TARLAC MEDICAL CENTER

PRIVACY STATEMENT / PRIVACY POLICY

1. INTRODUCTION

Tarlac Medical Center ( “We”, “Our”, or “the Hospital”) respects and upholds your right to privacy in accordance with the Data Privacy Act of 2012 and applicable regulations issued by the National Privacy Commission. We are committed to protecting the personal data and sensitive personal information of our patients, employees, website users, and other stakeholders. This Privacy Statement explains how we collect, use, store, disclose, retain, and protect your personal data, and how you may exercise your rights as a data subject.

2. IDENTITY OF THE PERSONAL INFORMATION CONTROLLER

For purposes of the Data Privacy Act, the Personal Information Controller (PIC) responsible for processing your personal data is: Personal Information Controller (PIC): Tarlac Medical Center Tarlac Medical Center determines the purposes and means of processing personal data in relation to healthcare services, hospital operations, regulatory compliance, and website interaction. As the PIC, Tarlac Medical Center ensures that all processing activities comply with applicable data privacy laws and regulations.

3. PERSONAL DATA WE COLLECT

We collect personal data necessary for hospital operations, including:

3.1 General Personal Information

• Full Name
• Address
• Date of Birth
• Sex / Gender
• Civil Status
• Contact Information (Mobile Number, Email Address)
• Nationality / Citizenship

3.2 Sensitive Personal Information

• Medical history and diagnosis
• Laboratory and diagnostic results
• Vital signs and clinical records
• Medication and treatment details
• Surgical and procedure records
• Government-issued identifiers (e.g., PhilHealth Number)

3.3 Other Information

• Emergency contact / next of kin
• Billing and financial information
• CCTV recordings within hospital premises
• Website usage data (IP address, browser logs, cookies where applicable)

4. HOW AND WHEN WE COLLECT DATA

We collect your personal data through:

• Patient registration and admission
• Medical consultations and treatment
• Laboratory and diagnostic procedures
• Billing and claims processing
• Website forms and online inquiries
• CCTV monitoring within hospital premises
• Communication with hospital personnel

We collect data before, during, and after service delivery, depending on operational, legal, and regulatory requirements.

5. PURPOSE OF PROCESSING

5.1 Healthcare Service Delivery

To provide diagnosis, treatment, monitoring, and continuity of care.

5.2 Patient Management

To maintain accurate medical records and coordinate among healthcare providers.

5.3 Billing and Claims Processing

• PhilHealth
• Insurance companies
• HMOs
• Employers (if applicable)

5.4 Regulatory Compliance

• Department of Health (DOH)
• PhilHealth
• Other government agencies

5.5 Communication

To contact patients or authorized representatives regarding care, billing, or services.

5.6 Security and Safety

To ensure safety through CCTV and monitoring systems.

5.7 Research, Training, and Statistical Analysis

Only when allowed by law or with proper safeguards or consent.

6. LEGAL BASIS FOR PROCESSING

• Consent of the data subject
• Legal obligation
• Vital interests (emergency medical situations)
• Contractual necessity
• Legitimate interests of the hospital

7. DATA SHARING AND DISCLOSURE

7.1 Internal Units

• Doctors
• Nurses
• Laboratory
• Billing Department
• Medical Records

7.2 Government Agencies

• Department of Health (DOH)
• PhilHealth
• Other authorized regulatory bodies

7.3 Third Parties

• Insurance providers
• HMOs
• Service providers and system vendors
• External laboratories (if required)

7.4 Legal Disclosure

• Court orders
• Law enforcement agencies
• Legal processes

All sharing is subject to data sharing agreements, confidentiality obligations, and applicable laws.

8. DATA RETENTION

• In accordance with DOH guidelines
• Based on legal and operational requirements
• As necessary for patient care, billing, and compliance

After the retention period:

• Data is securely archived or destroyed
• Disposal follows hospital policies and secure destruction procedures

9. DATA STORAGE AND SECURITY MEASURES

9.1 Organizational Measures

• Privacy policies and procedures
• Staff training and confidentiality agreements
• Role-based access policies

9.2 Physical Measures

• Restricted access areas
• Secured storage facilities
• CCTV monitoring

9.3 Technical Measures

• Role-Based Access Control (RBAC)
• Encryption
• Secure databases and servers
• Firewalls and network protection
• Backup and disaster recovery systems
• Audit logs and monitoring

10. DATA SUBJECT RIGHTS

• Be informed
• Access your personal data
• Correct inaccurate data
• Object to processing
• Withdraw consent
• Request deletion or blocking
• Data portability
• File a complaint
• Claim damages

11. DATA SUBJECT REQUEST PROCESS

1. Submit a written request
2. Identity verification
3. Evaluation by the Data Protection Officer
4. Response within a reasonable period
5. Documentation and resolution

12. RISKS AND SAFEGUARDS

• Unauthorized access
• Data breaches
• Human error
• System vulnerabilities

We implement preventive, detective, and corrective controls to mitigate these risks.

13. CCTV AND SECURITY

• Safety and security
• Monitoring and incident investigation

Cameras are placed in appropriate areas and accessed only by authorized personnel.

14. WEBSITE PRIVACY

14.1 Website Data Collection

• IP address
• Browser and usage logs
• Cookies (if applicable)

14.2 Online Forms

Data collected through forms is used only for its intended purpose.

14.3 Website Security

Secured through appropriate technical measures.

15. THIRD-PARTY LINKS

Our website may contain links to third-party websites. Our hospital is not responsible for their privacy practices.

16. DATA PROTECTION OFFICER (DPO)

Florante Lulu
(Data Protection Officer)
Tarlac Medical Center
Email: luluflorante@gmail.com
Contact Number: +639502317771

17. COMPLAINTS

If your concern is not resolved, you may file a complaint with the National Privacy Commission.

18. UPDATES TO THIS POLICY

This Privacy Statement may be updated from time to time to reflect changes in legal, regulatory, or operational requirements.