Patient Privacy Notice Bangkok Dusit Medical Services Public Company Limited

Bangkok Dusit Medical Services Public Company Limited (“BDMS”) commits to protect your personal data as a patient who undergoes investigation, treatment and medical services including other services provided by BDMS. Your personal data is to be protected in compliance with the Personal Data Protection Act B.E. 2562. BDMS as a controller of such personal data is responsible by law for notifying you of this document for reasons and methodology BDMS collects, gathers, uses or discloses your personal data, including informing you your rights as an owner of such personal data.  

Objectives

BDMS analyzes your personal data under a scope as defined by Personal Data Protection Act B.E. 2562 and analyzes the data only as necessary for aforementioned action. Then BDMS concludes the use of your personal data as well as explaining Lawful Basis of Processing for the data as below details.
  Purpose Type of Data Lawful Basis of Processing
1. For a purpose of investigation and providing medical services 1.1. Providing medical services within BDMS health providers BDMS’s teams of physicians, nurses and/or other staffs in health teams will record your personal data and take such the information for consultation with physicians or medical staffs including taking imaging and video for further follow up and/or any actions according to relevant professional principles throughout the period you are receiving the services as BDMS explains detailed information for your understanding prior to starting any services also opens chances for your to ask questions until your satisfaction met. 1.2. Providing medical services if necessary to link data among network health providers    For benefits in providing you medical services, BDMS’s team of physicians, nurses and/or other relevant staffs may disclose your personal data to network health providers if necessary to use the data between the network health providers to provide some types of medical services. BDMS establishes measures to protect personal data by agreements among network health providers to prevent unlawful processing of your personal data or without authority. 1.3 For Refer between health providers In case, BDMS puts or receives a request for refer of patient from one provider to another for continuation of cares or from one provider to BDMS’s provider according to refer as set by BDMS. BDMS conducts refer according to BDMS’s defined standards and will use your personal data for the purpose of refer only not for other purposes. – Identified data – Contact data – Health data – Financial data    For sensitive personal data: to protect or suppress threatening to life, body or health, in case the owner of personal data cannot give self-consent such as undergoing Emergency care or refer between health providers (Section.26 (1))
2. For purpose of analysis study to develop quality of treatments by unidentified personal data BDMS may use your personal data for analysis study to develop quality of treatments by an overall report with unidentified owners of personal data and the company strictly maintains confidentiality of such data. Statistical data  
3. Disclose of the data to your insurance companies or contractors for purposes of rights to claim compensation from insurance companies or to reimburse medical claims  BDMS needs to disclose your personal data to insurance companies to comply with a contract that you or BDMS makes with the insurance companies for compensation or medical reimbursement. Indeed, BDMS will not disclose your personal data to irrelevant parties. – Identified data – Contact data – Health data   Once receipt of your intended consent for disclose of your personal data: health data to insurance companies for a right to claim compensation from the insurance companies or to reimburse medical claims (Section. 26)
4. Disclose of the data to a party referring you for investigation or a payer when you give consent for disclose of personal data In case of agency of either government, private sector or state enterprise refers you to the company for treatments or is a payer for your medical expenses, BDMS will disclose your health data which is sensitive personal data to aforementioned agency only if you give consent to disclose your data to the agency otherwise, BDMS will directly send you a result of investigation. – Identified data – Contact data – Health data   Once receipt of your intended consent for disclose of your personal data (Section. 26)
5. For purpose of linking electronic database of medical records among health providers via mobile application Once you give consent, BDMS will enter your personal data into computer system in a format of mobile application for your convenience to receive consultation via the application and for you to manage your data via the application. To maximize benefits, the system will link electronic database of medical records among network health providers for you to browse your existing personal data maintained in the providers via electronic devices as BDMS makes agreement with network health providers to protect your personal data in compliance with Personal Data Protection Act B.E. 2562. – Identified data – Contact data – Health data   Once receipt of your intended consent for disclose of your personal data (Section. 26)
6. For marketing purposes BDMS may collect, gather, use and analyse personal data for analysing your health condition and contacting you for communication, providing medical information and offering promotion, products and services according to your consent – Identified data – Contact data – Data of subscribing and participating in marketing activities BDMS will perform this activity after receiving your consent to BDMS to use your health data for marketing purposes (Section. 26)
  Apart from aforementioned purposes, BDMS will not use your personal data for other purposes unless the Personal Data Protection Act B.E. 2562 permits such as
  • When receipt of your consent (Section. 24) or when receipt of intended consent in case of using sensitive personal data (Section. 26)
  • For analysis study or statistic which establishes appropriate protection measures to protect personal data, right and liberty of an owner of personal data (Section. 24(1))
  • To prevent, suppress threatening to life, body or health (Section. 24(2))
  • To comply with a contract between BDMS and you (Section. 24 (3))
  • To perform duties accordingly to  BDMS’s mission for public interests (Section. 24 (4))
  • Legitimate Interest of BDMS or person or other juristic person except the aforementioned interest is less important than basic rights of personal data owner (Section. 24(5))
  • For legal compliance of BDMS (Section. 24 (6))
  • To prevent, suppress threatening to life, body or health in case the use of sensitive personal data when the owner cannot give self-consent regardless of any causes (Section. 26 (1))
  • For establishment rights for legal claims (Section. 26 (4))
  • For public health interests or other social protection as the company establishes appropriate measures to protect basic rights and benefits of personal data owner (Section. 26 (5) (B))
  • For needs to comply with Labor protection law, provision of medical welfare, social security (Section. 26(5) (C))

