Yes, we’re registered with the NPC, comply with the DPA and you can list us as your 3rd party PIP (Personal Information Processor)
Do Individual Doctors Still Need to Register with the NPC?
The short answer is: Yes.
All doctors with 1000 or more records are required to register with the NPC.
This includes those keeping paper records, it's not just for electronic records. If you keep paper records for over 1000 patients, you already have to register with the NPC.
Let's say you have 500 patients in SeriousMD, you technically don't have to register yet, but we usually just recommend doing so, it's really better to just get it over with earlier as there are not much in terms of requirements.
Understanding Your Role: Personal Information Controller (PIC) vs. Personal Information Processor (PIP)
Personal Information Controller (PIC) | The Doctor retains ownership of all patient information stored in SeriousMD and is mainly responsible for maintaining the data’s accuracy, integrity, and security (e.g., proper access control). |
Personal Information Processor (PIP) | SeriousMD acts as the third-party PIP for the Doctor, providing the platform and technical means to store and secure the data in its cloud platform, strictly following the instructions of the PIC. |
Updated Registration Process via NPCRS
The NPC now uses the National Privacy Commission Registration System (NPCRS) for DPO and Data Processing System (DPS) registration.
Registration Steps for an Individual Doctor (PIC):
Make sure to prepare the following:
1. Prepare documents
Corporations: SEC cert, GIS, business permit, notarized Secretary'sCertificate
Sole proprietors: DTI cert, business permit, notarized DPO appointment
Professionals: License details
2. Create DPO email address
Must be position-specific (e.g., dpo@yourclinic.com), not personal
3. Document all data processing systems (digital and paper)
Digital: EMR, scheduling, billing, lab systems, apps
Paper: Physical charts, appointment books, ledgers, employee files
Access NPCRS: Go to the official NPCRS website: https://npcregistration.privacy.gov.ph/
Make sure to use your DPO email address
This is where you will register, process annual renewal, and any other amendments
Account Creation: Create an account as an Individual Professional. You will act as the Data Protection Officer (DPO).
Enter organization details: This includes the head of the organization, entity info, purpose, contacts
Registration Proper: Log in and encode your organizational details (as an individual professional) and your Data Processing System (DPS) details.
The Doctor is the PIC. SeriousMD is your PIP (include SeriousMD as a PIP in your DPS details)
Digital systems: EMR, apps, scheduling software, billing systems
Paper systems: Physical charts, appointment books, ledgers, employee
files
For EACH system: 11 categories of info including name, legal basis,
purpose, role, third parties, data subjects, data types, security
measures (for paper: locks, access controls, shredding), lifecycle,
transfers, automation
Register public-facing apps
Include internal employee apps
Register compliance officers
For each branch/location
Submission and Validation: Upload the required supporting documents. The NPC will review your application for completeness and accuracy.
Note that this generally may take around 5-10 business days.
If there are deficiencies found, you have 5 days to correct/update the information.
Once approved, the status changes to "For Payment"
Payment: Once validated, pay the applicable initial registration fee (currently 500 pesos for Individual/Professional, but check the NPCRS for the most current fees).
Payment method can be via cash at NPC Pasay, Manager's Check, or online (GCash/Maya/GrabPay)
🚨 IMPORTANT: Make sure to click the "Update Payment" button after settling payment online in your NPCRS account.
NPC will process and verify your payment within 1-3 business days.
Download Certificate and Seal: Upon successful payment, you will be able to download your Certificate of Registration and the NPC Seal of Registration (both with QR code)
Mandatory Display of the NPC Seal of Registration
All registered PICs, including individual doctors, are mandated to prominently display the NPC Seal of Registration.
Display Requirement:
Physical Presence: The NPC Seal must be prominently displayed at the reception area and consultation room/s.
Online Presence: The NPC Seal must be displayed in the doctor's website, doctor profiles, or patient-facing pages
Annual Renewal is Required
Your NPC registration, including your Certificate of Registration and NPC Seal of Registration, is valid for one (1) year from the date of issue.
Renewal Reminder: You are required to renew your registration within the 30-day period before its expiration date to maintain compliance and avoid penalties. Renewal is also done through the NPCRS.
You can further check our DPO, guidelines, how we handle and secure your data through our privacy policy page. You may find the technology behind our security on this page.
For a complete and detailed step-by-step guide on the NPCRS process, please refer to our guide: