Privacy Policy

Introduction

RiteCareDoctor ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services or visit our website.

Information We Collect

Personal Information

We may collect the following types of personal information:

• Name, address, phone number, and email address
• Date of birth, TIN, and PhilHealth number (for billing purposes)
• Insurance information
• Emergency contact information

Health Information

As a healthcare provider, we collect protected health information (PHI) including:

• Medical history and current health conditions
• Treatment records and clinical notes
• Laboratory and diagnostic test results
• Prescription and medication information

Website Information

When you visit our website, we may collect:

• IP address and browser type
• Pages visited and time spent on site
• Information submitted through forms
• Cookies and similar tracking technologies

How We Use Your Information

We use your information for the following purposes:

• Providing medical care and treatment
• Processing insurance claims and billing
• Communicating appointment reminders and health information
• Improving our services and patient experience
• Complying with legal and regulatory requirements
• Responding to your inquiries and requests

Data Privacy Act Compliance

As a healthcare provider operating in the Philippines, we comply with the Data Privacy Act of 2012 (Republic Act 10173) and its Implementing Rules and Regulations. This law protects the privacy and security of your personal and sensitive personal information, including health data. We are registered with the National Privacy Commission (NPC) as required by law.

Your rights under the Data Privacy Act include:

• The right to be informed about how your data is collected and processed
• The right to access your personal data and obtain copies of your records
• The right to correct or rectify inaccurate or incomplete data
• The right to object to the processing of your personal data
• The right to erasure or blocking of unlawfully processed data
• The right to data portability
• The right to file a complaint with the National Privacy Commission
• The right to damages for violations of your data privacy rights

Information Sharing

We may share your information in the following circumstances:

• Treatment: With other healthcare providers involved in your care
• Payment: With insurance companies and billing services
• Operations: For quality improvement and healthcare operations
• Legal Requirements: When required by law or court order
• Public Health: For disease prevention and public health activities
• With Your Authorization: When you provide written consent

Data Security

We implement appropriate technical and organizational measures to protect your personal and health information. Our systems are hosted on Amazon Web Services (AWS), a leading cloud infrastructure provider with robust security certifications. Our security measures include:

• Encrypted data transmission using SSL/TLS protocols
• Encryption at rest using AWS Key Management Service (KMS)
• Secure cloud infrastructure with AWS security controls and compliance certifications
• Role-based access controls and identity management
• Regular security assessments, vulnerability scanning, and audits
• Automated backups and disaster recovery procedures
• Staff training on privacy and security practices

Cookies and Tracking

Our website uses cookies and similar technologies to enhance your browsing experience. You can control cookie settings through your browser preferences. We use:

• Essential Cookies: Required for website functionality
• Analytics Cookies: To understand how visitors use our site
• Preference Cookies: To remember your settings and preferences

Data Retention

We retain your personal and health information only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. Specifically:

• Medical records are retained for a minimum of 10 years from the last patient encounter, as required by Philippine healthcare regulations
• Billing and financial records are retained for 10 years for tax and audit purposes
• Marketing and inquiry data is retained for 2 years from your last interaction
• Upon expiration of the retention period, data is securely deleted or anonymized

Your Choices and How to Exercise Your Rights

Under the Data Privacy Act of 2012, you have the right to:

• Withdraw consent: You may withdraw your consent to data processing at any time, though this may affect our ability to provide services
• Access your data: Request a copy of the personal information we hold about you
• Correct your data: Request correction of inaccurate or incomplete information
• Delete your data: Request erasure of your personal information, subject to legal retention requirements
• Data portability: Request your data in a structured, commonly used format
• Object to processing: Object to processing of your data for direct marketing or other purposes
• Opt out of marketing: Unsubscribe from marketing communications at any time
• Manage cookies: Control cookie preferences through your browser settings

To exercise any of these rights, contact our Data Protection Officer at dpo@ritecaredr.com. We will respond to your request within 30 days as required by the National Privacy Commission.

Children's Privacy

We do not knowingly collect personal information from children under 13 through our website without parental consent. For our pediatric patients, we collect information through their parents or legal guardians in compliance with applicable laws.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the "Last Updated" date. We encourage you to review this policy periodically.