Privacy Policy
Healthway Medical Network Privacy Policy
- Privacy Statement
Each of the members of the Healthway Medical Network, HMC, Inc., Mercado General Hospital, Inc., Mercado General Hospital Sta. Rosa, Inc., Mercado General Hospital San Jose Del Monte, Inc., Mercado Ambulatory and Surgical Center, Inc., Panay Medical Ventures, Inc., and Zodiac Health Ventures, Inc., (collectively, the “Healthway Medical Network”, and each, a “Healthway Medical Network Company”) values an individual’s right to privacy. As such, we ensure that all personal data collected from our customers, vendors, partners, employees, agents and other stakeholders and processed by the organization, our subsidiaries and affiliates are protected at all times in accordance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (“Data Privacy Act”), its corresponding Implementing Rules and Procedures (“IRR”), and the existing Memorandum Circulars and Advisories issued by the National Privacy Commission (“NPC”). Likewise, we make it a point to inform individuals from whom we collect such data of our personal data processing activities and to respect and enforce their rights as data subjects.
- Scope
- This document enumerates Healthway Medical Network’s organizational policy in relation to the collection, use, storage, sharing and disposal of all personal data processed by the organization in accordance the Data Privacy Act, its IRR, and all related issuances of the NPC.
- The Healthway Medical Network maintains the right to amend and/or modify this document to comply with any future developments in local and/or foreign data privacy regulations where applicable and to reflect any changes in the organization’s policies and/or personal data processing activities.
- This document applies, in general, to all personal data processing activities conducted by each Healthway Medical Network Company, its subsidiaries and affiliates, including, but not limited to, the collection, use, storage, sharing and disposal of all personal data about our customers, vendors, partners, employees, agents and other stakeholders subject to their individual right to expressly provide a separate privacy policy.
- Definition of Terms
- Data Subject refers to any individual whose personal data is processed.
- Data Sharing refers to the disclosure or transfer to a third party of personal data under the control or custody of a personal information controller. The term excludes outsourcing, or the disclosure or transfer of personal data by a personal information controller to a personal information processor.
- Processing refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
- Personal Information refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
- Personal Information Controller refers to any person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf.
- Personal Information Processor refers to any natural or juridical person qualified to act as such under this Act to whom a personal information controller may outsource the processing of personal data pertaining to a data subject.
- Sensitive Personal Information refers to personal information (a) about an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations; (b) about an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings; (c) issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and (d) specifically established by an executive order or an act of Congress to be kept classified.
- Personal Data collectively refers to all categories of personal information.
- Collection and Use of Personal Data
- Information We Collect, and for What Purpose
Each Healthway Medical Network Company collects and processes the following types of Personal Information, among others:
- Basic personal information, such as your name, date of birth, gender at birth, nationality, and identity supporting documents including SSS ID, Driver’s License or Passport
- Contact details, such as residential address, telephone or landline number, mobile phone number, and e-mail address
- Patient’s vital signs, medical history and complaints, initial medical impression and diagnosis, laboratory requests and results, assessments and progress reports, prescription
- Employment details, such as job position and affiliated company
- Insurance details, such as insurance coverage, name of dependents and personal information of dependents
- Payment details such as bank, credit card number, and mode of payment
- Social media Profile and/or postings and information
- Any other personal information appearing from other publicly available sources
- Purpose of Collection and Processing
In general, each Healthway Medical Network Company collects and processes Personal Information for purposes of service fulfilment, the achievement of strategic corporate objectives and development, internal operations, communications and administration, human resource and financial management, and compliance to applicable laws, rules and regulation. Purposes of collection and processing of Personal Data includes the following:
- Patients
- For diagnosing and treating the medical condition
- For ensuring the continuity of patient care and improved patient experience
- For accounting, auditing, billing, reconciliation and processing of claims and financial assistance
- For outsourcing certain services to third parties performing activities for or in behalf of the relevant Healthway Medical Network Company, to the extent necessary
- For business purposes to provide the services availed of, to inform you about products and services
- For data analytics
- For scientific research and similar purposes
- For audits, crime/fraud monitoring and prevention, security, developing new products and/or services, testing, enhancing, improving or modifying services, identifying usage trends, determining the effectiveness of promotional campaigns, and operating and expanding the business
- For compliance with applicable laws and regulations
- To exercise or defend any legal claims of the organization
- Vendors, Partners, and other Business Contacts
- For conducting the appropriate and necessary due diligence
- For verification, assessment and accreditation
- For communication and maintenance of continued business relations
- To exercise or defend any legal claims of the organization
- For the fulfillment and enforcement of contractual terms and obligations
- Employees
- For administrative and human resource development purposes
- For compliance with application laws and regulations
- To exercise or defend any legal claims of the organization
- Shareholders
- To administer, monitor and manage the relationship between the relevant Healthway Medical Network Company and its shareholders, including the protection of their rights under the applicable laws and regulations
- To communicate to shareholders all relevant information regarding the organization’s performance, activities, policies, management and operations
The purposes set forth above are not exhaustive, and may be amended from time to time, subject to compliance with applicable laws and regulations.
