QualiMed Health Network Privacy Policy

INTRODUCTION:  OUR PLEDGE TO PROTECT YOUR PRIVACY

QualiMed Health Network and its subsidiaries (collectively referred to as “QualiMed”, “we”, “us” or “our”) are committed to protecting the privacy of information we create or receive about you. 

It is the mandate of the law that we, as collectors and processors of information, shall make sure that information (personal, sensitive or privileged) is protected and kept private, unless certain exceptions will apply.

As we are partners in protecting your data, we invite you to review our Privacy Policy.  This document shall explain:

  • What information we collect or create, and why
  • How we collect, use, store, share and dispose of your data
  • How we safeguard your personal, sensitive or privileged information
  • Your rights as a data subject

QualiMed may amend or update this Privacy Policy to comply with new laws or regulations, or to reflect changes in our business operations.

By providing QualiMed your information, you are explicitly authorizing and consenting to our collection, use, storage, sharing and disposal of your data.  Furthermore, when you disclose to us the personal data of another person (i.e. your dependent, spouse or child), you explicitly attest that the same authorization and consent have been obtained from that person, by yourself on our behalf. 

SERVICE DESCRIPTION

QualiMed is a network of business units geared towards providing appropriate, affordable and accessible healthcare.  We provide outpatient and inpatient care for medical and surgical cases, and ancillary services such as laboratory examinations and imaging.

We employ or engage medical and nonmedical personnel to maintain efficient operations in all our business units.  Our human resource department provides support and services to all our employees.

We also retain the assistance of third parties, after thorough credentialing, to aid in providing the above services to our patients and personnel.

PERSONAL INFORMATION WE COLLECT OR CREATE

Personal information is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. During our interactions or transactions, we may collect or create personal data about you, including but not limited to:

  • Your full name, gender, civil status, date of birth, nationality, proof of identification, identifying characteristics such as your fingerprint, or contact information such as your telephone/mobile number, email address or mailing address
  • Your bank account, credit card information, details of affiliation with third parties such as guarantors or payors, or status of loans or liabilities
  • Your educational background, work history, credentials or licenses, income, details of affiliations with third parties such as oversight agencies or societies, or other details relating to your occupation or practice of profession
  • If you are our patient, information pertinent to your care such as your medical history, handedness, religion, use of medications and other substances, physical examination findings, or consent/non-consent for organ donation
  • If you are our supplier or are applying for accreditation to be our supplier, information pertinent to your involvement and authority in your company, such as your position or extent of ownership
  • Involvement any administrative, civil or criminal case or dispute, to the extent allowed by the law

METHOD AND TIMING OF DATA COLLECTION OR CREATION

We may collect or create information about you at any point during our engagement, and by various means, including but not limited to the following situations:

  • When you are within the vicinity or actual premises of our clinic or hospital, footage of you may be captured and stored by our security cameras.
  • During consultations, tests or admissions, you may be interviewed by our medical and nonmedical staff, or you may be asked to complete forms needed to facilitate your care or payment for care.
  • During physical examinations, laboratory tests or surgical procedures, our staff or accredited third parties may create new data about you to reflect their observations, your test results, or other pertinent information.
  • During the hiring process and throughout your employment by QualiMed, information regarding your qualifications may be solicited from you via application forms, documentary requirements, or interviews. We may also create new information about you for attendance monitoring, payroll, performance appraisal, and remittances to third parties.
  • During the credentialing process, information related to your training, work experience or moral character may be solicited from you or from your previous instructors or superiors through face-to-face or telephone interviews, forms or documentary requirements.
  • During the accreditation process for suppliers, information related to your position and authority in the company you represent may be solicited from you or from your company through authorization forms or interviews.
  • When you interact with any of our staff for inquiries, complaints or other transactions via the internet, telephone or face-to-face meetings, we may ask for proof of identification, contact information, and details pertinent to your inquiry or complaint.

PURPOSES, USE AND DISCLOSURE OF INFORMATION

To ensure efficient coordination of all entities and individuals involved, your information may be shared verbally or in print or electronic form.  QualiMed participates in secure information exchanges when we share data within our network and when we allow outside providers access to information they need to help us serve you.  Furthermore, we assure you that we enforce and comply with Data Sharing Agreements as mandated by the Philippine Data Privacy Act of 2012.

Your data may be used and disclosed for your treatment, for functions necessary for healthcare operations (including coordination with third parties and processing of payments), for regulatory compliance and public health concerns, and for other purposes allowed or mandated by law.

TREATMENT

We may use your information to provide you with medical treatment or services.  We may share your information with physicians, nurses, technicians, medical students, or other personnel involved in your care.  For example, a healthcare provider treating you for a condition may need to know what medications you are taking to assess risks related to drug interactions.  Different departments in our hospitals or clinics, such as the pharmacy or laboratory, may also share information about you to coordinate the services you need.

We may also disclose your information to entities who may or may not be affiliated with QualiMed; this is to facilitate care or treatment they will give you.  For example, we may disclose your health information to your personal physician for continuity of care.  We may also provide your information to our accredited service providers for treatment coordination purposes.

HEALTHCARE OPERATIONS

We may use and disclose your information for functions necessary to run our network or assure that all patients receive quality care.  This involves many support functions such as appointment or procedure scheduling.  We may also share your information with affiliated healthcare providers so that we may jointly perform certain business operations.  We may combine health information about several patients to decide, for example, what additional services QualiMed should offer and which services are no longer needed.  We may share information with doctors, nurses, technicians, medical students, clerks and other personnel for quality assurance and educational purposes.  We may also compare the health information we have with information from other hospitals to see where we can improve the care and services we offer.

