Patient Portal

Privacy Policy

OUR COMMITMENT TO UPHOLD THE PRIVACY OF OUR CLIENTS

The University of the East Ramon Magsaysay Memorial Medical Center, Inc. (“The Medical Center”) upholds and respects your rights to privacy and the confidentiality of your personal information. We  aim to comply with all the requirements of the Republic Act 10173, otherwise known as the Data  Privacy Act of 2012, its Implementing Rules and Regulations, National Privacy Commission issuances,  and other applicable laws. 

The Medical Center has adopted privacy policies to ensure that the collection and processing of your  personal information are guided by the following principles: 

  1. Transparency – You are made aware of the nature, purpose, and extent of the processing of your  personal information, including your rights as data subject. 
  2. Legitimacy – The processing of information shall be compatible with a declared and specified  purpose which must not be contrary to law, morals, or public policy. 
  3. Proportionality – The processing of information shall be adequate, relevant, suitable, necessary,  and not excessive in relation to a declared and specified purpose. 

This statement provides the manner we collect and process your personal information every time you  visit our website and online applications, or avail of our services. 

SCOPE OF PROCESSING

This Privacy Notice applies to personal information processed by the Medical Center. Processing  encompasses any operation or set of operations performed upon personal information including, but not  limited to, the collection, recording, organization, storage, updating or modification, retrieval,  consultation, use, consolidation, blocking, erasure, or destruction of data.

WHEN, WHAT AND WHY WE COLLECT YOUR PERSONAL INFORMATION

The Medical Center collects personal information in a variety of sources and forms that may consist of  hard and digital/electronic records. These include the following: 

I. Academe (for applicants, students, and alumni)

    1. Upon application for admission and enrollment
      • Personal information obtained in admission forms (online and hard copies) and enrollment forms, such as name, permanent address, current address, mobile number, landline number, email, birth date, birthplace, age, gender, citizenship, civil status, religion, spouse name, spouse occupation, educational background, financial history, parents/guardians and character references and their personal information; and
      • Other personal information obtained through interviews and entrance/ admission examinations.
    2. During the duration of your stay with us as a student
      • Scholastic records and class attendance;
      • Medical information upon consultation with our clinic;
      • Psychological assessment done by the Guidance and Counseling Office;
      • Incidents that have disciplinary sanctions (e.g., violation of the Medical Center policies, rules, and regulations), pictures and videos of activities you have participated as official documentation; and closed-circuit television (CCTV) recordings within the Medical Center premises.
    3. After your stay with us as a student (e.g., graduation, withdrawal, or dropping from the rolls)
      • Personal information collected in our application for academic forms such as name, degree program, date of graduation, permanent address, email address, landline phone number, mobile number, and period enrolled.
    4. COVID-19 information including vaccination status
    5. Any other information that will enable us in providing you with better academic services.

II. Hospital (for patients)

    1. Upon admission to the Hospital
      • Personal information collected in our Inpatient Form and other admitting forms such as name, permanent address, present address, age, sex, civil status, religion, occupation, contact number, birth date, birthplace, nationality, father’s and mother’s details, spouse details, personal information of person/ parties responsible for your account, Health Maintenance Organization (HMO), and PhilHealth number.
    2. During the duration of your stay with us as patient
      • Previous medical information collected by our hospital staff such as medical history, including where relevant, family medical history, and name of previous health service provider or medical specialist;
      • Current medication or treatment in the Medical Center such as medical diagnosis, laboratory results, vital signs, medicine intake, medical procedures done, and other ancillary services;
      • Personal information collected from medical records for purposes of statistical or scientific research and training; and
      • Personal information collected from surveys for purposes of improving patient services and outcomes.
    3. Any other information that will enable us in providing you with better healthcare services.

III. Research (for faculty, consultants, residents, student researchers, and external researchers)

    1. Before employment in the Medical Center
      • Personal information collected used to screen, document, and verify the applicant’s eligibility for employment including verification of qualifications and background checking;
      • Other personal information in administering your remuneration, statutory deductions, entitlements, and benefits such as Tax Identification Number (TIN), Social Security System (SSS) number, Home Mutual Development Fund (HDMF) number, and Philippine Health Insurance (PhilHealth) number.
    2. During the duration of your stay as personnel of the Medical Center
      • Personal information collected primarily to update employee(s) 201 file
    3. Any other information that will enable us in providing you with better organizational services.