Definition

Personal Data includes information related to an individual that can be identifiable either directly or indirectly excluding the information of the decreased particularly Sensitive Personal Dataincludes individual data related to race, ethnicity, political opinion, beliefs, religion or philosophy, sexual behavior, criminal records, health information, disability, trade union information, genetic data, biological data (such as facial image data, iris simulation data, fingerprint replica) or any other information that affects the owner of personal data in a similar manner as defined by committee of personal data protection “Health data” includes the following data
  • Day, month, year of receiving medical treatment
  • History of drug allergy and history of drug side effects
  • History of food allergy
  • Diagnostic disease, procedure name, surgery name
  • Blood result, laboratory result, pathological result, radiological images, and radiological report
  • List of prescribed medication
  • Other information such as symptoms, physician recommendation, diagnostic details
Process includes collect, gather, use or disclose Personal Data Controller includes an individual or juristic person who has authority in decision making about collection, gathering, use or disclose of personal data “Personal Data Processor includes individual or juristic person who perform collection, gathering, use or disclose of personal data according to orders or on behalf of a personal data controller, in addition, the individual or juristic person performing actions as above must not be a personal data controller. “Bangkok Dusit Medical Services Group” includes companies in BDMS network are currently existing or will be in the future, regardless it may be registered in Thailand or overseas, including Bangkok Dusit Medical Services Company limited “Network health provider” includes health providers in a group or network of BDMS operating both in Thailand and overseas.  

Personal data BDMS collects from you

Your personal data collected by BDMS can be classified as followings
Type of Personal data Details
1. Personal data Such as name, surname, ID card number, face image, gender, date of birth, passport number or other identifiable numbers
2. Contact data Such as address, telephone number, e-mail address
3. Financial data Such as billing information, credit or debit information, receipt information, invoice information
4. Marketing Data Such as registration information used for subscribe and marketing participation
5. Technical data Such as IP Address of computer, type of browser, Cookies information time zone setting, operating system, platform and technology of devices used for accessing website and Online Appointment System
6. Health data such as treatment information, reports about physical or mental health condition, health cares of service receivers, laboratory test results, diagnosis, diagnostic disease, information about drug use and drug allergy, history of food allergy, blood result, laboratory result, pathological result, radiological images and radiological report, list of prescribed medication, necessary information for medical services, information of feedback and treatments
 

Sources of Personal Data

BDMS collects and gathers your personal data from the following sources
  1. Personal data directly collected from you such as
    • In case, you receive investigation and treatment, BDMS receives your personal data from you contact BDSM about services or you self-register at BDMS for receiving medical services and other services from BDMS, including registration via electronic media
  2. Personal data indirectly collected from you such as
    • Persons who are close to you such as relatives, spouse etc.
    • Person you give authority to act on your behalf in contacting with the hospital
    • Network health providers, in case you already give consent to the network health provider for disclose of your personal data
    • Person, juristic person or agency of any government, private sector, or state enterprise who refers you for investigation services to BDMS or is a payer for your service expenses
 

Disclose or share of personal data

BDMS will not disclose your personal data to outsiders except when laws permit for needs in operation so BDMS may disclose your personal data for the following cases
  1. Disclose personal data to government agency, authority agency or any person when laws define or authorize, including complying with court orders
  2. Disclose personal data to individual or juristic person the company needs to comply with contract or for your benefits as an owner of personal data. BDMS requires those individual or juristic person must maintain confidentiality and protect your personal data according to standards as defined by Personal Data Protection Act B.E. 2562, including but not limited to individual or juristic persons as listed below
    • Network health providers and BDMS group as necessary as for providing investigation and medical services to you as the company will disclose personal data only as necessary and the company will maintain confidentiality of your personal data as its duties complied with relevant laws such as Medical facilities Act B.E. 2541, National Health Act B.E. 2550 and Medical Profession Act B.E. 2525
    • Insurance company or its provider managing compensation
    • Health provider servicing patient’s refer
    • The one referring you for investigation or services at a health provider or paying service expenses for you
    • Important personal data analyzer for the company’s operation such as employee, or laboratory service provider, database management, telecommunication, computer system, payment or provider of Technology Outsource
  3. BDMS may maintain personal data in Cloud Computing by using such services from the third party located in Thailand or overseas. BDMS makes a contract with mentioned persons very thoroughly and considers safety system in maintaining personal data that Cloud Computing service provider functions in regarding personal data protection
 

