PRIVACY POLICY
I. BACKGROUND
Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), aims to protect personal data in information and communications systems both in the government and the private sector. It ensures that entities or organizations processing personal data establish policies, and implement measures and procedures that guarantee the safety and security of personal data under their control or custody, thereby upholding an individual’s data privacy rights.
II. INTRODUCTION
a. POLICY STATEMENT
This Patient Privacy Policy ("Policy") sets forth the standards of Capiz Emmanuel Hospital, Inc. (CEH) governing the privacy and security of patients' personal information, particularly health information, as well as the controlled release and disclosure of such information, consistent with the Data Privacy Act of 2012 and other applicable laws.
This Policy describes the manner in which Capiz Emmanuel Hospital, Inc. (CEH) may collect, hold, use, share, and discard the above-mentioned information. By availing of the services provided by CEH, you signify your acceptance of this policy and terms of service. Your continued availment of the services of CEH following the posting of changes to this policy will be deemed your acceptance of those changes.
b. OUR COMMITMENT TO PROTECT YOUR PRIVACY
We understand that information about you and your health is personal. We are committed to protecting your health information. As a patient of Capiz Emmanuel Hospital, Inc., the care and treatment you receive is confidential in nature and will be recorded in a medical record. We use and share this record to provide you with quality care and to comply with certain legal requirements. This record will be available to all health care and allied health professionals who need access as described in this Policy, many of whom will be involved in your treatment.
As part of our commitment to maintaining the confidentiality of your care, Capiz Emmanuel Hospital, Inc. will share your information only to the extent necessary to ensure with your treatment, conduct our professional operations, collect payment for the services we provide you, and to comply with the laws that govern health care. While we may need your personal information for other purposes, we will not use or disclose your information without your permission.
c. OUR PATIENT PRIVACY POLICY
Capiz Emmanuel Hospital, Inc. may provide you with a Patient Privacy Policy pamphlet, upon your request, that explains our privacy practices and your rights regarding your personal and health information. Consent to the collection, use, disclosure, and disposition of your personal and health information will be obtained upon admission or consultation or by availing of the various services provided by the institution.
You may ask for a copy of our current Policy in any of the patient registration areas throughout the hospital as well at the Data Privacy Office. You can also view and print a copy of our current Policy by visiting our website at https://www.ceh.com.ph. Likewise, Privacy Notices may be found publicly posted in a number of places.
Capiz Emmanuel Hospital, Inc. may, from time to time, review and update this Policy to adapt to changing corporate practices, and to take into account new laws and technology. We reserve the right to make the revised or changed Policy effective for health information we already have about you as well as any information we receive in the future. The use, storage and disclosure of all data held by CEH will be governed by the most recent privacy policy, posted on https://www.ceh.com.ph.
III. DEFINITION OF TERMS
a. “Data subject” refers to an individual whose personal, sensitive personal, or privileged information is processed;
b. “Consent of the data subject” refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of his or her personal, sensitive personal, or privileged information. Consent shall be evidenced by written, electronic or recorded means. It may also be given on behalf of a data subject by a lawful representative or an agent specifically authorized by the data subject to do so;
c. “Data sharing” is the disclosure or transfer to a third party of personal data under the custody of Capiz Emmanuel Hospital, Inc.
d. “Personal data” refers to all types of personal information;
e. “Personal information” refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual;
f. Sensitive personal information refers to personal information:
i. About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
ii. About an individual’s health, education, genetic or sexual life of a person, or to any processing for any offense committed or alleged to have been committed by such individual, the disposal of such processing, or the sentence of any court in such proceedings;
iii. Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, tax returns; and
iv. Specifically established by an executive order or an act of Congress to be kept classified.
g. “Privileged Information” refers to any and all forms of data, which, under the Rules of Court and other pertinent laws constitute privileged communication;
h. “Processing” refers to any operation or any set of operations performed upon personal data including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data. Processing may be performed through automated means, or manual processing, if the personal data are contained or are intended to be contained in a filing system;
i. “Personal data breach” refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed;
j. “Security incident” is an event or occurrence that affects or tends to affect data protection, or may compromise the availability, integrity, and confidentiality of personal data. It includes incidents that would result to a personal data breach, if not for safeguards that have been put in place;
IV. SCOPE
This Policy pertains to all individuals, departments, and units in Capiz Emmanuel Hospital, Inc. who have access to, use, or disclose protected health information. The Policy is administered by the Data Privacy Office. It is intended to serve as a foundation for privacy practices of CEH. Divisions, departments, or units within CEH may impose privacy safeguards in addition to those required by this policy and procedure.
