The Standards for Patient Healthcare Data Privacy published for first time by Department of Health for Emirate of Abu Dhabi in September 2020. A major goal of the Patient Data Privacy is to assure that individuals health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and wellbeing. Standards strikes a balance that permits important uses of information, while protecting the privacy of people who seek care and healing.
2.1 We value patient privacy and act to ensure that it is protected.
2.2 This policy was written to capture our current practices and to respond to Department of Health requirements for the protection of personal information.
2.3 This policy describes how Medcurator Health Consultancy L.L.C. collects, protects, and discloses the personal information of patients and the rights of patients with respect to their personal information.
2.4 We are available to answer any patient questions regarding our privacy practices.
3.1 Patient information is sensitive. Staff and all others in Medcurator Health Consultancy L.L.C. who assist with or provide care are required to be aware of and adhere to the protections described in this policy for the appropriate use and disclosure of personal information.
3.2 All persons in Medcurator Health Consultancy L.L.C. who have access to personal information must adhere to the following information management practices.
• Office information management practices (IT Access Control Policy)
• Access is on a need-to-know basis.
• Access is restricted to authorized users.
• Staff are aware of and understand requirements to protect personal information.
• Appropriate disciplinary action for failure to fulfill requirements.
3.3 Medcurator Health Consultancy L.L.C. employs strict privacy protections to ensure that:
We collect, use, and disclose personal information only for the purposes of providing or/and organizing medical care and treatment or the administration, coordination of that care, or for other purposes expressly consented to by the patient.
4. Collection of personal information
4.1 We collect the following types of personal information.
Identification and Contact information including:
• Full Name
• Date of birth
• Emirates ID/ Passport
• Address, mobile phone and/or fax and/or email
• Emergency contact information
Payment and billing information including:
• Credit card number, expiration date, and credit card security code
• Health insurance information.
Personal Health information, including:
• medical history and information about the diagnosis
• presenting symptoms
• physical examination findings
• relevant medical history of family members
• test requisitions and results (laboratory tests and x-rays)
• reports from specialists or other health providers
• diagnosis and treatment notes (including prescriptions)
• information to be provided to third parties at the patient`s request (e.g., reports for legal proceedings, insurance claims, government notes regarding invitation and entry visa)
Any other information the patient may consent to provide to us
4.2 Limits on collection
We will only collect the information that is required to provide care, administrate the care that is provided, and communicate with patients. We will not collect any other information, or allow information to be used for other purposes, without the patient`s express consent except where authorized to do so by law. These limits on collection ensure that we do not collect unnecessary information.
5. Use of personal information
5.1 Personal information collected from patients is used by Medcurator Health Consultancy L.L.C. for the purposes of
• Identification and communication with patient
• Emergency contact
• Provision, organization, coordination, and continuity of care
• Health promotion and prevention
• Referral to specialists or other treating physicians
• Requesting laboratory investigations
• Requesting diagnostic tests
• Generating prescriptions
• Referral to other health care providers
• Administrate the care that is provided.
• Proceeding with payments and billing.
• Billing third parties
• Professional requirements
• Risk or error management (patient safety)
• Quality assurance (peer review)
• Maintenance of competence
• For any other purposes disclosed to you at the time we collect your information or pursuant to your consent.
6. Disclosure of personal information
6.1 Implied consent (Disclosures to other providers)
6.1.1 Unless otherwise indicated, you can assume that patients have consented to the use of their information for the purposes of providing them with care, including sharing the information with other health providers involved in their care. By virtue of seeking care from us, the patient`s consent is implied for the provision of that care.
6.1.2 Relevant health information is shared with other providers involved in the patient`s care, including (but not limited to):
• physicians, nurses or other medical specialists
• healthcare providers, coordinators, stakeholders
6.2 Without consent (Disclosures mandated or authorized by law)
6.2.1 There are limited situations where the physician or health practitioner is legally required to disclose personal information without the patient`s consent. Examples of these situations include (but are not limited to):
• Billing insurance health plans
• reporting specific diseases
• reporting abuse
• reporting fitness
• by court order
• in regulatory investigations
• for quality assessment (peer review)
• for risk and error management
6.3 Express Consent (Disclosures to all other third parties)
6.3.1 The patient`s written consent is required before we will disclose personal information to third parties for any purpose other than to provide care or unless authorized to do so by law.
6.3.2 Examples of situations that involve disclosures to third parties include (but are not limited to): third party medical examinations provision of charts or chart summaries to insurance companies` letters to lawyers.
6.4 Withdrawal of consent
6.4.1 Patients have the option to withdraw consent to have their information shared with other health providers at any time.
6.4.2 Patients also have the option to withdraw consent to have their information shared with third parties.
6.4.3 If a patient chooses to withdraw their consent, the physician will discuss any significant consequences that might result with respect to their care and treatment (e.g., possible negative impact on the care provided).
7. Security measures
7.1 Safeguards are in place to protect the security of patient information.
7.2 These safeguards include a combination of physical, technological (for offices where computers are in use) and administrative security measures.
7.2.1 We use the following physical safeguards limited access to office authorized access only limited access to records need to know basis password protected electronic records to ensure confidentiality.
7.2.2 We use the following.
• technological safeguards
• protected computer access for patient health information.
• system protections
• redundancy systems (backups)
• regular backups
7.2.3 We use the following.
• administrative safeguards
• Protected health information practices.
• Access is on a need-to-know basis.
• Access is restricted to authorized users.
• staff are aware of and understand requirements to protect personal information.
• appropriate sanctions for failure to fulfill requirements.
8. Communications policy
8.1 We are sensitive to the privacy of personal information, and this is reflected in how we communicate with our patients, others involved in their care and all third parties.
8.2 We protect personal information regardless of the format.
8.3 We use specific procedures to communicate personal information:
• by Telephone – no audible playback of voice messages in office, no personal devices are used for communication with patients.
• Email – firewall and virus scanning software is in place to mitigate against unauthorized modification, loss, access, or disclosure.
• Post/Courier – addressed to the authorized recipient.
9. Record Retention
9.1 We retain patient records as required by law and professional regulations.
9.2 The department of health advises members to retain their medical records for at least 25 years from the date of last entry.
10. Procedures for secure disposal/destruction of personal information
10.1 When information is no longer required, it is destroyed or retained according to set procedures that govern the storage and destruction of personal information.
10.1.1 We use the following methods to destroy/dispose of paper records shredding.
10.1.2 We use the following methods to destroy/dispose of electronic records.
• We seek expert advice on how to dispose of electronic records and hardware. At a minimum, we ensure that all information is wiped clean where possible prior to disposal of electronic data storage devices (e.g., surplus computers, internal and external hard drives, tapes, CD-ROMs, etc.).
• Properly disposed of computer hard drive
12. Accuracy of information
12.1 We make every effort to ensure that all patient information is recorded accurately.
12.2 If an inaccuracy is noted, the patient can request changes in their own record, and this request is documented by an annotation in the record.
12.3 No notation shall be made without the approval or authorization of the physician.
14. Privacy Complaints
14.1 It is important to us that our privacy policies and practices address patient concerns and respond to patient needs.
14.2.1 Patient complaints can be made.
• in email: firstname.lastname@example.org
• phone +971585181037 +972 506171890
14.2.2 Medcurator Health Consultancy L.L.C. follows specific procedures for responding to patient complaints.
• Patients are informed of relevant complaint mechanisms.
• We acknowledge and respond to patients in a timely fashion.
• All complaints shall be investigated.
• If justified, remedial measures will be taken, such as amending policies, procedures, and practices.