PAYMENT

We may use and disclose your information to receive compensation for services that we or others provide you.  This may include submitting health information to a third party (payor) that guarantees part or all of your healthcare expenses, verifying that your payor will pay for your healthcare, or receiving payment from said payor. 

REGULATORY COMPLIANCE AND PUBLIC HEALTH INITIATIVES

We may disclose your information to comply with regulatory guidelines or to contribute to public health initiatives.  These include, but are not limited to the following:

  • Audits, investigations, inspections or other activities by entities with regulatory oversight, such as the Department of Health
  • Prevention or control of disease, injury or disability
  • Statistical reporting and registry of births and deaths
  • Reporting of adverse drug reactions, equipment malfunctions, faulty medical devices or related issues
  • Reporting of abuse or neglect of vulnerable populations

SPECIAL SITUATIONS

  • Hospital Directory - We may include your name and your location (but not specific health information) in the Hospital’s Patient Directory while you are receiving inpatient care. We make this information available so that individuals can contact or visit you.  Unless you specifically request that your information be excluded from the Patient Directory, we may release this directory information to people who ask for you by name. 
  • Research - We will ask for your written authorization before using your health information or sharing it with others to conduct research. Under limited circumstances, we may use and disclose your health information without your authorization. In these latter situations, we obtain approval through an independent review process to ensure that research conducted without your authorization poses minimal risk to your privacy. 
  • Serious Threat to Health or Safety - We may use and disclose certain information about you when necessary to prevent a serious threat to your health or safety, or the health or safety of others. Any such disclosure will only be to individuals or entities able to prevent or respond to the threat, such as law enforcement or a potential victim. 
  • Lawsuits and Disputes - If you are involved in a lawsuit or a dispute, we may disclose information about you in response to a court or administrative order, subpoena, legally enforceable discovery request, or other lawful process. In limited circumstances, we may release information about you in situations of confirmed or suspected criminal conduct.
  • Workers’ Compensation - We may release information about you for workers’ compensation or similar programs. These programs provide benefits for work-related injuries or illness.
  • Organ and Tissue Donation - We may release your information to entities that facilitate organ or tissue donation. These entities require your authorization for any actual donations. 

PROTECTION OF INFORMATION

We maintain physical, technical and organizational safeguards to protect your personal data against loss, theft, unauthorized access, disclosure, copying, use or modification. We employ safeguards such as:

  • Using secure servers behind advanced threat protection appliances, firewalls, encryptions and other security tools
  • Limiting access to your personal information only to those who are qualified and authorized to process it. All such persons, wherever they are located, are required by us to protect the confidentiality and privacy of your personal information in a manner consistent with our privacy policies and practices.
  • Ensuring that our information systems/infrastructure undergo regular security vulnerability and penetration testing

RETENTION AND DISPOSAL OF INFORMATION

We will retain documents containing your personal data, whether in electronic or print form:

  • to the extent that we are required to do so by law;
  • to the extent required by or pursuant to our contract;
  • if we believe that the documents may be relevant to any ongoing or prospective legal proceedings

Thereafter your personal information shall be disposed of or discarded in a secure manner that will prevent further processing, unauthorized access, or disclosure to any other party or the public.

YOUR RIGHTS AS A DATA SUBJECT

You have the RIGHT TO BE INFORMED about how your data is collected, used, stored, shared and destroyed.  You also have the right to be informed of any compromise in the security of your information.

You have the RIGHT TO GAIN REASONABLE ACCESS to your personal data.  Barring certain exceptions, you may request for an account of how we have processed or disclosed your data, including information about the recipients of your data.

You have the RIGHT TO OBJECT to the processing of your personal data at any point during our engagement, after which we shall no longer use or disclose your information, unless we are required or allowed by law to do so.  We cannot undo any uses or disclosures done prior to your objection, and we are also required to continue storing certain information despite the withdrawal of your consent.

You have the RIGHT TO ERASURE OR BLOCKING of our use or disclosure of your data, upon discovery and substantial proof that such use or disclosure is unlawful.

You have the RIGHT TO DAMAGES, and you may claim compensation for any violation of your rights as a data subject.

You have the RIGHT TO FILE A COMPLAINT for any perceived violation of your rights as a data subject.

You have the RIGHT TO RECTIFY information about you that you feel is inaccurate or erroneous.  Once resolved with supporting data, QualiMed shall provide you access to both corrected and retracted information.

You have the RIGHT TO DATA PORTABILITY.  You may electronically copy or transfer your data, provided this is done in a secure manner.

CHANGES TO THIS PRIVACY POLICY

QualiMed reserves the right, at its discretion, to change, modify, add or remove portions of this privacy policy at any time. You should check our website periodically for any changes in our privacy policy. In the unlikely event that we believe that the security of your information may have been compromised, we may seek to notify you of that development.

INQUIRIES OR COMPLAINTS

QualiMed has a Data Privacy Officer overseeing our network.  Compliance Officers of Privacy have also been appointed to manage and safeguard the handling of your data in compliance with the Philippine Data Privacy Act of 2012 or RA 10173. QualiMed is committed to ensuring that its Privacy Management Program is constantly reviewed, monitored and enhanced.

If you believe that your privacy rights have been violated, you may contact our Data Privacy Officer by telephone at (+632) 7080000 local 195, by email at dataprivacy@qualimed.com.ph, or by mail at Data Privacy Officer, QualiMed Health Network, UP-PGH Faculty Medical Arts (FMAB) Building, PGH Compound, Taft Avenue, Manila.

Notice of Privacy Practices - 15 August 2018
(Supersedes All Prior Versions)