V. Security (for all constituents)

    1. Upon entry to the Medical Center premises
      • Personal information collected mainly as a security measure, such as name, address, purpose of visit, and person to transact with
    2. In case of incident review and investigation
      • Personal information collected mainly as a detective and corrective measure, such as name, address, and contact number of persons involved and witnesses which can help us to investigate any untoward incident
    3. Any other information that will enable us in data gathering useful for planning and improvement of our services.

VI. Administration

    1. Personal information collected pursuant to contractual and legal matters
      • Name and position of authorized representatives of partner institutions towards the advancement of UERMMMCI as an Academic Medical Center;
      • Name and address of litigants and their respective legal counsels in case of legal proceedings
    2. Personal information collected necessary in the formal practice of profession of consultants within the Medical Center
      • PRC license number and PhilHealth accreditation number
      • Bank account details for transmittal of professional fees from patients
      • TIN for withholding tax purposes
    3. Personal information in administering the stipend and statutory deduction of trainees (e.g., residents, Post-Graduate Interns) such as TIN and PhilHealth number (as applicable)
    4. Personal information collected to facilitate commercial transactions
      • Proprietor’s personal information such as name, address, Tax Identification Number (TIN); and
      • Clientele list for purposes of due diligence reviews

    5. Other information that will enable us to facilitate other legitimate transactions. Every personal information is collected only for legitimate purposes, such as: 

      1. Processing applications, academic and employment records, and professional credentials 2. Delivering healthcare, diagnostic, and administrative services 
      2. Complying with legal and contractual obligations 
      3. Conducting research and service improvement 
      4. Ensuring institutional security and safety 

      The legal basis for processing includes: 

      1. Your consent 
      2. Performance of a contract 
      3. Compliance with legal obligations 
      4. Protection of vital interests (life, health, or safety) 
      5. Legitimate interests of the Medical Center or third parties, provided these do not override your  fundamental rights. 

PRIMARY AND SECONDARY USE OF PERSONAL DATA 

Personal information is primarily used to fulfill the purposes for which it was collected, such as service  delivery, education, employment, and healthcare operations. 

Secondary uses may include: 

  1. Research and institutional planning 
  2. Service improvement and analytics 
  3. Marketing of academic and healthcare services (with consent) 
  4. Profiling or automated data analysis for administrative or statistical purposes 

No personal data shall be used for purposes incompatible with those stated unless the data subject  provides specific consent or such use is authorized by law. 

STORAGE AND RETENTION OF PERSONAL DATA 

Personal information is stored securely in both physical and digital forms: 

  1. Physical records are kept in locked filing cabinets with restricted access. 
  2. Electronic data are stored in secured servers protected by encryption, password authentication,  firewalls, and access controls. 

Retention of records is determined by applicable laws or based on the necessity of maintaining the  record for operational, research, or legal purposes. After the retention period expires, data will be  securely disposed of following approved procedures. 

SECURE DISPOSAL OF DATA 

Upon expiration of the retention period or when data are no longer necessary: 

  1. Physical records are shredded or incinerated 
  2. Electronic files are securely deleted or anonymized to prevent recovery or unauthorized access 

SHARING YOUR INFORMATION 

We will not share your information, except under the following conditions: 

  1. As permitted or required by laws, rules, or regulations;
  2. As necessary to protect the interests of the Medical Center; 
  3. With service providers acting on the Medical Center’s behalf who have agreed to protect the  confidentiality of the data; or 
  4. In circumstances where you may have given your specific consent. 

When shared, only the minimum necessary data shall be disclosed, and recipients are required to implement equivalent data protection safeguards. 

SECURITY OF YOUR INFORMATION 

The Medical Center is committed to ensuring the security of your personal information. We implement  reasonable and appropriate physical, technical, and organizational measures to ensure the  confidentiality, integrity, and availability of your personal information. 

