QualiMed Health Network Privacy Policy

WHAT IS PERSONAL INFORMATION?

PERSONAL INFORMATION refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual [Sec. 3, Data Privacy Act of 2012 (DPA)].  In sum, it is information that can be used, on its own or with other information, to identify, contact, or locate a single person, or to identify an individual in context.

Personal Information is considered SENSITIVE PERSONAL INFORMATION when it is about:

  • An individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
  • An individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings;
  • Those issued by government agencies peculiar to an individual, which include social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
  • Those specifically established by an executive order or an act of congress to be kept classified.

All types of personal information are collectively referred to as PERSONAL DATA.

QUALIMED HEALTH NETWORK AS PERSONAL INFORMATION CONTROLLER (PIC)

The DPA provides for rules on how to process personal data. Under the DPA, the entity that decides how personal data are processed (which includes the collection, use, sharing/disclosure, and storage/disposal) is called a Personal Information Controller (PIC). 

This Data Privacy Policy is for the QualiMed Health Network, consisting of QualiMed Hospitals in Mandurriao (Iloilo), San Jose del Monte (Bulacan), and Sta. Rosa (Laguna); QualiMed Surgery Centers in UP-PGH FMAB (Manila) and Farmers Plaza (Araneta Center); QualiMed Clinics in Taguig, Makati, Quezon City, and Cebu; and QualiMed Physician Associates, Inc., (collectively referred to as “QualiMed”, “we”, “us” or “our”) as PICs.  We are committed to protecting the privacy of your personal data in compliance with the DPA and its Implementing Rules and Regulations (IRR).

SERVICE DESCRIPTION

QualiMed is a network of business units geared towards providing appropriate, affordable, and accessible healthcare.  We provide outpatient and inpatient care for medical and surgical cases and ancillary services such as laboratory examinations and imaging.  We also retain the assistance of third parties, after thorough credentialing, to aid in providing the above services to our patients and personnel.

We employ or engage medical and nonmedical personnel to maintain efficient operations in all our business units.  Our human resource department provides support and services to all our employees.

By providing QualiMed your information, you are explicitly authorizing and consenting to our, including those of our accredited third-party service providers’, collection, use, storage, sharing, and disposal of your data.  Furthermore, when you disclose to us the personal data of another person (e.g., your dependent, spouse, or child), you explicitly attest that the same authorization and consent have been lawfully obtained from that person, by yourself, on our behalf.

This document shall explain:

  • What information we collect and why;
  • How we collect, use, store, share/disclose, and dispose your personal data;
  • What security measures we have adopted for the protection of your personal data; and
  • What are your rights as a data subject.

PERSONAL DATA WE COLLECT

In the course of our business, we may collect your personal data, which may include but are not limited to:

  • Full name, gender, civil status, date of birth, nationality, proof of identification, and identifying characteristics, such as fingerprint and contact informations, which include telephone/mobile number, email address, or mailing address;
  • Bank account, credit card information, details of affiliation with third parties, such as guarantors or payors, or status of loans or liabilities;
  • Educational background, work history, credentials or licenses, income, details of affiliations with third parties, such as oversight agencies or societies, or other details relating to occupation or practice of profession;
  • Medical history, handedness, religion, use of medications and other substances, physical examination findings, or consent/non-consent for organ donation;
  • Involvement and authority in your company, such as position or extent of ownership;
  • Involvement in any administrative, civil, or criminal case or dispute; and
  • Personal data of your next of kin provided by you.

HOW WE COLLECT YOUR PERSONAL DATA

We collect personal data through any of the following means:

  • Our security cameras installed within the vicinity or actual premises of our clinic or hospital;
  • During interviews, consultations, tests, admissions, or through the filling up of forms needed to facilitate your care or payment for care;
  • During physical examinations, laboratory tests, or surgical procedures by our staff or accredited third parties to reflect their observations, your test results, or other pertinent information;
  • During the hiring process and throughout your employment by QualiMed, through the application forms, documentary requirements, or interviews; 
  • During the credentialing process, information related to your training, work experience, or moral character from you or from your previous instructors or superiors through face-to-face or telephone interviews, forms, or documentary requirements;
  • During the accreditation process for suppliers from you or from your company through authorization forms or interviews; and
  • When you interact with any of our staff for inquiries, complaints, or other transactions via the internet, telephone, or face-to-face meetings.

PURPOSES, USE, AND DISCLOSURE OF YOUR PERSONAL DATA

We ensure that the personal data we collect have lawful basis and are used for legitimate purposes as provided herein.

CONTRACT FOR TREATMENT
Pursuant to our contract to provide you with the best medical treatment or services, our physicians, nurses, technicians, medical students, or other personnel involved in your care use your personal data. For example, a healthcare provider treating you for a condition may need to know what medications you are taking to assess risks related to drug interactions. Different departments in our hospitals or clinics, such as the pharmacy or laboratory, also use your personal data to coordinate the services you need.

We also disclose your information to entities who may or may not be affiliated with QualiMed to facilitate care or treatment they will give you. For example, we may disclose your health information to your personal physician for continuity of care. We may also provide your information to our accredited service providers for treatment coordination purposes.

HEALTHCARE OPERATIONS AS LEGITIMATE BUSINESS
As a legitimate healthcare service provider, we use and may disclose your personal data to third parties for your treatment and other functions necessary for healthcare operations, which include coordination with third parties and processing of payments. These functions are necessary to run our network or ensure that all patients receive quality care. These functions include appointments and scheduling procedures. 

We also share your information with affiliated healthcare providers when we jointly perform certain services or business operations. We may combine health information about several patients to decide, for example, what additional services QualiMed should offer and which services are no longer needed. We may share information with doctors, nurses, technicians, medical students, clerks, and other personnel for quality assurance and educational purposes. We may also compare the health information we have with information from other hospitals to see where we can improve the care and services we offer.

We may use and disclose your information to receive compensation for services that we or others provide you.  This may include submitting health information to a third party (payor) that guarantees part or all of your healthcare expenses, verifying that your payor will pay for your healthcare, or receiving payment from said payor. 

COMPLIANCE WITH LEGAL AND REGULATORY REQUIREMENTS AND PUBLIC HEALTH INITIATIVES
We use and may disclose your information to comply with regulatory requirements or to contribute to public health initiatives. These include, but are not limited to the following:

  • Audits, investigations, inspections, or other activities by entities with regulatory oversight, such as the Department of Health;
  • Prevention or control of disease, injury, or disability;
  • Statistical reporting and registry of births and deaths;
  • Reporting of adverse drug reactions, equipment malfunctions, faulty medical devices, or related issues; and
  • Reporting of abuse or neglect of vulnerable populations.

We may use and disclose your personal data when necessary to prevent a serious threat to your health or safety or the health or safety of others, but only to individuals or entities able to prevent or respond to the threat, such as law enforcement or a potential victim. 

We may disclose information about you in response to a court or administrative order, subpoena, legally enforceable discovery request, or other lawful process. 

We may release your personal data for workers’ compensation or similar programs of the government, which provide benefits for work-related injuries or illness.

OTHERS

  • Hospital Directory – We may include your name and your location (but not your specific health information) in the Hospital’s Patient Directory while you are receiving inpatient care. We make this information available so that individuals can contact or visit you. Unless you specifically request that your information be excluded from the Patient Directory, we may release this directory information to people who ask for you by name after proper verification. 
  • Research – We will ask for your written authorization before using your health information or sharing it with others to conduct research. Under limited circumstances, however, we may use and disclose your health information without your authorization. In the latter conditions, we obtain approval through an independent review process to ensure that research conducted without your authorization poses minimal risk to your privacy. 
  • Facilities for Organ Donation – We may release your information to entities that facilitate organ or tissue donation with your prior consent/authorization for any actual donations. 

PROTECTION OF INFORMATION

We maintain physical, technical, and organizational safeguards to protect your personal data against loss, theft, unauthorized access, disclosure, copying, use, or modification. We employ safeguards, such as:

  • Using secure servers behind advanced threat-protection applications, equipment, firewalls, encryptions, and other security tools;
  • Limiting access to your personal data only to those who are qualified and authorized to process it; all such persons, wherever they are located, are required by us to protect the confidentiality and privacy of your personal data in a manner consistent with our privacy policies and practices;
  • Training staff on the secure processing of your personal data; and
  • Conducting regular security vulnerability and penetration testing on our information systems/infrastructure.

RETENTION AND DISPOSAL OF INFORMATION

We will retain documents containing your personal data, whether in electronic or print form:

  • To the extent that such personal data may be relevant for any of the purposes declared above;
  • To the extent that we are required to do so by law;
  • To the extent required by or pursuant to our contract; and
  • If we believe that the documents may be relevant to any ongoing or prospective legal proceedings.

