Data Privacy Frequently Asked Questions
Frequently asked questions about the Data Privacy Act
What is the Data Privacy Act of 2012?
The Data Privacy Act of 2012 (“DPA”) acknowledges the rights of natural persons and corporations over their data and enforcing the responsibilities of these persons and corporations who process them. It took effect on September 8, 2012, while its Implementing Rules and Regulations took effect on September 9, 2016.
What is the purpose of the DPA?
It seeks to prevent and/or mitigate the risk of any data breach involving personal and sensitive personal information of data subjects.
What types of information are covered by the DPA?
The DPA covers Personal Information, Sensitive Personal Information, and Privileged Information (collectively, “Personal Data”).
Personal Information refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual. In short, it is information which links you to your identity.
Sensitive Personal Information refers to information:
About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings;
Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
Specifically established by an executive order or an act of Congress to be kept classified.
Privileged information refers to any and all forms of data which under the Rules of Court and other pertinent laws constitute privileged communication.
What does “processing” mean?
Processing refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
Why is there a need to share my Personal Data to affiliates, partners and third parties?
We need to share your Personal Data for us to be able to render medical care to you. The affiliates, partners and third parties include the doctors, High Precision which is in charge of laboratory services, Lasik Center for delivering eye care services to you and other natural persons or entities we partnered with in order to give you quality medical service.
Do I have rights over my Personal Data?
Yes. Under the DPA, your rights include the right to be informed; the right to object to the collection of the Personal Data to be collected; the right to reasonable access to your Personal Data upon demand; the right to correct or rectify any errors to your Personal Data; the right to block or remove your Personal Data from our systems; and the right to obtain a copy of your Personal Data. However, the exercise of these rights are subject to reasonable standards and procedures as well as other limitations provided by law.
Will my Personal Data be processed differently after I sign the Consent Form?
There is no difference as to how we treat Personal Data of the patients before the DPA took effect and after its effectivity. The Consent Form we are asking you to sign is for compliance with the DPA and for us to be transparent to you as regards how we process your Personal Data.
Can a companion sign the Consent Form on the patient’s behalf?
A companion can sign the Consent Form on the patient’s behalf only after showing a Special Power of Attorney or Letter of Authorization from the patient stating that his/her companion has been given the authority to consent on his/her behalf. However, if processing is necessary to protect the life and health of the patient or another person, and he/she is not legally or physically able to express his/her consent prior to the processing, then consent may be given at a reasonable time after the fact.
What if I don’t want to consent to some clauses indicated in the Consent Form?
We respect your decision and rest assured that your privacy is important to us. You may put a line through the clause/s you do not consent to and affix your signature immediately beside it.
Who should I contact if I want to know more about how my Personal Data is processed by Metro Sanitas?