- Introduction
Hospital Umra is committed to protecting your personal data in accordance with the Personal Data Protection Act 2010 (PDPA). As a multi‑disciplinary hospital, we recognize the sensitive nature of medical, financial, and personal information across all specialties — including obstetrics & gynaecology, paediatrics, surgery, internal medicine, diagnostics, and wellness services.
- Scope of Application
This Notice applies to:- Patients across all hospital services (inpatient, outpatient, emergency, specialty clinics)
- Next of kin, guardians, and guarantors
- Newborns and minors (via parental/guardian consent)
- Employees, trainees, and medical students
- Vendors, suppliers, and business partners*
- Visitors and digital platform users (website, mobile apps, social media).
- Types of Personal Data Collected
We may collect and process:
- Identification: Name, NRIC, passport, date of birth, nationality
- Contact: Address, phone number, email
- Medical:
- General medical records, diagnosis, treatment history, prescriptions, and lab results
- Specialty data (e.g., O&G pregnancy records, neonatal assessments, fertility treatment data, surgical notes, diagnostic imaging)
- Financial: Payment details, insurance information, guarantor data
- Employment: CV, qualifications, HR records (for staff)
- Digital: CCTV recordings, cookies, mobile app usage, device information
- Other: Next of kin details, emergency contacts, consent forms.
- Purpose of Processing
Your personal data may be used for:
- Delivery of medical care across all specialties
- Billing, insurance claims, debt recovery
- Compliance with Ministry of Health (MOH), MSQH, and other regulatory requirements
- Birth registration with Jabatan Pendaftaran Negara (JPN), where applicable
- Hospital administration, HR, and training
- Research, quality improvement, and accreditation audits
- Marketing and patient engagement (with consent)
- Security, safety, and emergency response.
- Disclosure of Personal Data
We may share your data with:
- Healthcare professionals within Hospital Umra and partner facilities
- MOH, MSQH, Family Health Division, and other regulators
- JPN for birth certificate issuance (O&G/neonatal cases)
- Diagnostic labs, fertility centers, and specialist referral hospitals (with consent)
- Insurers, banks, auditors, and legal advisors
- Vendors, suppliers, and IT service providers
- Law enforcement agencies or government authorities (where legally required).
- Cross-Border Data Transfer
Where necessary, your personal data may be transferred outside Malaysia, including:
- Specialist referrals abroad
- Fertility tourism
- Foreign diagnostic laboratories and medical specialists. Safeguards will be applied to ensure compliance with PDPA.
- Data Retention
- General medical records: retained for a minimum of 7–10 years
- Neonatal records: retained until the child reaches 18 years of age
- Fertility treatment records: retained indefinitely or per MOH guidelines
- Other records: retained as required by law, accreditation standards, and hospital policy.
- Your Rights
You have the right to:
- Access and obtain a copy of your personal data
- Request correction or updates
- Withdraw consent or limit processing (subject to legal/contractual obligations)
- Opt-out of marketing communications
- Restrict disclosure of sensitive data (e.g., reproductive health)
- Withdraw consent for research use of medical data
- Request data portability (where applicable)
- Lodge a complaint with the Department of Personal Data Protection (JPDP).
- Security Measures
Hospital Umra applies strict safeguards, including:
- Restricted access to sensitive medical records (e.g., O&G, neonatal ICU, psychiatric care)
- Encryption of genetic test results and diagnostic imaging
- Consent verification before sharing sensitive health data
- Audit trails for all medical record access across departments.
- Contact Us
For inquiries, requests, or complaints regarding personal data, please contact:
Data Protection Officer
Hospital Umra,
Seksyen 13, Shah Alam,
Selangor
Tel: 03-5518 4319