Juntendo University School of Medicine Juntendo Hospital Privacy Policy

Juntendo Hospital strives every day to "provide safe, evidence-based, high-quality, and advanced medical care to each patient" as one of our basic policies.
Considering the importance of patients' personal information, we have established the following policy regarding the protection of personal information, and we will ensure that all faculty and staff members are fully aware of this policy and will implement it.

1.About proper acquisition of personal information

Our hospital uses appropriate methods when acquiring patients' personal information.When acquiring personal information, as a general rule, we will publicize the purpose of use, and if we change the purpose of use, we will also announce the changed purpose of use.Please note that changes to the purpose of use will be made to the extent that it is reasonably deemed to be related to the purpose of use before the change.

2. Use and provision of personal information

As a general rule, our hospital does not handle personal information beyond the scope necessary to achieve the purpose of use set forth in the preceding paragraph.Furthermore, we will not use patients' personal information in an inappropriate manner.

3.Safety management of personal data

Our hospital will keep personal data accurate and up-to-date, and will take necessary and appropriate measures to prevent leakage, loss, or damage, and to safely manage personal data, to the extent necessary to achieve the purpose of use set forth in Paragraph 1. We will take the following steps.

4.Disclosure, correction, suspension of use, etc. of personal data

In principle, our hospital will disclose a patient's personal data without delay if the patient requests disclosure.Additionally, if a patient requests that their personal data be corrected, added to, deleted, ceased to be used, erased, or ceased to be provided to a third party, we will investigate and respond appropriately in accordance with laws and regulations.

5. Contact point for inquiries

If you have any questions regarding our hospital's personal information protection policy or inquiries about patients' personal information, please contact us at the following contact point.
Counter “Patient Consultation Corner” (1st floor, Building 1)

XNUMX.Improving legal compliance and personal information protection mechanisms

​Our hospital complies with Japanese laws and regulations regarding the protection of personal information, as well as other norms, and reviews each of the above items as appropriate to continuously improve the personal information protection system.
 
2022/11/30
Director, Juntendo Hospital, Juntendo University School of Medicine
We are working to protect patients' personal information.
Our hospital uses personal information for the following purposes and handles it with the utmost care.If you have any concerns about the handling of personal information, please contact the counter (patient consultation corner).
Director, Juntendo Hospital, Juntendo University School of Medicine

Objective of obtaining personal information

1.Medical provision

  • Provision of medical services at our hospital
  • Medical collaboration with other Juntendo University Hospitals
  • Information sharing using unified medical information system with Juntendo University School of Medicine Sakura Campus Clinic
  • Collaboration with other hospitals, clinics, etc.
  • Responses to referrals from other medical institutions, etc.
  • When seeking opinions and advice from outside doctors, etc. for patient treatment
  • Outsourcing of laboratory test work and other outsourcing
  • Explanation of medical conditions to family members
  • Other uses related to providing medical care to patients

2.Clerical work for billing medical fees

  • Administrative work related to medical care, nursing care, workers' compensation insurance, and publicly funded medical care at our hospital and its outsourcing.
  • Submission of receipt to examination payment organization
  • Responding to inquiries from examination payers or insurers
  • Submitting receipts and responding to inquiries regarding publicly funded medical care to administrative agencies, etc.
  • Other uses related to medical insurance affairs related to medical care, nursing care, workers' compensation insurance, and publicly funded medical care.

3. Management and operation of our hospital

  • Accounting / Accounting
  • Reporting medical accidents, etc.
  • Improving medical services for the patient
  • Ward management such as admission and discharge
  • Other uses related to the management and operation of our hospital

4. Notification of results to companies, etc. of health examinations conducted on commission from companies, etc.

5.Consultation or notification to medical professional organizations, insurance companies, etc. related to physician liability insurance, etc.

XNUMX.Basic materials for maintaining and improving medical and nursing care services and operations

XNUMX.Cooperation with medical training and education conducted within our hospital

XNUMX.Academic research at our hospital and the Juntendo educational corporation aimed at improving the quality of medical care

  • When conducting research activities, if laws and regulations, ethical guidelines, guidelines of related organizations, etc. have been established, we will carry out research activities in good faith and in accordance with them.
  • When handling personal information for the purpose of academic research, we will continue to respect patient privacy and take measures such as anonymization to handle personal information appropriately.

