Site icon SeriousMD Blog

National Privacy Commission (NPC) Data Privacy Act (DPA) Registration for Doctors in the Philippines – Phase 1

National Privacy Commission (NPC) Data Privacy Act (DPA) Registration for Doctors in the Philippines Phase 1

*Editor’s note: this article was revised on 1 July 2018 to reflect the addition of a registration method for individual professionals on the NPC’s website. 

We received a call the other day. Then we received a support ticket. Then we got an email.

Then messages started coming in by the dozens per hour.

“I was told that I need to register with NPC. Am I violating anything by using SeriousMD?”

“I need to register if I have 1000 patients??? That is just half my year. What should I do now?”

“I thought going paperless was easy, now, I have to register with NPC? Makes me want to go back to paper.”

“Should I worry about using an EMR because of the NPC deadline?”

“I got this message from another doctor with these images. What will happen now??”

[metaslider id=1665]

Sound familiar?

This Data Privacy Act compliance deadline has caught a lot of doctors off-guard.

Here at SeriousMD, we treat all of you like family and we want to make things as easy as possible for you.

There’s no need to panic. The registration deadline was extended to March 8, 2018 July 2, 2018 and in this article we’ll explain what you need to do. If you have other questions that are not covered here, just let us know and we’ll try our best to answer them.

So, let’s get started.


First of all, doctors are not violating anything by using SeriousMD. Both SeriousMD users as well as those still using paper records are required by the NPC to register.

You simply need to register with the NPC if you have collected information or process at least 1000 records.

If you are processing any of this information, you are required to register:

There are 2 Phases that you need to know about. 

This article will cover Phase 1.
* Disclaimer. This article is for informational purposes only and not for the purpose of providing legal advice.


Phase 1: Registration

There are two ways to complete Phase 1:

  1. Through registration as an individual professional
  2. Through registration as a DPO or data processing officer

Which one should you use? Simple: register as an individual professional if your practice is not registered under a different identity. If your practice is registered as an entity, however (e.g. a corporation, private institution, medical group, etc.), register as a DPO.

We’ll give you a basic overview of each one. For quick reference, though, registration as an individual professional is easier, because it means you won’t have to get anything notarized.

Phase 1 Registration for Individual Professionals

Step 1. Download the form for individual professionals.

Step 2. Fill out the form digitally. They won’t accept a handwritten one.

When filling out the form, be sure that you fill it out on your computer. Since the form is a PDF file, you will probably be filling it out with either Adobe Acrobat (for Windows users) or Preview (for Mac users). You can also do it on an iOS device with a PDF editor app (like Adobe Fill & Sign) or Adobe Reader on Android. Just open the file with any of these programs and select the empty spaces/blanks, then type your information.

Note: Don’t have any of the above programs on your computer or just looking for an alternative? Try ApowerPDF. Note that you have to select the online version and download a small launcher app to start the tool. If you want to use an offline program instead, try PDF Xchange Editor.

Here are some rules to follow when filling out the form:

Step 3. Add your signature to the form.

There are two ways to do this: digitally and by hand.

Doing it digitally is easier. Just open the form in a PDF reader/editor again, then follow the steps in the tutorials below.

Just click on the link that applies to your case. For example, if your PDF editor is Adobe Acrobat and you’re using a Windows computer, click on the first of the links below:

If you want to do it by hand, you will need a scanner. This is because you have to follow these steps if signing the form by hand:

  1. Print out the form.
  2. Sign the printed form.
  3. Scan the printed form to turn it into a digital document again.

Step 4. Save the form.

How you do this depends on what you did in the previous step (how you added your signature). If you signed it digitally, you only need to save 1 PDF file.

If, however, you signed the form by hand instead, you need to save 2 files. One is the PDF file you filled out electronically before you signed it and the other is the PDF file you scanned after you signed it. Remember that both PDF files should show a completely filled out form, though only one should have a signature (the scanned one). Use this naming formula: LASTNAMEFIRSTNAME_dpo.pdf

So, if your name is Juan dela Cruz, for example, the first PDF should be named delacruzjuan_dpo.pdf and the second one delacruzjuan_scanned.pdf.

Having trouble changing your files’ names? Here are the quick ways to do it:

Step 5. Send the file (or files, if you signed by hand) to dpo_indprof@privacy.gov.ph

Step 6. Wait for an email or text message for a verification code that gives you access to Phase 2.

It should be sent to the email address and mobile number you supplied in the form.

Phase 1 Registration as a DPO for Businesses/Corporations/Medical Groups, etc.

This is rather a longer process, so we’re going to give you a short, bulleted version of it here, then a more detailed (broken down) version later. Here is the short version:

Here’s a video and an image that you can share with other doctors.

Share this with other doctors

Now for the long version of registering for Phase 1 as a DPO:

Step 1. Complete the DPO Form

Step 2. Prepare the Requirements

Requirements For Private Entities (Sole-Proprietorship)

Requirements For Private Entities (Corporation)

Step 3. Submit All Documents

After they receive the documents and process them, you will receive an email confirmation like this.

Expect an email like this from NPC once they process your registration for Phase 1.

That’s actually it for Phase 1.


Frequently Asked Questions for Phase 1:

Q: I am a doctor and I have over a thousand records BUT I do not have a clinic. Should I register?

A: We recommend that you just register. Better to be safe.

Q: I have 900 records. Do I need to register?

A: Their requirement is 1000 but here at SeriousMD, we’d like to keep things simple. Always err on the side of caution. Just register now, it doesn’t hurt to do things in advance.

Q: Is there another address for the NPC?

A: We were told that they will be moving to a new office. No official notification yet as to where their new address will be. So for now, it’s still 5th Floor Delegation Building, PICC Complex, Roxas Boulevard, Pasay City, Metro Manila, Philippines

Q: Is this just for doctors keeping digital records?

A: No. Whether you are keeping digital records or written records, you are still required to register.

Q: The NPC DPA deadline is still far away, can I register now?

A: Yes, you definitely can.

Q: What’s the difference if I register online or do it offline. It seems to be the same.

A: We recommend doing it offline since you are STILL submitting the documents manually anyway but if you prefer the online route, here’s what you need to do.

Press Download and Print PDF Button

Technically, it’s just the same as the instructions above, you just had a form generated for you instead of you writing on it and you will get your account code earlier but you will still have to submit the requirements manually.

Q: What’s a DPO?

A: Here’s the official description from NPC. “Data Protection Officer” or “DPO” refers to an individual designated by the head of agency or organization to be accountable for its compliance with the Act, its IRR, and other issuances of the Commission: Provided, that, except where allowed otherwise by law or the Commission, the individual must be an organic employee of the government agency or private entity: Provided further, that a government agency or private entity may have more than one DPO.

In short: A DPO is a Person assigned by the Entity (the one processing information) to be responsible for everything related to the records, including safekeeping of the records, making sure the entity’s operations are in compliance with the data privacy act or other mandates by the NPC, as well as being the point of contact for the NPC.

The DPO assigned is usually the doctor but in some cases, your secretary can be assigned if they are responsible for safekeeping the records.


TL;DR (Too Long; Didn’t Read)

Notes About Phase 2:

Share this post to other doctors on social media by clicking the Facebook, Twitter, Whatsapp or other buttons you can see on left side of this page.


This space is reserved for our article about Phase 2.

The requirements for Phase 2 can be complicated. As a SeriousMD user, we will definitely be able to help you out with Phase 2. Link to the article coming soon. If you still aren’t using SeriousMD for your practice, then sign up today!

Exit mobile version