• Privacy Policy

'HyeWon Medical Foundation Integrated Homepage' values your personal information very much andwe comply with the "Personal Information Protection Act".

Through the 'Personal Information Processing Policy', the hospital will inform you of the purpose and use of the personal information you provide, in addition to the measures taken to protect your personal information. The hospital will notify you through the website announcement (or individual notice) when revising the personal information processing policy. This policy will be effective from June 30, 2017.

Information on collecting and using personal information is as follows.
  • 1. Method and Range of personal information collected.
  • 2. Purpose of Collection and Use of Personal Information
  • 3. Retention and use period of personal information
  • 4. Procedures and methods of personal information destruction
  • 5. Commitment of handling personal information collected
  • 6. Rights of Information and Legal Representatives and the Action
  • 7. How to withdraw changes
  • 8. Operation and management of image information processing equipment
  • 9. Personal information manager
  • 10. Measures to ensure the safety of personal information
  • 11. Obligation to notify in accordance with policy change

1. Methods and Range of personal information collected.

Mediplex Sejong Hospital collects only the minimum amount of personal information needed for service. In order to use the services of the hospital, you have to fill out the required items and selection items. There is no limit to the use of the service even if you do not enter your choice such as whether to receive the e-mail.

[When you receive medical treatment]
  • ㆍRequired: hospital registration number, name, resident registration number, address, home number, mobile` number, email address
    - It is mandatory to keep unique identification information and medical information by medical law (no separate agreement required)
  • ㆍChoice : Guardian contact
  • ㆍHealth information : Personal health information that medical staff thinks is needed to provide medical services such as medical history and family history
[Payment of medical expenses]
When paid with card name of name brand name, credit card number, etc will be required.
* In addition to the above, for the purpose of collecting personal information in the short term will be announced to the customers, and the information includes information changed at the time of registration as well as information modification.
[How personal information is collected]
We collect personal information in the following ways.
ㆍCollection via written forms, phone, email collection tools (collection tools such as visitor analysis tools)
The hospital uses the collected personal information for the following purposes. All information provided by the user will not be used for any purpose other than the following purposes, and will be subject to prior agreement if the purpose of use is changed.
[Treatment information]

Providing medical services for diagnosis and treatment, and billing services such as billing, receipt and refund

  • - Used for identification process such as appointment and reservation inquiry
  • - Medical services for diagnosis and treatment, collection of medical expenses and collection of receivables
  • - Issuance and dispatch of medical expenses bill, medical expenses statement, certificate,
  • - SMS on the date of appointment, scheduled date of admission, schedule of examination, etc.

2. Purpose of Collection and Use of Personal Information

  • ㆍProcedures for personal confirmation for the appointment / consultation
  • ㆍDiagnosis and treatment services (sharing personal information and medical information necessary for consultation)
  • ㆍMedical services such as billing, payment, refund, etc. 
  • ㆍMedical bill, statement, and certificate 
  • ㆍOnline / offline commissioned external inspection request 
  • ㆍProviding communication path for helping complaints / complaints 
  • ㆍQuality management of medical care, assessment of certification of medical institutions, legal administrative measures and measures for hospital operation
  • ㆍMinimal analysis needed for educational research

3. Retention and use period of personal information

The hospital consigns personal information as follows to fulfill the service. In accordance with related laws and regulations, the hospital stipulates the matters necessary for the personal information be safely when contracted.

[When you receive medical treatment]
If collected for the purpose of providing medical services
ㆍKeep in accordance with medical record keeping standards as stipulated in the Medical Law.

4. Procedures and methods of personal information destruction

When the purpose of collection and use of personal information is achieved, hospital will destroy immediately. Procedures and methods of destroying the personal information of the hospital are as follows.

[Destruction procedure]
After Information entered for medical treatment, the information is destroyed immediately as the destruction method.
[Destruction method]
While, personal information printed on paper is destroyed using an incinerator, personal information stored in an electronic file format is deleted using a technical method that cannot reproduce the record. The hospital shall not use your personal information beyond the scope of the "purpose of collecting and using personal information", except for your consent or the provisions of related laws. Even though they are not provided to the outside. However, except as follows.
  • ㆍIf submission of medical records for the claim of medical treatment benefits the Health Insurance Evaluation and Evaluation Service under the law ‘National Health Protection Act’
  • ㆍStatistical writing ㆍfor research purposes, specific individuals are processed in a form that cannot be identified
  • ㆍIf there is a request from the investigating agency in accordance with the procedure and method prescribed in the Act.

5. Commitment of handling collected personal information

The hospital consigns personal information as follows to fulfill the service. In accordance with related laws and regulations, the hospital stipulates necessary information for the personal information to be managed safely when contracted.

The personal information consignment processing organization of the hospital and commissioned work contents are as follows.

