Digital Front Door

Privacy Policy Updates

Effective October 2024

Data Controllers

Metro Pacific Health Corporation [NPC Registered until 10 November 2024]
5/F Tower 1, Rockwell Business Center Ortigas, Avenue, Brgy. Ugong, Pasig City 1604
Email Address: contact@mph.com.ph

Jane Catherine Rojo Tiu is our data protection officer. You may send your concerns or queries on the MPH Digital Front Door to her via 1.5support@checkapprx.com.

The Hospital of which you are a client or patient. Each Hospital listed at the end of this Notice may act as a co-personal information controller. Only the Hospital where you are a client or patient collects, uses, and processes your information under this Notice.

Our role in your privacy

If you are a client or patient of any of the Hospitals listed at the end of this Notice using the MPH Digital Front Door, this policy applies to you. It is only natural to want assurance that your data will be in safe hands.

Our responsibilities

We act as the ‘co-personal information controllers’ of your personal data processed in the MPH Digital Front Door for the provision of healthcare services.

Your responsibilities

  • Read this Privacy Policy
  • If you provide us with personal information about other people, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. By submitting the information, you confirm that you have the right to authorize us to process it on your behalf in accordance with this Privacy Policy.

Types of data we collect

Data that identifies you

• Your name, age, and birthdate, marital status, PhilHealth number, SSS or GSIS number, the details of your valid government identification card, etc.

Health, biometric, biological, and medical information

• Your height, weight, blood type, current symptoms, medical history (including family medical history), information about your lifestyle (e.g., consumption of alcohol or tobacco products), vital signs (temperature, blood pressure, heart rate, etc.), diagnostic information, treatment information (details of surgeries, medications prescribed, doses, administration times, and other treatments). If you have been admitted to the hospital we will also collect information on your medical condition and changes in your condition, treatment responses and outcomes, discharge status, and follow-up care instructions.

Financial Information

• Credit/debit card details, details of your employer, etc.

Contact details

• Your contact number, email address, and home address, as well as the contact details of your next of kin or emergency contact.

Other sensitive personal information that may affect our delivery of healthcare services

• This information may include uploaded images, or your audio and video when consulting online through the MPH Digital Front Door.

How we use your data

We process data about all patients at our hospital. By ‘process’, we mean, for example, that we will save or add to your data, or that we will share them with your healthcare providers (e.g., your physicians), and delete them at a later date. If you receive treatment at our hospital, we will process your health and medical information in your patient record. Under no circumstances will we process more data than needed to provide you with the appropriate care.

To provide you with medical care

Your personal information helps us understand your health history and current health needs to provide you with appropriate medical treatment and services. This includes everything from diagnosing your condition to planning your care and treatment. Your information may be used and accessed by our Hospital’s employees and healthcare providers who are involved in or who have a supporting role in your care and treatment to ensure that you receive the best possible care. These employees and consultants have a statutory duty and/or ethical and professional duties of confidentiality.

We may share your information with other affiliated clinics or hospitals if you are referred to them. But, we will only share your information after you have consented to it.

To enable messaging between you and your healthcare providers

When you send messages through the in-app messaging feature, we use your name and contact details to identify you to the healthcare provider. Your messages and exchanges with your healthcare providers are likewise stored securely so that both you and your healthcare provider may refer back to them.

To share with you (and, if applicable, your clinical provider) clinical documents such as prescriptions, diagnostic and imaging results

We collect necessary personal details, like your name, date of birth, and medical information, to ensure the documents are correctly linked to your profile. Only you and your authorized healthcare providers can access your clinical documents. You can view your documents through the app, and healthcare providers, if authorized, may access them to provide you with the necessary care.

To comply with legal requirements

The Hospital is required under various regulations to share health information to the Department of Health, PhilHealth, etc. For more information, please refer to the Hospital’s main data privacy notice for patients.

What do these legal bases mean?

NECESSARY FOR MEDICAL TREATMENT

We may process your data without your consent if the processing is necessary for us to provide adequate treatment. Necessary means that the processing is not only merely desirable but is essential to the provision of medical treatment. Under this legal basis, we will only process your information to the extent reasonable and using or processing only the data needed to provide said medical treatment.

LAW

In specific instances, we may process your data without your consent, if such processing is required by law and regulations, if said regulations guarantee the protection of the information and do not require the consent of the data subjects. We will only process your information to the extent reasonable and only for purposes of fulfilling the relevant legal or regulatory requirements.

NECESSARY FOR THE PROTECTION OF LIFE AND HEALTH

We may process your data without your consent if it is necessary for the protection of your or a third person’s life or health but you or the third person are physically or legally unable to provide consent. We will only process your information to the extent reasonable and using or processing only the data needed for the protection of your or a third-person’s life and health.

FULFILMENT OF A CONTRACT

We may process your data without your consent if it is necessary to perform a contract or provide a service you have requested. For example, if you request laboratory or imaging procedures, we will need to collect information on the specific test being ordered, the doctor’s request, and your payment information. We will only use the information to facilitate the provision of the services requested.

When and how we collect your data

Here’s when and how we collect data:

DATA YOU GIVE
DATA WE COLLECT

When you create an account or modify your existing account

When you create your account in the MPH Digital Front Door, we collect your Name, Date of Birth, Age, Country of Birth, Sex, Nationality, and email address. To further verify your account we will also collect information on your valid government-issued ID (e.g., SSS, GSIS, PhilHealth, UMID identification). If you update or modify your existing account, we collect the information that you updated or modified.

When you book or use any service

When you book or use any service within the MPH Digital Front Door (e.g., teleconsultation), or any service in the Hospital, we collect information necessary to render the services booked. For instance, when booking a teleconsultation, we will collect information on your symptoms, HMO details, Senior Citizen or PWD ID (if applicable), laboratory or imaging results (if applicable); when booking a diagnostic test in the Hospital, we will collect information on the procedure requested, your details or the details of the third person you are booking the service for, your Senior Citizen or PWD ID (if applicable), and your payment details.

When you use the in-app messaging feature

When you correspond with your healthcare providers using the in-app messaging feature we may collect your messages, including any files or photos uploaded in your message threads.

Your privacy rights and choices

You have the right to access the information we hold about you

This includes the right to inquire upon:

  • The contents of your personal information that we process,
  • Where we obtained your personal information,
  • Names and addresses of those who received your personal information,
  • Manner by which we process or processed your personal information,
  • Any automated process we employ where your data will or likely be made as the sole basis for decisions affecting, or that may affect, you, etc.

For more information on the matters for which you may demand access, please refer to the Data Privacy Act of 2012 and its implementing rules.

You have the right to make us correct any inaccurate information about you

You have the right to lodge a complaint regarding our use of your data

Please tell us first, so we have a chance to address your concerns. If we fail to do this, you may lodge your complaint with the National Privacy Commission.

Please note that you have other rights under the Data Privacy Act of 2012, in addition to those which we have listed in this Notice.

Third parties who process your data

We use third parties to provide and deliver our healthcare services to you. Because of this, it is necessary for us to share your data with these third parties. Your data is shared only when strictly necessary and where there are safeguards. If your data needs to be transferred to a third-party in another country, we will conduct a risk assessment to ensure that there is an adequate level of protection. In addition, all data transfers whether within or outside of the Philippines are encrypted. Below are the third-parties who help us process your data:

Health and Medical Services

Third Party:

Medical Consultants

Data Collected or Shared:

Personal identifiers of patients and their medical and clinical information

Purpose:

To render medical care and services

Place of Processing:

Singapore (Since the MPH Digital Platform is hosted on the Microsoft Azure Cloud Service in Singapore, all processing of information through the MPH Digital Front Door is in Singapore. Contractual arrangements are in place to ensure that all processing in Singapore complies with the requirements of Philippine laws.)

Hosting and Storage

Third Party:

Microsoft Azure

Data Collected or Shared:

The MPH DFD is hosted in Microsoft Azure. All information collected, used, or otherwise processed through the MPH Digital Front Door are stored in Microsoft Azure.

Purpose:

To deliver or facilitate the delivery of the Hospital’s medical services through the MPH Digital Front Door.

Place of Processing:

Singapore

Payments

Third Party:

HMOs

Data Collected or Shared:

Letter of Guarantee

Purpose:

To settle the payment for services provided or to be provided.

Place of Processing:

Singapore

How secure is the data we collect

We use administrative, technical, organizational and physical security measures that are designed to protect your personal information from unauthorized access, use, alteration and disclosure. We also take steps to ensure that third parties that have access to your personal information take steps to protect the same. However, please remember that:

  • No data transmission is guaranteed to be 100% secure.
  • If you believe your privacy has been breached, please contact us immediately at 1.5support@checkapprx.com.

Where do we store your data

The information collected and processed in the MPH Digital Front Door are stored in Microsoft Azure.

How long do we store your data

We will retain your information for as long as necessary to serve the purposes for which they were obtained. Please know, however, that the periods for the retention of medical records are likewise governed by Philippine laws, rules, and regulations, including DOH Department Circular No. 70-1996 (which provides for the retention period of various health records), DOH Department Circular No. 2021-0226, and DOH Administrative Order No. 2022-007 (which provides for retention periods of documents, records, slides and specimens in clinical laboratories). We will, therefore, also retain your information for as long as necessary to comply with our obligations under said laws, rules, and regulations.

Changes to this Notice

We may change or update our Notice to comply with regulatory requirements, adapt to new protocols, align with industry practices, and for other legitimate purposes. We will let you know should we implement any such changes at the earliest opportunity. If necessary, we will also obtain your updated consent.

If you have any questions about this Notice, you may contact the MPH and/or the relevant Hospital’s Data Protection Officer as per below:

Digital Front Door

Digital Front Door — Healthcare made convenient and easy.

Digital Front Door helps you find the right doctor and book an appointment for an in person visit at the doctor’s office or for a virtual consultation.

It allows you to order medicines, get diagnostics tests done and access your electronic medical records safely and securely.

LinkedInFacebookInstagramTiktokYoutube

Specialties

Locations

Applications

© 2024 Digital Front Door. All rights reserved.