Privacy Policy

Patient Privacy Policy

This policy describes how your personal health information may be used and disclosed. Please review this notice carefully. If you have any questions, please contact:


The Medical City
Ortigas Avenue, Pasig City
(02) 8-988-1000 local 6790


Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA), aims to protect personal data in information and communications systems both in the government and the private sector. It ensures that entities or organizations processing personal data establish policies, and implement measures and procedures that guarantee the safety and security of personal data under their control or custody, thereby upholding an individual’s data privacy rights.

II. Introduction

a) Policy StatementThis Patient Privacy Policy (“Policy”) sets forth the standards of The Medical City governing the privacy and security of patients’ personal information, particularly health information, as well as the controlled release and disclosure of such information, consistent with the Data Privacy Act of 2012 and other applicable laws.

This Policy describes the manner in which The Medical City (TMC) may collect, hold, use, share, and discard the above-mentioned information. By availing of the services provided by TMC, you signify your acceptance of this policy and terms of service. Your continued availment of the services of TMC following the posting of changes to this policy will be deemed your acceptance of those changes.

b) Our Commitment to Protect Your PrivacyWe understand that information about you and your health is personal. We are committed to protecting your health information. As a patient of The Medical City and its other related entities, the care and treatment you receive is confidential in nature and will be recorded in a medical record. We use and share this record to provide you with quality care and to comply with certain legal requirements. This record will be available to all health care and allied health professionals who need access as described in this Policy, many of whom will be involved in your treatment.

As part of our commitment to maintaining the confidentiality of your care, The Medical City will share your information only to the extent necessary to ensure your treatment, conduct our professional operations, collect payment for the services we provide you, and to comply with the laws that govern health care. While we may need your personal information for other purposes, we will not use or disclose your information without your permission.

c) Our Patient Privacy PolicyThe Medical City will provide you with a Patient Privacy Policy pamphlet that explains our privacy practices and your rights regarding your personal and health information. Consent to the collection, use, disclosure, and disposition of your personal and health information will be obtained upon admission or consultation or by availing of the various services provided by the institution.

You may ask for a copy of our current Policy in any of the patient registration areas throughout the hospital, the Data Privacy Management Department as well as with the Customer Relations Department.

You can also view and print a copy of our current Policy by visiting our website at and clicking on Patient Privacy Policy.

Likewise, Privacy Notices may be found publicly posted in a number of places.

The Medical City may, from time to time, review and update this Policy to adapt to changing corporate practices, and to take into account new laws and technology. We reserve the right to make the revised or changed Policy effective for health information we already have about you as well as any information we receive in the future.The use, storage and disclosure of all data held by TMC will be governed by the most recent privacy policy, posted on TMC will notify you of any amendments by posting an updated version of the policy on this website.

III. Definition of Terms

a) “Data subject” refers to an individual whose personal, sensitive personal, or privileged information is processed;

b) “Consent of the data subject” refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of his or her personal, sensitive personal, or privileged information. Consent shall be evidenced by written, electronic or recorded means. It may also be given on behalf of a data subject by a lawful representative or an agent specifically authorized by the data subject to do so;

c) “Data sharing” is the disclosure or transfer to a third party of personal data under the custody of The Medical City.

d) “Personal data” refers to all types of personal information;

e) “Personal information” refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual;

f) Sensitive personal information refers to personal information:i. About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations; ii. About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings;iii. Issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denial, suspension or revocation, and tax returns; and iv. Specifically established by an executive order or an act of Congress to be kept classified.

g) “Privileged information” refers to any and all forms of data, which, under the Rules of Court and other pertinent laws constitute privileged communication;

h) “Processing” refers to any operation or any set of operations performed upon personal data including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data. Processing may be performed through automated means, or manual processing, if the personal data are contained or are intended to be contained in a filing system;

i) “Personal data breach” refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed;

j) “Security incident” is an event or occurrence that affects or tends to affect data protection, or may compromise the availability, integrity and confidentiality of personal data. It includes incidents that would result to a personal data breach, if not for safeguards that have been put in place;

IV. Scope

This Policy pertains to all individuals, departments, and units in The Medical City who have access to, use, or disclose protected health information. The Policy is administered by the Data Privacy Management Department. It is intended to serve as a foundation for the privacy practices of TMC. Divisions, departments, or units within TMC may impose privacy safeguards in addition to those required by this policy and procedure.

V. Processing of Health Information

This section describes the ways that The Medical City use and disclose health information. It does not list every possible use or disclosure, but the ways your information may be used and disclosed fall into the following categories:

  • Treatment and Communication
  • Billing and Collection
  • Health Care Processes and Professional Services
  • Legal Compliance and Health-Related Services
  • Research and Training