If you are a client or patient of Dr. Jesus Delgado Memorial Hospital, this policy applies to you. It is only natural to want assurance that your data will be in safe hands. We consider your privacy extremely important; through this policy, we will explain which of your data we process and how we handle these data.

We act as the ‘personal information controller’ of your personal data processed for the provision of healthcare and healthcare services.

We are registered as a personal information controller with the National Privacy Commission under registration number

PIC–001–041–2023 effective until June 08, 2024.

Ms. Angel Eve L. Competente is our data protection officer. You can reach her via dpo@jdmh.ph/jdmh. dpo@gmail.com or 8924-4051 local 495.

• Read this Privacy Policy
• If you provide us with personal information about other people, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. By submitting the information, you confirm that you have the right to authorize us to process it on your behalf in accordance with this Privacy Policy.

Data that identifies you

• Your name, age and birthdate, marital status, PhilHealth number, SSS or GSIS number, the details of your valid government identification card, etc.

Health, biometric, biological, and medical information

• Your height, weight, blood type, current symptoms, medical history (including family medical history), information about your lifestyle (g., consumption of alcohol or tobacco products), vital signs (temperature, blood pressure, heart rate, etc.), diagnostic information, treatment information (details of surgeries, medications prescribed, doses, administration times, and other treatments). If your have been admitted to the hospital we will also collect information on your medical condition and changes in your condition, treatment responses and outcomes, discharge status, and follow-up care instructions.

Financial Information

• Credit/debit card details, details of your employer, etc.

Contact details

• Your contact number, email address, and home address, as well as the contact details of your next of kin or emergency contact

Other sensitive personal information that may affect our delivery of healthcare services or that we may collect when you access public areas within our premises

• Your religion, race and ethnic origin, CCTV footage (please refer to our separate CCTV Surveillance Notice)

We process data about all patients at our hospital. By ‘process’, we mean, for example, that we will save or add to your data, or that we will share them with your healthcare providers (e.g., your physicians), and delete them at a later date. If you receive treatment at our hospital, we will process your health and medical information in your patient record. Under no circumstances will we process more data than needed to provide you with the appropriate care.

• To provide you with medical care

Legal basis: Necessary for medical treatment, Necessary for the protection of life and health

Your personal information helps us understand your health history and current health needs to provide you with appropriate medical treatment and services. This includes everything from diagnosing your condition to planning your care and treatment. Your information may be used and accessed by our employees and medical consultants (i.e., your physicians or the healthcare professionals involved in the interpretation of your test results) who are involved in or who have a supporting role in your care and treatment to ensure that you receive the best possible care. These employees and consultants have a statutory duty and/or ethical and professional duties of confidentiality.

We may share your information with other affiliated clinics or hospitals if you are referred to them. But, we will only share your information after you have consented to it.

• To communicate with you

Legal basis: Necessary for medical treatment, Necessary for the protection of life and health

We may use your contact information to communicate important information about your appointments, test results, and health status.

• For billing and payments

Legal basis: Necessary for medical treatment, necessary for compliance with a legal obligation

We will process your relevant financial information (such as your credit card information or other information relevant to your mode of payment), insurance or HMO details, and PhilHealth details to ensure that you are properly billed, that your health insurance benefits under PhilHealth and your insurance or HMO are deducted from your bills, and for the payment and settlement of your bills.

• To comply with legal requirements

Legal basis: Necessary for compliance with a legal obligation

We are required under various regulations to share health information to the Department of Health, PhilHealth, etc. For instance, we are required to report to the DOH selected non-communicable diseases, communicable, infectious and other notifiable diseases, including those that pose a serious health and security threat to the public. We are also required to share information on your diagnosis and treatment to the PhilHealth to accord you the benefits that may be due to you under the National Health Insurance.

• To coordinate your care with your healthcare professionals

Legal basis: Necessary for medical treatment, Necessary for the protection of life and health

Your medical doctors practice in our institution as consultants. Therefore, they are considered as third parties with whom we must necessarily share your information to provide the medical care you need.

• To send you marketing messages

Legal basis: Legitimate Interest

We may send you messages to provide health education content, information about our hospital and the services we offer, information and tools that may help you make informed decisions about your health, feedback forms to assess the quality of our services, etc.

• To improve our operations and services

Legal basis: Legitimate interest, vitally important interest, and necessary for purposes of medical treatment

We will process your personal information to standardize your information in the hospital, allowing us, ultimately to improve our operations and services. By standardizing your information, we mean that we will reformat and re-organize you information (including those that we are already keeping) so that your information will follow a standardized format thereby allowing us to clean up our records and enhancing patient safety and coordination of care.

We will process your name (First, Middle, and Last), date of birth, address, gender, information on your government-issued ID (e.g., PhilHealth number), and phone number to unify our records and create a unique patient ID for each of our patients. This will help us understand our patients’ care lifecycle and improve patient safety by ensuring that our healthcare professionals have the latest information available to make informed treatment decisions. The unique patient ID will be the hospital’s foundation for unifying its disparate patient records and for cleaning up and updating its patients’ records.