Contractor Consignment service contents Contents Retention and use period
Infinite Co., PACS system maintenance Hospital registration number, name, sex, age, X-ray image, etc. Personal information Until the end of consignment contract
Aceviewtech Co., Patient guidance and unattended storage maintenance Personal information such as hospital registration number, name, hospital room number, Name of Disease Until the end of consignment contract
Fujitsu Co., EMR server and storage maintenance All collected personal information such as ID, password, hospital registration number, name, resident registration number, phone number, address Until the end of consignment contract
Pyeonghwa Is Co. EMR server and storage maintenance All collected personal information such as ID, password, hospital registration number, name, resident registration number, phone number, address Until the end of consignment contract
Green Cross Medical Foundation Outsourcing commission inspection service Hospital registration number, name, resident registration number, inspection name Until the end of consignment contract
Mediage Co., Outsourcing commission inspection service Hospital registration number, name, resident registration number, inspection name Until the end of consignment contract
DNAGPS Outsourcing commission inspection service Hospital registration number, name, resident registration number, inspection name Until the end of consignment contract
Douzone Co., Maintenance of accounting and payroll programs Name, Mobile phone number, resident registration number, telephone number, address Until the end of consignment contract
Xenoid Co., ID, password, name, gender, nationality, phone number, mobile phone number, email, Until the end of consignment contract
SIM Co., Homepage Maintenance ID, password, name, sex, date of birth, phone number, email, hospital registration number Until the end of consignment contract
Interpretation and management of foreign patients Name, nationality, date of birth, patient number, email, phone number, address, passport number Until the end of consignment contract

Hospitals are obliged to comply with laws and regulations related to personal information protection, to keep confidentiality of personal information, to prohibit third party provision, burden of responsibility at the time of accident, period of consignment, return or destruction of personal information after termination, and are managed to comply with these regulations.

6. Rights of Information and Legal Representatives and How to act

Customer may request withdrawal (subscription / termination) for collection / use or provision of personal information as follows, and the hospital takes necessary measures immediately.

  • ㆍYou may withdraw your consent to the collection, use or provision of personal information by the hospital.
  • ㆍIf the hospital withdraws consent for the collection, use or provision of personal information by visiting the client, the hospital shall, without delay, destroy the personal information except when it is confirmed by the applicant and prescribed otherwise.

Membership of a child under the age of 14 (hereinafter referred to as "child") is made through a separate form in a plain and easy manner for the child to understand, and we must obtain the consent of the legal representative when collecting personal information.

  • ㆍThe hospital collects the minimum information from the child, such as the name and contact information of the legal representative, in order to obtain the consent of the legal representative, and has the consent of the legal representative according to the method prescribed in the personal information processing policy.
  • ㆍThe child's legal representative may request that the child's personal information be viewed, corrected and deleted. If you want to view, correct or delete the child's personal information, click on the Edit Member Information button to go through the process of checking the legal representative, then the legal representative of the child's personal information will be read, corrected, deleted or if contacted by department, telephone, or fax, we will take the necessary action.
  • ㆍThe hospital does not provide or share information about children with third parties, and if a legal representative requires correction of errors in the personal information collected from the child, the use and provision of the personal information until the error is corrected is prohibited.

※ Personal information that is required to be kept by law can not be modified or deleted within the storage period even if requested.

7. How to withdraw changes

After completing the consent form for collecting personal information, it is possible to change or withdraw the consent at any time, if the patient desires, except as specifically provided in the relevant laws such as the Medical Law and the Personal Information Protection Act.

8. Operation and management of image information processing equipment

[Purpose]
Medi-Flex Seeks to promote the appropriateness of public affairs by minimizing the infringement of personal information from closed-circuit television (CCTV) installed and operated for the purpose of facility protection, fire prevention and crime prevention at Sejong General Hospital, and to ensure the safety and rights of employees and customers.
[Responsibility]
The head of the facility shall be appointed as the CCTV installation and management supervisor, and the general affairs team leader shall be the operational supervisor. The fire brigade manager (826 in the city), the general affairs team officer (808 in the city) and the security officer (811 in the city) shall be in charge.
[Steps]
  1. 1) Third party provision of visual information, confirmation of reading and reproduction procedures If the information is agreed by the principal, if necessary for the conduct of criminal investigation and trial work, if approved by the responsible person for the safety of the facility and the public interest, the provision of visual information, viewing and reproduction is legal. If there is a legitimate public interest reason to refuse a request to browse, if there is a great possibility that the right of privacy of others is infringed irrespective of the purpose of installation, you may refuse to provide, view and play video information if the storage period has elapsed.
  2. 2) Installation and operation
    • ㆍNumber of installations: The hospital can increase or decrease the number and place of installation if necessary.
    • ㆍInstallation location: Around the hospital and outside fence, Hospital entrance and passage, Funeral ceremony (self-management of outsourcer)
    • ㆍShooting range: Approximately 20 meters from the camera
    • ㆍRecording time: 24 hours a day, 24 hours a day.
  3. 3) Storage period of video information and storage place Within 30 days after the collection of image information, it is possible to extend, if necessary, and the storage place is to the security office.
  4. 4) How to store, manage, delete, and dispose video information
    The video information is stored in the computer system of the Sejong hospital security office. When the DVR fails or replaced, the HDD in the existing DVR is discarded after it is permanently erased by a technical method that can not be restored.
  5. 5) Any person who wishes to provide, view, reproduce and destroy image information must specify the content and purpose of the image information in writing and obtaining approval from the operating officer.
  6. 6) Protection of visual information
    • ㆍAdministrative safeguards: To prevent illegal or tampering, record the date and time of creation of video information and the purpose of browsing, viewers, viewing date and time
    • ㆍTechnical protection measures: besides the responsible person and the person in charge,
    • ㆍPhysical protection measures: The image information storage device is stored in the disaster prevention room
  7. 7) Location of viewing, playback of video information and access control
    The viewing and playback location of the video information should be done by the security office and approved by the responsible person.