 Duration of Personal Data Retention

  1. BDMS uses standards of duration for retention of medical records in accordance with Medical Facilities Act B.E. 2541 and the latest version, BDMS will maintain medical records in its system at minimum of 5 years once BDMS creates the records. For medical benefits, the records will be maintained at the period you have not contacted with BDMS longer than 10 years from the latest medical visit. Once completion of that 10 year duration, all original medical records, copies and electronic medical records will be disposed.
  2. In case, the company must comply with laws, regulations of other professional councils, court order or establish rights for legal claims to enter dispute resolution processes, BDMS may maintain such personal data for the duration according to the legal statute or until the dispute is final whichever the case may be.
 

Measures of Personal Data Retention and Analysis

  1. BDMS will manage the retention of personal data with standards not less than a level required by law and with appropriate system to protect and safeguard such personal data such as the use of Secure Sockets Layer: SSL, protect with firewall, password and other technology measures for encryption of information via the internet, and store in a facility with access protection system that limits the person’s access to personal data kept in a document format.
  2. BDMS limits access to personal data that may be accessed by staffs, agent, partner or third party. Access to personal data by the third party can be done according to setting or order. Also the third party is responsible for maintaining confidentiality and personal data protection
  3. BDMS establishes technology method to protect unauthorized access to the computer system
  4. BDMS has an inspection system to manage destruction of unnecessary personal data for BDMS’s
  5. In case of sensitive personal data, BDMS applies measures to maintain the security of documentation and electronic data for access and control of the use as well as having operating system and backup including emergency plan and conducting regularly risk assessment of the system
 

Overseas Transfer of Personal Data

  1. Some cases, BDMS may need to transfer your personal data to overseas. BDMS may perform the transfer after notifying you of objectives of the transfer and receiving your consent. Then BDMS may inform you about insufficient standards of personal data protection of the destination country
  2. BDMS can transfer your personal data without your consent if the transfer of personal data to overseas is in accordance with a contract you are as the contract’s partner or to protect or suppress any threatening to life, body or health of personal data owner, or for the use according to your request prior to making that contract or according to requirements in Personal Data Protection Act B.E. 2562.
 

Cookie Policy

When you visit our website, BDMS uses cookie to ensure you will receive good experience from using the company’s website. Cookie is a small file that stores information and records it on to computer devices or communication tools when you access via web browser you choose while visiting the website. BDMS uses cookie to collect identity of your website visiting, with the identity BDMS can remember the nature of your website using more easily and such data will be used for development of the company website to match with your needs more. For convenience and speed of your using the website, sometimes BDMS may authorize the third party for this operation which may need IP address and cookie for analysis, data link and processing according to marketing purposes. You can set cookie when you enter the company website as you can choose to allow or not allow cookie to perform analysis, data link and processing according to marketing purposes.  

Rights of Personal Data Owner

As a personal data owner, you have rights to request BDMS to process your personal data according to scope allowed by laws as below
  1. Right to withdraw consent: you have rights to withdraw your consent for personal data processing as consents to BDMS anytime throughout the period your personal data stored at BDMS.
  2. Right of access: you have rights to access your personal data and request BDMS for a copy of aforementioned personal data, including requesting the company to disclose the acquisition of your personal data you did not give your consent
  3. Right to rectification: you have rights to request BDMS to correct incorrect data or add to incomplete data
  4. Right to erasure: you have rights to request BDMS to erase your data by some reasons
  5. Right to restriction of processing: you have rights to request BDMS to suppress the use of your personal data by some reasons
  6. Right to data portability: you have rights to transfer your personal data maintained by BDMS to other data controllers or yourself by some reasons
  7. Right to object: you have rights to object your personal data processing by some reasons
You can contact with Dr. Wisut Lachasewee: Data Protection Officer Group 1 (DPO Gr.1) to request to exercise your rights as aforementioned at Bangkok Dusit Medical Services Public Company Limited No. 2 Soi Soonvijai 7, New Petchaburi Rd, Bangkapi, Huykwang, Bangkok, telephone number: 02-310-3331, e-mail address: [email protected] or [email protected]  

Changes of Personal Data Protection Policy

BDMS may review and change the personal data protection policy in the future for developing better personal data protection, BDMS will notify you every time when the aforementioned policy changed.

Contact Channels

You can contact Dr. Wisut Lachasewee: Data Protection Officer Group1: DPO Gr.1, inquiry or use any right related to personal data to [email protected] or [email protected] Bangkok Dusit Medical Services Public Company Limited 2 Soi Soonvijai 7, New Petchaburi Rd, Bangkapi, Huaykwang, Bangkok, Telephone number 02-310-3331