V. PROCESSING OF HEALTH INFORMATION
This section describes ways that Capiz Emmanuel Hospital, Inc. use and disclose health information. It does not list every possible use or disclosure, but the ways your information may be used and disclosed fall into the following categories:
· Treatment and Communication
· Billing and Collection
· Health Care Processes and Professional Services
· Legal Compliance and Health-Related Services
· Research and Training
A. Collection, Use and Disclosure
a. Treatment and Communication
Your health information is used to provide you with medical treatment or services. We may use and share health information about you with physicians, nurses, allied medical personnel, residents, fellows, nursing students and medical students, or other CEH personnel involved in your care. Different departments of the hospital may also share health information about you to coordinate the services you need, such as pharmacy, dietary, laboratory and other diagnostic centers.
In special cases, we may also disclose your health information to providers not affiliated with the Hospital to facilitate care or treatment they provide you. These include other physicians outside Capiz Emmanuel Hospital, Inc. who are involved in your care outside the hospital setting or in case of hospital transfers, to the receiving hospital.
Electronic exchange of health information helps ensure better coordination of care. The physicians and nurses of Capiz Emmanuel Hospital, Inc. utilize digital technology in order to facilitate quicker and prompt referrals within the healthcare team. They may use messaging platforms such as SMS, emails, Viber, Telegram, and other similar services in order to communicate with the team.
Upon your request, we may send electronic results of your laboratory and other diagnostic tests to you or your authorized representative. We may also use and disclose health information to contact you as a reminder that you have an appointment for care at Capiz Emmanuel Hospital, Inc. We will communicate with you using the information (such as telephone number and email address) that you provide us.
Unless you notify us to the contrary, we may use the contact information you provide to communicate general information about your care such as appointment location, department, date and time, as well as for patient experience and satisfaction surveys.
b. Billing and Collection
We may use and disclose your personal and health information to confirm, bill and receive payment for health care services that we or others provide to you. This includes submission of your health information to receive payment from Philhealth, your health maintenance organization (HMO), insurance company, or other party that pays for some or all of your health care or to verify that your payor will pay for your health care. We may also tell your payor about a treatment you are going to receive to determine whether your payor will cover the treatment. For certain services, if your permission is needed to release health information to obtain payment, you will be asked for permission.
In cases of non-payment, your personal and health information will be sent to legal services for collection purposes who may conduct credit investigations and send demand letters to collect payment for services rendered to you.
c. Health Care Processes and Professional Services
We may use and disclose health information for health care operations. This includes functions necessary to run Capiz Emmanuel Hospital, Inc. and assure that all patients receive quality care. We may also share your information with affiliated health care providers so that they may jointly perform certain business operations along with CEH. We may combine health information about many of our patients to improve on the services being offered, to determine what services are no longer needed and to assess whether certain treatments are effective.
We may share information with physicians, nurses, allied medical personnel, residents, fellows and medical students, or other CEH personnel to ensure quality assurance and compliance with standards of care. We may also compare the health information we have with information from other hospitals to see where we can improve the care and services we offer. In these instances, Capiz Emmanuel Hospital, Inc. will work to anonymize, mask, encrypt or de-identify your personal and health information as much as possible.
The Hospital contracts with outside entities that perform business services for us, such as the, government entities, billing companies, management consultants, accounting or legal firms. In certain circumstances, we may need to share your health information with a business associate so it can perform a service on our behalf. We will have a data sharing agreement or written contract in place with the business associate requiring protection of the privacy and security of your health information.
d. Legal Compliance and Health-Related Services
We may disclose your information to the Department of Health and other appropriate government entities for activities authorized by law such as audits, investigations, inspections, and licensure.
When necessary to prevent a serious threat to your health and safety or the health and safety of others, we may use and disclose certain information about you. Such disclosure will only be to someone able to prevent or respond to the threat, such as law enforcement, or a potential victim.
We may also use or disclose health information about you when required to do so by laws not specifically mentioned in this Policy.
e. Research and Training
As an affiliated hospital for the Filamer Christian University, College of Nursing (FCU-CON), nursing students may use and access your health information. We will have a data sharing agreement or written contract in place with FCU-CON requiring protection of the privacy and security of your health information.
