Data Protection Declaration

At Ibn-e-Sina Medical Centre, we have a clear direction on Policy for security of information within our practices. The policy will provide direction on security against unauthorised access, unlawful processing, and loss or destruction of personal information. It starts with clear, concise, and easily accessible to patients, ensuring transparency and trust.

1. Legal Framework:

• Pakistan's Personal Data Protection Bill, 2023: This bill, when enacted, will likely establish a National Commission for Personal Data Protection (NCPDP) and outline specific requirements for data processing. 

  1. PECA 2016:
     The Prevention of Electronic Crimes Act, 2016 (PECA) also includes provisions related to data protection, particularly regarding the unauthorized access and transmission of identity information. 

  2. Other relevant laws:
     Consider any other applicable laws or regulations related to healthcare and data protection in Pakistan. 

2. Key Components of the Declaration:

• Purpose of Data Collection:
  Clearly state why patient data is being collected (e.g., for treatment, billing, appointment management). 

• Types of Data Collected:
  Specify the types of personal data collected, including sensitive health information. 

• Data Storage and Security:
  Explain where and how patient data is stored (e.g., on secure servers, in encrypted formats) and the measures taken to protect it from unauthorized access, loss, or disclosure. 

• Data Sharing:
  Clearly outline with whom patient data may be shared (e.g., other healthcare providers, insurance companies) and the purposes for such sharing. 

• Patient Rights:
  Inform patients about their rights, such as the right to access, correct, or delete their data, and how to exercise these rights. 

• Data Retention:
  Specify how long patient data will be retained and the procedures for secure disposal. 

• Contact Information:
  Provide contact details for the clinic's data protection officer (if applicable) or a designated point of contact for data protection inquiries. 

• Consent:
  If consent is required for data collection or sharing, clearly explain the consent process and ensure it is obtained appropriately. 

3. Specific Considerations for Medical Practices:

• Data Minimization:
  Emphasize the principle of collecting only necessary data. 

• Accuracy:
  Explain the measures taken to ensure data accuracy and how patients can report any inaccuracies. 

• Transparency:
  Be transparent about data processing activities and ensure patients understand how their data is being used. 

• Data Breach Procedures:
  Outline the procedures for handling data breaches and notifying affected individuals and relevant authorities. 

4. Importance of Transparency and Trust:

• A well-written data protection declaration builds trust with patients and demonstrates the clinic's commitment to protecting their privacy. 

• It ensures patients are aware of their rights and can make informed decisions about their healthcare data. 

Thank you for you attention and consent.