XNUMX.Providing information to external auditing organizations

Ten.Provision of information based on the Act on Ensuring the Quality, Efficacy and Safety of Pharmaceuticals and Medical Devices, etc., and the Basic Act on Cancer Control Measures

11.External storage of medical records and other data for backup in case of emergencies such as disasters

*If you have any concerns regarding the provision of information to other medical institutions, etc., please notify the Patient Consultation Corner.
*If we do not receive a request, we will assume that the patient has given their consent.
*These offers can be withdrawn or changed at any time later.

*In order to prevent patient mix-ups and ensure safe and appropriate operations, we use "full names" when calling at reception and displaying name tags in patient rooms.If you do not wish to do so, please inform the outpatient reception desk or ward station.

Guidelines regarding the protection of patient personal information held by Juntendo Hospital

Article XNUMX Purpose

In accordance with the Act on the Protection of Personal Information (Act No. 15 of 57), these guidelines are necessary for the appropriate processing of personal information of patients acquired, retained, and used by Juntendo Hospital (hereinafter referred to as "this hospital"). Define matters.The purpose of this is to further promote the protection of personal information so that the staff engaged in medical care at our hospital can provide sufficient medical care to patients while giving consideration to the processing of personal medical information. shall be.

Article XNUMX Definition of terms

  1. "personal information"
    Information about a living individual that can identify a specific individual based on the name, age, date of birth, and other descriptions contained in the information (can be easily compared with other information, and that can identify a specific individual).In this guideline, personal information mainly refers to patient medical information.

  2. "Medical information"
    Personal information obtained through medical treatment, etc., such as the patient's health status, evaluation thereof, and medical progress, which is necessary when determining the necessity of providing medical care and implementing it.Refers to what is recorded in medical records held by our hospital pursuant to the provisions of Article 24, Paragraph 2 of the Medical Practitioners Act and its related laws and regulations.

  3. "Staff"
    Persons engaged in the medical practice of our hospital, including regular staff, contract staff, temporary staff, temporary staff, researchers, graduate students, majors, trainees, and students.

  4. "Disclosure"
    When a patient or his or her representative requests that the patient's personal information held by the hospital be verified, the hospital will provide that information.

Article XNUMX Identification, notification and publication of purpose of use

  1. The use of personal information shall be carried out lawfully and fairly within the scope directly related to the medical care provided to patients.
  2. The purpose of use will be announced on our hospital website and on bulletin boards within the hospital.

Article XNUMX Proper acquisition

  1. When personal information is collected by staff, it is in principle collected directly from the patient.However, this shall not apply in the following cases.
    (XNUMX) When the purpose of collection, collection destination, collection items, etc. are determined with the consent of the person in advance.
    (XNUMX) In accordance with the provisions of laws and regulations.
    (XNUMX) When it is particularly necessary to protect the life, body, or property of the patient or a third party, and it is difficult to collect information from the patient himself/herself.
    (XNUMX) Due to the nature of the business, it is recognized that collecting information directly from patients would impede the proper implementation of the business and make it difficult to achieve the purpose.
    (XNUMX) In addition to the cases listed in (XNUMX) to (XNUMX), when it is recognized that there is a valid reason for collecting information from a person other than the patient.

  2. When staff members take photographs or video for educational or research purposes during medical treatment, they must explain to the patient in advance the purpose of use and the content of information to be collected, and provide information on the patient's medical information. Take sufficient care not to infringe on protection rights.

  3. When staff, etc. perform monitoring such as constant photography for the purpose of relaying to the doctor's waiting room etc. during medical treatment, it is only permitted for the purpose of ensuring the benefit of patients, ensuring safety, or collecting medical information necessary for business. shall be provided.

  4. Employees, etc. shall not collect the following personal information.However, in addition to legal provisions, only in cases where there are special circumstances such as for the proper implementation of business, we will comply with the imposed laws, explain the purpose of collection to patients, and collect data based on their consent. Collection shall be permitted.
    (XNUMX) Race, ethnicity, social status, family origin, domicile, place of birth, and other matters that may cause social discrimination.
    (XNUMX) Thoughts, beliefs, and beliefs.
    (XNUMX) Other sensitive information about the patient.

Article XNUMX Restrictions based on purpose of use (use for other purposes, etc.)

The benefit and provision of personal information shall be within the scope of the purpose of collection.However, this shall not apply in the following cases.
 
(XNUMX) When the procedure is explained to the patient in advance and the consent is obtained.
(XNUMX) When stipulated by law.
(XNUMX) When it is particularly necessary to protect the life, body, or property of the patient or a third party, and it is difficult to obtain the patient's consent.
(XNUMX) When it is particularly necessary to improve public health or promote the healthy upbringing of children, and it is difficult to obtain the patient's consent.
(XNUMX) In cases where it is necessary for a national organization, local government, or a person entrusted by them to cooperate in fulfilling obligations stipulated by laws and regulations, and with the consent of the person concerned, When there is a risk of hindering performance.

