We Respect and Keep Your Data Safe
We recognise the importance of the personal data you have entrusted to our clinic and this Data Protection Statement is to assist you in understanding the purpose of collection, use and disclosure of your personal data by us. For general information on personal data protection, please visit the Personal Data Protection Commission website (https://www.pdpc.gov.sg). We are committed to protecting your personal data, and will manage and process it in accordance with the requirements of Singapore’s Personal Data Protection Act 2012 (the “PDPA”), the Ministry of Health’s guidelines and directives, and other relevant legislation. As part of our efforts to ensure that we properly manage, protect and process your personal data, we will review our policies, procedures and processes from time to time and reserve the right to amend this Data Protection Statement at our discretion. The latest version of this Policy supersedes earlier versions and will apply to personal data provided to us previously. We encourage you to review this page periodically to keep up to date with any changes to this Policy.
1) PERSONAL DATA
“Personal Data” refers to any data, whether true or not, about an individual who can be identified
(a) from that data; or
(b) from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time.
This includes data you provide for registration purposes, (e.g. name, NRIC number, date of birth etc.), medical information, diagnostic imaging, photographic films, your image on our closed-circuit television, financial information and any other personal information provided by you or your next-of-kin, which will be collected when you present yourself for medical examination or treatment.
2) COLLECTION, USE AND DISCLOSURE
By voluntarily providing your personal data in order to obtain medical care, it shall be deemed that you have consented to the collection, use, disclosure and processing of your personal data by us for the purposes directly related to the provision of medical care to you and by our staff, which includes referrals to other healthcare professionals, institutions and other associated purposes, e.g. billing, insurance applications, laboratory services, radiology services, improvement of services etc.
If you provide the personal data belonging to others (such as your family members or nextof-kin), you warrant that you have informed the individuals of the purposes for which we are collecting their personal data and that they have consented to your disclosure of their personal data to us for those purposes. Our clinic may contact you (and / or the patient) via phone call, SMS, data, phone,social media message, email or regular post for the purposes listed in this document. This consent is regardless of any current or future registration on the Do-Not-Call-Registry. Our clinic may also similarly contact anyone involved in your care or payment for your care (including a family member, next-of-kin, friend or your caregiver or caregiving organisation) and anyone you have authorized us to contact or communicate with.
Healthcare providers & authorities beyond our clinic
When you seek care from other healthcare providers, we may share the relevant data with them through trusted information systems like the National Electronic Health Record (NEHR) system, as necessary. Similarly, our doctors may also use your personal data to access and retrieve your medical records from NEHR for the sole purpose of your medical care. To understand more about the purpose, security and your autonomy with NEHR, please visit their website at https://www.synapxe.sg/healthtech/national-programmes/national-electronic-health-record-nehr.
As a medical clinic, we may also share relevant data and participate in national and multiagency efforts as requested or mandated by the Ministry of Health, Singapore. This is in the interest of safeguarding public health and safety and preventing or lessening the threat to your health and safety or the health and safety of others.
We may disclose the personal data to third parties, whether located in Singapore or elsewhere, in order to achieve the purposes stated in this policy, where disclosure is required or permitted by law. Such third parties may include: regulatory authorities, any statutory bodies or public agencies for the purposes of complying with their respective requirements, policies and directives or where such disclosure is required or permitted by law, including the Ministry of Health, Health Sciences Authority, the coroner and the police and other law enforcement agencies.
The data protection and privacy policies of any of these other parties (digital or otherwise) may differ from ours. We are not responsible for the content and privacy practices of these other parties or digital services and you are encouraged to consult the privacy notices of these services separately.
Teaching purposes
Our clinic is committed to providing education and training for doctors and other medical, nursing or health professionals and students. You are entitled to say no at any time to such persons viewing or being granted access to your treatment and related information. Please inform your doctor before treatment if you do not want such persons to view or have access to your treatment and related information.
Research
We may also use your personal data to invite you to participate in suitable care programmes, or shortlist you for participation in relevant research studies. Such participation is subject always to applicable laws and codes of conduct, including those relating to the protection of research subjects’ safety and confidentiality.
3) CONFIDENTIALITY
We take patient confidentiality very seriously and will endeavour to keep your data safe by:
• limiting access to only doctors and healthcare personnel who are involved in your care and the supporting internal processes; • conducting regular checks to ensure only authorised persons have accessed your data;
• putting in place reasonable security arrangements to ensure that your personal data is adequately protected and to prevent any unauthorised access. This includes, but is not limited to, putting in place appropriate administrative, physical and technical processes such as up-to-date anti-virus protection, encryption of documents and system, etc.
• Having our clinic certified by SG Cybersafe to conform to the requirements of CSA Cybersecurity.
Our Clinic uses Electronic Medical Records (EMR) which are cloud-based.
Our EMR provider has reassured that they will maintain the highest possible security and best practice measures to keep your data protected. While we take reasonable efforts to protect your personal data held by us, we cannot be held responsible for unauthorized and unintended access that is beyond our control.
4) RETENTION OF YOUR PERSONAL DATA
Your personal data will be retained in accordance with the Ministry of Health’s guidelines on the retention of patient data. The consent shall be valid from the date indicated below until such a time when retention of the personal data is no longer necessary for the Company’s legal or business purposes.
5) YOUR OBLIGATION
It is your obligation to ensure that all personal data submitted to us is complete, accurate, true and correct.
6) OUR OBLIGATION
You may request correction of your personal data. We will correct your personal data as soon as practicable after the request has been made, unless we have reasonable grounds not to do so.
You may withdraw your consent for the collection, use and disclosure of your personal data in our possession by giving reasonable notice to us. Although we are obliged to evaluate and process your request, your withdrawal of consent will affect the medical care and services you would receive from us or other healthcare institutions.
7. HOW TO CONTACT US
If you have any further queries with regards to your personal data, you may contact us at
Email: contact@hopegastro.com or
Tel: (65) 6836 0608 (Mon-Fri 9am – 5pm; Sat 9am – 12noon)
Updated August 2024