Privacy Policy - Bangkok Hospital Chiang Mai EN

Patient Privacy Notice Bangkok Hospital Chiang Mai Company Limited

Bangkok Hospital Chiang Mai Company Limited (BCM) commits to protect your personal data as a patient who undergoes investigation, treatment and medical services including other services provided by BCM. Your personal data is to be protected in compliance with the Personal Data Protection Act B.E. 2562. BDMS as a controller of such personal data is responsible by law for notifying you of this document for reasons and methodology BCM collects, gathers, uses or discloses your personal data, including informing you your rights as an owner of such personal data.

 

Objectives

Bangkok Hospital Chiangmai Company Limited analyzes your personal data under a scope as defined by Personal Data Protection Act B.E. 2562 and analyzes the data only as necessary for aforementioned action. Then BDMS concludes the use of your personal data as well as explaining Lawful Basis of Processing for the data as below details.

Purpose
Type of Data
Lawful Basis of Processing
1.

For a purpose of investigation and providing medical services

1.1. Providing medical services within BCM health providers

BCM’s teams of physicians, nurses and/or other staffs in health teams will record your personal data and take such the information for consultation with physicians or medical staffs including taking imaging and video for further follow up and/or any actions according to relevant professional principles throughout the period you are receiving the services as BCM explains detailed information for your understanding prior to starting any services also opens chances for your to ask questions until your satisfaction met.

1.2. Providing medical services if necessary to link data among network health providers   

For benefits in providing you medical services, BCM’s team of physicians, nurses and/or other relevant staffs may disclose your personal data to network health providers if necessary to use the data between the network health providers to provide some types of medical services. BCM establishes measures to protect personal data by agreements among network health providers to prevent unlawful processing of your personal data or without authority.

1.3 For Refer between health providers
In case, BCM puts or receives a request for refer of patient from one provider to another for continuation of cares or from one provider to BCM’s provider according to refer as set by BCM. BCM conducts refer according to BCM’s defined standards and will use your personal data for the purpose of refer only not for other purposes.

  • Identified data
  • Contact data
  • Health data
  • Financial data
For sensitive personal data: to protect or suppress threatening to life, body or health, in case the owner of personal data cannot give self-consent such as undergoing Emergency care or refer between health providers (Section.26 (1))
2.
For purpose of analysis study to develop quality of treatments by unidentified personal data
For purpose of analysis study to develop quality of treatments by unidentified personal data
BCM may use your personal data for analysis study to develop quality of treatments by an overall report with unidentified owners of personal data and the company strictly maintains confidentiality of such data.
  • Statistical data
3.
Disclose of the data to your insurance companies or contractors for purposes of rights to claim compensation from insurance companies or to reimburse medical claims
BCM needs to disclose your personal data to insurance companies to comply with a contract that you or BCM makes with the insurance companies for compensation or medical reimbursement. Indeed, BCM will not disclose your personal data to irrelevant parties.
  • Identified data
  • Contact data
  • Health data
Once receipt of your intended consent for disclose of your personal data: health data to insurance companies for a right to claim compensation from the insurance companies or to reimburse medical claims (Section. 26)
4.

Disclose of the data to a party referring you for investigation or a payer when you give consent for disclose of personal data

In case of agency of either government, private sector or state enterprise refers you to the company for treatments or is a payer for your medical expenses, BCM will disclose your health data which is sensitive personal data to aforementioned agency only if you give consent to disclose your data to the agency otherwise, BCM will directly send you a result of investigation.

  • Identified data
  • Contact data
  • Health data
Once receipt of your intended consent for disclose of your personal data (Section. 26)
5.
For purpose of linking electronic database of medical records among health providers via mobile application
Once you give consent, BCM will enter your personal data into computer system in a format of mobile application for your convenience to receive consultation via the application and for you to manage your data via the application. To maximize benefits, the system will link electronic database of medical records among network health providers for you to browse your existing personal data maintained in the providers via electronic devices as BCM makes agreement with network health providers to protect your personal data in compliance with Personal Data Protection Act B.E. 2562.
  • Identified data
  • Contact data
  • Health data
Once receipt of your intended consent for disclose of your personal data (Section. 26)
6.
For marketing purposes
BCM may collect, gather, use and analyze personal data for analyzing your health condition and contacting you for communication, providing medical information and offering promotion, products and services according to your consent
  • Identified data
  • Contact data
  • Data of subscribing and participating in marketing activities
health data for marketing purposes (Section. 26)

 

Apart from aforementioned purposes, company will not use your personal data for other purposes unless the Personal Data Protection Act B.E. 2562 permits such as

  • When receipt of your consent (Section. 24) or when receipt of intended consent in case of using sensitive personal data (Section. 26)
  • For analysis study or statistic which establishes appropriate protection measures to protect personal data, right and liberty of an owner of personal data (Section. 24(1))
  • To prevent, suppress threatening to life, body or health (Section. 24(2))
  • To comply with a contract between BCM and you (Section. 24 (3))
  • To perform duties accordingly to BCM’s mission for public interests (Section. 24 (4))
  • Legitimate Interest of BCM or person or other juristic person except the aforementioned interest is less important than basic rights of personal data owner (Section. 24(5))
  • For legal compliance of BCM (Section. 24 (6))
  • To prevent, suppress threatening to life, body or health in case the use of sensitive personal data when the owner cannot give self-consent regardless of any causes (Section. 26 (1))
  • For establishment rights for legal claims (Section. 26 (4))
  • For public health interests or other social protection as the company establishes appropriate measures to protect basic rights and benefits of personal data owner (Section. 26 (5) (B))
  • For needs to comply with Labor protection law, provision of medical welfare, social security (Section. 26(5) (C))

 

Definition

“Personal Data” includes information related to an individual that can be identifiable either directly or indirectly excluding the information of the decreased particularly

“Sensitive Personal Data” includes individual data related to race, ethnicity, political opinion, beliefs, religion or philosophy, sexual behavior, criminal records, health information, disability, trade union information, genetic data, biological data (such as facial image data, iris simulation data, fingerprint replica) or any other information that affects the owner of personal data in a similar manner as defined by committee of personal data protection.

Health data” includes the following data

  • Day, month, year of receiving medical treatment
  • History of drug allergy and history of drug side effects
  • History of food allergy
  • Diagnostic disease, procedure name, surgery name
  • Blood result, laboratory result, pathological result, radiological images, and radiological report
  • List of prescribed medication
  • Other information such as symptoms, physician recommendation, diagnostic details

“Process” includes collect, gather, use or disclose

“Personal Data Controller” includes an individual or juristic person who has authority in decision making about collection, gathering, use or disclose of personal data

“Personal Data Processor includes individual or juristic person who perform collection, gathering, use or disclose of personal data according to orders or on behalf of a personal data controller, in addition, the individual or juristic person performing actions as above must not be a personal data controller.

“Bangkok Dusit Medical Services Group” includes companies in BDMS network are currently existing or will be in the future, regardless it may be registered in Thailand or overseas, including Bangkok Hospital Chiang Mai Company limited

Network health provider” includes health providers in a group or network of BDMS operating both in Thailand and overseas.

 

Personal Data BDMS Collects from You

Your personal data collected by BCM can be classified as followings

Type of Personal data
Details
1. Personal data
Such as name, surname, ID card number, face image, gender, date of birth, passport number or other identifiable numbers.
2. Contact data
Such as billing information, credit or debit information, receipt information, invoice information.
3. Financial data
Such as billing information, credit or debit information, receipt information, invoice information.
4. Marketing Data
Such as registration information used for subscribe and marketing participation.
5. Technical data
Such as IP Address of computer, type of browser, Cookies information time zone setting, operating system, platform and technology of devices used for accessing website and Online Appointment System.
6. Health data
such as treatment information, reports about physical or mental health condition, health cares of service receivers, laboratory test results, diagnosis, diagnostic disease, information about drug use and drug allergy, history of food allergy, blood result, laboratory result, pathological result, radiological images and radiological report, list of prescribed medication, necessary information for medical services, information of feedback and treatments.

 

Sources of Personal Data

BCM collects and gathers your personal data from the following sources.

  1. Personal data directly collected from you such as
    • In case, you receive investigation and treatment, BCM receives your personal data from you contact BCM about services or you self-register at BCM for receiving medical services and other services from BCM, including registration via electronic media.
  2. Personal data indirectly collected from you such as
    • Persons who are close to you such as relatives, spouse etc.
    • Person you give authority to act on your behalf in contacting with the hospital.
    • Network health providers, in case you already give consent to the network health provider for disclose of your personal data.

Person, juristic person or agency of any government, private sector, or state enterprise who refers you for investigation services to BCM or is a payer for your service expenses.

 

Disclose or Share of Personal Data

BCM will not disclose your personal data to outsiders except when laws permit for needs in operation so BCM may disclose your personal data for the following cases

  1. Disclose personal data to government agency, authority agency or any person when laws define or authorize, including complying with court orders
  2. Disclose personal data to individual or juristic person the company needs to comply with contract or for your benefits as an owner of personal data. BCM requires those individual or juristic person must maintain confidentiality and protect your personal data according to standards as defined by Personal Data Protection Act B.E. 2562, including but not limited to individual or juristic persons as listed below
    • Network health providers and BDMS group as necessary as for providing investigation and medical services to you as the company will disclose personal data only as necessary and the company will maintain confidentiality of your personal data as its duties complied with relevant laws such as Medical facilities Act B.E. 2541, National Health Act B.E. 2550 and Medical Profession Act B.E. 2525
    • Insurance company or its provider managing compensation
    • Health provider servicing patient’s refer
    • The one referring you for investigation or services at a health provider or paying service expenses for you
    • Important personal data analyzer for the company’s operation such as employee, or laboratory service provider, database management, telecommunication, computer system, payment or provider of Technology Outsource
  3. BCM may maintain personal data in Cloud Computing by using such services from the third party located in Thailand or overseas. BCM makes a contract with mentioned persons very thoroughly and considers safety system in maintaining personal data that Cloud Computing service provider functions in regarding personal data protection

