'HyeWon Medical Foundation Integrated Homepage' values your personal information
very much andwe comply with the "Personal Information Protection Act".
Through the 'Personal Information Processing Policy', the hospital will inform you of the purpose and use of the personal information you provide, in addition to the measures taken to protect your personal information. The hospital will notify you through the website announcement (or individual notice) when revising the personal information processing policy. This policy will be effective from June 30, 2017.
Information on collecting and using personal information is as follows.
1. Methods and Range of personal information collected.
Mediplex Sejong Hospital collects only the minimum amount of personal information needed for service. In order to use the services of the hospital, you have to fill out the required items and selection items. There is no limit to the use of the service even if you do not enter your choice such as whether to receive the e-mail.
[When you receive medical treatment]
- Required: hospital registration number, name, resident registration number, address, home number, mobile` number, email address
*It is mandatory to keep unique identification information and medical information by medical law (no separate agreement required)
- Choice : Guardian contact
- Health information : Personal health information that medical staff thinks is needed to provide medical services such as medical history and family history
[Payment of medical expenses]
When paid with card name of name brand name, credit card number, etc will be required.
* In addition to the above, for the purpose of collecting personal information in the short term will be announced to the customers, and the information includes information changed at the time of registration as well as information modification.
[How personal information is collected]
We collect personal information in the following ways.
• Collection via written forms, phone, email collection tools (collection tools such as visitor analysis tools)
The hospital uses the collected personal information for the following purposes. All information provided by the user will not be used for any purpose other than the following purposes, and will be subject to prior agreement if the purpose of use is changed.
[Treatment information]
Providing medical services for diagnosis and treatment, and billing services such as billing, receipt and refund
-Used for identification process such as appointment and reservation inquiry
-Medical services for diagnosis and treatment, collection of medical expenses and collection of receivables
-Issuance and dispatch of medical expenses bill, medical expenses statement, certificate,
-SMS on the date of appointment, scheduled date of admission, schedule of examination, etc.
2. Purpose of Collection and Use of Personal Information
- Procedures for personal confirmation for the appointment / consultation
- Diagnosis and treatment services (sharing personal information and medical information necessary for consultation)
- Medical services such as billing, payment, refund, etc.
- Medical bill, statement, and certificate
- Online / offline commissioned external inspection request
- Providing communication path for helping complaints / complaints
- Quality management of medical care, assessment of certification of medical institutions, legal administrative measures and measures for hospital operation
- Minimal analysis needed for educational research
3. Retention and use period of personal information
The hospital consigns personal information as follows to fulfill the service. In accordance with related laws and regulations, the hospital stipulates the matters necessary for the personal information be safely when contracted.
[When you receive medical treatment]
If collected for the purpose of providing medical services
· Keep in accordance with medical record keeping standards as stipulated in the Medical Law.
4. Procedures and methods of personal information destruction
When the purpose of collection and use of personal information is achieved, hospital will destroy immediately. Procedures and methods of destroying the personal information of the hospital are as follows.
[Destruction procedure]
After Information entered for medical treatment, the information is destroyed immediately as the destruction method.
[Destruction method]
While, personal information printed on paper is destroyed using an incinerator, personal information stored in an electronic file format is deleted using a technical method that cannot reproduce the record. The hospital shall not use your personal information beyond the scope of the "purpose of collecting and using personal information", except for your consent or the provisions of related laws. Even though they are not provided to the outside. However, except as follows.
· If submission of medical records for the claim of medical treatment benefits the Health Insurance Evaluation and Evaluation Service under the law ‘National Health Protection Act’
· Statistical writing ㆍfor research purposes, specific individuals are processed in a form that cannot be identified
· If there is a request from the investigating agency in accordance with the procedure and method prescribed in the Act.
5. Commitment of handling collected personal information
The hospital consigns personal information as follows to fulfill the service. In accordance with related laws and regulations, the hospital stipulates necessary information for the personal information to be managed safely when contracted.