Being a training ground for future nurses, your health information may be used and disclosed in training and education. Daily endorsement rounds, weekly department conferences, audits, morbidity, and mortality conferences are requirements for continued accreditation of our clinical programs and may involve the use of your health information. Limited information about you and your treatment may be used for the purposes of accreditation of our residency and fellowship programs and specialty board certification of our trainees.
f. Other uses and disclosures
Capiz Emmanuel Hospital, Inc. does not require prior consent or authorization in the disclosure of your health information in the following instances:
· Public Health Activities
o To prevent or control disease, injury or disability;
o To report births and deaths;
o To report the abuse or neglect of children, elders and dependent adults;
o To report reactions to medications or problems with products;
o To notify you of the recall of products you may be using;
o To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition;
o To notify the appropriate government authority if we believe you have been the victim of abuse, neglect or domestic violence; we will only make this disclosure when required or authorized by law;
o To notify the Department of Health and other appropriate government entities when you seek treatment at Capiz Emmanuel Hospital, Inc. for certain diseases or conditions required to be reported by law.
B. Storage, Security, Retention and Destruction
Capiz Emmanuel Hospital, Inc. will ensure that personal and health information under its custody are protected against any accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful processing. CEH will implement appropriate security measures in storing collected personal and health information. All health information gathered and kept in medical records shall be retained for as long as the patient regularly seeks treatment at the institution. After an inactive period of ten (10) years from the last outpatient consult and fifteen (15) years from the last in-patient confinement, hard copies of medical records shall be brought to an appropriate facility for melting and destruction with secure protocols in place. Electronic copies of medical records shall be retained for a similar period.
VI. RIGHTS RELATING TO YOUR HEALTH INFORMATION
An important part of Capiz Emmanuel Hospital Inc.'s Privacy Policy is this section which explains your data privacy rights regarding your health information. You (or your authorized representative) have the right to:
· Be informed
· Reasonable access to your health information
· Request a correction to your personal information
· An accounting of hospital disclosures of your health information
· Request restrictions on certain uses and disclosures of your health information
· Receive a copy of Capiz Emmanuel Hospital, Inc.'s Privacy Policy
a. Information
You have the right to be informed that your personal and health information will be, are being, or were, collected and processed. You have the right to be informed of the purposes for which they will be, are being, or were processed and the duration for which the information will be kept.
b. Reasonable Access of your Health Information
You have the right to obtain a copy of your pertinent health information. The medical information available to you are the following:
· Clinical Abstract/Discharge Summary
· Laboratory and other diagnostic results
· Consent for Admission and Procedure
· Record of Operation or Delivery
· Operative Technique
· Medical Certificate or Certificate of Confinement
To request for a copy of your medical records, proceed to the Medical Records Section and fill out an Authorization for Release of Information. CEH may charge a fee for the cost of providing copies to you
c. Request a Correction to your Personal Information
If you believe that the personal information Capiz Emmanuel Hospital, Inc. has on file about you is incorrect or incomplete, you may ask us to correct the personal information in your records. If your personal information is accurate and complete, or if the information was not created by the Hospital, we may deny your request. If we deny any part of your request, we will provide you with a written explanation of our reasons for doing so. Requests to make a correction to your records must be in writing and must describe each item that you want changed and the reason you are requesting the change. We may require additional documentation from you or your authorized representative as proof before processing your request.
d. An Accounting of Hospital Disclosures of your Personal and Health Information
You have the right to request a list of how your personal information was shared for purposes other than treatment, payment, health care operations and legal compliance. Your health information on the other hand, will never be shared with third parties without your consent.
e. Request Restrictions of Certain Uses and Disclosures of Your Medical Information
You have the right to request reasonable restrictions on certain uses or disclosures of your personal and health information. Requests for restrictions must be in writing. In most cases, we are not required to agree to your requested restriction. However, if we do agree, we will comply with your request unless the information is needed to provide you emergency treatment or comply with the law.
Some examples of restriction requests that the Hospital cannot honor include:
· Requests to restrict residents from accessing your medical information.
· Requests restricting the hospital from giving your name to an insurance company that will be asked to pay a portion of your bill.
· Request restricting the hospital from reporting your identity and condition to an agency or organization where the hospital is required by law to do so.
VII. INQUIRIES AND COMPLAINTS
The confidentiality of your health information is a significant part of the care we provide to you. For matters relating to the processing of your protected health information or if you believe that your privacy rights have been violated, you may file a written complaint with our Data Privacy Office via:
Email: dpo.ceh@gmail.com
Mail: Data Protection Officer
Data Privacy Office
Capiz Emmanuel Hospital, Inc.
Roxas Avenue, Roxas City, Capiz
VIII. EFFECTIVITY
The provisions of this Policy are effective this 01 day of September 2023 until amended.
Prepared by:
MALCOLM MILTON H. AGUIRRE
Data Protection Officer
Approved by:
MA. CRISTINA C. DANAC-DELFIN, MBA, MD
Hospital Administrator