Data Privacy Consent Undertaking with SPA for HMO – Soft Copy Editable Template
This is a soft copy template saved in Word File and editable in Word Document.
This contains the sample terms, conditions, clauses, and provisions of the contract described.
See the Description below to view the Contents of this soft copy template.
This is another template from LVS which makes employer’s or business owner’s life a lot easy. This is editable in Word document as it was written using the Word 365 software.
Data privacy law is probably one of the hallmark legislations in the country protecting the personal information of individuals transacting with any entity.
The Data Privacy Act of 2012 (DPA) declares that it is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected.
It is a practice for some companies to provide the health coverage for its employees in the form of a health card provider or Health Maintenance Organization (HMO). As a matter of procedure, employees would undergo medical checkup, operation, diagnosis, etc. and the results are made available only to the employees involved.
In certain cases, the HMO and/or medical facility/entity would refuse to provide the company or employer a copy of the results as the same may violate the DPA. The medical information may form part of the protected personal information or sensitive personal information.
As defined by law, “personal information” refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
Further, “sensitive personal information ” refers to personal information:
(1) About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
(2) About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings;
(3) Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
(4) Specifically established by an executive order or an act of Congress to be kept classified.
As a rule, the processing of sensitive personal information and privileged information is prohibited. There are exceptions under the law, to wit:
(a) The data subject has given his or her consent, specific to the purpose prior to the processing, or in the case of privileged information, all parties to the exchange have given their consent prior to processing;
(b) The processing of the same is provided for by existing laws and regulations: Provided, That such regulatory enactments guarantee the protection of the sensitive personal information and the privileged information: Provided, further, That the consent of the data subjects are not required by law or regulation permitting the processing of the sensitive personal information or the privileged information;
(c) The processing is necessary to protect the life and health of the data subject or another person, and the data subject is not legally or physically able to express his or her consent prior to the processing;
(d) The processing is necessary to achieve the lawful and noncommercial objectives of public organizations and their associations: Provided, That such processing is only confined and related to the bona fide members of these organizations or their associations: Provided, further, That the sensitive personal information are not transferred to third parties: Provided, finally, That consent of the data subject was obtained prior to processing;
(e) The processing is necessary for purposes of medical treatment, is carried out by a medical practitioner or a medical treatment institution, and an adequate level of protection of personal information is ensured; or
(f) The processing concerns such personal information as is necessary for the protection of lawful rights and interests of natural or legal persons in court proceedings, or the establishment, exercise or defense of legal claims, or when provided to government or public authority.
While it appears that in an employer-employee relationship, the information obtained from the employee is in relation to such employment, there is a need to have a clear consent to process the information on the part of the employer. Hence, if the information is shared by the employee with the medical facility and the results are generated, the employer can be authorized by the employee to have such copy.
This should be in the form of an express consent since an individual’s health is a sensitive personal information under the law which can only be processed if there is an express consent by the data subject.
Thus, the sample template will be very helpful where the employee gives consent for the company to process the sensitive personal information obtained by the health provider in an HMO setting.
This form is better used with the document proving authority of the company to its duly authorized representative to obtain said information and all other records in relation thereto.