Privacy Policy
Purpose
Adventist Medical Center Manila (AdventistMed) provides medical care based on the hospital’s objective, which is constant realization of high quality medical care and better services toward patients and staff. To provide immediate and accurate medical care depending on a patient’s condition, the information regarding patients is necessary.
AdventistMed is committed to protecting the privacy of patients and staff’s information. We are required by law to protect personal information and comply with the Data Privacy Act (DPA) and other relevant legislation relating to confidentiality and privacy. This policy outlines the management of personal information at AdventistMed to satisfy the requirements of this legislation.
Responsibility
AdventistMed is required by law to maintain the privacy of staff and patients information; provide notices that describes the ways how we use their information; and to follow the terms of the notice currently in effect.
Target Audience
This policy relates to staff, patients, and their families, visitors, members of the public, and external organizations.
Definitions
AdventistMed-Adventist Medical Center Manila
DPA-Data Privacy Act
Policy
- Collection
AdventistMed only collects Personal Information necessary to perform our functions:
Employee Information
- Name
- Sex
- Height
- Weight
- Blood Type
- Citizenship
- Birth Place
- Birth Date
- Contact Information
- Address
- SSS, TIN, PhilHealth No.,PAGIBIG No., PRC Licence No.
- Religion
- Spouse Information
- Children Information
- Educational Attainment
- Employment History
Patient Information
- Name
- Birthday
- Age
- Sex
- Status
- Nationality
- Religion
- Occupation
- Physician
- Medical History
- Height
- Weight
- Residence Address and Telephone
- Business Address and Telephone
- Accompanied By and Relationship
AdventistMed provides all patients with a copy of "What Happens to Information About Me?” brochure outlining the key information about the organisation's information handling practices and how a patient can access their information. Information will be collected by fair and lawful means, where possible directly from the patient themselves.
To conduct business globally and comply with government regulations (employment, tax, insurance, etc.), AdventistMed collects various personal and other data depending on staff’s employment responsibilities, citizenship, and other factors. If the staff send any unsolicited data to AdventistMed by any means the staff explicitly consent to storage, destruction, processing, disclosure, and/or any other use by AdventistMed or any subcontractor of AdventistMed.
b. Use and Disclosure
AdventistMed may use the health information for treatment purposes, billing of services, and conducting normal business, known as health care operations. Examples of how we use the information include:
Treatment. We keep records of the care and services provided by the hospital. Health care providers use these records to deliver quality care to meet the patient’s needs. For example, the doctor may share the health information with a specialist who will assist in patient’s treatment. Some health records, including confidential communications with a mental health professional and substance abuse records, may have additional restrictions for use and disclosure under Philippine Law.
Payment. We keep billing records that include payment information and documentation of the services provided. The information may be used to obtain payment, insurance company, or another third party. We may also contact the insurance company to verify coverage of care or to notify them of upcoming services that may need prior notice or approval. For example, we may disclose health information about the services provided to claim and obtain payment from insurance company or Medicare.
Health Care Operations. We use health information to improve the quality of care; train staff and students; provide customer service; manage costs; conduct required business duties; and make plans to better serve our communities. For example, we may use the health information to evaluate the quality of treatment and services provided by our physicians, nurses, and other health care workers.
Training. We use health information for training purposes, doctors-in-training and students of co-medical professions will be also present during medical practice, nursing, and/or treatment.
Employment. We use employee’s record to identify and communicate with the applicant and/or staff of AdventistMed. We also use the data to comply with human resources requirements and government regulations and to provide employee benefits (compensation, health insurance, expense reimbursements, etc.)
Legal requests and investigations. We may disclose any data about the patient and staff when, in our opinion, such disclosure is necessary to prevent fraud or to comply with any statute, law, rule or regulation of any governmental authority or any order of any court of competent jurisdiction.
Third-party service providers. We may, from time to time, outsource some or all of the operations of our business to third-party service providers. In such cases, it will be necessary for us to disclose your data to those service providers. In some cases, the service providers may collect data directly from you on our behalf. We restrict how such service providers may access, use and disclose your data.
Agents. We employ other companies and individuals to perform functions on our behalf. Examples include processing compensation, providing employee benefits, and performing legal and other professional services. These agents have access to your data as needed to perform their functions, but they are not permitted to use it for other purposes.
In general, information is only used and disclosed for the primary purpose for which it was collected. Generally, this is for the purpose of employment, providing care and treatment or purposes directly related (i.e. billing records; payment transaction; claim of insurance; doctors, nurses, and students training).
We may use or disclose information for other purposes, which are permitted under law. For example: to lessen or prevent a serious threat to public health, welfare or safety.
Individual patient consent is obtained for use or disclosures for purposes that are not directly related to primary or secondary purposes. AdventistMed normally transfers information to the referring doctor after a patient is discharged or after an emergency or outpatient visit. Patients (or guardians) are able to request this does not occur. AdventistMed will make health information relating to an individual available to another health service provider if requested by the individual. Information that is de-identified, ensuring an individual's identity cannot be ascertained, is not covered by the Data Privacy Act 2012 and may be used and disclosed without consent.
