Privacy Policy

The Medical City Endocrine Diseases Registry (“the Registry,” “we,” “us,” or “our”) is committed to protecting the privacy and confidentiality of all personal and sensitive personal information processed through our platform. This Privacy Policy explains how we collect, use, protect, and share information in compliance with Republic Act No. 10173 (Data Privacy Act of 2012), its Implementing Rules and Regulations (IRR), and Joint Administrative Order No. 2016-0002 (Privacy Guidelines for the Implementation of the Philippine Health Information Exchange — the “Health Privacy Code”).

By accessing or using the Registry, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree with this Policy, you must not use the platform.

1. Scope

This Policy applies to all personal data processing activities conducted through the Registry, including the website, any related applications, and all services operated under The Medical City Endocrine Diseases Registry by or on behalf of The Medical City. It covers:

• •Personal data of registered physicians and authorized users (“Users”)
• •Clinical data of patients enrolled in the Registry by their treating physicians
• •Information automatically collected from authorized users accessing the Registry dashboard

The Medical City acts as the Personal Information Controller for the Registry. Treating physicians who enroll patients also act as Personal Information Controllers with respect to the clinical data they submit. The Registry platform operates as a Personal Information Processor on behalf of The Medical City and its affiliated physicians.

2. Definition of Terms

3. What Data We Collect

The Registry collects different types of information depending on how you interact with the platform:

Patient Data (collected by treating physicians)

• •Demographics: age, sex, region of residence (province-level)
• •Clinical data: diagnoses (ICD-10 coded), imaging findings, surgical records, pathology results, laboratory values, treatments, and outcomes
• •Consent records: documentation of informed consent per RA 10173

Physician/User Data

• •Name, email address, PRC license number, and hospital affiliation
• •Authentication credentials (managed by our third-party identity provider, Clerk)

Automatically Collected Information

When you use the Registry, we may automatically collect:

• •Device and browser type, IP address, and operating system
• •Pages visited, access times, and usage patterns
• •Cookies and similar technologies used for session management and authentication

4. How We Use Your Data

Personal and sensitive personal information is processed for the following purposes:

• •Clinical registry operations: enrolling patients, recording clinical encounters, and tracking outcomes
• •Medical research: generating aggregate, de-identified statistics for research and oversight at The Medical City
• •Quality improvement: monitoring data completeness and clinical practice patterns
• •Regulatory compliance: maintaining audit trails as required by RA 10173 and the Health Privacy Code
• •Account administration: verifying physician credentials, managing account access, and communicating service-related notices

The legal bases for processing are: (a) consent of the data subject (Section 12(a), RA 10173); (b) medical treatment by a medical practitioner (Section 13(c)); and (c) processing for research purposes using adequately anonymized data (Section 13(d)).

5. Data Sharing and Third-Party Services

We do not sell, rent, or trade personal data to third parties. We may share personal data only in the following circumstances:

• •Third-party service providers: We use select third-party services to operate the platform, including Clerk (authentication), and cloud hosting providers. These providers process data solely on our behalf under strict contractual obligations to maintain confidentiality and security.
• •Statistics and Audit: De-identified, aggregated statistics may be generated for research and clinical audit purposes at The Medical City.
• •Legal requirements: We may disclose personal data when required by law, regulation, court order, or subpoena, or when necessary to protect the rights, property, or safety of the Registry, its users, or others.
• •Clinical oversight: Data may be shared with The Medical City administration and the Institutional Review Board (IRB) for oversight and quality assurance purposes.

6. Cookies and Tracking Technologies

The Registry uses cookies and similar technologies for the following purposes:

• •Essential cookies: Required for authentication, session management, and platform security. These cannot be disabled.
• •Authentication cookies: Set by our identity provider (Clerk) to maintain your signed-in session.

We do not use advertising cookies or third-party tracking cookies for marketing purposes. The Registry does not serve advertisements.

7. How We Protect Your Data

We implement organizational, physical, and technical security measures in accordance with Section 20 of RA 10173 and NPC Circular 2016-01:

• •Encryption: All sensitive personal information is encrypted at rest using AES-256 and in transit using TLS 1.3
• •Access control: Role-based access ensures physicians can only access patients under their care. Administrators have limited, audited access
• •Audit trails: All data access and modifications are logged with timestamps, user IDs, and action types
• •Infrastructure: Data is hosted on servers with SOC 2 Type II certification. Database backups are encrypted

Despite these measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security. If you believe your data has been compromised, please contact our Data Protection Officer immediately.

8. Data Breach Notification

In the event of a personal data breach involving sensitive personal information, the Registry will:

• •Notify the National Privacy Commission (NPC) within 72 hours of discovery, as required by NPC Circular 16-03
• •Notify affected data subjects within the same period if the breach is likely to result in serious harm
• •Take immediate steps to contain the breach and mitigate its effects
• •Document the breach and remediation actions taken

9. Your Rights

Under Sections 16–18 of RA 10173, data subjects have the following rights:

• •Right to be informed: Be informed about the collection and processing of your personal data, including the purpose, scope, and method of processing
• •Right to access: Request a copy of your personal data held in the Registry
• •Right to correction: Request correction of inaccurate or incomplete personal data
• •Right to erasure/blocking: Request deletion or blocking of data that is incomplete, outdated, false, or unlawfully obtained
• •Right to object: Object to the processing of your personal data, including processing for direct communications or automated decision-making
• •Right to data portability: Obtain your personal data in a structured, commonly used, and machine-readable format
• •Right to withdraw consent: Withdraw consent at any time. Withdrawal does not affect the lawfulness of processing performed prior to withdrawal
• •Right to damages: Claim compensation for damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data

To exercise any of these rights, contact our Data Protection Officer at the address listed below. We will respond to your request within 30 days, or as otherwise required by applicable law.

10. Patient Rights and Physician Obligations

Physicians who enroll patients in the Registry are responsible for:

• •Obtaining informed consent from each patient before enrolling them in the Registry
• •Informing patients about the purpose of the Registry, the types of data collected, and how their data will be used
• •Informing patients of their right to withdraw consent at any time
• •Ensuring that consent is documented and stored in the patient record

Patients (or their authorized representatives) may exercise their data privacy rights by contacting their treating physician or the Registry’s Data Protection Officer.

11. Data Retention

Clinical registry data is retained for a minimum of 15 years from the date of last entry, in accordance with the retention requirements of the Health Privacy Code (JAO 2016-0002, Section 18) and Department of Health guidelines on medical records retention.

Upon expiration of the retention period, personal data is securely deleted using industry-standard methods. De-identified aggregate data may be retained indefinitely for research purposes.

User account data is retained for the duration of the account plus one (1) year after account termination for audit purposes, after which it is permanently deleted.

12. De-identification for Statistics

All statistics are derived from de-identified, aggregated data. Our de-identification process includes:

• •Removal of all direct identifiers (names, dates of birth, contact information are never stored)
• •Age generalization to 10-year bands for statistical display
• •Geographic generalization to region level
• •Small-cell suppression: any aggregate cell containing fewer than 5 individuals is suppressed to prevent re-identification (k-anonymity, k=5)

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated to authenticated users via email and posted on this page with an updated revision date. Your continued use of the Registry after changes take effect constitutes acceptance of the revised Policy.

14. Data Protection Officer

For questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact:

You may also file a complaint with the National Privacy Commission (NPC) at privacy.gov.ph.