Article XNUMX Ensuring accuracy of data content

  1. Employees, etc. should check and update the personal information they keep to ensure that it is accurate and up-to-date to the extent necessary, depending on the purpose of collecting the personal information.
  2. Employees, etc. should promptly destroy or delete personal information that is no longer necessary to hold.

Article XNUMX Safety management measures

We shall take necessary systems and measures to prevent unauthorized access to personal information or loss, destruction, leakage, or theft of information, and to properly manage other personal information.

  1. Appointment of personal information protection manager and his/her role
    (XNUMX) The director shall appoint persons who have the ability to understand and put into practice the contents of these guidelines, and have them perform duties as primary and deputy personal information protection managers (hereinafter referred to as "administrators").
    (XNUMX) The administrator shall understand and put into practice the contents of these guidelines, and shall have the authority and responsibility to make decisions regarding the manner in which personal information should be protected, the means necessary to achieve it, and the composition of the personnel essential to its realization.
    (XNUMX) The hospital director or administrator shall clarify the scope and authority of persons engaged in personal information processing, and then appoint those persons for duties.
    (XNUMX) The hospital director and administrator shall coordinate with the risk managers assigned to each department to safely manage the protection of personal information.

  2. Establishment of a personal information management committee
    (XNUMX) Regarding various matters related to personal information management, the "Personal Information Management Committee" under the direct control of the hospital director shall discuss responses.
    (XNUMX) The organization and operation of the "Personal Information Management Committee" shall be determined separately.

  3. Implementation of educational training.
    The hospital director and administrator shall ensure that employees, etc. understand and comply with these guidelines, and in particular, make those engaged in the processing of personal information aware of the importance of their responsibilities, and The necessary education and training shall be provided to familiarize employees with information protection measures.

  4. Disposal of personal information
    (XNUMX) When disposing of personal information, it must be disposed of in a state where it cannot be restored.In this case, disposal can be entrusted to an appropriate waste disposal company.
    (XNUMX) When disposing of a computer on which personal information has been recorded, the personal information shall be erased using special software. If it is necessary to dispose of storage media such as FD, DVD, CD, MO, USB, etc., it shall be physically destroyed.
    (XNUMX) If a computer on which personal information is recorded is to be used for another purpose, the personal information must be erased using special software, etc. before the computer is used for other purposes.

  5. Personnel security control measures
    (XNUMX) Debts of employees, etc.
    - Employees will strive to protect and process personal information in accordance with the intent of the law and in accordance with related laws and regulations.
    ・Staff members, etc. must not inform any third party of the personal information of patients they have learned in the course of their work, or use it for improper purposes.The same shall apply even after retiring from the position related to the business.
    ・Staff members, etc. will regularly evaluate and inspect how personal information is processed from the perspective of protecting personal information.

    (XNUMX) Restrictions on the handling of personal information
    When employees access patient personal information held by our hospital, they must limit access to the minimum amount necessary to achieve the purpose of use.
     
    ・Employees authorized to use the ordering terminals installed in our hospital must give due consideration to the prevention of personal information leaks, and must not access patient personal information unless it is necessary for business purposes. .
    ・Staff members, etc., shall follow the instructions of the personal information protection manager regarding the following actions, even when handling personal information held by this hospital for business purposes.
    ✓Reproduction of personal information held
    ✓Submission of personal information held
    ✓ Taking out or sending the media on which personal information held is recorded outside
    ✓Other acts that may impede the proper management of retained personal information

  6. Physical Safety Control Measures Managers and employees, etc., take crime prevention measures to prevent unauthorized intrusion from the outside, and work together with crime prevention/fire prevention managers or facility management personnel to implement crime prevention measures such as facility locking devices and monitoring devices.・Strive for fire prevention measures.
    (XNUMX) Equipment/equipment inspection
    The administrator shall periodically or from time to time inspect the installation status and settings of the personal information storage media, terminal devices, LAN lines, etc. held by our hospital, as well as the storage method of personal information, etc., and if there is a problem, we will A report shall be made to the hospital director and appropriate measures shall be taken.

    (XNUMX) Taking out information devices, etc.
    ・Staff members, etc. must not take out terminal devices, etc. that store personal information held by the hospital, unless deemed necessary by the administrator.
    ・If an employee is permitted to take a terminal device, etc. that stores personal information outside, the employee must take all possible security measures at his/her own responsibility.

