Background
Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), aims to protect the fundamental human right of privacy. It recognizes the vital role of information and communications technology and its inherent obligation to ensure that personal data in information and communications systems both in the government and the private sector are secured and protected. It ensures that entities or organizations processing personal data establish policies, and implement measures and procedures that guarantee the safety and security of personal data under their control or custody, thereby upholding an individual’s data privacy rights.

Health Partners Dental Access Inc. (HPDAI), commits to promote the protection of personal information and records in relation to the dental services performed by our accredited dentists. HPDAI sets and implements internal rules and guidelines in compliance with data privacy laws and regulations to protect the personal information records. HPDAI requires all the members of its organization: Shareholders, Directors, Corporate Officers, regular and probationary employees, trainees; the awareness of the importance of data protection and best practice in data protection efforts.

When handling personal information, HPDAI shall comply fully with Republic Act No. 10173, also known as Data Privacy Act of 2012 and its Implementing Rules and Regulations.

 

Article 1 Definition of Terms

a. “Data subject” refers to an individual whose personal, sensitive personal, or privileged information is processed;

b. “Consent of the data subject” refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of his or her personal, sensitive personal, or privileged information. Consent shall be evidenced by written, electronic or recorded means. It may also be given on behalf of a data subject by a lawful representative or an agent specifically authorized by the data subject to do so;

c. “Data sharing” is the disclosure or transfer to a third party of personal data under the custody of HPDAI.

d. “Personal data” refers to all types of personal information;

e. “Personal information” refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual;

f. Sensitive personal information refers to personal information:

i. About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;

ii. About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings;

iii. Issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and

iv. Specifically established by an executive order or an act of Congress to be kept classified.

g. “Privileged information” refers to any and all forms of data, which, under the Rules of Court and other pertinent laws constitute privileged communication;

h. “Processing” refers to any operation or any set of operations performed upon personal data including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data. Processing may be performed through automated means, or manual processing, if the personal data are contained or are intended to be contained in a filing system;

i. “Personal data breach” refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed;

j. “Security incident” is an event or occurrence that affects or tends to affect data protection, or may compromise the availability, integrity, and confidentiality of a personal data. It includes incidents that would result to a personal data breach, if not for safeguards that have been put in place

 

Article 2 Acquisition and Usage of Personal Information

HPDAI collects and use personal information for the purposes specified below:

• Recording and monitoring dental services provided to the members of our clients
• Administrative purposes relating to the members
• Compliance with the rules and regulations of Public Authority

HPDAI will share information only to the extent necessary , to conduct our professional operations, process payment for the dental services provided by our accredited dentists, collect fees from our clients and to comply with the laws that govern health care

HPDAI may use and disclose dental services rendered to members to confirm, report utilization of benefits, bill reimbursement and collect payment, and pay accredited clinics . HPDAI may also tell your payor about a treatment you are going to receive to determine whether your payor will cover the treatment.

HPDAI may disclose your information to the appropriate government entities for activities authorized by law such as audits, investigations and inspections.

If you are involved in a lawsuit, HPDAI may disclose dental information about you in response to a court or administrative order or in response to a subpoena, legally enforceable discovery request, or other lawful process by someone else involved in the dispute.

HPDAI may also use or disclose you information when required to do so by laws not specifically mentioned in this Policy.

For any use of personal information other the ones described above, we seek the consent of the information owner in writing before such use.

HPDAI shall make efforts to maintain the personal information accurate and up to date to the extent necessary for the attainment of the purposes of its use.

HPDAI does not collect and process personal data of minors without the consent of parent/s or guardian, whenever required.

 

Article 3 Outsourcing of Personal Information Handling

HPDAI may outsource all or in part of personal information handling within the scope necessary to achieve the purposes of its use. In this case, HPDAI shall closely check and ensure the suitability and capability of the service provider, stipulate contractual provisions on confidentiality functions. HPDAI shall also conduct appropriate controls in the services of the outsourcing service provider.

 

Article 4 Joint Use of personal Information

Personal information are shared among the processors within HPDAI and externally within lawful and legitimate purposes only.
 

Article 5 Rights of Data Subjects

• To be informed
• To object to be included in marketing
• Reasonable access to your health information
• Request a correction to your personal information
• Request restrictions on certain uses and disclosures of your health information
• To withdraw your consent

 

Article 6 Storage, Security, Retention and Destruction

HPDAI will ensure that personal and dental information under its custody are protected against any accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful processing.

The room and workstations used in the processing of personal data shall as far as practicable, be secured against natural disasters, power disturbances, external access and other similar threats.

HPDAI implements appropriate security measures in storing collected personal and dental information.

HPDAI shall establish regular monitoring for security breaches and foreseeable vulnerabilities in its computer networks to mitigate actions against security incidents that can lead to personal data breach.

Personal information collected in electronic forms and hard copies shall be retained for 10 years, unless any law or regulations will require longer retention period.
 

Article 8 Procedures for Data Privacy Policy Changes

Amendments and updates on this Data Privacy Policy shall be communicated within reasonable time prior to its effectivity.

 

Article 9 Compliance with Laws and Regulations

HPDAI may, from time to time, review and update this Policy to adapt to changing corporate practices, and to comply new relevant laws and technology. HPDAI reserves the right to make the revised or changed Policy effective and will apply for information it already has as well as any information that will be received in the future.

 

Article 10 Use of Cookies

HPDAI may through cookies and IP addresses collect the user’s information and other privacy related information. Cookies identify the user’s web browser but not to identify the user as an individual. Users can enable and disable cookies in their browser settings. However, diabling cookies may render some of the functions in the website unavailable.

 

Article 11 Disclaimer

HPDAI is not liable for the protection and handling of user’s personal information by any other website linked to the website of HPDAI.

 

THIS POLICY DESCRIBES HOW YOUR PERSONAL INFORMATION MAY BE USED AND DISCLOSED. IF YOU HAVE ANY QUESTIONS, PLEASE CONTACT:
Data Privacy Officer
Health Partners Dental Access Inc.
(02) 8994 5228