- Patients
- How We Collect your Data
- Directly from patients or their authorized representatives with the authority to disclose, when the patients avail of any of our medical services and/or products
- When patients, among others, contact a Healthway Medical Network Company through its agents and representatives, and sign up to receive communications from us, respond to our surveys, participate in our events, and/or receive queries, requests, and complaints from them
- Indirectly through third-party sources such as social media sites, publicly available databases and government repositories and/or from other customers
- When patients visit the Healthway Medical Network website and social media profiles, and use the latter’s digital platforms and/or mobile applications
- When individuals representing or affiliated with vendors, partners, investors, and other business contacts voluntarily provide a Healthway Medical Network Company with their contact information in order to develop business relations and/or complete legitimate transactions with them
- Directly from our employees and job applicants through their curriculum vitae, personal information sheets, submitted medical records and government documents, and interview and training assessment results conducted by authorized personnel, and pre-employment health screening and indirectly from the verification efforts of third-party employee background/screening service providers, job search sites and/or other social media sites and references from previous employers and other third parties
- Information We Collect, and for What Purpose
- Disclosures of Information
Healthway Medical Network generally does not sell or disclose the personal data processed to third parties without the consent of data subjects, unless: (a) legally required to do so; (b) if it is necessary to fulfill the purposes for which Personal Information is processed; or (c) if such action is necessary to protect, defend and/or enforce the rights of a Healthway Medical Network Company, property or the personal safety of its employees and other individuals. Each Healthway Medical Network Company allows access to personal data to authorized third-party service providers/suppliers/subcontractors/contractors who provide outsourced functions, including, among others:
- Electronic medical records system and other digital solutions to improve the delivery of medical services
- Automated payroll processing and management to ensure timely and proper compensation as well as compliance to existing employment regulations
- Automated human resource database, loans, and benefits management systems
- Cloud storage systems to meet the Healthway Medical Network Company storage management requirements
- Online Portal/Application-based services facilities
- Systems integration software for various business management systems, productivity tools, and/or applications, and such other products and/or services
- External professional advice and consultation including audits, legal assessments, comparative compensation studies, and evaluations
- Processing and remittance of fees of consultants, including doctors, medical personnel, and other professionals necessary to operate the business
- Other financial, technical, and administrative services such as information technology, payroll, accounting, sales administration, procurement, training, and other services
Each Healthway Medical Network Company remains responsible (severally and not jointly) over the personal data disclosed to such third parties. As such, each Healthway Medical Network Company ensures that such third parties are contractually obligated to comply with the requirements of the Data Privacy Act and shall process your data strictly in accordance with the purposes enumerated above. You may request for additional information on the identities of these parties from the Office of the Data Protection Officer of the relevant Healthway Medical Network Company.
- Rights of the Data Subjects
Each Healthway Medical Network Company fully recognizes that under the Data Privacy Act, our patients, employees, vendors, partners, shareholders, and other business contacts, as Data Subjects, are accorded the following rights:
- Right to be Informed
You have the right to demand and be informed of the details about the type of personal data, the purpose of processing, and how they are being processed by the relevant Healthway Medical Network Company, including its sources, recipients, methods, disclosures to third parties and their identities, automated processes, manner of storage, period of retention, manner of disposal and any changes to such processing activities before the same is undertaken. - Right to Access
You have the right to have reasonable access to your personal data, sensitive or otherwise, upon demand. You have the right to review and amend your Personal Data processed by the relevant Healthway Medical Network Company in case there are errors. - Right to Dispute
You have the right to dispute inaccuracy or error in personal data processed by the relevant Healthway Medical Network Company. - Right to Amend
You have the right to cause the amendment of a portion of your Personal Data, provided that the amendment is accurate. - Right to Delete
You have the right to cause the deletion of your Personal Data, subject to effects on the delivery of the services to you.
