SECTION 10: DATA PRIVACY & RECORDING POLICY

I. Purpose

AVCI Veterinary Practice is committed to protecting the privacy and confidentiality of all personal, client, and patient data in compliance with the Data Privacy Act of 2012 (Republic Act No. 10173) and other applicable Philippine laws. This policy establishes guidelines on data collection, storage, access, processing, and sharing, ensuring that all client and patient information is handled ethically, legally, and securely.
Additionally, this policy defines AVCI’s rights and limitations on recording (audio or visual) within its premises, as well as client access to medical records and progress notes.

II. Legal Basis

This policy aligns with the following Philippine laws and regulations:
1. Republic Act No. 10173 (Data Privacy Act of 2012) – Governs the protection, processing, and handling of personal data.
2. Republic Act No. 9268 (Philippine Veterinary Medicine Act of 2004) – Regulates professional veterinary conduct and confidentiality in medical practice.
3. Republic Act No. 8485 (Animal Welfare Act of 1998, as Amended by RA 10631) – Protects animal rights and ethical treatment, ensuring responsible data handling in veterinary care.
4. Labor Code of the Philippines (PD 442) – Provides legal guidelines on employee confidentiality, data security, and record-keeping.
5. Cybercrime Prevention Act of 2012 (RA 10175) – Prohibits unauthorized access, data breaches, and cyber-related offenses involving personal information.

III. Scope of Data Privacy Protection

This policy applies to:
• Clients, pet owners, and guardians of animal patients.
• AVCI employees, including veterinarians, veterinary technicians, assistants, and administrative staff.
• Third-party service providers and business partners who have access to AVCI data.
• Any data collected through digital records, paper forms, online databases, emails, or CCTV monitoring.

📌 Protected Data Includes:
1. Client Personal Information – Name, contact details, home address, payment details, and other identifiers.
2. Animal Patient Information – Medical history, treatment records, diagnostic results, prescriptions, and vaccination history.
3. Employee Records – Employment details, salary information, and performance records.
4. Business & Transactional Data – Clinic operations, service logs, and financial transactions.

IV. Data Collection, Processing, and Storage

1. Collection of Data:
◦ Client and patient data shall be collected only when necessary for veterinary care.
◦ Clients must provide informed consent before AVCI collects or stores personal and pet data.
◦ Employees must only access and process data that is relevant to their assigned duties.

2. Storage and Security:
◦ All physical records shall be securely stored in locked filing cabinets with restricted access.
◦ Digital records must be encrypted, password-protected, and accessible only by authorized personnel.
◦ CCTV footage, if applicable, shall be stored for 30 days, unless required for investigations.

3. Processing & Confidentiality:
◦ AVCI will only use client and patient information for veterinary treatment, billing, and regulatory compliance.
◦ Sharing of client or patient information with third parties (insurance, government agencies, or other clinics) shall require written consent from the client, except when required by law.
◦ Employees must not disclose or share confidential information outside AVCI without authorization.

V. Client Rights Over Their Data

Under RA 10173 (Data Privacy Act of 2012), clients have the right to:
1. Access their own records – Clients may request a copy of progress notes, treatment history, and medical records for their pet.
2. Correct inaccurate data – Clients may request corrections to incorrect personal or patient information in AVCI records.
3. Object to data processing – Clients may refuse processing of their data for marketing or research purposes.
4. Withdraw consent – Clients may request the deletion of their personal data, except when required for regulatory compliance.
5. File a complaint – If clients believe their data was misused, they may file a complaint with AVCI Management or the National Privacy Commission (NPC).

📌 Guidelines for Requesting Medical Records & Progress Notes:
• Clients may request copies of progress notes and medical records during AVCI’s business hours.
• Requests must be made in writing and signed by the pet owner.
• Processing time for releasing medical records is 1-3 business days.
• Veterinary prescriptions and certificates will only be provided if required for treatment continuation, travel, or legal documentation.

🚫 AVCI reserves the right to decline record requests if:
• The client has an unsettled balance or unpaid veterinary fees.
• The request is for unauthorized third-party access.
• The release of information compromises AVCI’s operational security or trade secrets.

VI. Recording and Surveillance Policy

A. AVCI’s Right to Control Audio & Visual Recordings
• AVCI reserves the right to prohibit audio and video recordings within its premises to protect patient confidentiality, prevent data breaches, and ensure a professional environment.
• Unauthorized recording of procedures, client interactions, or AVCI personnel without consent is strictly prohibited.

B. Acceptable Use of Recording Devices
• Clients may record or take photos of their own pets for personal use without interfering with clinic operations.
• Clients may not record or livestream veterinary consultations, surgical procedures, or AVCI personnel without prior approval.
• Only authorized personnel (e.g., AVCI veterinarians, management, or designated staff) may record for educational or business documentation purposes.

📌 AVCI may grant recording permissions for:
• Official documentation for legal or insurance purposes.
• Veterinary training and educational materials, with proper consent.
• Approved marketing or promotional content.

🚫 AVCI reserves the right to deny any request for recording if it:
• Disrupts clinic operations or poses a safety risk to staff or animals.
• Violates the confidentiality of other clients and patients.
• Is intended for unauthorized use or public dissemination.

VII. Data Breach & Violations

🚨 In case of a data breach or violation of this policy:
1. Employees must report any suspected data leaks immediately to AVCI Management.
2. Clients who suspect a breach of their data may file a complaint with AVCI’s Data Protection Officer.
3. Violations will be investigated, and responsible individuals may face:
   ◦ Verbal or written warnings
   ◦ Suspension or termination (for employees)
   ◦ Legal action (for severe violations or data theft)