    (XNUMX) Room entry/exit management
    The administrator and the person in charge of the Hongo District Information Center (hereinafter referred to as the "Information Center") or a similar person will determine who has the authority to enter the Information Center where personal information held by our hospital is stored.Also, confirm the requirements for entering the information center, identify outsiders, etc., and take measures to strengthen management when outsiders enter the room.

  7. Technical safety control measures
    (XNUMX) Management of data access privileges
    ・Administrator or equivalent person can exercise authority and restrict access to personal information of each job category, etc.
    - As a general rule, personal information shall be processed within the scope of the purpose of collection and only by authorized persons according to the specific task and to the extent necessary for carrying out the task.

    (XNUMX) Security measures
    The administrator and information center manager or equivalent person shall take measures against the leakage of digitized personal information and strive to strengthen security to the maximum extent possible, including physical security control measures.

  8. Outsourced supervision
    When staff entrust the processing of patients' personal information to a third party, they select a third party that takes sufficient measures to protect personal information.At that time, necessary restrictions such as processing of personal information within the scope of the purpose of entrustment shall be attached in the entrustment contract, etc., and sufficient consideration shall be given to ensure that such processing is carried out appropriately.
    (XNUMX) When entrusting personal information held to a third party, employees, etc., should, in principle, provide information such as the purpose of use at the recipient, the legal basis for the business to be used, the scope and items of records to be used, and the form of use. Documents shall be exchanged with the party.

    (XNUMX) When entrusting personal information held to a third party, employees, etc. shall request specific measures to ensure safety, take into consideration the documents exchanged above, and make improvements if necessary. Take measures such as requests.

Article XNUMX Provision of personal data to third parties and suspension of provision

When providing personal information to a third party, employees, etc. shall impose necessary restrictions on the recipient, such as requiring the recipient to process the information within the scope of the purpose of use, and give sufficient consideration to ensure that the processing is carried out appropriately. thing.

Article XNUMX Disclosure, correction, and suspension of use of personal data

  1. Disclosure of personal information
    (XNUMX) If a patient or a representative requests disclosure of personal information held by the hospital, employees must respond within a reasonable period of time. (If personal information about the requester does not exist, this includes notifying the applicant to that effect).However, if there is a provision in the law, if there is a risk of harming the life, body, property, or other rights and interests of the person or a third party, or if there is a significant hindrance to the proper implementation of the business of the business handling personal information. If there is a risk, you may refuse to disclose all or part of the information.
    (XNUMX) The costs required for disclosing patient personal information may be billed to the complainant.

  2. Correction of personal information, etc.
    (XNUMX) When a patient requests correction, deletion, etc. (hereinafter referred to as "correction, etc.") on the grounds that there is a factual error in personal information, staff, etc. shall We will respond to this within a reasonable period of time.
    (XNUMX) When employees, etc. make corrections to personal information, they shall notify the complainant of the corrections made to the extent possible.However, this does not apply if the complainant agrees that notification is not required.

  3. Suspension of use of personal information, etc.
    If an employee, etc. receives a request from a complainant for suspension of use or provision, deletion, etc. on the grounds that personal information about him/herself is being processed in violation of these guidelines, the content of the request is deemed to be legitimate. If so, we will respond to this request within a reasonable period of time.However, this does not apply in cases where suspension of use, etc. requires a large amount of money, or where it is difficult to suspend use, etc., and alternative measures necessary to protect the rights and interests of the person are taken. .

Article 10 Response in case of leakage of personal information, etc.

In the event that a safety issue such as a leak of personal information held by our hospital occurs, the administrator and staff shall collect and analyze that information and promptly take necessary measures.
 
  1. In the event of leakage or unauthorized access of personal information, the administrator shall strive to prevent the damage from expanding, analyze the incident, and take measures to prevent recurrence.
  2. If employees, etc. are concerned that personal information leakage or unauthorized access has occurred, or if it has occurred, they shall promptly report it to the administrator, work to investigate the cause of the occurrence, and follow the instructions of the administrator. Take necessary measures to prevent recurrence.

Complaint handling

Our hospital shall clarify the point of contact for receiving complaints and inquiries regarding the processing or disclosure of personal information from patients, and shall respond appropriately and promptly.
 
Supplementary Provisions These guidelines will come into effect from April 17, 4.
Supplementary Provisions These guidelines will come into effect from April 23, 7.
Supplementary Provisions This guideline will come into effect from April 2017, 4. (Revised February 1, 2017)