All AdventistMed staff will sign confidentiality agreements and Terms of Agreement as part of their employment contract, and are subject to disciplinary action if there is a breach. AdventistMed employees must take reasonable steps to keep all current personal information it holds up-to-date, accurate, and complete.
c. Protection Measure
AdventistMed employs security measures and technologies, such as password protection, encryption, physical locks, etc., to ensure the confidentiality of personal data. If the staff are authorized to have access to the personal data of others, it is important that he/she take appropriate safeguards to protect this personal data. Examples include:
- Paper and other hard copies containing personal data should be secured in a locked location when not in use.
- Computers and other access points should be secured when not in use by logging out or locking.
- Passwords and user ID's should be guarded and not shared.
- When no longer necessary for business purposes, paper and hard copies should be immediately destroyed using paper shredders or other approved devices.
- Do not leave copies in unsecured locations waiting to be shredded or otherwise destroyed.
- Do not make or distribute unauthorized copies of documents and other tangible mediums containing personal data.
- Electronic files containing personal data should only be stored on secured computers and not copied or otherwise communicated to unauthorized individuals within or outside of AMCM.
AdventistMed has a specified manager to handle the patient and staff information safely and properly and only authorized AdventistMed personnel have access to these personal information. Moreover, we also consolidate rules and regulations, perform staff training, and conduct audits. We strive for secured and accurate maintenance to prevent unauthorized access, loss, destruction, and leakage of patient and staff personal information.
Patients personal information will be stored in a database for fifteen (15) years (after discharge, inquiries, requests are acted upon) after which physical records shall be disposed of through shredding, while digital files shall be anonymized.
Employees’ record are permanently stored in 201 file storage room.
AdventistMed monitors Internet traffic to detect access to inappropriate websites or other materials. AdventistMed also uses email filters to block spam and computer viruses. It is possible that some legitimate email messages and websites may be blocked or hindered by these filters.
d. Openness
The patient privacy brochure is available to anyone who asks for further information on AdventistMed information handling practices. AdventistMed has a complaints process to address patient’s concerns relating to the care and handling of their personal information.
Privacy Notices are posted in all areas that collects personal information. Privacy Policy is endorsed to all Department Heads to remind all their staff about the existing Privacy Policy.
e. Access and Correction
Patients and staff are able to request access to their personal information held by AdventistMed, as set out in the Data Privacy Act of 2012. In some circumstances, access may be refused and an explanation will be provided. They also have a right to request an amendment to incorrect information.
f. Identifiers
A numeric identifier such as Hospital/Patient Number and Employees’ Number is allocated to each patient that attends AdventistMed to enable ongoing care and treatment to be provided.
g. Anonymity
In general, it is impracticable for AdventistMed to provide healthcare and employment to individuals anonymously.
h. Trans-border Data Flow
AdventistMed will only transfer information in circumstances where the information will have appropriate protection; where the transfer is necessary for the provision of service to the individual; or where consent has been obtained. Transfer or closure of the practice of a health service provider in the event AdventistMed or part thereof is sold, transferred, amalgamated or closed down, health information will be handled in accordance with Data Privacy Act of 2012.
i. Direct Access to Systems for other Health Service Providers
In some cases, external healthcare providers will be able to access a joint database of patient/client data, on condition that:
- The participating healthcare provider signs a confidentiality form (or equivalent); and
- Their participating clients sign consent.
Patients Right to Privacy
- Request special restrictions on how we use and share health information. We will consider all requests for special restrictions carefully and implement those required by law and carefully consider other requests and notify the patient of our decision.
- Request that we use a specific telephone number or address to communicate with AdventistMed. Patient may make this request in writing during registration.
- Inspect and receive a copy of their health information, including medical and billing records. Fees may apply. Under limited circumstances, we may deny access to a portion of health information and may request a review of the denial.
- Request an amendment to their health information.
- Request an accounting of certain disclosures we made of patient health information. The request must include a specific time period. The first accounting is free but a fee will apply if more than one request is made.
- Patient may request a paper copy if they received this notice electronically.
Violations of Policy
Compliance with this Privacy Policy is important to AdventistMed. Any potential violation of these privacy policies should be reported to the Data Protection Officer at dataprotection@amcmanila.org. Failure to follow these privacy policies may result in discipline, up to and including imprisonment, of the employee.
Evaluation
Regular document revision and review of relevant report will be used to evaluate the effectiveness of this policy.
AdventistMed reserves the right to change, supplement and/or amend this notice at any time; in such case this will be notified through our website and/or any other methods allowed by applicable law.
Data Protection Officer
Should you have any concern or complaint about your privacy, please let us know through our data protection officer.
Rossel R. Roldan
Data Protection Officer
Adventist Medical Center Manila
dataprotection@amcmanila.org
(632) 525 9191 loc. 622