The personal information consignment processing organization of the hospital and commissioned work contents are as follows.
Hospitals are obliged to comply with laws and regulations related to personal information protection, to keep confidentiality of personal information, to prohibit third party provision, burden of responsibility at the time of accident, period of consignment, return or destruction of personal information after termination, and are managed to comply with these regulations.
6. Rights of Information and Legal Representatives and How to act
Customer may request withdrawal (subscription / termination) for collection / use or provision of personal information as follows, and the hospital takes necessary measures immediately.
• You may withdraw your consent to the collection, use or provision of personal information by the hospital.
• If the hospital withdraws consent for the collection, use or provision of personal information by visiting the client, the hospital shall, without delay, destroy the personal information except when it is confirmed by the applicant and prescribed otherwise.
Membership of a child under the age of 14 (hereinafter referred to as "child") is made through a separate form in a plain and easy manner for the child to understand, and we must obtain the consent of the legal representative when collecting personal information.
• The hospital collects the minimum information from the child, such as the name and contact information of the legal representative, in order to obtain the consent of the legal representative, and has the consent of the legal representative according to the method prescribed in the personal information processing policy.
• The child's legal representative may request that the child's personal information be viewed, corrected and deleted. If you want to view, correct or delete the child's personal information, click on the Edit Member Information button to go through the process of checking the legal representative, then the legal representative of the child's personal information will be read, corrected, deleted or if contacted by department, telephone, or fax, we will take the necessary action.
• The hospital does not provide or share information about children with third parties, and if a legal representative requires correction of errors in the personal information collected from the child, the use and provision of the personal information until the error is corrected is prohibited.
※ Personal information that is required to be kept by law can not be modified or deleted within the storage period even if requested.
7. How to withdraw changes
After completing the consent form for collecting personal information, it is possible to change or withdraw the consent at any time, if the patient desires, except as specifically provided in the relevant laws such as the Medical Law and the Personal Information Protection Act.
8. Operation and management of image information processing equipment
[Purpose]
Medi-Flex Seeks to promote the appropriateness of public affairs by minimizing the infringement of personal information from closed-circuit television (CCTV) installed and operated for the purpose of facility protection, fire prevention and crime prevention at Sejong General Hospital, and to ensure the safety and rights of employees and customers.
[Responsibility]
The head of the facility shall be appointed as the CCTV installation and management supervisor, and the general affairs team leader shall be the operational supervisor. The fire brigade manager (826 in the city), the general affairs team officer (808 in the city) and the security officer (811 in the city) shall be in charge.
[Steps]
1) Third party provision of visual information, confirmation of reading and reproduction procedures If the information is agreed by the principal, if necessary for the conduct of criminal investigation and trial work, if approved by the responsible person for the safety of the facility and the public interest, the provision of visual information, viewing and reproduction is legal. If there is a legitimate public interest reason to refuse a request to browse, if there is a great possibility that the right of privacy of others is infringed irrespective of the purpose of installation, you may refuse to provide, view and play video information if the storage period has elapsed.
2) Installation and operation
• Number of installations: The hospital can increase or decrease the number and place of installation if necessary.
• Installation location: Around the hospital and outside fence, Hospital entrance and passage, Funeral ceremony (self-management of outsourcer)
• Shooting range: Approximately 20 meters from the camera
• Recording time: 24 hours a day, 24 hours a day.
3) Storage period of video information and storage place Within 30 days after the collection of image information, it is possible to extend, if necessary, and the storage place is to the security office.
4) How to store, manage, delete, and dispose video information
The video information is stored in the computer system of the Sejong hospital security office. When the DVR fails or replaced, the HDD in the existing DVR is discarded after it is permanently erased by a technical method that can not be restored.
5) Any person who wishes to provide, view, reproduce and destroy image information must specify the content and purpose of the image information in writing and obtaining approval from the operating officer.
