GENERAL PRIVACY NOTICE

 

This is Capiz Emmanuel Hospital, Inc. (CEH) general statement on its data processing activities to notify Data Subjects of categories of Personal Data processed and the purpose and extent of processing. This is not a consent form but a notification how CEH processes Personal Data in its established practices and operation. CEH may further provide specific privacy notices in line with specific activities or objectives.

 

      I.        Acts of Processing

 CEH processes Personal Data to:

 1.    Perform its obligation, exercise its rights, and conduct its associated functions as a health care service provider;

2.    Conduct all acts reasonably foreseeable and customarily performed by similar healthcare service providers;

3.    Decide and act for the holistic welfare of patients, service recipients and their respective representatives and companions; and

4.    Manage and administer its internal and external affairs as a medical, educational and research institution, and as a juridical entity with its own rights and obligations

 

    II.        Personal Data Collected

 CEH collects the following Personal Data, as may be applicable and necessary for it specific legitimate purposes:

 ·         Personal details such as name, birth, gender, civil status and affiliations;

·         Contact information such as address, email, mobile and telephone numbers;

·         Medical information such as physical, psychiatric and psychological information;

·         Employment information such as government-issued numbers, position and functions;

·         Applicant information such as academic background and previous employments; and

·         Academic information such as grades, course and academic standing.

  

   III.        Collected Method

 CEH collects Personal Data physically through printed forms, attachments, and other documents required by its medical units and administrative offices, or electronically through electronic systems, electronic platforms, e-forms, email, or electronic submission of information directly by the Data Subject or by CEH associates.

 

  IV.        Timing of Collection

 CEH generally collects Personal Data from Data Subjects upon entry to the hospital or at the onset of a service, or transaction with CEH, such as medical care, medical consultation, laboratory service and health-related services.

 

    V.        Purpose of Collected Personal Data

 CEH collects and processes Personal Data for the following purposes:

 

1.    Purposes necessary for CEH to perform its obligations, exercise its rights, and conduct its functions as a medical, research, and training institution;

2.   Purposes to perform acts and decisions necessary for CEH to manage and administer its internal and external affairs as a juridical entity with its own rights, interests and obligations;

3.    Compliance with legal, regulatory, administrative or judicial requirements including but not limited to audit, reporting and transparency requirements;

4.    Purposes specific to CEH in accordance with its Privacy Policy and related policies, rules or procedures.

 

  VI.        Storage, Location and Transfer of Personal Data

Personal Data are stored in physical and electronic data processing systems managed by groups, offices, and units of CEH. Physical records are generally stored in folders or envelopes in drawers or shelves. Electronic records are generally stored in servers in the possession or control of CEH or in cloud storage controlled or availed by CEH.

Personal Data are transmitted and transferred in accordance with Chapter III of the Data Privacy Act of 2012 and Rule V of its Implementing Rules and Regulations.

 

 VII.        Method of Use

CEH uses Personal Data proportionately as necessary for its legitimate purposes in accordance with CEH Policies. Personal Data are used in accordance with the Data Privacy Act of 2012, issuances of the National Privacy Commission and the Department of Health.

 

VIII.        Retention Period

CEH retains data in accordance with its policies on retention observing laws and government rules and regulations. In the absence of an applicable rule of retention, Personal Data shall be retained by CEH group, office, or unit in accordance with locally and internationally accepted practices and standards.

 

  IX.        Participation of patients, service recipients and their respective representatives and companions

A.   CEH patients, service recipients, and their respective representatives and companions have the following rights with respect to their Personal Data:

1.    Right to be informed, except for internal data;

2.    Right to access and data portability, subject to reasonable requirements;

3.    Right to rectification, erasure, and blocking. However, services may be affected by changes in or lack of data; and

4.    Right to file a complaint. CEH’s Data Protection Office are continually open to resolve concerns.

 

B.    CEH patients, service recipients, their respective representatives and companions, and others within the scope of CEH’s Privacy Policy have the following responsibilities:

1.    Keep up to date all Personal Data and other information submitted to or in the possession of CEH;

2.    Respect the data privacy rights of all Data Subjects;

3.    Report any suspected Security Incident or Personal Data Breach to CEH though the contact information of CEH Data Protection Office provided herein;

4.    Ensure accuracy of Personal Data and other information;

5.    Obtain the consent of the Data Subject prior to processing of personal information;

6.    Not disclose to any unauthorized party any non-public confidential, sensitive or personal information obtained or learned in confidence directly or indirectly through CEH; and

7.    Abide by the policies, guidelines and rules of CEH on data privacy, information security, records management, research and ethical conduct and from time-to-time, check for updates on these policies, guidelines and rules, and ensure compliance therewith.

 

    X.        Inquiries

 Inquiries and concerns on data privacy may be directed to CEH Data Protection Office:

 

​Capiz Emmanuel Hospital, Inc.

​Data Privacy Office

​2nd Floor Centennial Bldg., Capiz Emmanuel Hospital, Inc., Roxas Avenue, Barangay. X, Roxas City, Capiz

​(036) 6201377 local 1102

​+639177091939

​dpo.ceh@gmail.com

 


Definitions

 

“Personal Data” refers to all types of personal information, sensitive personal information and privileged information under the Data Privacy Act of 2012 and its Implementing Rules and Regulations.

“Data Subject” refers to an individual whose personal information is processed.

“Personal Information” refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.

   

 

Prepared by:

 MALCOLM MILTON H. AGUIRRE

Data Protection Officer

 

 

Approved by:

 MA. CRISTINA C. DANAC-DELFIN, MBA, MD

Hospital Administrator