These include, but are not limited to: 

  1. Role-based access controls 
  2. Data encryption and secure file transfer 
  3. CCTV and facility access restrictions 
  4. Data protection awareness training for personnel 
  5. Incident response and breach management protocols 

RISKS AND PROTECTIVE MEASURES 

We recognize that data processing carries inherent risks, such as unauthorized access, loss, or  misuse of information. To mitigate these, we:  

  1. Limit access to authorized personnel only; 
  2. Employ encryption and data loss prevention technologies; 
  3. Conduct regular security audits and vulnerability assessments; 
  4. Implement privacy impact assessments (PIAs) 

AUTOMATED PROCESSING 

Our website uses cookies to enhance your visit to our site and to enable us to know browsing habits so we can send you marketing advertisements for academic and healthcare services. Only with your  consent that we may collect personal data from cookies by agreeing to enable them and after which, we  may use this data only for the purpose of sending you our marketing advertisements. 

YOUR RESPONSIBILITY AS DATA SUBJECT 

By voluntarily providing us with your personal data or by signing applicable consent forms, you authorize  the Medical Center, its authorized personnel or service providers to collect, use, store or otherwise  process your personal data in line with the purposes disclosed in the Privacy Policy of the Medical  Center. You are responsible for ensuring that the data you provide are accurate, complete, and updated. 

YOUR RIGHTS AS DATA SUBJECT 

The following are your rights as data subjects and how to exercise them: 

  1. Right to be informed – You have the right to be informed whether your personal data shall be  processed, are being processed, or have been processed, including the existence of automated  decision-making and profiling. 
  2. Right to access – Upon demand, the following shall be furnished to you: contents, sources,  recipients, reasons for disclosure, manner, or automated processes where the data will be made  as the sole basis for any decision that will significantly affect you as a data subject. 
  3. Right to object – You have the right to object to the processing of your personal data, including  processing for direct marketing, automated processing, or profiling. 
  4. Right to erasure or blocking – You have the right to suspend, withdraw or order the blocking,  removal, or destruction of your personal data upon discovery and substantial proof that the data is  false or unlawfully obtained, used for unauthorized and unlawful purposes, and no longer necessary  for the purposes for which they were collected.
  5. Right to damages – You have the right to be indemnified for any damages sustained due to  improper processing of data. 
  6. Right to rectify – You have the right to dispute the accuracy or error in the personal data and  demand its correction unless vexatious or otherwise unreasonable. 
  7. Right to data portability – You have the right to obtain a copy of your data in electronic or  structured format that is commonly used to allow further use. 
  8. Right to file a complaint – As data subject, you have the right to file a complaint with the National  Privacy Commission if your privacy rights have been violated. 

The lawful heirs and assigns of the data subject may invoke the rights of the data subject, for which he  or she is an heir or assignee, at any time after the death of the data subject or when the data subject is  incapacitated or incapable of exercising the rights as enumerated. 

The exercise of these rights is subject to the limitations and conditions prescribed by law and therefore  not absolute at all times. 

NON-APPLICABILITY OF YOUR RIGHTS AS DATA SUBJECT 

In general, even if without consent, the Medical Center may process your personal data: 

  1. For the protection of your life and health or for the protection of another person who, as a data  subject, is not legally or physically able to express his/her consent; 
  2. In responding to a national emergency and to comply with the requirements of public order and  safety; 
  3. In compliance with a legal obligation to which the Medical Center as the Personal Information  Controller (PIC) is subject, including the protection of your lawful rights and defense of legal claims  and other vitally important interests; and 
  4. If it is not otherwise prohibited by law, related to the fulfillment of a contract, or for the legitimate  interests pursued by the Medical Center or by a third party to whom the data is disclosed, except  where such interests are overridden by the fundamental rights under the Philippine Constitution. 

DISCLAIMER: LINKS TO OTHER WEBSITES 

The Medical Center’s website contains links to other websites and we are not responsible for the privacy  practices of these other sites. If you follow a link to any of these websites, please note that they have  their own privacy policies and that we do not accept any responsibility or liability for these policies. Kindly  check the privacy policies before you submit any personal data to these websites. 

CHANGES IN STATEMENT 

Any changes we may make in our privacy notice in the future will be posted on this page even without  prior notice to all our stakeholders. 

CONTACT US 

Data Protection Office 

Business Address: 

2/F Administration Building UERM Memorial Medical Center 

64 Aurora Blvd. Brgy. Dona Imelda Quezon City 1113 

Direct Line: 

(02) 8715-0861 to 77 local 267 

E-mail Address: 

dpo@uerm.edu.ph 

Note: Use Data Privacy Contact Form to submit or file inquiries, concerns, complaints, or to report a security incident or data breach.