Privacy Policy

Patient Privacy Policy

Policy Statement


This Patient Privacy Policy (“Policy”) sets forth the standards of The Medical City governing the privacy and security of patients’ personal information, particularly health information, as well as the controlled release and disclosure of such information, consistent with the Data Privacy Act of 2012 and other applicable laws.

This Policy describes the manner in which The Medical City (TMC) may collect, hold, use, share, and discard the above-mentioned information. By availing of the services provided by TMC, you signify your acceptance of this policy and terms of service. Your continued availment of the services of TMC following the posting of changes to this policy will be deemed your acceptance of those changes.

Our Commitment to Protect Your Privacy

We understand that information about you and your health is personal. We are committed to protecting your health information. As a patient of The Medical City and its other related entities, the care and treatment you receive is confidential in nature and will be recorded in a medical record. We use and share this record to provide you with quality care and to comply with certain legal requirements. This record will be available to all health care and allied health professionals who need access as described in this Policy, many of whom will be involved in your treatment.

As part of our commitment to maintaining the confidentiality of your care, The Medical City will share your information only to the extent necessary to ensure with your treatment, conduct our professional operations, collect payment for the services we provide you, and to comply with the laws that govern health care. While we may need your personal information for other purposes, we will not use or disclose your information without your permission.

The Medical City may, from time to time, review and update this Policy to adapt to changing corporate practices, and to take into account new laws and technology. We reserve the right to make the revised or changed Policy effective for health information we already have about you as well as any information we receive in the future.The use, storage and disclosure of all data held by TMC will be governed by the most recent privacy policy, posted on TMC will notify you of any amendments by posting an updated version of the policy on this website.

This Policy pertains to all individuals, departments, and units in The Medical City who have access to, use, or disclose protected health information. The Policy is administered by the Data Privacy Management Department. It is intended to serve as a foundation for privacy practices of TMC. Divisions, departments, or units within TMC may impose privacy safeguards in addition to those required by this policy and procedure.

Processing of Health Information


This section describes ways that The Medical City use and disclose health information. It does not list every possible use or disclosure, but the ways your information may be used and disclosed fall into the following categories:

Treatment and Communication

Billing and Collection

Health Care Processes and Professional Services

Legal Compliance and Health-Related Services

Research and Training

A. Collection, Use and Disclosure


     a) Treatment and Communication

Your health information is used to provide you with medical treatment or services. We may use and

share health information about you with physicians, nurses, allied medical personnel, residents, fellows and medical students, or other TMC personnel involved in your care. Different departments of the hospital may also share health information about you to coordinate the services you need, such as pharmacy, dietary, laboratory and other diagnostic centers.

In special cases, we may also disclose your health information to providers not affiliated with the Hospital to facilitate care or treatment they provide you. These include other physicians outside The Medical City who are involved in your care outside the hospital setting or in case of hospital transfers, to the receiving hospital.

Electronic exchange of health information helps ensure better coordination of care. The physicians and nurses of The Medical City utilize digital technology in order to facilitate quicker and prompt referrals within the healthcare team. They may use messaging platforms such as SMS, emails, Viber, Telegram and other similar services in order to communicate with the team.

Upon your request, we may send electronic results of your laboratory and other diagnostic tests to you or your authorized representative. We may also use and disclose health information to contact you as a reminder that you have an appointment for care at The Medical City. We will communicate with you using the information (such as telephone number and email address) that you provide us.

Unless you notify us to the contrary, we may use the contact information you provide to communicate general information about your care such as appointment location, department, date and time, as well as for patient experience and satisfaction surveys.


     b) Billing and Collection

We may use and disclose your personal and health information to confirm, bill and receive payment for health care services that we or others provide to you. This includes submission of your health information to receive payment from Philhealth, your health maintenance organization (HMO), insurance company, or other party that pays for some or all of your health care or to verify that your payor will pay for your health care. We may also tell your payor about a treatment you are going to receive to determine whether your payor will cover the treatment. For certain services, if your permission is needed to release health information to obtain payment, you will be asked for permission.

In cases of non-payment, your personal and health information will be sent to legal services for collection purposes who may conduct credit investigations and send demand letters to collect payment for services rendered to you.

     c) Health Care Processes and Professional Services

We may use and disclose health information for health care operations. This includes functions necessary to run The Medical City and assure that all patients receive quality care. We may also share your information with affiliated health care providers so that they may jointly perform certain business operations along with TMC. We may combine health information about many of our patients to improve on the services being offered, to determine what services are no longer needed and to assess whether certain treatments are effective.

We may share information with physicians, nurses, allied medical personnel, residents, fellows and medical students, or other TMC personnel to ensure quality assurance and compliance with standards of care. We may also compare the health information we have with information from other hospitals to see where we can improve the care and services we offer. In these instances, The Medical City will work to anonymize, mask, encrypt or de-identify your personal and health information as much as possible.

The Hospital contracts with outside entities that perform business services for us, such as the Joint  Commission International, government entities, billing companies, management consultants, quality  assurance reviewers, accounting or legal firms. In certain circumstances, we may need to share your health information with a business associate so it can perform a service on our behalf. We will have a data sharing agreement or written contract in place with the business associate requiring protection of the privacy and security of your health information.

     d) Legal Compliance and Health-Related Services

We may disclose your information to the Department of Health and other appropriate government entities for activities authorized by law such as audits, investigations, inspections, and licensure.

When necessary to prevent a serious threat to your health and safety or the health and safety of others, we may use and disclose certain information about you. Such disclosure will only be to someone able to prevent or respond to the threat, such as law enforcement, or a potential victim.

We may also use or disclose health information about you when required to do so by laws not specifically mentioned in this Policy.

     e) Research and Training

As an affiliated hospital for the Ateneo School of Medicine and Public Health (ASMPH), medical students may use and access your health information. We will have a data sharing agreement or written contract in place with ASMPH requiring protection of the privacy and security of your health information.

Being a training ground for future doctor specialists with over ten accredited residency and fellowship programs, your health information may be used and disclosed in training and education. Daily endorsement rounds, weekly department conferences, audits, morbidity and mortality conferences are requirements for continued accreditation of our clinical programs and may involve the use of your health information.

The Medical City has an active research program. We generally ask for your written authorization before asking you to participate, use your health information, or share it with others to conduct research. Under limited circumstances, we may use and disclose your health information without your authorization. In these situations, we will anonymize, mask, encrypt or de-identify data to protect your information and so that no patient is individually identifiable. We will obtain approval through an independent review process to ensure that research conducted without your authorization poses minimal risk to your privacy.


     f) Other uses and disclosures

The Medical City does not require prior consent or authorization in the disclosure of your health information in the following instances:

Public Health Activities

  • To prevent or control disease, injury or disability;
  • To report births and deaths;
  • To report the abuse or neglect of children, elders and dependent adults;
  • To report reactions to medications or problems with products;
  • To notify you of the recall of products you may be using;
  • To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition;
  • To notify the appropriate government authority if we believe you have been the victim of abuse, neglect or domestic violence; we will only make this disclosure when required or authorized by law;
  • To notify the Department of Health and other appropriate government entities when you seek treatment at The Medical City for certain diseases or conditions required to be reported by law.

Disputes and Lawsuits

To ensure the quality of care you receive while seeking treatment at The Medical City, we may access and disclose your health information if you have concerns or complaints regarding your medical management at The Medical City. We may also access and disclose your health information if you bring a lawsuit against TMC, its officers, nurses, allied medical personnel and other employees, its residents, fellows and physicians.

If you are involved in a lawsuit, we may disclose health information about you in response to a court or administrative order or in response to a subpoena, legally enforceable discovery request, or other lawful process by someone else involved in the dispute.


B. Storage, Security, Retention and Destruction

The Medical City will ensure that personal and health information under its custody are protected against any accidental or unlawful destruction, alteration and disclosure as well as against any other unlawful processing. TMC will implement appropriate security measures in storing collected personal and health information. All health information gathered and kept in medical records shall be retained for as long as the patient regularly seeks treatment at the institution. Hard copies of medical records more than five (5) years old shall be kept at a secure off-site facility. After an inactive period of ten (10) years from the last outpatient consult and fifteen (15) years from the last in-patient confinement, hard copies of medical records shall be brought to an appropriate facility for melting and destruction with secure protocols in place. Electronic copies of medical records shall be retained for a similar period.


Rights Relating to your Health Information 

An important part of The Medical City’s Privacy Policy is this section which explains your data privacy rights regarding your health information. You (or your authorized representative) have the right to:

Be informed

Reasonable access to your health information

Request a correction to your personal information

An accounting of hospital disclosures of your health information

Request restrictions on certain uses and disclosures of your health information

Receive a copy of The Medical City’s Privacy Policy

     a) Information

You have the right to be informed that your personal and health information will be, are being, or were, collected and processed. You have the right to be informed of the purposes for which they will be, are being, or were processed and the duration for which the information will be kept.

     b) Reasonable Access of your Health Information

You have the right to obtain a copy of your pertinent health information. The medical information available to you are the following:

▪ Clinical Abstract/Discharge Summary

▪ Laboratory and other diagnostic results

▪ Consent for Admission and Procedure

▪ Record of Operation or Delivery

▪ Operative Technique

▪ Medical Certificate or Certificate of Confinement

To request for a copy of your medical records, proceed to the Medical Records Department and fill out a Request for Medical Information. TMC may charge a fee for the cost of providing copies to you.

     c) Request a Correction to your Personal Information

If you believe that the personal information The Medical City has on file about you is incorrect or incomplete, you may ask us to correct the personal information in your records. If your personal information is accurate and complete, or if the information was not created by the Hospital, we may deny your request. If we deny any part of your request, we will provide you with a written explanation of our reasons for doing so. Requests to make a correction to your records must be in writing and must describe each item that you want changed and the reason you are requesting the change. We may require additional documentation from you or your authorized representative as proof before processing your request.

     d) An Accounting of Hospital Disclosures of your Personal and Health Information

You have the right to request a list of how your personal information was shared for purposes other than treatment, payment, health care operations and legal compliance. Your health information on the other hand, will never be shared with third parties without your consent.

     e) Request Restrictions on Certain Uses and Disclosures of Your Medical Information

You have the right to request reasonable restrictions on certain uses or disclosures of your personal and health information. Requests for restrictions must be in writing. In most cases, we are not required to agree to your requested restriction. However, if we do agree, we will comply with your request unless the information is needed to provide you emergency treatment or comply with the law.

Some examples of restriction requests that the Hospital cannot honor include:

  • Requests to restrict residents from accessing your medical information.
  • Requests restricting the hospital from giving your name to an insurance company that will be asked to pay a portion of your bill.
  • Request restricting the hospital from reporting your identity and condition to an agency or organization where the hospital is required by law to do so.


Inquiries and Complaints

The confidentiality of your health information is a significant part of the care we provide to you. For matters relating to the processing of your protected health information or if you believe that your privacy rights have been violated, you may file a written complaint with our Data Privacy Management Department via:


Mail: Data Protection Officer

Data Privacy Management Department

The Medical City

Ortigas Avenue, Pasig City



The provisions of this Policy are effective this 01 day of March 2018 until amended.