- Right to be Informed
- Policy on the Collection and Use of Personal Data
In relation to the rights of Data Subjects, it is Healthway Medical Network’s policy to:
Ensure that Data Subjects affected by the organization’s personal data processing activities are fully and adequately informed of their rights;
Ensure that they are fully and adequately informed of all processing activities performed by each Healthway Medical Network Company with respect to their Personal Data;
Ensure that their consent is obtained in accordance with the requirements set forth in the Data Privacy Act, its Implementing Rules and Regulations, and Memorandum Circulars issued by the NPC where applicable. Where the processing does not require consent from our customers and employees in the instances set forth in Sections 12 and 13 of the Data Privacy Act pertaining to the Criteria for the Lawful Processing of Personal Information and the Criteria for the Lawful Processing of Sensitive Personal Information, respectively, such rules and procedures will ensure that our customers and employees are fully and adequately informed of the bases of such processing other than consent;
Ensure that they have the facility to reasonably access, review, and amend their personal data and to request for copies thereof in a commonly portable format;
Ensure that they have the facility to dispute any inaccuracy or error in their personal data, object to any changes in the manner and purpose by which they are processed, withdraw consent where applicable, and to suspend, withdraw, block, destroy, or remove any unnecessary, falsely collected, or unlawfully processed personal data;
Ensure that such Personal Data are proportional, necessary, and limited to the declared, specified, and legitimate purpose of the processing;
Ensure that such Personal Data are retained for only a limited period or until the lawful purpose of the processing has been achieved;
Ensure that such Personal Data are destroyed or disposed of in a secure manner;
Ensure that they have the facility to lodge complaints to the relevant Healthway Medical Network Company relating to any violations of their rights as Data Subjects and that such complaints are adequately and timely addressed.
- Data Protection Officers
To oversee our privacy compliance efforts, each Healthway Medical Network Company has appointed a Data Privacy Officer (“DPO”) to manage and safeguard the handling of its Personal Data processing activities. The DPOs are fully committed to protecting the privacy rights of Data Subjects affected by the relevant Healthway Medical Network Company’s Personal Data Processing activities and to ensuring that each Healthway Medical Network Company as an organization promotes a culture of privacy. Should you have any concerns regarding Healthway Medical Network’s privacy practices and policies, or would like to manage your Personal Data, you may reach the DPO of the relevant Healthway Medical Network Company through the following contact information:
Healthway Medical Network Company Contact Information HMC, Inc. Address: 7th Floor 6767 Makati Stock Exchange, Ayala Avenue, Makati City 1226 Philippines
Contact Number: 09178238377
E-mail Address: dpo.hmc@healthway.com.phMercado General Hospital, Inc. Address: #1 Pres JP Laurel Highway Poblacion Barangay 3 Tanauan City Batangas
Contact Number: (043) 778-1810 local 123
E-mail Address: dataprivacy.tan@healthway.com.phMercado General Hospital Sta. Rosa, Inc. Address: Nuvali North Santo Domingo Santa Rosa Laguna
Contact Number: (049) 303-0000 local 3500
E-mail Address: dataprivacy.str@healthway.com.phMercado General Hospital San Jose Del Monte, Inc. Address: Altaraza Tungkong Mangga San Jose Del Monte Bulacan
Contact Number: (044) 307-0000 local 403
E-mail Address: dataprivacy.sjd@healthway.com.phMercado Ambulatory and Surgical Center, Inc. Address: UPM-PGH Faculty Medical Arts Building PGH Compound Taft Avenue Brgy 669 XZone 072 Ermita Manila
Contact Number: (02) 8708-0000 local 188
E-mail Address: dataprivacy.mnl@healthway.com.phPanay Medical Ventures, Inc. Address: Atria Park District Son Donato Pison Avenue San Rafael Mandurriao Ilo-ilo City
Contact Number: (033) 501-4843 local 5207
E-mail Address: dataprivacy.ilo@healthway.com.phZodiac Health Ventures, Inc. Address: Lot 26 Bagsakan cor CRB Roads, Western Bicutan, Taguig City
Contact Number: 09178996126
E-mail Address: dpo-dpo-zodiac@healthway.com.ph - Personal Data Security Policy
- Storage and access to Personal Data
It is the policy of the Healthway Medical Network to ensure all Personal Data stored by the relevant Healthway Medical Network Company, whether in manual or electronic form, are kept in secure data centers with appropriate physical, technical, and organizational security measures and accessed in accordance with the data security standards of the organization.
