Address

Hayes Street, Pinikitan, Cagayan de Oro City, 9000 Philippines

Phone

(088) 881 0548

Mobile

0917 822 6707

Facebook-square Search

Privacy Policy

Privacy Policy

Data Privacy Policy Statement

1.0 Statement of Policy

Maria Reyna – Xavier University Hospital, Inc. (MRXUHI) upholds the principles of data privacy, confidentiality, and protection in compliance with Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012.

The Hospital is committed to collecting, processing, using, storing, and sharing personal and sensitive information lawfully, fairly, and transparently for legitimate purposes related to the delivery of quality healthcare and hospital operations.

2.0 Information Collected

MRXUHI collects personal and sensitive information necessary for patient care and institutional transactions. These may include, but are not limited to:

2.1 Name, address, and contact information;

2.2 Date of birth, age, and demographic data;

2.3 Medical records and diagnostic results;

2.4 Billing, payment, and insurance details; and

2.5 Other data provided or obtained in the course of consultation, admission, or treatment.

Information may be gathered directly from patients, authorized representatives, or through lawful coordination with other healthcare providers, government agencies, or third parties as required for legitimate medical or administrative purposes.

3.0 Purpose of Processing

Collected information is used to:
3.1 Maintain accurate patient records and hospital databases;

3.2 Support diagnosis, treatment, and other medical care activities;

3.3 Facilitate hospital administration, billing, and communication;

3.4 Comply with legal, regulatory, and reporting requirements; and

3.5 Protect or enforce the lawful rights and interests of MRXUHI and its patients.

4.0 Data Protection Measures

MRXUHI implements organizational, physical, and technical security measures to ensure the integrity, confidentiality, and availability of personal data. These include:

4.1 Restricted access to authorized personnel;

4.2 Confidentiality agreements and data protection training;

4.3 Use of password-protected and encrypted systems;

4.4 Secure storage of physical records; and

4.5 Regular maintenance and monitoring of database systems.

All reasonable steps shall be taken to safeguard information from unauthorized access, alteration, disclosure, or destruction.

5.0 Data Subject Rights

In accordance with the Data Privacy Act of 2012, its Implementing Rules and Regulations (IRR), and related NPC advisories, all patients, clients, and stakeholders of MRXUHI are entitled to the following rights:

    5.1 Right to be informed

    5.2 Right to access

    5.3 Right to object

    5.4 Right to erasure or blocking

    5.5 Right to damages

    5.6 Right to file a complaint

    5.7 Right to rectify

    5.8 Right to data portability

6.0 Data Retention and Disposal

Records shall be retained only for as long as necessary to fulfill medical, legal, and institutional purposes, or as required by existing laws and regulations. Upon completion of the retention period, both physical and electronic records shall be securely disposed of through approved destruction methods to prevent unauthorized retrieval or use.

7.0 Data Protection Officer Contact

For data-related inquiries, requests, or complaints, you may contact:

Sr. Florence L. Dela Calzada, SPC
Data Protection Officer (DPO)
Maria Reyna – Xavier University Hospital, Inc.
Email: mariareynaxucdo@gmail.com