• Other uses that are exempt from the coverage of the Data Privacy Act

In the interest of full transparency, we also use your information for purposes that are exempt from the Data Privacy Act:

- For scientific and research studies,

- For teaching and training our future doctors-specialist, healthcare professionals, and students in the medical and other healthcare fields, and

- For purposes of our business operations and financial performance reporting, statistical analysis, etc.

In all of these cases, we will anonymize or aggregate your information. Otherwise, we will seek your consent prior to using or sharing your information for the above purposes.

Here’s when and how we collect data:

You have the right to access the information we hold about you

This includes the right to inquire upon:

• The contents of your personal information that we process,
• Where we obtained your personal information,
• Names and addresses of those who received your personal information,
• Manner by which we process or processed your personal information,
• Any automated process we employ where your data will or likely be made as the sole basis for decisions affecting, or that may affect, you, etc.

For more information on the matters for which you may demand access, please refer to the Data Privacy Act of 2012 and its implementing rules.

You have the right to make us correct any inaccurate information about you

You have the right to lodge a complaint regarding our use of your data

Please tell us first, so we have a chance to address your concerns. If we fail to do this, you may lodge your complaint with the National Privacy Commission.

Please note that you have other rights under the Data Privacy Act of 2012, in addition to those which we have listed in this Notice.

We use third parties to provide and deliver our healthcare services to you. Because of this, it necessary for us to share your data with these third parties. Your data is shared only when strictly necessary and where there are safeguards. If your data needs to be transferred to a third-party in another country, we will conduct a risk assessment to ensure that there is an adequate level of protection. We will usually include these obligations in our contracts with said third parties. In addition, all data transfers whether within or outside of the Philippines are encrypted. Below are the third-parties who help us process your data:

Health and Medical Services

Payments

Improvement of our Services

We use administrative, technical, organizational and physical security measures that are designed to protect your personal information from unauthorized access, use, alteration and disclosure. We also take steps to ensure that third parties that have access to your personal information take steps to protect the same. However, please remember that:

• No data transmission is guaranteed to be 100% secure.
• If you believe your privacy has been breached, please contact us immediately at dpo@jdmh.ph/jdmh. dpo@gmail.com or 8924-4051 local

We store physical copies of your data in our Records Management Department. We also store electronic copies of your information in our Hospital Information System (HIS) that has an on-site server.

We will retain your information for as long as necessary to serve the purposes for which they were obtained. Please know, however, that the periods for the retention of medical records are likewise governed by Philippine laws, rules, and regulations, including DOH Department Circular No. 70-1996 (which provides for the retention period of various health records), DOH Department Circular No. 2021-0226, and DOH Administrative Order No. 2022-007 (which provides for retention periods of documents, records, slides and specimens in clinical laboratories). We will, therefore, also retain your information for as long as necessary to comply with our obligations under said laws, rules, and regulations.

We may change or update our Notice to comply with regulatory requirements, adapt to new protocols, align with industry practices, and for other legitimate purposes. We will let you know should we implement any such changes at the earliest opportunity. If necessary, we will also obtain your updated consent.

NECESSARY FOR MEDICAL TREATMENT

We may process your data without your consent if the processing is necessary for us to provide adequate treatment. Necessary means that the processing is not only merely desirable but is essential to the provision of medical treatment. Under this legal basis, we will only process your information to the extent reasonable and using or processing only the data needed to provide said medical treatment.

NECESSARY FOR THE PROTECTION OF LIFE AND HEALTH

We may process your data without your consent if it is necessary for the protection of your or a third person’s life or health but you or the third person are physically or legally unable to provide consent. We will only process your information to the extent reasonable and using or processing only the data needed for the protection of your or a third-person’s life and health.

LEGITIMATE INTEREST

As an organization, we may process your data in order to carry out tasks related to our operations and business activities. These legitimate interests include:

• Getting insights on the needs of our clients and patients to improve clinical care, patient safety, service offerings, and the quality of our services.
• Understanding trends, managing our resources better, and improving our treatment protocols.
• Preventing fraud and ensuring that our network and information systems are secure.

LAW

In specific instances, we may process your data without your consent, if such processing is required by law and regulations, if said regulations guarantee the protection of the information and do not require the consent of the data subjects. We will only process your information to the extent reasonable and only for purposes of fulfilling the relevant legal or regulatory requirements.

CONSENT

You have given us clear consent to use and process your data for a specific purpose.

You can change your mind!

If you have previously given your consent to our processing your data you can freely withdraw it at any time by notifying us at dpo@jdmh.ph/jdmh. dpo@gmail.com. If you do withdraw your consent, and if we do not have another legal basis for processing your information, then we will stop processing your personal data. If we do have another legal basis for processing your information, then we may continue to do so subject to your rights. Please note that it may take up to fifteen (15) business days for us to process the withdrawal of your consent.