Privacy policy

1. Medical Topia Soka Hospital and related medical institutions (hereinafter referred to as “this hospital”) have established a system to protect and manage personal information, stipulate its operation, and ensure that its representatives and all employees comply with it. By doing so, it will strive to appropriately manage personal information.
2. This hospital has established internal regulations regarding the appropriate collection, use, and provision of personal information, clearly stipulates the purpose of collection and limitations on the scope of use, and strives to manage it appropriately.
3. This hospital takes preventive measures against unauthorized access to personal information, loss, destruction, falsification, and leakage of personal information, and ensure the safety and maintenance of accuracy of personal information.
4. This hospital thoroughly educates and trains employees on the importance of protecting personal information, appoints a personal information protection manager/supervisor, and establishes and operates an appropriate management/supervision system.
5. This hospital may outsource some tests/examinations to external facilities, and in this case, it may be necessary to notify some of your personal information to the outside party. This hospital has selected reliable facilities and signed agreements to ensure that personal information is not handled inappropriately.
6. This hospital complies with laws and other norms regarding personal information.
7. This hospital will continually review and improve the above policies.

At this hospital, we establish the purpose for which personal information of patients and users will be used, and we take all safety measures to handle the personal information. If you have any questions, please contact us at customer support counter of each facility.

1. When based on laws and regulations
2. When it is necessary to protect a person’s life, body, or property, and at the same time it is difficult to obtain the consent of the person concerned, or procedure to get the person’s consent is considered extremely unreasonable (due to confusion in large-scale disaster or accident.)
3. When it is particularly necessary to improve public health or promote the healthy development of children, and it is difficult to obtain the consent of the person concerned.
4. When it is necessary to cooperate with a national organization, local government, or a person entrusted by them in carrying out affairs stipulated by laws and regulations, and at the same time it is difficult to obtain the consent of the person concerned.

Medical Topia Soka Hospital and related medical institutions (hereinafter referred to as “this hospital”) shall take measures to appropriately protect the personal information of patients, users, and other related parties held by this hospital. We will protect personal information in accordance with this statement based on the hospital’s privacy policy.

In this statement, the meanings of the terms listed in the following items are as defined in each item.

1. Personal Information
   Information about living individuals (including information about deceased persons related to living persons) that can identify a specific individual by name, date of birth, and other descriptions contained in the information
   Information that can be easily compared with other information, and by doing so, it can identify a specific individual. Medical examination results and medical records are also considered personal information.
2. Personal Information Database
   Organized and classified specific personal information according to certain rules (for example, alphabetical order, date of birth, etc.), that can be easily searched with table of contents, index, codes, and others. It includes both paper and electronic data.
3. Personal Data
   It refers to the personal information that constitutes the “Personal Information Database”.
4. Retained Personal Data
   It refers to personal data that has the authority to disclose, correct, add or delete content, stop using it, erase it, and stop providing it to third parties. However, this excludes 1) information that would harm the public interest or other interests if its existence were revealed, and 2) information that will be deleted within 6 months (excluding updates).

Personal information will be handled only to the extent necessary to achieve the purpose, with clearly defined purposes of use.

When changing the purpose of use of personal information, it can be done only to the extent that it is deemed to be reasonably related to the purpose of use before the change.

Personal information will be acquired by lawful and fair means.

Personal information, including the following, will be acquired, used, or provided to the minimum extent necessary for treatment and care.

1. Matters related to thoughts, beliefs and religion
2. Race, ethnicity, family origin, criminal history, and other matters that may cause social discrimination.
3. Matters related to workers’ right to organize, collective bargaining, and other collective actions
4. Matters related to participation in collective demonstration, exercise of the right to petition, and exercise of other political rights

However, information (a) and (b) above may be used and collected only in cases related to illness.

When concluding a contract with a person and acquiring his /her personal information written in a contract or other document, or directly acquiring the person’s personal information written in a document, the purpose of use will be clearly indicated.

This hospital will post our personal information protection policy, including the purpose of use of personal information, on our internet homepage and in easily visible places within each facility, and will keep it up to date.

When receiving personal information from a person other than the person concerned, the following measures will be taken and supervised.

1. Supervise those who obtain personal information to ensure that such information is obtained by lawful and fair means.
2. Confirm that personal information obtained from a third party is provided within the scope of the purpose of use and with the consent of the person concerned.

1. In principle, personal information will only be used within the scope of the purpose of use, and only by authorized persons according to the specific task, and to the extent necessary for carrying out the task.
2. If personal information is to be used beyond the scope of the purpose of use, we will notify the person and obtain the consent in advance. However, this does not apply to the following cases.
   1. When based on laws and regulations
   2. When it is necessary to protect a person’s life, body, or property, and at the same time it is difficult to obtain the consent of the person concerned, or procedure to get the person’s consent is considered extremely unreasonable (due to confusion in large-scale disaster or accident.)
   3. When it is particularly necessary to improve public health or promote the healthy development of children, and it is difficult to obtain the consent of the person concerned.
   4. When it is necessary to cooperate with a national organization, local government, or a person entrusted by them in carrying out affairs stipulated by laws and regulations, and at the same time there is a risk of interference if the person’s consent is obtained.

This hospital manages personal information in an accurate and up-to-date manner within the necessary range according to the purpose of use.

This hospital takes necessary measures such as formulating and implementing a security management plan to prevent unauthorized access to computers storing personal information of this hospital, and loss, destruction, falsification and leakage of personal information.

When employees of this hospital handle personal data, this hospital will provide training to them for the sake of safe and appropriate management of personal information.

This hospital will take the following measures when outsourcing personal information and its related work to a third party (including accepting agency workers)

1. For new outsourcing company (including the case accepting agency workers), this hospital conducts interviews with the company’s manager, on-site inspections of the the company’s processing facilities to ensure that the level of personal information protection and security management is appropriate, and that the level of education in personal information protection and security management is appropriate.
2. Sign a contract regarding the following items.
   • Matters regarding the existence of confidentiality and the scope of persons who can handle the information
   • Matters regarding the management methods of confidentiality and personal information at the outsourcing company
   • Matters regarding return of personal information and deletion of copies at the end of the contract
   • Matters regarding responsibility sharing and measures to be taken in the event of personal information leakage or other accidents.
   • Matters regarding subcontracting

In the event that we discover any matter that conflicts with the contract during the outsourcing, we will immediately take necessary actions against the party entrusted with personal information.

This hospital will not provide personal information to third parties. However, if this hospital recognizes the necessity of providing personal information to a third party (including public announcement/disclosure, etc.) for business or public reasons, this hospital will do so after taking necessary measures.

This hospital will set up a “help desk service” at each facility where individuals can request disclosure, correction, or deletion of personal information held by this hospital. Procedures for disclosure, correction, and deletion will be determined separately.

This hospital will comply with requests from individuals to refuse the use or provision of personal information held by this hospital to third parties. However, there are exceptional cases where it is necessary for medical treatment, disclosure requests from public institutions such as regulatory agencies, police, courts, etc. in the exercise of authority based on laws and regulations, fulfillment of obligations stipulated by laws and regulations, and claims for medical expenses.

In order to appropriately protect the personal information of patients, users, and other related parties held by this hospital, this hospital will mainly use the following organizations based on our personal information protection policy.