Privacy Policy

Privacy Policy of Tel Aviv Sourasky Medical Center – As of March 3, 2025
Email Address Whatsapp LinkedIn Facebook

Tel Aviv Sourasky Medical Center (Ichilov) considers the protection of privacy to be of utmost importance, both as a core value and a legal obligation. This commitment is rooted in the Privacy Protection Law, 1981, its amendments and relevant regulations, the Patient Rights Law, 1996, other applicable laws, and accepted medical ethics guidelines.

Protected Information

The protected information, by law, is collected and maintained in patients' medical records within the hospital’s information systems. These systems have been defined, implemented, and maintained with stringent information and cyber security standards and are continuously monitored.

The Medical Center is certified under ISO 27001 and ISO 27799 for information security and health information protection, and holds relevant accreditations. It is currently working towards compliance with the GDPR for research purposes.

 

Data Management and Lawful Processing of Personal Information

The Medical Center collects, stores, and documents medical, demographic, and administrative information as an integral part of providing medical care, and as part of a patient's digital medical file. Without providing such information, proper treatment may not be possible.

Purpose of the Data Collection
The purpose of the data collected and stored in the hospital's database includes: providing care, administration, research, direct communication, and the development of new treatment tools.

Sources of Data
Data is generated by hospital staff such as doctors, therapists, laboratories, imaging systems, and medical devices. Additional data is provided by patients themselves, the Ministry of Health, HMOs, Magen David Adom, the Ministry of the Interior, National Insurance Institute, other hospitals, external labs, and artificial intelligence systems.

 

Data Sharing with External Parties

Data may be shared by the hospital with the following entities:
Patients, HMOs, the Ministry of Health, insurers, the Ministry of the Interior, National Insurance Institute, other hospitals, hospital vendors, and institutions conducting joint research and collaborations with the hospital.

The information will be retained indefinitely in the hospital’s data repositories.
The hospital uses AI-based systems in various fields to support clinical decision-making.
Access to data is granted cautiously and in accordance with the law, solely for fulfilling the authorized individual’s duties.

 

Right to Access Information

Every individual has the right to review information about them held in the hospital’s databases, either personally, via a legal representative with written authorization, or through a guardian. The hospital may withhold information regarding the individual’s physical or mental condition if it believes that disclosure could cause serious harm to their health or life. In such cases, the information will be provided to a physician or psychologist representing the requester.

Information can be accessed free of charge through the BeWell digital platform or by submitting a formal request to the Medical Records Department. Requests through the Medical Records Department may be subject to a fee, in accordance with the Ministry of Health's price list and regulations.

 

Correction of Information

If an individual reviews their personal data and finds it to be incorrect, incomplete, unclear, or outdated, they may request a correction by contacting the Medical Records Department. If the request is found valid based on the information available to the treating physician, the data will be corrected. Requests should be submitted to the Public Inquiries Department.

 

Research Participation

A patient who has given informed consent to participate in a research study and later decides to withdraw may contact the principal investigator to request removal from the study. The principal investigator must either withdraw the patient or anonymize all identifiable data.

If research participants are recruited via social media (domestically or internationally), the principal investigator must obtain written informed consent that includes an option to withdraw. If a participant chooses to withdraw, all identifying information must be removed and only anonymized data retained.

If you are a research participant, a European citizen, and were recruited via outreach to individuals residing outside of Israel (within the European Union), and you feel your privacy rights have been violated by the Medical Center, you are entitled to file a complaint with the relevant regulatory authority in the EU.

 

Information Security Procedures

The Medical Center operates in accordance with information security protocols that define the management’s commitment to this issue. These procedures cover a wide range of aspects: processes, technologies, infrastructure, and organizational management. They include measures such as: data management, access control, user authentication, password management, IT system implementation, data backup, data transfer, and more.

 

Changes to the Privacy Policy

Changes to this policy will be made in accordance with amendments to the Privacy Protection Law, the Patient Rights Law, Ministry of Health procedures, or other regulatory guidelines. The updated policy will be published on the Medical Center’s website.

 

Patient Responsibility for Privacy

We ask patients to help protect their own medical privacy by not sharing access to their medical files, mobile phone, password, or token sent to the registered phone number held by the Medical Center.

 

Privacy Officer

For any privacy-related inquiries, please contact the hospital’s Information Security and Privacy Officer,
Ms. Adina Solomon Reichman, via the Public Inquiries email:
pniot@tlvmc.gov.il