Patient Privacy Policy

(02) 8716 3901
46 P. Sanchez Street, Brgy 606, Manila City, Metro Manila 1016

This statement describes why your personal information is collected, how your personal information may be used and disclosed, and how you can get access to this information.

1. Our Service

Our Lady of Lourdes Hospital-EHMC (the "Hospital") is committed to providing quality health and related services to you and this policy outlines our ongoing obligations to you in respect of how we manage your personal information. In order to ensure the safety and confidentiality of your personal data, the Hospital has developed a Privacy Policy that aims to ensure that all appropriate standards for personal information protection in compliance with Republic Act No. 10173 (or the Data Privacy Act of 2012 or "DPA"), its implementing rules and regulations and other applicable and related laws and regulations, including the issuances of the National Privacy Commission (the "NPC") (collectively, the "Privacy Laws") are put in place and implemented efficiently and effectively. This Privacy Notice ("Notice") seeks to notify and inform you of our policies regarding the collection, use, and disclosure of the personal information we receive from our patients and customers.

2. Your Personal Information under this Notice

Under the DPA, your Personal Information includes any information, whether recorded in a material form or not, from which your identity is apparent or can be reasonably and directly ascertained by the entity holding the information. Your Personal Information also includes sensitive Personal Information, which refers to the following:

a. Your name, address(es), phone number, race, marital status, age and/or date of birth and religious affiliations;

b. Your health and health history;

c. Personal identifiers issued by a government agency such as PhilHealth Number, and insurance details peculiar to you (as mentioned above); and other information established by law to be kept classified.

3. How and when we collect your Personal Information

Your Personal Information may be obtained in many ways, such as through medical consultations/interviews, from information forms, correspondences, surveys, by telephone and fax, e-mail, and from third parties. However, most of the Personal Information we have are those that you have given us yourself.

You provide us your Personal Information when you:

a. Avail of, or apply for our services by filling out application forms (e.g. upon admission, or through our medical personnel and representatives);

b. Provide personal information to our healthcare providers (e.g. Doctors, nurses and other health representatives);

c. Contribute to research, answer surveys, or participate in various activities sponsored by us or other organizations on our behalf such as symposia, conferences and focus group discussions.

4. Why we collect your Personal Information

We will only use your personal information with your consent or if there is a legal requirement to do so. For information that may identify you, we will only use them in accordance with the:

a. Data Privacy Act (DPA) of 2012 - The DPA requires us to collect and retain personal information only for specified and legitimate purposes, and when necessary to protect life and health;

b. National Health Insurance Act of 1995 and PhilHealth Circulars - The National Health Insurance Program requires submission of related health and treatment information prior to claims reimbursement;

c. The Philippine AIDS Prevention and Control Act of 1998 (Republic Act No. 8504) for HIV Testing.

d. The Comprehensive Dangerous Drugs Act of 2002 (Republic Act No. 9165).

e. Newborn Screening Act (Republic Act. No. 9288);

f. Universal Newborn Hearing Screening and Intervention Act (Republic Act no. 9709) - This law provides mandatory hearing loss screening to infants in order to promote the early diagnosis and intervention of hearing loss;

g. Philippine Integrated Disease Surveillance and Response (PDSR) System, as supported by legal mandates and policies, which include:

1. Republic Act 3573 (Law of Reporting of Communicable Diseases - An Act providing for the prevention and suppression of dangerous communicable diseases...);

2. Resolution WHA48.13 (1995);

3. Administrative Order No. 2007-0036 (Guidelines on the Philippine Integrated Disease Surveillance and Response (PIDSR) Framework")

4. Administrative Order No. 2012-0003 (Guidelines on Strengthening Laboratory Confirmation of Suspected Measles Cases).

We collect your Personal Information primarily to provide medical services. The records that we maintain about your health, treatment, or care you have received within the Hospital help to provide the best possible healthcare. We also provide information to our clients, partners and service providers for the same purpose.

5. Use and Processing of Personal Information

Health records may be processed manually and/or electronically. You may withdraw your consent (subject to the applicable Privacy Laws) to the processing of your Personal Information at any time by contacting us verbally or in writing, and such withdrawal shall be documented.

We may also use your Personal Information secondarily, in circumstances where you would reasonably expect such use or disclosure. Below are the general categories of the purposes for which we collect and process your Personal Information:

a. Your diagnosis and treatment: We may use and disclose your health information to physicians or other health care providers, providing treatment to you.

b. For benefits, payments and claims: We may use and disclose your health information in order to obtain payment to services that we provide for you.

c. For our business operations: Your Personal Information, as entered in our Hospital Information System, may be processed as part of our hospital operations in generating summarized/statistical reports on the general business management operation, your healthcare providers, hospital financial status, and quality assurance.

d. Performance of a legal obligation: Under the law, the Hospital may be required to share your Personal Information to government authorities in some instances permitted by the law or for legal purposes.

e. Medical training, education and research: Medical Trainees may use and disclose your health information for the purpose of medical education, research and/or case presentations/discussions in relation to your illness.

