Personal Information
Any information that identifies you directly or can reasonably be linked to you, including your name, address, contact details, date of birth, account details, and similar records.
Data Privacy & Patient Confidentiality
Privacy Policy
ACE Medical Center Pangasinan is committed to protecting patient confidentiality and handling personal and health information responsibly in accordance with the Data Privacy Act of 2012 and other applicable healthcare obligations.
Introduction
This Privacy Policy explains how ACE Medical Center Pangasinan may collect, use, disclose, secure, retain, and dispose of personal information in the course of delivering hospital services, operating its facilities, and supporting patient care.
This page is intended as a public-facing summary of our privacy approach. It should be read together with applicable patient forms, admission documents, consent forms, and hospital recordkeeping requirements.
Scope of the Policy
This policy applies to personal information processed through consultations, admissions, diagnostics, laboratory and imaging services, emergency care, surgeries, inpatient and outpatient services, website inquiries, and related administrative processes.
It covers patient data, lawful representative information, emergency contacts, and other information submitted to the hospital in connection with healthcare, billing, support services, and regulatory compliance.
Definition of Terms
Sensitive Personal Information
Information protected under Republic Act No. 10173, including age, health condition, genetic or biometric information, government identifiers, and other data requiring a higher level of protection.
Health Information
Medical records, consultation notes, diagnostic results, prescriptions, treatment history, insurance details related to care, and other data created or used in connection with healthcare services.
Processing
Any operation performed on personal data, such as collection, recording, organization, storage, updating, retrieval, use, disclosure, sharing, archiving, or disposal.
Personal Information We May Collect
Depending on the service requested, the hospital may collect the following categories of information:
- Patient registration details, contact information, and emergency contact information
- Consultation, admission, diagnostic, treatment, and discharge records
- Insurance, HMO, PhilHealth, billing, and payment-related information
- Appointment, inquiry, feedback, and website form submissions
- System and security logs necessary to protect hospital systems, facilities, and patient records
Sensitive Personal and Health Information
Healthcare services require the handling of sensitive personal information and health information. ACE Medical Center Pangasinan treats this category of data with heightened safeguards because it may include diagnoses, laboratory results, imaging records, medications, procedures, and other confidential medical details.
Sensitive data is processed only for legitimate healthcare, operational, legal, safety, and regulatory purposes and only by authorized personnel or service providers acting under proper controls.
Purpose of Collection and Processing
- Provide medical consultation, diagnostics, treatment, admissions, rehabilitation, and other healthcare services
- Coordinate care among physicians, nurses, allied health professionals, laboratories, and authorized departments
- Support patient safety, infection control, quality assurance, and risk management activities
- Process billing, insurance validation, HMO coordination, PhilHealth requirements, and lawful financial documentation
- Comply with legal, regulatory, public health, and records management obligations
- Respond to patient concerns, feedback, requests for records, and privacy-related inquiries
Consent and Lawful Processing
ACE Medical Center Pangasinan processes personal information only when a lawful basis exists, including consent where required, fulfillment of healthcare services, protection of life and health, compliance with legal obligations, and other grounds recognized under Republic Act No. 10173 and related regulations.
When consent is required, patients or lawful representatives may be asked to sign forms or provide documented confirmation. Withdrawal of consent may affect the hospital's ability to deliver certain non-emergency services where processing is necessary to provide care or comply with law.
Disclosure of Personal Information
Personal information may be disclosed only when necessary and permitted, such as to attending physicians, hospital units involved in treatment, laboratories, imaging departments, insurers or HMOs, PhilHealth, regulators, auditors, lawful representatives, and government agencies with proper authority.
The hospital expects third parties who receive personal information in connection with authorized services to maintain appropriate confidentiality and security controls.
Data Privacy Principles
Transparency
We aim to explain why data is collected and how it supports patient care.
Legitimate Purpose
Processing must be tied to lawful, fair, and clearly defined healthcare or operational needs.
Proportionality
Only information reasonably necessary for the stated purpose should be processed and retained.
Data Protection and Security
The hospital uses administrative, physical, and technical safeguards designed to protect records against unauthorized access, loss, misuse, alteration, or disclosure. These controls may include access restrictions, secure record storage, role-based permissions, staff confidentiality practices, monitoring, and appropriate information security procedures.
No security environment can be guaranteed to be risk-free, but the hospital strives to maintain controls appropriate to the sensitivity of healthcare data and to review them as systems and legal requirements evolve.
Retention and Disposal of Records
Personal and medical records are retained only for as long as necessary to serve healthcare, legal, operational, audit, and regulatory purposes, taking into account applicable hospital standards and record retention rules.
When records are no longer required and may lawfully be disposed of, ACE Medical Center Pangasinan will use secure disposal or destruction methods designed to prevent unauthorized recovery or disclosure.
Patient Rights
Patients and lawful representatives may have the following privacy-related rights, subject to healthcare, safety, ethical, and legal limitations:
- Be informed about how your personal and health information is collected, used, shared, retained, and protected.
- Request access to personal information and available medical records, subject to legal, ethical, and hospital documentation requirements.
- Ask for correction of incomplete, inaccurate, or outdated information.
- Object to certain forms of processing where allowed by law and consistent with safe healthcare delivery.
- Withdraw consent when processing is based on consent, subject to lawful exceptions and recordkeeping obligations.
- Request erasure, blocking, or disposal of data when permitted under applicable law and medical record retention requirements.
- Lodge a complaint with the hospital and, when appropriate, with the National Privacy Commission.
Accessing Personal Records
Requests for available personal or medical records should be submitted through the hospital's authorized process and may require identity verification, documentation of authority, applicable forms, and compliance with release procedures.
The hospital may limit or defer access when required to protect patient safety, comply with law, preserve the rights of others, or follow medical record release policies.