regarding our use of your data.
Please tell us first, so we have a chance to address your concerns. If we fail to do this, you may lodge your complaint with the National Privacy Commission.
Please note that you have other rights under the Data Privacy Act of 2012, in addition to those which we have listed in this Notice.
THIRD PARTIES WHO PROCESS YOUR DATA
We use third parties to provide and deliver our health care services to you. Because of this, it is necessary for us to share your data with these third parties. Your data is shared only when strictly necessary and where there are safeguards. If these data needs to be transferred to a third-party in another country, we will conduct a risk assessment to ensure there is an adequate level of protection. We will usually include these obligations in our contacts with third parties. In addition, all data transfers whether within or outside of the Philippines are encrypted. Below are the third-parties who help us process your data.
Health and Medical Services
HOW WE SECURE THE DATA WE COLLECT
We use administrative, technical, organizational, and physical security measures that are designed to protect your personal information from unauthorized access, use, alterations, and disclosure. We also take steps to ensure that third parties that have access to your personal information take steps to protect the same. However, please remember that:
WHERE DO WE STORE YOUR DATA
We store physical copies of your data in our Medical Records Department. We also store electronic copies of your information in our Hospital Information System (HIS) that has an on-site-server.
HOW LONG WE STORE YOUR DATA
We will retain your information as long as necessary to serve the purposes for they were obtained. Please know, however, that the periods for the retention of medical records are likewise governed by Philippine laws, rules and regulations, including DOH Department Circular No. 70-1996 (which provides for the retention period of various health records), DOH Department Circular No. 2021-0226, and DOH Administrative Order No. 2022-007 (which provide for retention periods of documents, records, slides and specimens in clinical laboratories). We will, therefore also retain your information for as long as necessary to comply with our obligations under said laws, rules and regulations.
CHANGES TO THIS NOTICE
We may change or update our Notice to comply with regulatory requirements, adapt to new protocols, align with industry practices, and for other legitimate purposes. We will let you know should we implement any such changes at the earliest opportunity. If necessary, we will also obtain your updated consent.
What do these legal basis mean?
NECESSARY FOR MEDICAL TREATMENT
We may process your data without your consent if the processing is necessary for us to provide adequate treatment. Necessary means that the processing is not only merely desirable but is essential to the provision of medical treatment. Under this legal basis, we will only process your information to the extent reasonable and using or processing only the data needed to provide said medical treatment.
NECESSARY FOR THE PROTECTION OF LIFE AND HEALTH
We may process your data without your consent if it is necessary for the protection of your or a third person’s life or health but you or the third person are physically or legally unable to provide consent. We will only process your information for the extent reasonable and using or processing only the data needed for the protection of your or a third-person’s life and health.
LEGITIMATE INTEREST
As an organization, we may process your data to carry out tasks related to our operations and business activities. These legitimate interest includes:
LAW
In specific instances, we may process your data without your consent. If such processing is required by law and regulations. If said regulations guarantee the protection of the information and do not require the consent of the data subjects. We will only process your information to the extent reasonable and only for purposes of fulfilling the relevant legal or regulatory requirements.
CONSENT
You have given us clear consent to use the process your data for a specific purpose.
You can change your mind!
If you have previously given your consent to our processing your data you can freely withdraw it at any time by notifying us at [email protected]
If you do not have another legal basis for processing your information, then we will stop processing your personal data. If we do have another legal basis for processing your information, then we will continue to do so subject to your rights. Please note that it may take up to fifteen (15) business days for us to process the withdrawal of your consent.
DATA PROTECTION OFFICER (DPO)
Quezon City General Hospital
Seminary Road, EDSA, Quezon City
c/o Data Privacy Officer
Email : [email protected]
Contact No. 8863-0800
We use administrative, technical, organizational, and physical security measures that are designed to protect your personal information from unauthorized access, use, alterations, and disclosure. We also take steps to ensure that third parties that have access to your personal information take steps to protect the same. However, please remember that:
- No data transmission is guaranteed to be 100% secure
- If you believe your privacy has been breached, please contact us immediately through our Data Protection Officer
WHERE DO WE STORE YOUR DATA
We store physical copies of your data in our Medical Records Department. We also store electronic copies of your information in our Hospital Information System (HIS) that has an on-site-server.
HOW LONG WE STORE YOUR DATA
We will retain your information as long as necessary to serve the purposes for they were obtained. Please know, however, that the periods for the retention of medical records are likewise governed by Philippine laws, rules and regulations, including DOH Department Circular No. 70-1996 (which provides for the retention period of various health records), DOH Department Circular No. 2021-0226, and DOH Administrative Order No. 2022-007 (which provide for retention periods of documents, records, slides and specimens in clinical laboratories). We will, therefore also retain your information for as long as necessary to comply with our obligations under said laws, rules and regulations.
CHANGES TO THIS NOTICE
We may change or update our Notice to comply with regulatory requirements, adapt to new protocols, align with industry practices, and for other legitimate purposes. We will let you know should we implement any such changes at the earliest opportunity. If necessary, we will also obtain your updated consent.
What do these legal basis mean?
NECESSARY FOR MEDICAL TREATMENT
We may process your data without your consent if the processing is necessary for us to provide adequate treatment. Necessary means that the processing is not only merely desirable but is essential to the provision of medical treatment. Under this legal basis, we will only process your information to the extent reasonable and using or processing only the data needed to provide said medical treatment.
NECESSARY FOR THE PROTECTION OF LIFE AND HEALTH
We may process your data without your consent if it is necessary for the protection of your or a third person’s life or health but you or the third person are physically or legally unable to provide consent. We will only process your information for the extent reasonable and using or processing only the data needed for the protection of your or a third-person’s life and health.
LEGITIMATE INTEREST
As an organization, we may process your data to carry out tasks related to our operations and business activities. These legitimate interest includes:
- Getting insights on the needs of our clients and patients to improve clinical care, patients safety, service offerings and the quality of our services.
- Understanding trends, managing our resources better and improving our treatment protocols.
- Preventing fraud and ensuring that our network and information system are secure.
LAW
In specific instances, we may process your data without your consent. If such processing is required by law and regulations. If said regulations guarantee the protection of the information and do not require the consent of the data subjects. We will only process your information to the extent reasonable and only for purposes of fulfilling the relevant legal or regulatory requirements.
CONSENT
You have given us clear consent to use the process your data for a specific purpose.
You can change your mind!
If you have previously given your consent to our processing your data you can freely withdraw it at any time by notifying us at [email protected]
If you do not have another legal basis for processing your information, then we will stop processing your personal data. If we do have another legal basis for processing your information, then we will continue to do so subject to your rights. Please note that it may take up to fifteen (15) business days for us to process the withdrawal of your consent.
DATA PROTECTION OFFICER (DPO)
Quezon City General Hospital
Seminary Road, EDSA, Quezon City
c/o Data Privacy Officer
Email : [email protected]
Contact No. 8863-0800
