Patient Privacy Notice

Holy Name University Medical Center, Inc.

Introduction

Holy Name University Medical Center Inc. (HNUMCI) is a private healthcare institution committed to delivering accessible, and high-quality medical and related services to its patients and clients, while upholding all applicable laws and promoting a culture of compassion, respect, and professionalism.

In pursuit of this commitment, HNUMCI, ensures that all standards for the protection of Personal Information are consistently observed in compliance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012, its Implementing Rules and Regulations, and other relevant laws, including issuances from the National Privacy Commission (collectively referred to as the “Privacy Laws”).

Purpose of This Policy

This Privacy Policy outlines HNUMCI continuing obligations with respect to the collection, use, processing, storage, and disclosure of Personal Information.

It aims to ensure that all appropriate standards for data protection are effectively and efficiently implemented. This Policy also establishes and communicates the procedures of HNUMCI in handling Personal Information obtained from its patients, clients, partners, and users of its services and digital platforms.

Under the Data Privacy Act of 2012, Personal Information refers to any data that can identify a person, either alone or when combined with other information. This includes, but is not limited to, name, contact details, address, and medical information.

To provide safe and quality healthcare services, HNUMCI through its authorized doctors, nurses, and medical staff, collects, records, stores, uses, and processes Personal and Sensitive Personal Information as part of the patient’s medical record. These data are used for diagnosis, treatment, continuity of care, billing, insurance processing, and hospital management.

Holy Name University Medical Center Inc. collects the following Personal Data:
  1. 1.1 Basic information such as, but not limited to, name, address, date of birth, sex, religious affiliation, contact information, occupation, marital status, and citizenship.
  2. 1.2 Contact details of significant others, relatives, guardian, or next of kin, including address, email, mobile, and telephone numbers.
  3. 1.3 PhilHealth number, SSS number, GSIS number, and insurance details.
  4. 1.4 Chief complaint(s) and reason for consultation or admission.
  5. 1.5 Medical and health information, including medical history (such as previous admissions, existing illnesses, allergies, and medication intake), height, weight, blood type, and genetic information when necessary.
  6. 1.6 Vital signs such as blood pressure, temperature, pulse rate, respiratory rate, and oxygen saturation
  1. 1.7 Results of laboratory tests, imaging (x-rays, CT scans, MRI), and other diagnostic procedures
  2. 1.8 Treatment plans, procedures performed, medications prescribed, and progress notes
  3. 1.9 Billing, payment, and insurance claim information
  4. 1.10 Consent forms, referrals, and discharge summaries
  5. 1.11 Other information necessary for proper medical care and hospital operations
These data may also be used for coordination of care with other healthcare providers, compliance with legal and regulatory requirements, medical auditing, and reporting to authorized government agencies when required by law.

Before availing of healthcare services, HNUMCI collects accurate and updated Personal and Health Information through both electronic systems and paper-based forms, as required by its clinical departments and administrative offices.

Personal Information may be collected from various sources, including interviews, admission and registration forms, telephone calls, emails, hospital websites, and other authorized third-party sources. However, most of the information we process is voluntarily provided by the patient or their authorized representative.

You provide your Personal Information when you:
  1. 2.1 Avail of or apply for hospital services by completing registration, admission, or consultation forms, including online or in-person processes through our outpatient department or hospital personnel;
  2. 2.2 Are referred to the hospital by your attending physician or healthcare provider for diagnosis, treatment, or management, whether as an inpatient or outpatient;
  3. 2.3 Contact the hospital for inquiries, complaints, requests for medical records, medical certificates, or other related services;
  1. 2.4 Participate in hospital-conducted research studies, surveys, or quality improvement activities;
  2. 2.5 Join hospital-sponsored or partner-led activities such as seminars, conferences, trainings, focus group discussions, and similar events; and
  3. 2.6 Apply for employment or engage in recruitment-related processes with the hospital.

HNUCMI generally collects Personal Data from Data Subjects upon entry to the hospital or at the onset of a service, or transaction with HNUMCI, such as medical care, medical consultation, laboratory service and health-related services.

  1. 4.1 Medical Treatment and Patient Care
    Your Personal Information is collected and used to provide appropriate medical diagnosis, treatment, and care. This allows the healthcare team to properly assess your condition, maintain accurate medical records, and ensure continuity of care during follow-up consultations or future medical services. In accordance with the Data Privacy Act of 2012, your medical records are securely maintained to support effective communication among healthcare professionals involved in your care.

  2. 4.2 Reporting and Legal Requirements
    Personal and health information may be disclosed to government agencies such as the Department of Health (DOH) or other regulatory bodies when required by law, particularly for disease surveillance, public health monitoring, and reporting of communicable or non-communicable diseases.
    Information may also be shared with the Philippine Health Insurance Corporation (PhilHealth) and other relevant agencies as required for compliance with legal and regulatory obligations.

  3. 4.3 Admission, Billing, and Claims Processing
    Your Personal Information may be used for hospital admission, billing, and financial transactions. This includes disclosure to PhilHealth, Health Maintenance Organizations (HMOs), insurance providers, social welfare agencies and employers for purposes of claims processing and reimbursement of hospital expenses.

  1. 4.4 Administrative, Legal, and Regulatory Compliance
    We may process and disclose Personal Information to comply with administrative, judicial, legal, and regulatory requirements. This includes audits, investigations, reporting obligations, and transparency requirements mandated by law or regulatory authorities.

  2. 4.5 Institutional Functions and Operations
    Holy Name University Medical Center Inc. may process Personal Information as necessary to fulfill its obligations, exercise its rights, and perform its functions as a healthcare, training, and service institution.

  3. 4.6 Other Legitimate and Lawful Purposes
    Personal Information may also be processed for other purposes that are consistent with the hospital’s Privacy Policy and related policies, rules, and procedures, and as permitted under applicable laws.

  4. 4.7 Consent for Additional Uses
    For purposes not covered above—such as participation in training, research studies, surveys, or direct marketing activities—HNUMCI shall obtain your prior informed consent or that of your authorized representative before processing your Personal Information.

The committees, offices, and units of HNUMCI handle the physical and electronic data processing systems where Personal Information is kept. Physical documents are typically stored in drawers or shelves in folders or envelopes. Electronic documents are generally stored on servers owned or managed by HNUMCI, or in cloud storage managed or made available by HNUMCI.

Personal Information is transmitted and transferred in accordance with the Data Privacy Act of 2012 and its Implementing Rules and Regulations, as well as other applicable laws, regulations, and issuances of the National Privacy Commission (NPC).

Access to your Personal Information is strictly limited to authorized individuals and entities who require such information for the performance of their duties and the delivery of healthcare services.


These include:

  1. 6.1 Healthcare Professionals
    Doctors, nurses, and other healthcare professionals, whether employed by or affiliated with HNU Hospital, who are duly authorized to create, access, review, update, and manage patient medical records in relation to diagnosis, treatment, and continuity of care.

  2. 6.2 Hospital Departments and Units
    Relevant departments and units of the hospital that require access to Personal Information for the performance of their official functions, including patient care coordination, diagnostic services, pharmacy services, billing, and other related hospital operations.

  3. 6.3 Health Maintenance Organizations (HMOs), Insurance Providers, and Government Agencies
    Accredited HMOs, insurance providers, and government agencies such as the Philippine Health Insurance Corporation (PhilHealth), when necessary for billing, claims processing, reimbursement, and compliance with applicable laws, rules, and regulations.

  1. 6.4 Volunteers and Partner Organizations
    Duly authorized volunteers, religious groups, and charitable or non-profit organizations assisting within the hospital premises. This includes religious ministers such as priests or pastors who may provide spiritual care or rites to patients or the deceased.

  2. 6.5 Hospital Employees and Personnel
    All authorized employees and personnel who require access to Personal Information in the performance of their duties, including administrative staff, billing officers, dietary personnel, and other support service staff involved in patient care and hospital operations.

  3. 6.6 Third-Party Service Providers Operating Within Hospital Premises
    Accredited third-party service providers operating within the hospital, such as security, janitorial, and other support service contractors, who are granted limited access to Personal Information strictly for operational, safety, and security purposes, and only to the extent necessary.

Pursuant to the Data Privacy Act of 2012, its Implementing Rules and Regulations, and issuances of the National Privacy Commission, HNUMCI is committed to protecting your Personal Information under strict confidentiality.

We ensure that your Personal Information is collected, processed, stored, and disposed of in accordance with the following data privacy principles:
  1. 7.1 Transparency
    We inform you of the nature, purpose, and extent of processing of your Personal Information, including your rights as a data subject, in clear and understandable language.

  2. 7.2 Legitimate Purpose
    We process Personal Information only for lawful, declared, and legitimate purposes related to the delivery of healthcare services and hospital operations.

  1. 7.3 Proportionality
    We collect and process only data that is adequate, relevant, and necessary for the intended purpose, and not excessive.

Your Personal Information is protected through appropriate technical, organizational, and physical security measures to prevent loss, unauthorized access, alteration, or disclosure.

When no longer necessary for its intended purpose, your Personal Information is securely disposed of or retained only for the period required by law and applicable regulations.

