PRIVACY NOTICE

INTRODUCTION

Sacred Heart Hospital of Malolos, Inc. (SHHM) hereby adopts this Privacy Notice in accordance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations, and all other pertinent policies, including issuances promulgated by the National Privacy Commission (NPC). SHHM is committed to respecting and upholding your data privacy rights. We ensure that all personal data we collect from you, our valued clients and customers, are processed in strict compliance with the general principle of transparency, legitimate purpose, and proportionality.

SCOPE

This Privacy Notice applies to the collection, use, disclosure, retention, and disposal of your personal data by Sacred Heart Hospital of Malolos, Inc. through the following channels:

• When you visit our websites.
• When you avail of our medical services.
• When you utilize our facilities or engage with our products.
• When you interact with our representatives, such as through calls, emails, or in-person communication.
• When you submit an application for employment or participate in our recruitment process.

This notice extends to personal data collected about representatives of the Third-Party Suppliers that may be necessary for the performance of their services for SHHM.

WHAT DATA DO WE COLLECT?

The specific data we collect may vary depending on your interaction with us. This could include your identification details, along with your medical history, basic demographics, billing information and any feedback you provide. We might also collect data about your device and how you use our websites.

In some cases, with your consent, we may obtain limited information from your insurance company, referral sources, or laboratories to verify your information or complete your medical records. It’s important to note that we avoid collecting sensitive personal information such as race, ethnicity, political views, religious beliefs, or details about sex life or sexual orientation, unless it is strictly necessary for providing medical care or required by law.

WHY DO WE COLLECT YOUR DATA?

The data we collect from you allows us to provide accurate diagnosis, create customized treatment plans, scheduling appointments, and providing follow-up care. Additionally, the data helps us to optimize hospital functions by improving our website, manage billing and payments seamlessly, and adhering to all legal and regulatory requirements. We also use your anonymized data to analyze trends for improvement and develop new services to better serve your needs. Finally, your data is used to send you important healthcare-related information, appointment reminders, and updates about SHHM’s services or policies.

HOW AND WHEN DO WE COLLECT YOUR DATA?

We gather your data through various methods, this includes collecting information when you fill out our forms (whether manually or electronically) during registration, admissions, or when you participate in our surveys. We also gather information you provide when scheduling appointments, during consultations with our medical staff, or when discussing treatment plans. Additionally, our systems might collect data about your device and your activity on our digital platform during your website visits. Finally, with your permission or when legally allowed, we may collect limited data from your insurance company, referring healthcare provider, and external laboratories to verify your information, facilitate billing processes, or receive test results electronically.

WHO HAS ACCESS TO YOUR DATA?

We take strict measures to protect your personal information. Only authorized personnel who have a legitimate business need to access your data can do so. This includes active and visiting doctors, nurses, medical technicians, and other healthcare professionals directly involved in your care. They will only access your information as necessary to provide you with high-quality medical services.

Personnel from administrative departments may also require access to specific data points for billing purposes or to maintain our electronic health records system. Additionally, we may partner with trusted third-party vendors to perform specific tasks on our behalf, such as data storage, analytics, or appointment reminders. These vendors are granted the minimum amount of data necessary to complete their designated tasks and are contractually obligated to maintain the confidentiality and security of your information.

HOW WE STORE YOUR DATA?

Your personal data will be retained in accordance with specific retention periods established by Sacred Heart Hospital of Malolos, Inc. (SHHM) policies and relevant regulations, including guidelines set forth by the Department of Health (DOH) Circular No. 70-1996, DOH Department Circular No. 2021-0226, and DOH Administrative Order No. 2022-007 regarding medical records retention. These retention periods are determined based on the purposes of collection and legal requirements. Once the retention period expires, your personal data will be securely disposed of, unless we are required by regulations to retain it for a longer period of time to comply with legal or regulatory obligations.

THIRD PARTIES WHO PROCESS YOUR DATA

We use third parties to provide and deliver our healthcare services to you. Because of this, it is necessary for us to share your data with these third parties. Your data is shared only when strictly necessary and where there are safeguards. If your data needs to be transferred to a third party in another country, we will conduct a risk assessment to ensure that there is an adequate level of protection. We will usually include these obligations in our contracts with sold third parties. In addition, all data transfers whether within or outside of the Philippines are encrypted. Below are the third-parties who help us process your data:

Unification of Records

Payments

SECURITY MEASURES IN PLACE

We have implemented a comprehensive set of organizational, technical, and physical safeguards to protect your information from unauthorized access, disclosure, alteration, or destruction.

Organizational Security Measure

This is reflected in our clear data privacy policy, which outlines how we collect information, who has access to it, and how we secure it. To ensure your information remains secure, we implement granular access controls. This means only authorized personnel can access your data, and their access is further limited based on their role. Additionally, we use user authentication mechanisms, activity logs, and role-based limitations to monitor data access and identify any unauthorized attempts.

Technical Security Measure

We employ multiple layers of security to safeguard your information. Industry-standard encryption methods protect your data both at rest on our systems and in transit during electronic transmission. Firewalls, intrusion detection systems, and other advanced security technologies shield our network infrastructure from unauthorized access and cyberattacks. Additionally, we conduct regular security assessments to proactively identify and address any potential vulnerabilities in our systems and data security practices.

Physical Security Measure

We take a multi-layered approach to safeguard your data. Physical security measures include storing servers in locked cabinets within secure rooms monitored by security cameras, with limited access points to restrict entry. Paper-based medical records and other sensitive documents are protected by appropriate physical safeguards to prevent unauthorized access or loss. Additionally, a comprehensive disaster recovery plan ensures the continuity of operations and the protection of your data in the event of unforeseen emergencies or natural disasters.

YOUR RIGHTS AS A DATA SUBJECT

In accordance with the Data Privacy Act of 2012, you, as a data subject whose personal information is collected, stored, and processed, possess the following rights:

• You have the right to be informed about the manner in which your personal information is processed.
• You have the right to access your personal information and/or obtain a copy, in both physical and electronic formats, of the personal information you have provided.
• You have the right to have any inaccuracies or errors in your personal information rectified.
• You have the right to request the suspension or withdrawal of the blocking, removal, or destruction of your personal information.
• You have the right to withdraw your consent to the processing of your personal information at any time. You may exercise this right by immediately ceasing access or use of our website.

UPDATES TO OUR PRIVACY POLICY

SHHM reserves the right to periodically revise this Privacy Policy to ensure compliance with evolving data privacy regulations. This may also be necessary to reflect any changes within our organization's policies or the way we process personal data.

CONTACT US

For any inquiries regarding this Privacy Policy or to exercise your rights as outlined in this Notice or under applicable Philippine data privacy laws and regulations, please contact our Data Protection Officer using the following information: