Concord International Hospital Pte Ltd – Personal Data Protection Policy
The purpose of this document (“Personal Data Protection Policy”) is to provide you with information about how Concord International Hospital and its related corporations or affiliates manage personal data.
In this policy, the terms “we”, “us” and “our” refer to Concord International Hospital (CIH) and the term “CHS” refers collectively to us, our parent company Concord Healthcare Singapore Pte Ltd, and/or its subsidiaries.
CIH is committed to follow this policy and comply with all data protection and confidentiality obligations imposed on us by law, including the Personal Data Protection Act 2012 (No. 26 of 2012) and Private Hospitals and Medical Clinics Act (Cap. 248) of Singapore.
What personal data CIH collects
If the individual provides the personal data of anyone else (such as family members or next-of-kin), it means that he/she has obtained his/her consent to CIH’s collection, use and disclosure of his/her personal data for the purposes set out in this policy.
How CIH collects Personal Data
Generally, CIH collects Personal Data in the following ways:
- when you submit any form, including but not limited to customer inquiry forms or other forms relating to any of our services;
- when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our services;
- when you interact with our staff, including International Patient Liaison Officers, for example, via telephone calls (which may be recorded), letters, fax, face-to-face meetings, social media platforms and emails;
- when you interact with us via our website or use services on our website;
- when you request that we contact you or request that you be included in an email or other mailing list;
- when you respond to our initiatives or to any request for additional Personal Data;
- when you submit an employment application or when you provide documents or information including your resume and/or CVs in connection with any appointment;
- when your images are captured by us via CCTV cameras while you are within our premises, or via photographs or videos taken by us or our representatives when you attend our events;
- when you are contacted by, and respond to, our marketing representatives or other employees;
- when we seek information about you and receive your Personal Data in connection with your relationship with us, including for our products and services or job applications, for example, from business partners, public agencies, your ex-employer, referral intermediaries and the relevant authorities; and/or
- when you submit your Personal Data to us for any other reasons.
Purposes for collection, use and disclosure of personal data
CIH collects, uses and discloses personal data for the following purposes:
- verifying your identity, responding to, processing and handling your queries, feedback, complaints and requests;
- providing inpatient and outpatient medical treatment and services, healthcare and allied healthcare services;
- requesting feedback or participation in surveys, as well as conducting market research and/or analysis for statistical, profiling or other purposes for us to improve our services;
- providing all other services on request or as needed, including but not limited to, customer service, patient liaison services, travel and accommodation arrangements and concierge services.
- creation, storage, hosting, backup (whether for disaster recovery or other purposes) of medical records and financial and other business records;
- guarding and securing our premises;
- monitoring and assessing the provision of products and services;
- financial reporting, regulatory reporting, management reporting, risk management (including monitoring credit exposures), audit and record keeping purposes;
- business research, planning, statistical analysis and policy development; and/or
- enhancing and improving our services, including reviewing standards of care
- sharing medical records with other health care providers for medical treatment and health care purposes, where required or permitted by law.
- providing education and training for doctors and other medical, nursing or health professionals and students. You are entitled to say no at any time to such persons viewing or being granted access to your treatment and related information. Please inform your doctor before treatment if you do not want such persons to view or have access to your treatment and related information.
- Conducting research into new treatments, procedures and practices for the improvement of healthcare, subject always to applicable laws and codes of conduct, including those relating to the protection of research subjects’ safety and confidentiality.
- Safeguarding public health and safety and preventing or lessening the threat to your health and safety or the health and safety of others.
- We may take photographs and make videos and/or sound recordings in and around our premises from time to time, including our meeting and function rooms. You may be captured in such photographs and recordings.
- We may use such photographs and/or recordings in our publications, websites and other communication channels, as well as in third party media, or display them in and around our premises and/or the premises of the CHS Group.
- CCTV may be in operation in and around our premises as necessary in the interests of security.
- Any other purposes relating to or arising out of the above
We may disclose the personal data to third parties, whether located in Singapore or elsewhere, in order to achieve the purposes stated in this policy. Such third parties include:
- the doctors and other healthcare professionals who treat or have treated you, and their respective staff;
- the Central Provident Fund Board of Singapore and/or your health insurance provider, for payment processing purposes;
- other CHS Group entities and our respective partners for the provision of products and services at your request or the conduct of marketing and promotions with your consent;
- our service providers, contractors and agents;
- third parties that you have used to obtain or request our products and services, including referral agencies, business introducers, travel agencies or similar service providers;
- other CHS Group entities for group-wide business purposes or where such disclosure is required or permitted by law;
- healthcare providers, agencies or facilities for the purposes of information sharing and exchange via the NEHR system or other health information exchange systems, where such disclosure is required or permitted by law;
- regulatory authorities, any statutory bodies or public agencies for the purposes of complying with their respective requirements, policies and directives or where such disclosure is required or permitted by law, including the Ministry of Health, Health Sciences Authority, the coroner and the police and other law enforcement agencies
- funeral homes and crematoria, where such disclosure is required or permitted by law;
- organisations that handle organ donation, procurement and transplants, where such disclosure is required or permitted by law;
- national registers and databases for various medical conditions, diseases and transplants, where such disclosure is required or permitted by law;
- accreditation or representative bodies for health care providers, agencies, facilities or healthcare professionals, where such disclosure is required or permitted by law; and/or
- anyone involved in your care or payment for your care (including a family member, friend or your caregiver or caregiving organisation) and anyone you have authorised us to contact or communicate with.
We may also collect, use and disclose personal data where required or permitted by law for any purpose.
In order to achieve any of the purposes referred to above, we may need to transfer personal data outside Singapore. If we do so, we will ensure that such personal data is protected to a standard comparable to the protection accorded to personal data under the Personal Data Protection Act 2012 (No. 26 of 2012) of Singapore. In summary, this means:
- the collection, use and/or disclosure of your personal data would be for the purpose(s) for which you have given consent;
- steps would be taken to ensure accuracy and completeness of your personal data when your personal data is used or disclosed to third parties;
- security arrangements would be made to protect your personal data;
- your personal data would be retained only if necessary for legal and business purposes; and/or
- anyone who receives your personal data from us is either in a jurisdiction which has comparable data protection laws or is otherwise bound to protect your personal data.
Risks on relying on data we collect from you that is without consent or which is inaccurate
If consents are not procured or if you fail to provide us with complete or accurate information, we may, in some situations, be prevented from providing a patient with medical treatment (or may be impaired in doing so, resulting in risks to that patient) or cause harm to a data subject.
We will take the approach that best safeguards us, you and others from risks, and we may well have not choice but to decline to proceed with the treatment in question to avoid causing harm or exposing us, you or others at risk.
Retention of personal data
We will retain personal data for a reasonable period in accordance with our legal and business purposes.
Amendments and updates
We may amend this policy from time to time and will make available the updated policy on our Internet site at http://www.cih.com.sg. Each time we collect, use or disclose personal data, the latest version of this policy in force at the time will apply.
How to contact us
If you have questions or concerns regarding your personal data or any aspect of this policy, please contact us at firstname.lastname@example.org