 

Duration of Personal Data Retention

  1. BCM uses standards of duration for retention of medical records in accordance with Medical Facilities Act B.E. 2541 and the latest version, BCM will maintain medical records in its system at minimum of 5 years once BCM creates the records. For medical benefits, the records will be maintained at the period you have not contacted with BCM longer than 10 years from the latest medical visit. Once completion of that 10 year duration, all original medical records, copies and electronic medical records will be disposed.
  2. In case, the company must comply with laws, regulations of other professional councils, court order or establish rights for legal claims to enter dispute resolution processes, BCM may maintain such personal data for the duration according to the legal statute or until the dispute is final whichever the case may be.

 

Measures of Personal Data Retention and Analysis

  1. BCM will manage the retention of personal data with standards not less than a level required by law and with appropriate system to protect and safeguard such personal data such as the use of Secure Sockets Layer: SSL, protect with firewall, password and other technology measures for encryption of information via the internet, and store in a facility with access protection system that limits the person’s access to personal data kept in a document format.
  2. BCM limits access to personal data that may be accessed by staffs, agent, partner or third party. Access to personal data by the third party can be done according to setting or order. Also the third party is responsible for maintaining confidentiality and personal data protection.
  3. BCM establishes technology method to protect unauthorized access to the computer system.
  4. BCM has an inspection system to manage destruction of unnecessary personal data for BCM’s.
  5. In case of sensitive personal data, BCM applies measures to maintain the security of documentation and electronic data for access and control of the use as well as having operating system and backup including emergency plan and conducting regularly risk assessment of the system.

 

Overseas Transfer of Personal Data

  1. Some cases, BCM may need to transfer your personal data to overseas. BCM may perform the transfer after notifying you of objectives of the transfer and receiving your consent. Then BCM may inform you about insufficient standards of personal data protection of the destination country.
  2. BCM can transfer your personal data without your consent if the transfer of personal data to overseas is in accordance with a contract you are as the contract’s partner or to protect or suppress any threatening to life, body or health of personal data owner, or for the use according to your request prior to making that contract or according to requirements in Personal Data Protection Act B.E. 2562.

 

Cookie Policy

When you visit our website, BCM uses cookie to ensure you will receive good experience from using the company’s website. Cookie is a small file that stores information and records it on to computer devices or communication tools when you access via web browser you choose while visiting the website.

BCM uses cookie to collect identity of your website visiting, with the identity BCM can remember the nature of your website using more easily and such data will be used for development of the company website to match with your needs more. For convenience and speed of your using the website, sometimes BCM may authorize the third party for this operation which may need IP address and cookie for analysis, data link and processing according to marketing purposes. You can set cookie when you enter the company website as you can choose to allow or not allow cookie to perform analysis, data link and processing according to marketing purposes.

 

Rights of Personal Data Owner

As a personal data owner, you have rights to request BCM to process your personal data according to scope allowed by laws as below

  1. Right to withdraw consent: you have rights to withdraw your consent for personal data processing as consents to BCM anytime throughout the period your personal data stored at BCM.
  2. Right of access: you have rights to access your personal data and request BCM for a copy of aforementioned personal data, including requesting the company to disclose the acquisition of your personal data you did not give your consent.
  3. Right to rectification: you have rights to request BCM to correct incorrect data or add to incomplete data.
  4. Right to erasure: you have rights to request BCM to erase your data by some reasons.
  5. Right to restriction of processing: you have rights to request BCM to suppress the use of your personal data by some reasons.
  6. Right to data portability: you have rights to transfer your personal data maintained by BCM to other data controllers or yourself by some reasons.
  7. Right to object: you have rights to object your personal data processing by some reasons.

You can contact with Data Protection Officer to request to exercise your rights as aforementioned at Bangkok Hospital Chiang Mai Company Limited 88/8-9 Moo 6, Nong Pa Khrang, Mueang Chiang Mai, Chiang Mai 50000, e-mail address:  [email protected]

Telephone: 052 089 888

Changes of Personal Data Protection Policy

BCM may review and change the personal data protection policy in the future for developing better personal data protection, BCM will notify you every time when the aforementioned policy changed.

 

Contact Channels

You can contact with Data Protection Officer to request to exercise your rights as aforementioned at Bangkok Hospital Chiang Mai Company Limited 88/8-9 Moo 6, Nong Pa Khrang, Mueang Chiang Mai, Chiang Mai 50000, e-mail address:  [email protected]

Telephone: 052 089 888

 

This Privacy Policy is valid from 23 January 2023