Personal Data Protection Statement
The Personal Data Protection Act (PDPA) protects your personal data while enabling organisations to use your data reasonably to serve and care for you. We at Icon Cancer Centre are committed to data protection. We will follow this policy and comply with all data protection and confidentiality obligations imposed on us by law, including the Personal Data Protection Act 2012 (No. 26 of 2012) and Private Hospitals and Medical Clinics Act (Cap. 248) of Singapore.
Icon Cancer Centre, as a private healthcare provider, will collect relevant data which is necessary for your medical and healthcare. Your personal data collected includes but is not limited to data you provide for registration purposes, e.g. name, NRIC or passport number, date of birth etc., medical information, diagnostic imaging, photographic films and images, financial information and any other personal information provided by you, your next-of-kin or companion which is collected and provided by you when you present yourself for consultation and treatment at our centers.
We will collect, utilise and disclose your personal data for the following purposes:
i. Providing Medical Services For Your Treatment
This includes the provision of inpatient and outpatient medical treatment, diagnostics, healthcare and allied healthcare services; and clinical trials. It includes follow-ups, and continuity of care throughout your continuum of care and covers all other services including but not limited to customer services, concierge services made available by us. We may also use your personal data should you choose to participate in suitable care programmes, or relevant clinical trials or research studies.
ii. Communication with Doctors, Appointed Third-Party Personnel Who Are Involved in Your Care
This includes the making of appointments, bookings, admissions and transfers with other healthcare providers for medical treatment and healthcare purposes only.
iii. Communication with relatives, guardian, close friends or legal representative
This includes providing information about a patient’s condition to their parent, child, other relatives or guardians, where the patient is incapable of giving consent or cannot communicate the consent. Icon will disclose Personal Information where it is satisfied that the disclosure is necessary to provide care or treatment to the patient or for compassionate reasons, unless the patient tells Icon that they do not wish Icon to disclose their Personal Information to any such person. Where a patient does not have capacity, Icon will disclose information about the patient’s health to a person exercising that patient’s power of attorney under an enduring power of attorney or advance care directive.
iv. Communication with Insurance Companies and Third-Party Administrators For Your Treatment and Care
This includes the administration of claims, reimbursement of claims and other related services through insurers and third-party administrators and payors for medical treatment and healthcare services provided to you.
v. Communication with Government Bodies; e.g., Medisave Board, NEHR On Your Visits
This includes the sharing of medical records with other health care providers for your medical treatment and health care purposes, where required or permitted by law, including but not limited to, by way of Medisave and the National Electronic Health Record (NEHR) system. This system facilitates the sharing of health information across the Singapore healthcare ecosystem.
vi. Students, medical, nursing, allied health disciplines
This includes sharing of medical records with medical, nursing and allied health disciplines undertake placements at Icon facilities. As part of their placement, students may access patient health records of treatment. All students undertaking placement with Icon sign a Confidentiality Agreement.
vii. Administration and Facilitation of Payments On Services and Products, Including Verification of Credit Card Payments
This includes due diligence checks and credit checks and the verification of identity to facilitate payment
viii. Disclosure to Any Third-Party, with Compliance to Legal Requirements, Orders, Directions or Request From Any Court, Authority or Government Bodies Within or Outside Singapore
This includes management and financial reporting, risk management reporting, audits and other legal requirements so that we comply with court, government bodies within and outside of Singapore.
ix. Disclose to any Third Party for research purposes
x. Other common uses and disclosures
This includes use and disclosure of personal information for protection of a child from the risk of physical or psychological harm, preventing or lessening a serious and imminent threat to life, health or property of a person and matters relating to serious criminal activity that has or is likely to occur.
We take patient confidentiality very seriously. To ensure that we take all necessary precautions to safeguard your personal data from unauthorised access, collection, use, disclosure and modification, we have put in place appropriate administrative processes and information technology such as up-to-date anti-virus protection, data and system encryption to limit access to any personal data we collect and retain.
Retention of Data
We would like to assure you that your personal data will be only retained in accordance with the PDPA and the Ministry of Health’s guidelines on the retention of patient data. We will do periodic reviews to determine if the data is required and will only retain it as long as the purpose for which it was collected remains for any other legal or business purposes.
It is your obligation to ensure that all personal data submitted to us is complete, accurate, true and correct. If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.
Protection of Data
To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorised third party service providers and agents only on a need-to-know basis.
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
Transfers of Data
Your personal data may be transferred out of Singapore for the purposes described in this Personal Data Protection Statement. In particular, your personal data may be stored in external servers that are located out of Singapore, or may be transferred out of Singapore where it is necessary to share your personal data with and between our related corporations and business units, and third party service providers.
We are committed to protecting your personal data when it is transferred out of Singapore. Where your personal data is transferred out of Singapore, we will take reasonable steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA. For example, we may enter into contracts or impose binding corporate rules with the recipients of your personal data to protect your personal data in a manner that is compliant with all applicable laws. You may obtain further information in this regard by contacting our Data Protection Officer in writing or via email at the contact details provided below.
An IP address is a number that is automatically assigned to your computer when you sign up with an Internet Service Provider. When you visit our website, your IP address is automatically logged in our server. We use your IP address to administer the website and track the movements of internet users. Generally, we do not link your IP address to anything that can enable us to identify you unless it is required by the applicable laws or regulations.
Third Party Sites
Our websites may contain links to other websites that are operated by third parties. As we have no control over and are not responsible for the privacy practices of websites operated by these third parties, we encourage you to check the privacy policies of such third party websites.
As part of our efforts to ensure that we properly manage, protect and process your personal data, we will be reviewing our policies, procedures and processes from time to time and reserve the right to amend this Data Protection Statement at our discretion.
If you have any questions or concerns on our personal data protection policies and practices, please contact:
The Data Protection Officer
Icon Cancer Centre
1 Farrer Park Station Rd,
#09-13 to 20 Farrer Park Medical Centre