6) Protection of visual information
• Administrative safeguards: To prevent illegal or tampering, record the date and time of creation of video information and the purpose of browsing, viewers, viewing date and time
• Technical protection measures: besides the responsible person and the person in charge,
• Physical protection measures: The image information storage device is stored in the disaster prevention room
7) Location of viewing, playback of video information and access control
The viewing and playback location of the video information should be done by the security office and approved by the responsible person.
9. Personal information manager
In order to protect customer's personal information and to handle complaints related to personal information, the hospital appoints relevant department and personal information manager as follows.
[Personal information manager]
Upper Manager) Name : Moon Kyeong Won (Medi-Flex Sejong Hospital Director of Management Support Division)
• Phone Number : 032-240-8720
• E-mail : mutri821@sejongh.co.kr
Lower Manager : Shim Jae Un (Medi-Flex Sejong Hospital Chief of Computer)
• Phone Number : 032-240-8576
• E-mail : tlawodns@sejongh.co.kr
You may report any privacy complaints that may arise as a result of using the services of the hospital to your personal information manager or department. The hospital will respond quickly and fully to your report. If you need to report or consult about other privacy infringements, please contact the following organizations:
Private Dispute Resolution Committee
- Homepage: www.1336.or.kr
- Phone Number : 1336
Korea Internet Promotion Agency (Personal Information Infringement Reporting Center)
- Homepage : www.privacy.kisa.or.kr
- Phone Number : 118, 02-405-5118
Information Protection Mark Certification Committee
- Homepage : www.eprivacy.or.kr
- Phone Number : 02-508-0553~4
Cyber Crime Division, Supreme Prosecutors' Office
- Homepage : www.spo.go.kr
- Phone Number : 02-3480-3573
National Police Agency Cyber Terror Response Center
- Homepage : www.ctrc.go.kr
- Phone Number : 1566-0112, 02-392-0330
10. Measures to ensure the safety of personal information
To ensure the safety of personal information in order to prevent loss, theft, leakage, alteration or damage to the hospital, we take administrative measures.
[Technical measures]
1) Password encryption
• The password of ID (ID) is encrypted and stored and managed. Only the person knows it, and confirmation and change of personal information is possible only by the person who knows the password.
2) Measures against hacking and viruses
• The hospital is doing its best to prevent personal information from being leaked or damaged by hacking or computer viruses. In order to prevent damage to personal information, we regularly back up the data and take measures to prevent damage from computer viruses by using the latest vaccine program. Vaccine programs are updated periodically, and if sudden viruses appear, we provide them as soon as they become available to prevent personal information from being compromised.
• In order to prevent personal information from being leaked by hacking or the like, the system is installed in an area controlled from the outside, and a device for blocking the intrusion is used. In addition, an intrusion detection system is installed to monitor intrusion for 24 hours.
[Management measures]
1) Personal information related to information education for all employees
• Hospitals have established procedures for the management and access to personal information to ensure that employees are aware of and comply with them and regularly check compliance.
• We sign an information protection pledge when hiring a new employee, so we have internal procedures in place to prevent leakage of information (including personal information) by employees, to remind ourselves of our obligation to protect personal information from time to time, and to audit compliance.
2) Minimization and training of handling staff
The hospital minimizes the number of people who can handle personal information, manages access rights, and ensures compliance with laws and policies through education. The person handling personal information is as follows:
• Person who deals with the business in/directly personal information
• Person in charge of personal information management and personal information protection such as the General personal information manager and personal information manager
• Those who have inevitable access to personal information in business
11. Obligation to notify in accordance with policy change
The current personal information processing policy may be changed from time to time due to changes in government policies or security technologies. If there is any addition, deletion or modification of the contents, it may be possible to check the website 'notice' We will notify you in a place by notice.
ㅇ Announcement date: June 30, 2017
ㅇ Effective date: June 30, 2017