Healthway Medical Network adopts appropriate data collection, storage, and processing practices and security measures to protect against unauthorized access, alteration, disclosure, or destruction of your Personal Data, username, password, transaction information, and data stored and processed by each Healthway Medical Network Company, including appropriate encryption tools, firewalls, and security incident management systems and procedures. Transfers of Personal Data internally and externally shall only be made in accordance with strict security protocols and under modes of transfer compliant with the requirements and standards of the Data Privacy Act, its Internal Rules and Regulations, and the relevant issuances of the NPC. Healthway Medical Network also ensures that only authorized individuals within each Healthway Medical Network Company shall be allowed to process personal data in accordance with its access control policies and procedures.
- Retention and Disposal of Personal Data
It is the policy of Healthway Medical Network to ensure that Personal Data is only retained for a limited period or until the lawful and legitimate purpose of the processing is achieved. To that effect, it has established procedures for securely disposing files that contain personal data whether the same is stored on paper, film, optical, or magnetic media, personal data stored offsite, and computer equipment, such as disk servers, desktop computers, and mobile phones at end-of-life.
- Third-Party Disclosures
a. Personal Information Processors
Each Healthway Medical Network Company shall ensure, in instances where any processing of Personal Data is outsourced to a third-party processor, that such third party shall be compliant with the organization’s security standards through the appropriate contractual documents and that it regularly conducts due diligence efforts on such third party’s data processing activities through appropriate independent certification and verification procedures.
b. Personal Information Controllers
Each Healthway Medical Network Company shall ensure that any disclosures or transfers of personal data controllers shall be governed by legally-compliant data sharing agreements and in accordance with the rights of data subjects. Data subjects shall be duly informed, and consent from them obtained, where applicable, before such data sharing activities are performed.
- Human Resource Policy
Each Healthway Medical Network Company will implement periodic and mandatory training for all its personnel, representatives, and agents training on privacy and data protection in general and in areas reflecting job-specific content. Likewise, it will ensure that all employees, representatives, and agents exposed to personal data pursuant to their function are adequately bound by strict confidentiality.
- International Data Transfer
While each Healthway Medical Network Company generally does not transfer its personal data outside of the Philippines, the organization, its subsidiaries, and affiliates utilize cloud technology in the storage and processing of personal data resulting in transfers of such data to data centers outside of the country. To ensure the protection of such data, it has made it a point to instruct our cloud service providers to limit the location of data servers housing the personal data we process in countries with similar data protection standards and regulations.
- Web Browsing Cookies
This website may use cookies to enhance your experience. Your web browser places cookies on your device for record-keeping purposes and sometimes to track information about your use of our website. You may choose to set your web browser to refuse cookies or to alert you when cookies are being sent. If they do so, note that some parts of the website may not function properly.
- Storage and access to Personal Data
- Changes to the Privacy Notice
The products and services of Healthway Medical Network are dynamic and the form and nature of the services may change from time to time without prior notice to you. For this reason, Healthway Medical Network reserves the right to change or add to this privacy notice from time to time and will post any material revisions on the website.
A prominent notice on the Privacy Notice page shall be posted to notify you of any significant changes to this Privacy Notice, and will indicate at the top of the notice when it was most recently updated. We encourage you to check back often to review the latest version.
The new Privacy Notice will be effective upon posting. If you do not agree to the revised notice, you should alter your preferences. By continuing to access or make use of our services after the changes become effective, you agree to be bound by the revised privacy notice.