Heartland Medical and Diagnostics Laboratory recognizes its responsibilities under the Republic Act No. 10173, also known as the Data Privacy Act of 2021 (“DPA”) in the Philippines. The company ensures that all personal data collected, recorded, organized, updated, used, consolidated or destructed are secured and protected. Protection of every client’s person information is of utmost importance. Thus, the personal data obtained by the company is entered and stored within the Laboratory’s authorized information and communications system as the personal information controller and will only be accessed by authorized personnel only.
KEY PRINCIPLES
-
Confidentiality
As the Personal Information Controller, we will ensure at all times the confidentiality of any personal information that comes to our knowledge and possession.
-
Security of Personal Information
We will implement necessary and appropriate measures intended for the protection of personal information against any accidental or unlawful destruction, alteration, fraudulent misuse and unlawful disclosure. Only authorized personnel will have access to the data and no third party unless subject of any agreements, consent and/or authorization
-
Accountability
The personal information controller is accountable for complying with the requirements of the Data Privacy Act and shall use contractual or other reasonable means to provide a comparable level of protection while the information are being processed by any third party.
Your personal data is information about you that is necessarily used to determine your identity. With your consent, we collect data which may include the following::
- Name, age, birth date, nationality, citizenship, residence, religion, occupation and contact information;
- Medication or treatment records;
- Medical history which also includes relevel family medical history;
- Result of any laboratory tests and ancillary services;
- Any other information that will help us in providing the health care needed in accordance with the DPA.
WHY WE COLLECT YOUR PERSONAL DATA
- To meet the medical and ancillary needs, programs and services availed;
- To collaborate with other medical health provided, where necessary and upon your consent;
- To access the results right away;
- To be used in research and analysis necessary for relevant government institution’s decision-making, policy-design, and implementation
PERSONAL DATA SHARING
There would be instances wherein it is necessary to share personal data with government institutions and other pertinent agencies which lawfully collects information. The Department of Health may require submission of relevant personal information of patients for purposes of surveillance, monitoring, policy making and implementation.
We may also share personal information with our service providers, partners, affiliates, and other related entities who provide products and services to this Laboratory for the same purpose as explained above.
These personal data as defined herein will not be shared with third parties unless you have consented to it, necessary to protect our interests and permitted by law. All external parties are also subject to the DPA and are integrated into our data protection concept.
HOW WE PROTECT YOUR DATA AND HOW LONG WILL THE DATA BE RETAINED
Data privacy and information security policies are deeply embedded in our system. We set up adequate technical, organizational, and physical security measures to protect your personal data against misuse, unauthorized disclosure, alteration, or destruction. We store personal data in accordance with the guidelines and limitations provided by the Department of Health for retention of medical records.
WHO HAS ACCESS TO THE DATA
Only qualified and authorized personnel with strict confidentiality hold your personal data. They are trained and handle
We train our staff to properly handle your data while service providers, partners, affiliates and related entities who provide products and services to us are aligned with the same set of security standards.
HOW DO WE STORE AND DISPOSE OF YOUR PERSONAL DATA
Heartland Medical and Diagnostic Center stores personal data in a data center (on-premises and cloud) and physical document storage facilities.
It retains personal data in accordance with its operational needs and in compliance with legal and regulatory purposes. Our data retention and disposal policy provides for a period of five (5) years after which processing relevant to the purpose has been terminated.
YOUR DATA PRIVACY RIGHTS
Under the Data Privacy Act of 2012, you have the following rights:
- Right to be informed whether personal information is being or has been processed;
- Right to object to the processing of personal data
- Right to be furnished the information before the entry of any personal information into the system of the personal information controller;
- Right to access your personal data;
- Right to rectify or correct inaccuracies or erroneous data;
- Right to erases, suspend, withdraw or order blocking, removal or destruction of your personal data from the system of the personal information controller when your rights are violated or the data are incomplete, false, unlawfully obtained or processed for purposes against the law;
- Right to be indemnified for damages sustained due to inaccurate, incomplete, false and unlawfully obtained personal data;
- Transmissibility of Rights to lawful heirs and assigns.
SECURITY
In furtherance of our commitment to ensure the security and protection of your personal data acquired through manual or digital forms, reasonable and appropriate safeguards and measures in accordance with the Data Privacy Act of 2012 have been put in place for the maintenance of its integrity, availability and confidentiality.
LIABILITY
In no event that the company will be held liable for any indirect, incidental or special or consequential damages incurred by any third party, whether in an action in contract or tort, even if such party has been advised of the possibility of such damages.
HOW YOU MAY CONTACT US
For any queries, complaints or requests pertaining to this Data Privacy Notice, you may direct your concerns to the Laboratory’s Customer Care via our Corporate Hotline.