Data Privacy Policy

Home / Data Privacy Policy

GENERAL DATA PRIVACY NOTICE

Divine Grace Medical Center (DGMC) respects and upholds your right to privacy. We are committed to protecting personal data in compliance with Republic Act No. 10173 (Data Privacy Act of 2012), its Implementing Rules and Regulations, and the issuances of the National Privacy Commission (NPC).

This Notice applies to all patients, clients, visitors, companions, employees, physicians, suppliers, and other stakeholders whose personal data are collected and processed by DGMC through physical, electronic, and online channels.

1. INFORMATION WE COLLECT

In the course of consultation, admission, treatment, employment, visit, or transaction with DGMC, we may collect and process the following:

a. Personal Information

  • Name, age, date and place of birth, sex, nationality, civil status, citizenship
  • Home and mailing address, contact numbers, email address
  • Occupation, employer, marital status
  • Contact details of relatives, guardians, or next of kin
  • CCTV footage within hospital premises for safety and security
  • Website and Facebook Messenger communications
  • Transactional, billing, and payment-related records

b. Sensitive Personal Information

  • Chief complaints and medical history
  • Diagnoses, treatment plans, prescriptions, and clinical notes
  • Vital signs and results of laboratory tests, imaging, and diagnostic procedures
  • Health insurance, HMO, and PhilHealth information

2. PURPOSE OF DATA PROCESSING

Personal data are collected and processed for legitimate and specific purposes, including but not limited to:

  • Provision of medical care, diagnosis, treatment, and continuity of care
  • Admission, discharge, referral, and follow-up processes
  • Processing of billing, insurance, HMO, PhilHealth, social welfare, and employer-related claims
  • Reporting to government agencies such as the Department of Health (DOH) and PhilHealth, as required by law
  • Patient safety, security, quality improvement, training, and hospital operations
  • Protection of patients, staff, visitors, and hospital property

All processing is conducted in accordance with the principles of transparency, legitimate purpose, and proportionality.

3. LEGAL BASIS FOR PROCESSING

DGMC processes personal data based on lawful grounds under the Data Privacy Act, including:

  • Necessity for the provision of healthcare services or performance of a contract
  • Compliance with legal and regulatory obligations
  • Protection of the vital interests of the data subject
  • Legitimate interests of the hospital
  • Consent of the data subject, when required

4. DATA SHARING AND DISCLOSURE

Personal data may be shared only when lawful, necessary, and secure, including with:

  • Government agencies such as DOH and PhilHealth
  • Health Maintenance Organizations (HMOs), insurers, employers, and social welfare offices
  • Accredited laboratories, diagnostic centers, and professional consultants
  • Service providers and partners covered by Data Sharing or Outsourcing Agreements

All third parties are required to implement appropriate organizational, physical, and technical security measures.

5. STORAGE, RETENTION, AND DISPOSAL

Personal data are stored in secure physical and electronic systems with restricted access. Data is retained only for as long as necessary to fulfill declared purposes or as required by law, in accordance with the DGMC Retention and Disposition Policy (TQMD-QP-010) and applicable laws, including RA 9470.

Upon expiration of the retention period:

  • Physical records are securely destroyed (e.g., shredding)
  • Electronic records are securely deleted or archived

6. ACCESS AND SECURITY MEASURES

Access to personal data is limited to authorized personnel on a need-to-know basis. DGMC implements:

  • Confidentiality obligations for employees and healthcare professionals
  • Physical safeguards (secured rooms, locked cabinets, CCTV)
  • Technical safeguards (access controls, passwords, system monitoring)
  • Organizational safeguards (policies, training, audits, and monitoring)

7. RIGHTS OF DATA SUBJECTS

In accordance with the Data Privacy Act, you have the right to:

  • Be informed about the processing of your personal data
  • Access your personal data
  • Object to data processing under certain conditions
  • Request correction, erasure, or blocking of data on reasonable grounds
  • Request data portability, when applicable
  • Claim damages for violations of your data privacy rights

Requests are subject to verification and applicable legal and medical requirements.

8. DATA BREACH AND SECURITY INCIDENTS

DGMC maintains procedures for managing data breaches and security incidents. In the event of a personal data breach that may pose a real risk of serious harm, DGMC shall notify the National Privacy Commission and affected data subjects in accordance with law.

9. ONLINE AND DIGITAL COMMUNICATIONS

When communicating with DGMC through the website or Facebook Messenger:

  • Please avoid sending highly sensitive personal or medical information unless necessary
  • Online platforms may be subject to third-party privacy policies
  • Communications are handled in accordance with DGMC’s official online privacy policies

10. CHANGES TO THIS NOTICE

DGMC may update this General Data Privacy Notice from time to time to reflect changes in law, policy, or operations. Updates take effect upon posting.

11. CONTACT INFORMATION

For inquiries, concerns, or requests regarding your personal data, please contact:

Data Protection Officer
Total Quality Management Department
Divine Grace Medical Center
6th Floor, Medical Arts Building
City of General Trias, Cavite, Philippines
📧 qad@divinegracemedicalcenter.com
☎ (046) 482-6888 local 2606