Homepage >
Privacy Policy

Privacy Policy

Hillel Yaffe Medical Center Privacy Policy

Hillel Yaffe Medical Center places the highest importance - both as a core value and in accordance with applicable laws (the Privacy Protection Law, 1981 and its amendments and regulations, the Patient Rights Law, 1996, other laws, and established medical ethical guidelines) - on protecting the privacy and personal data of its patients, individuals inquiring about services, study participants, website visitors and the general public.

Information protected by law is collected, stored and maintained in the medical records of patients, managed in the hospital's information systems. These systems are designed and operated in accordance with strict information security and cybersecurity requirements and are continuously monitored.

Hillel Yaffe Medical Center is ISO 27001 and ISO 27799 certified. These are standards for information security and medical data, respectively.

Database Management and Legal Processing of Personal Information

The medical center collects, stores and documents medical, demographic and administrative information as an integral part of the medical services it provides and as part of patient electronic medical records. Failure to provide information to the hospital, treatment may result in inadequate care and, in some cases, it may not even be possible to treat the patient.

Purpose of the database - Information transferred to the hospital and stored in the hospital's database is for treatment, administration, research, direct mail and development of new treatment tools.

Information sources - Information is generated within the hospital by physicians, health care practitioners, laboratories, imaging, medical devices and more. Information is also provided to the hospital by the patient, Ministry of Health, HMOs, Magen David Adom, Ministry of Interior, National Insurance Institute, other hospitals, external laboratories, artificial intelligence systems, etc.

Transfer of information to external parties – The medical center may share information with the patient, HMOs, Ministry of Health, insurers, Ministry of Interior, National Insurance Institute, other hospitals, hospital suppliers, organizations with which the hospital conducts research and collaborates, etc.

The information will be stored in the medical center's databases for an unlimited period.
The hospital uses artificial intelligence (AI) software in various fields as a clinical decision support tool.
Access to information is granted with caution and in strict compliance with the law and to enable the authorized person to perform their duties.

Right to review information

Every person is entitled to examine information collected about them and stored in the hospital's database. This may be done personally, through an authorized representative with written consent or through a legal guardian. The hospital may withhold information relating to a patient's medical or mental condition if, in its opinion, its disclosure could cause serious harm to the requesting party’s physical or mental health or put their life at risk. In such cases, the hospital will provide the information to a physician or psychologist acting on behalf of the requesting party. Medical information can be accessed electronically free of charge through the Apollo app or by submitting a request to the Medical Records Department. Please note that access through Medical Records Department is subject to a fee, in accordance with the Ministry of Health’s price list that is updated periodically, and supplementary regulations.

Correction of information

An individual who has reviewed their personal information and finds it to be incorrect, incomplete, unclear or outdated may request that the information be corrected by contacting the Medical Records Department. The information will be corrected if Patient Safety determines that it is inaccurate based on the information provided to the physician. The request should be submitted to Public Inquiries.

Participation in studies

A patient who has signed an informed consent form to participate in a study and later decides they no longer want to participate in the study may contact the principal investigator and request to withdraw from the study. The principal investigator must withdraw the patient from the study or alternatively delete all data through which the patient can be identified and retain only anonymized information.

If patient recruitment is conducted through public channels such as social media (whether in Israel or overseas), the principal investigator is required to have the participant sign informed consent. The consent document will include the possibility of withdrawal from the study. If the patient asks to withdraw from the study, the principal investigator must withdraw them from the study or delete all the identifying information through which the patient can be identified and keep the record only in anonymized form.

If you are participating in a study and you are also a European citizen, and you were recruited to the study through outreach to study participants who are not residents of Israel and are in the European Union, and you believe your privacy has been violated by the medical center, you have the right to file a complaint with the appropriate regulatory agency in the European Union.

Information Security Policies

The medical center operates in accordance with information security policies that define the management's approach to the issue and determine its commitment to the matter. The policies address procedural, technological, infrastructural and administrative aspects of information security. These policies cover database management, access control, user authentication and authorization, password management, implementation of IT systems, backups, information transfer, and other relevant security measures.

Changes to the Privacy Policy

This policy may be updated from time to time in accordance with amendments to the Privacy Protection Law and the related regulations and/or the Patient Rights Law and/or any other legislation and/or Ministry of Health procedures and/or regulatory guidelines on the matter. The most current version of the policy will be posted on the medical center's website.

Privacy Protection by the Patient

We ask patients to help protect their privacy and prevent unauthorized disclosure of medical information from their medical record by refraining from sharing access to their medical record and/or personal mobile device and/or not disclosing the password and/or token sent to the mobile number registered with the medical center.