DLSMC PRIVACY POLICY

If you are a client or patient of De Los Santos Medical Center (DLSMC), this policy applies to you. It is only natural to want assurance that your data will be in safe hands. We consider your privacy extremely important; through this policy, we will explain which of your data we process and how we handle these data.

We act as the “personal information controller” of your personal data processed for the provision of healthcare and healthcare services.

​

Our Data Protection Officer is Anthony Z. SiaAtty. Eunice Saavedra. You may reach him via privacy@dlsmc.ph

​

We also act as the personal information controller for research-related processing of patient data, subject to strict safeguards and ethical oversight.

•    Read this Privacy Policy
•    If you provide us with personal information about other people, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. By submitting the information, you confirm that you have the right to authorize us to process it on your behalf in accordance with this Privacy Policy.

Data that identifies you

• Your name, age and birthdate, marital status, PhilHealth number, SSS or GSIS number, the details of your valid government identification card, etc.

Health, biometric, biological, and medical information

• Your height, weight, blood type, current symptoms, medical history (including family medical history), information about your lifestyle (e.g., consumption of alcohol or tobacco products), vital signs (temperature, blood pressure, heart rate, etc.), diagnostic information, treatment information (details of surgeries, medications prescribed, doses, administration times, and other treatments). If you have been admitted to the hospital we will also collect information on your medical condition and changes in your condition, treatment responses and outcomes, discharge status, and follow-up care instructions.

Financial Information

• Credit/debit card details, details of your employer, etc.

Contact details

• Your contact number, email address, and home address, as well as the contact details of your next of kin or emergency contact

Other sensitive personal information that may affect our delivery of healthcare services or that we may collect when you access public areas within our premises

• Your religion, race and ethnic origin, CCTV footage (please refer to our separate CCTV Surveillance Notice)
   

We process data about all patients at our hospital. By ‘process’, we mean, for example, that we will save or add to your data, or that we will share them with your healthcare providers (e.g., your physicians), and delete them at a later date. If you receive treatment at our hospital, we will process your health and medical information in your patient record. Under no circumstances will we process more data than needed to provide you with the appropriate care.

Legal basis:

Necessary for medical treatment, Necessary for the protection of life and health

Your personal information helps us understand your health history and current health needs to provide you with appropriate medical treatment and services. This includes everything from diagnosing your condition to planning your care and treatment. Your information may be used and accessed by our employees and medical consultants (i.e., your physicians or the healthcare professionals involved in the interpretation of your test results) who are involved in or who have a supporting role in your care and treatment to ensure that you receive the best possible care. These employees and consultants have a statutory duty and/or ethical and professional duties of confidentiality.

​

We may share your information with other affiliated clinics or hospitals if you are referred to them. But, we will only share your information after you have consented to it.

Legal basis:

Necessary for medical treatment, Necessary for the protection of life and health

We may use your contact information to communicate important information about your appointments, test results, and health status.

Legal basis:

Necessary for medical treatment, necessary for compliance with a legal obligation

We will process your relevant financial information (such as your credit card information or other information relevant to your mode of payment), insurance or HMO details, and PhilHealth details to ensure that you are properly billed, that your health insurance benefits under PhilHealth and your insurance or HMO are deducted from your bills, and for the payment and settlement of your bills. 

Legal basis:

Necessary for compliance with a legal obligation

We are required under various regulations to share health information to the Department of Health, PhilHealth, etc. For instance, we are required to report to the DOH selected non-communicable diseases, communicable, infectious and other notifiable diseases, including those that pose a serious health and security threat to the public. We are also required to share information on your diagnosis and treatment to the PhilHealth to accord you the benefits that may be due to you under the National Health Insurance.

Legal basis:

Necessary for medical treatment, Necessary for the protection of life and health

Your medical doctors practice in our institution as consultants. Therefore, they are considered as third parties with whom we must necessarily share your information to provide the medical care you need.

Legal basis:

Legitimate Interest

​

We may send you messages to provide health education content, information about our hospital and the services we offer, information and tools that may help you make informed decisions about your health, feedback forms to assess the quality of our services, etc. Nonetheless, we will only send such messages with your prior consent, unless otherwise allowed under applicable laws.

Legal basis:

Legitimate interest, vitally important interest, and necessary for purposes of medical treatment

We will process your personal information to standardize your information in the hospital, allowing us, ultimately to improve our operations and services. By standardizing your information, we mean that we will reformat and re-organize you information (including those that we are already keeping) so that your information will follow a standardized format thereby allowing us to clean up our records and enhancing patient safety and coordination of care.

​

We will process your name (First, Middle, and Last), date of birth, address, gender, information on your government-issued ID (e.g., PhilHealth number), and phone number to unify our records and create a unique patient ID for each of our patients. This will help us understand our patients’ care lifecycle and improve patient safety by ensuring that our healthcare professionals have the latest information available to make informed treatment decisions. The unique patient ID will be the hospital’s foundation for unifying its disparate patient records and for cleaning up and updating its patients’ records. 

We may process patient data for scientific and research purposes only under strict safeguards, in compliance with the Data Privacy Act (DPA), NPC Advisory Opinion 2018-54, and the National Ethical Guidelines for Research Involving Human Participants (NEGRIHP, 2022).

​

Researchers will only be granted access to de-identified or anonymized data unless the use of personal identifiers is essential, justified, and approved by the Research Ethics Committee (REC), or unless consented by the data subject as required by law.

Access to identifiable information (such as names) is prohibited by default and will only be allowed under documented ethics clearance and institutional approval.

All research requests must undergo ethics review and approval prior to data release.

​

Technical and administrative safeguards, including role-based access controls, audit trails, and secure analysis environments, will be implemented to ensure that researchers access only the minimum data necessary for their approved study.

In the interest of full transparency, we also use your information for purposes that are exempt from the Data Privacy Act:

• For scientific and research studies,

• For teaching and training our future doctors-specialist, healthcare professionals, and students in the medical and other healthcare fields, and

• For purposes of our business operations and financial performance reporting, statistical analysis, etc.
   

In all of these cases, we will anonymize or aggregate your information. Otherwise, we will seek your consent prior to using or sharing your information for the above purposes.