The security of your Personal Data is important to us.
In this policy, “we”, “us”, “our” means National University Hospital (Singapore) Pte Ltd and/or National University Health System Pte Ltd, “you”, “your” or “yours” means the persons to whom this policy applies, as listed below.
Due to the recent introduction of the Personal Data Protection Act 2012 (“PDPA”), we have implemented safeguards to protect your Personal Data that is collected, used and disclosed by us. This Data Protection Policy describes how we may collect, use, disclose and manage your Personal Data. The policy applies to all individuals whose Personal Data is in our possession or under our control.
“Personal Data” refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time.
Some examples of your Personal Data that we may collect are your name, contact details, residential address, date of birth, identification card number/passport details, medical records, diagnostic imaging, photographic films and financial information.
We, as a public healthcare institution, endeavor as far as possible to keep your Personal Data safe by:
a) Limiting access to only doctors and healthcare personnel who are involved in your care, and the supporting internal processes,
b) Conducting regular audits to ensure only authorised persons have accessed your data, and
c) Removing details that identify you when using your data for internal purposes as far as possible.
We use reasonable precautions to protect your Personal Data under our control in order to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks. You should be aware, however, that no method of storage is fully secure. While complete security cannot be guaranteed, we strive to protect the security of your information and will periodically review and enhance our information security measures where necessary.
Collection of Personal Data
The following are some examples of how we may collect Personal Data from you in the following ways:
a) During your registration with us;
b) During consent taking to procedures; and
c) During your consultations with our healthcare professionals
Purposes for the Collection, Use and Disclosure of Your Personal Data
When you seek care at other public healthcare institutions , we will share relevant data with them through trusted information systems like the National Electronic Health Record (NEHR) system. We may use your Personal Data to invite you to participate in care programmes suited for you.
As a public healthcare institution, we share relevant data and participate in national and multi-agency efforts to:
a) review healthcare policies and requirements,
b) review programmes that ensure patient safety and improve the quality of healthcare services,
c) conduct disease surveillance to address public health concerns, and
d) train future generations of healthcare professionals.
Please be assured that if your Personal Data is collected, used or disclosed for these purposes, we will protect it as required under the PDPA and other relevant legislation such as the Private Hospitals and Medical Clinics Act.
Retention of your Personal Data
We periodically review the Personal Data collected by us to determine if that data is still needed. Your Personal Data will be retained only as long as the purpose for which it was collected remains and until it is no longer necessary for any other legal or business purposes.
Withdrawal of Consent, Access and Correction of your Personal Data
It is your obligation to ensure that all Personal Data submitted to us is complete, accurate, true and correct. You have the right however, under the PDPA, to withdraw your consent to any use of your Personal Data, to obtain access or to make corrections to your Personal Data records kept with us.
If you have any queries on any aspect of the PDPA as regards your Personal Data, please contact the Patient Relations Department at firstname.lastname@example.org
Please note that if your Personal Data has been provided to us by a third party, you should instead contact that organization or individual to make such queries, complaints, and access and correction requests.
Changes to Policy
We reserve the right to modify or change this Data Protection Policy at any time. If we make material changes to the Data Protection Policy, we will post any changes on this page. We encourage you to review this page periodically to understand our policy regarding the collection and use of your Personal Data.