Thereafter, your personal data shall be disposed of or discarded in a secure manner that will prevent further processing, unauthorized access, or disclosure to any other party or the public.

YOUR RIGHTS AS A DATA SUBJECT

  • You have the RIGHT TO BE INFORMED about how your data is collected, used, stored, shared, and destroyed. You also have the right to be informed of any compromise in the security of your information.
  • You have the RIGHT TO GAIN REASONABLE ACCESS to your personal data. Barring certain exceptions, you may request for an account of how we have processed or disclosed your data, including information about the recipients of your data.
  • You have the RIGHT TO OBJECT to the processing of your personal data at any point during our engagement, after which we shall no longer use or disclose your information, unless we are required or allowed by law to do so. We cannot undo any uses or disclosures done prior to your objection, and we are also required to continue storing certain information despite the withdrawal of your consent.
  • You have the RIGHT TO ERASE OR BLOCK our use or disclosure of your data, upon discovery and substantial proof that such use or disclosure is unlawful.
  • You have the RIGHT TO DAMAGES, and you may claim compensation for any violation of your rights as a data subject.
  • You have the RIGHT TO FILE A COMPLAINT for any perceived violation of your rights as a data subject.
  • You have the RIGHT TO CORRECT information about you that you feel is inaccurate or erroneous. Once resolved with supporting data, QualiMed shall provide you access to both corrected and retracted information.
  • You have the RIGHT TO DATA PORTABILITY, which allows you to secure an electronic copy of your data and to transfer the same. 

INQUIRIES OR COMPLAINTS

Since QualiMed is committed to ensuring that its Privacy Management Program is constantly reviewed, monitored, and enhanced, a Data Protection Officer (DPO) has been designated to oversee its network. Compliance Officers for Privacy (COP) have also been appointed to manage and safeguard the handling of your data in accordance with the DPA.

For any comments, questions, complaints, or requests relating to this Privacy Policy statement, you may get in touch with:

COMPANY
QualiMed Health Network

EMAIL ADDRESS
dataprivacy@qualimed.com.ph

CONTACT DETAILS
(+632) 708.0000 local 195

MAILING ADDRESS
UP-PGH Faculty Medical Arts Building, PGH Compound, Taft Avenue, Manila

For specific privacy concerns related to QualiMed subsidiaries, you may direct them to contact details provided below:

COMPANY

QualiMed Clinics

 QualiMed Hospital - San Jose del Monte

QualiMed Hospital - Sta. Rosa

QualiMed Hospital - Iloilo

QualiMed Surgery Center - Manila and QualiMed Surgery Center - Farmers Plaza

EMAIL ADDRESS

dataprivacy.chs@qualimed.com.ph

dataprivacy.sjd@qualimed.com.ph

dataprivacy.str@qualimed.com.ph

dataprivacy.ilo@qualimed.com.ph

dataprivacy.mnl@qualimed.com.ph

CONTACT DETAILS

(+632) 511.7359 local 208

(+6344) 307.0000 local 108

(+6349) 405.0000 local 406

(+6333) 321.5272 local 5204

(+632) 708.0000 local 195

MAILING ADDRESS

Bonifacio Stopover, 32nd Street, Bonifacio Global City, Taguig

Altaraza Spine Road, Brgy. Tungkong Mangga, San Jose Del Monte, Bulacan

West Nature Avenue, Nuvali North, Sto. Domingo, Sta. Rosa, Laguna

Atria Park District, D. Pison Avenue, San Rafael, Mandurriao, Iloilo City

UP-PGH Faculty Medical Arts Building, PGH Compound, Taft Avenue, Manila

We will endeavor to respond to your request at the soonest possible time.

UPDATES TO THE PRIVACY POLICY

QualiMed reserves the right to amend or update this Privacy Policy from time to time to comply with new laws or regulations, or to reflect changes in our business operations. In the event of an amendment or update to this Privacy Policy, we will post a prominent notice on this website indicating that certain changes have been made, including the date of the latest update. We encourage you to check our website periodically for any changes in our Privacy Policy. We will also endeavor to send individual notices of significant changes to this Privacy Policy to our existing clients and personnel.

Notice of Privacy Practices - 23 October 2018
This Supersedes All Prior Versions