HNUMCI uses Personal Information only as necessary and in a proportionate manner for legitimate healthcare and operational purposes, in accordance with hospital policies.

All processing of Personal Information is conducted in compliance with the Data Privacy Act of 2012, as well as relevant issuances of the National Privacy Commission, the Department of Health, and other applicable laws, rules, and regulatory requirements.

HNUMCI ensures that all Personal Information under its custody is protected against unauthorized access, alteration, disclosure, and other unlawful processing through appropriate security measures.

Personal and health records are securely stored in hospital systems and approved storage facilities, with controlled access for both electronic and physical files.

Records are retained only for as long as necessary for patient care or as required by applicable laws, regulations, and hospital policies, following guidelines from relevant government agencies, including the Department of Health and the National Archives of the Philippines.

After the retention period, Personal Information is securely disposed of or anonymized to prevent unauthorized use or disclosure.

Under the Data Privacy Act of 2012, you have the following rights regarding your Personal and Health Information.

You have the right to be informed whether your Personal Information is, has been, or will be collected and processed, including the purposes, storage period, and any automated processing or profiling involved.

You have the right to access and request a copy of your Personal and Health Information held by HNUMCI. You also have the right to request correction of inaccurate or incomplete data. Requests must be made in writing and may require supporting documents. If a request is denied, the hospital will provide a written explanation.

The following medical information may be requested:
  1. 10.1 Clinical Abstract or Discharge Summary
  2. 10.2 Laboratory and Diagnostic Results
  3. 10.3 Record of Operation or Delivery
  1. 10.4 Operative Technique Report
  2. 10.5 Medical Certificate or Certificate of Confinement
Requests for medical records must be submitted to the Medical Records Office. Applicable fees may apply.

You have the right to object to or withdraw consent for certain processing activities, such as direct marketing, training, or research, subject to legal and contractual limitations.

You also have the right to suspend, withdraw, or request the blocking, removal, or destruction of your Personal Information if there is sufficient basis such as inaccurate, incomplete, unlawfully obtained, or unauthorized processing of data.

You may request reasonable restrictions on the use or disclosure of your Personal Information. However, the hospital may not always grant such requests, particularly when required for emergency treatment, compliance with legal obligations, or coordination with insurance providers, government agencies, or other authorized entities.

You have the right to file a complaint and seek damages for any violation of your rights as a data subject under applicable laws.

Upon death or incapacity, these rights may be exercised by your lawful heirs or authorized representatives, in accordance with applicable laws and regulations.

From time to time, HNUMCI may update or revise this Privacy Statement and Privacy Policy to comply with government and regulatory requirements, adapt to new technologies and systems, align with industry standards, or for other legitimate operational purposes.

In the event of significant changes, notice will be provided to Data Subjects through appropriate communication channels. Where required by law, HNU Hospital shall also obtain updated consent prior to the continued processing of Personal Information under the revised policy.

  • Personal Information – Any information from which the identity of an individual is apparent or can be reasonably and directly ascertained, or when combined with other information would identify an individual.

  • Sensitive Personal Information – Personal information that requires stricter protection, such as health records, medical history, and government-issued identifiers.

  • Data Subject – An individual whose Personal Information is collected, recorded, stored, or processed by HNUMCI.

  • Processing – Any operation performed on Personal Information such as collection, recording, storage, retrieval, use, disclosure, or disposal.

  • Data Controller – Holy Name University Medical Center Inc., which determines the purpose and means of processing Personal Information.

HNUMCI implements strict security measures to protect Personal Information against unauthorized access, disclosure, alteration, or destruction.

In the event of a personal data breach, HNUMCI shall:
  1. 13.1 Immediately take steps to contain and mitigate the breach;
  2. 13.2 Conduct an internal investigation and risk assessment;
  3. 13.3 Notify the National Privacy Commission (NPC) and affected Data Subjects when required by law;
  4. 13.4 Provide information on the nature of the breach, affected data, and measures taken to address it.
HNUMCI shall also implement corrective and preventive actions to avoid similar incidents in the future.

The confidentiality of your health information is an essential part of the care we provide. You may submit a written complaint or inquiry to the HNUMCI Data Privacy Office regarding concerns on the processing of your protected health information, or if you believe that your privacy rights have been violated.
Data Protection Officer (DPO)
Holy Name University Medical Center Inc.
0476 HNU Campus, J.A. Clarin Street
Tagbilaran City, Bohol, Philippines
Email: dpo@hnumci.com
National Privacy Commission
5th Floor Delegation Building, PICC Complex
Roxas Boulevard
Globe: 0945 153 4299
Smart: 0939 963 8715