9. Personal information manager

In order to protect customer's personal information and to handle complaints related to personal information, the hospital appoints relevant department and personal information manager as follows.

[Personal information manager]
  • Upper Manager) Name : Moon Kyeong Won (Medi-Flex Sejong Hospital Director of Management Support Division)
  • Phone Number : 032-240-8720
  • E-mail : mutri821@sejongh.co.kr
  • Lower Manager : Shim Jae Un (Medi-Flex Sejong Hospital Chief of Computer)
  • Phone Number : 032-240-8576
  • E-mail : tlawodns@sejongh.co.kr

You may report any privacy complaints that may arise as a result of using the services of the hospital to your personal information manager or department. The hospital will respond quickly and fully to your report. If you need to report or consult about other privacy infringements, please contact the following organizations:

  • Private Dispute Resolution Committee
  • Homepage: www.1336.or.kr
  • Phone Number : 1336
  • Korea Internet Promotion Agency (Personal Information Infringement Reporting Center)
  • Homepage : www.privacy.kisa.or.kr
  • Phone Number : 118, 02-405-5118
  • Information Protection Mark Certification Committee
  • Homepage : www.eprivacy.or.kr
  • Phone Number : 02-508-0553~4
  • Cyber Crime Division, Supreme Prosecutors' Office
  • Homepage : www.spo.go.kr
  • Phone Number : 02-3480-3573
  • National Police Agency Cyber Terror Response Center
  • Homepage : www.ctrc.go.kr
  • Phone Number : 1566-0112, 02-392-0330

10. Measures to ensure the safety of personal information

To ensure the safety of personal information in order to prevent loss, theft, leakage, alteration or damage to the hospital, we take administrative measures.

[Technical measures]
  1. 1) Password encryption
    The password of ID (ID) is encrypted and stored and managed. Only the person knows it, and confirmation and change of personal information is possible only by the person who knows the password.
  2. 2) Measures against hacking and viruses
    • ㆍThe hospital is doing its best to prevent personal information from being leaked or damaged by hacking or computer viruses. In order to prevent damage to personal information, we regularly back up the data and take measures to prevent damage from computer viruses by using the latest vaccine program. Vaccine programs are updated periodically, and if sudden viruses appear, we provide them as soon as they become available to prevent personal information from being compromised.
    • ㆍIn order to prevent personal information from being leaked by hacking or the like, the system is installed in an area controlled from the outside, and a device for blocking the intrusion is used. In addition, an intrusion detection system is installed to monitor intrusion for 24 hours.
[Management measures]
  1. 1) Personal information related to information education for all employees
    • ㆍHospitals have established procedures for the management and access to personal information to ensure that employees are aware of and comply with them and regularly check compliance.
    • ㆍWe sign an information protection pledge when hiring a new employee, so we have internal procedures in place to prevent leakage of information (including personal information) by employees, to remind ourselves of our obligation to protect personal information from time to time, and to audit compliance.
  2. 2) Minimization and training of handling staff

    The hospital minimizes the number of people who can handle personal information, manages access rights, and ensures compliance with laws and policies through education. The person handling personal information is as follows:

    • ㆍPerson who deals with the business in/directly personal information
    • ㆍPerson in charge of personal information management and personal information protection such as the General personal information manager and personal information manager
    • ㆍThose who have inevitable access to personal information in business

11. Obligation to notify in accordance with policy change

The current personal information processing policy may be changed from time to time due to changes in government policies or security technologies. If there is any addition, deletion or modification of the contents, it may be possible to check the website 'notice' We will notify you in a place by notice.

  • ㆍAnnouncement date: June 30, 2017
  • ㆍEffective date: June 30, 2017