Other uses and disclosures of your Personal Information : Outside of the purposes stated above, other uses and disclosures of your Personal Information will be made only with your express authorization/consent, unless we are otherwise permitted or required by the law. This includes the disclosure of your Personal Information pursuant to an order of a court or tribunal, or when such disclosure is required under existing laws and regulations.

6. Who has access to your Personal Information

The following may have access to your Personal Information for the purposes stated above:

a. Doctors, healthcare providers, and health associates, including all departments, units, and staff in the hospital who will need your personal information in the performance of their functions related to your treatment/medical care.

b. The Hospital may share your personal information with third parties (which include, but not limited to the Department of Health, Philippine Health Insurance Corp., or your insurance provider) as required or permitted by law or contract, including regulatory authorities, government agencies (e.g. DSWD, PCSO) as well as parties you voluntarily transact with.

c. Any member of religious groups (Missionary Sisters Servants of the Holy Spirit- SSpS, and the Chaplaincy) who are allowed to provide spiritual assistance in the Hospital.

7. Your rights to your personal information

You are afforded certain rights under the Privacy Laws, particularly the DPA. You have the right to be informed of these specific rights, to object to the processing of your Personal Information, to access, update and correct the same, and to withdraw your consent and/or edit your consent preferences at any time. Hence, we would like to ensure that we have your consent to continue to collect, use, and disclose your Personal Information for the purposes identified in this Notice.

If you wish to have access to your Personal Information in our records, or you think that it is incomplete, not up-to-date or otherwise inaccurate, or have any queries or complaints about our Privacy Policy, you may get in touch with our Medical Records Office or with our Data Protection Officer through the contact details provided below.

Your rights to your personal information are provided in Chapter IV of the DPA which you may access on this web address:

8. Our undertakings regarding your personal information

The Hospital creates and maintains a record of your Personal Information in its offices and this Notice applies to your Personal Information that we collect. Pursuant to the DPA, we undertake to protect your Personal Information.

The Hospital is required to protect your Personal Information, and to process the same only in accordance with the following data privacy principles:

a. Transparency: We are obligated to inform you of the nature, purpose, and extent of our processing of your Personal Information, including the risks and safeguards involved, the identity of the persons involved in the processing of your personal data, your rights as data subject, and how these rights can be exercised.

b. Legitimate purpose: We will only process your Personal Information for a legitimate purpose, compatible with our declared and specified purposes, and not contrary to law, morals, and public policy.

c. Proportionality: The processing of your Personal Information shall be adequate, relevant, suitable, and necessary, and not excessive in relation to the declared and specific purposes.

Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification, or disclosure. We strictly enforce our Privacy Policy and put in place technical, organizational, and physical security measures that are designed to protect your Personal Information from unauthorized access, use, alteration, and disclosure.

When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify or anonymize the same. However, most of the Personal Information are or will be stored in files which will be kept by us for the minimum period provided under existing laws and regulations.

9. How to access your personal information

You may access your Personal Information and update and/or correct it, subject to certain exceptions. If you wish to access the same, please contact us in writing and we will respond within a reasonable time (Please take note that our ability to respond to your request may also depend on the collection of your Personal Information.). You may submit your request through the Medical Records Office.

We will not charge any fee for your access request, but may charge a reasonable administrative fee for providing a copy of your Personal Information.

10. Changes to this Privacy Notice and Privacy Policy

From time to time, we may change or update our Privacy Notice, Privacy Policy, and practices to comply with government and regulatory requirements, to adapt to new technologies and protocols, and to align with industry practices or for other legitimate purposes.

You will be provided Notice if these changes are significant and, if required by law, we will take steps to obtain your updated consent.

11. Inquiries

If you have any questions about this Notice, you may contact the Hospital\'s Data Protection Officer:

Data Protection Officer. 46 P. Sanchez St. Sta. Mesa Manila. Phone numbers - (02) 8716-3901 to 20 local 2401. Email address:

You may also contact the National Privacy Commission with the following contact details:

National Privacy Commission. 5th Floor Delegation Building, PICC Complex, Roxas Blvd, Pasay,
Metro Manila. Phone numbers - 09451534299 (Globe)/ 09399638715 (Smart).
Web address: