PRIVACY NOTICE FOR PATIENTS

Last updated on May 17, 2024

Our role in your privacy

If you are a client or patient of the Riverside Medical Center, Inc., this policy applies to you. It is only natural to want assurance that your data will be in safe hands. We consider your privacy extremely important; through this policy, we will explain which of your data we process and how we handle these data.

Our responsibilities

We act as the ‘personal information controller’ of your personal data processed for the provision of healthcare and healthcare services.

We are registered as a personal information controller with the National Privacy Commission under registration number PIC-000-248-2024 effective until April 23, 2025. Nubbin Bito-on is our data protection officer. You can reach her via email at privacy@rivermedcenter.net.

Your responsibilities

Read this Privacy Policy

If you provide us with personal information about other people, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. By submitting the information, you confirm that you have the right to authorize us to process it on your behalf in accordance with this Privacy Policy.

Types of data we collect

  • Data that identifies you
  • Health, biometric, biological, and medical information
  • Financial Information
  • Contact details
  • Other sensitive personal information that may affect our delivery of healthcare services
  • Other information (e.g., CCTV Footage)

How we use your data

  • To provide you with medical care
  • To communicate with you
  • For billing and payments
  • To comply with legal requirements
  • To coordinate with your healthcare professionals
  • To send you marketing messages
  • To improve our services

When and how we collect your data

Here’s when and how we collect data:

  • Through the Admissions Department
  • If admitted, in the course of your care, through our in-patient services
  • In an emergency, through the Emergency Department
  • When you avail of any of our out-patient services, through the relevant department (e.g., laboratory services, diagnostic imaging services, etc.)

Third parties who process your data

We use third parties to provide and deliver our healthcare services to you. Because of this, it is necessary for us to share your data with these third parties. Your data is shared only when strictly necessary and where there are safeguards. If your data needs to be transferred to a third-party in another country, we will conduct a risk assessment to ensure that there is an adequate level of protection. We will usually include these obligations in our contracts with said third parties. In addition, all data transfers whether within or outside of the Philippines are encrypted.

How secure is the data we collect

We use administrative, technical, organizational and physical security measures that are designed to protect your personal information from unauthorized access, use, alteration and disclosure. We also take steps to ensure that third parties that have access to your personal information take steps to protect the same. However, please remember that:

  • No data transmission is guaranteed to be 100% secure.
  • If you believe your privacy has been breached, please contact us immediately at privacy@rivermedcenter.net.

Where do we store your data

We store physical copies of your data in our Medical Records Department. We also store electronic copies of your information in our Hospital Information System (HIS) that has an on-site server. We shall ensure that proper measures are adopted to protect your information.

How long do we store your data

We will retain your information for as long as necessary to serve the purposes for which they were obtained. Please know, however, that the periods for the retention of medical records are likewise governed by Philippine laws, rules, and regulations, including DOH Department Circular No. 70-1996 (which provides for the retention period of various health records), DOH Department Circular No. 2021-0226, and DOH Administrative Order No. 2022-007 (which provides for retention periods of documents, records, slides and specimens in clinical laboratories). We will, therefore, also retain your information for as long as necessary to comply with our obligations under said laws, rules, and regulations.

Your Privacy Rights and Choices

You have the right to access the information we hold about you

This includes the right to inquire upon:

  • The contents of your personal information that we process,
  • Where we obtained your personal information,
  • Names and addresses of those who received your personal information,
  • Manner by which we process or processed your personal information,
  • Any automated process we employ where your data will or likely be made as the sole basis for decisions affecting, or that may affect, you, etc.

For more information on the matters for which you may demand access, please refer to the Data Privacy Act of 2012 and its implementing rules.

You have the right to make us correct any inaccurate information about you.

You have the right to lodge a complaint regarding our use of your data.

Please tell us first, so we have a chance to address your concerns. If we fail to do this, you may lodge your complaint with the National Privacy Commission.

Please note that you have other rights under the Data Privacy Act of 2012, in addition to those which we have listed in this Notice.

Changes to our Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Any changes will be effective immediately upon posting the updated Privacy Policy on our website.

NPC Seal of Registration

The Company is duly registered with the National Privacy Commission as shown through our NPC Seal of

Registration. As an individual whose personal data is collected, stored, and processed, you are entitled to (subject to the exceptions set out in the DPA) the following rights: