Care Connect - Data Privacy Notice

Home

Data Privacy Notice

What is a Privacy Policy?

A "privacy notice" lets you know what happens to any personal data that you may give us or that we may collect from you or about you (as a patient, family member, carer, or visitor). This notice is issued by Care-Connect as a primary care healthcare provider, and covers the information we hold about our patients, their families and other individuals who may use our services.
‍

Who are we and what do we do?

A multi-phase partnership between Irish Life Health and Centric Health established on 01 November 2022.
An innovative, primary healthcare service that blends in-person and digital experience to provide easy and convenient access to expert care and personalised health advice for Irish Life Health customers
Care-Connect will support better health and lifestyle outcomes for customers.
Care-Connect is the data controller for all Care-Connect programmes.

Why have we issued this Privacy notice for our patients, families, and others?

We are committed to being open about the information we collect about you, how we use this information, with whom we share it, and how we store and secure it. We recognise the importance of protecting personal and confidential information in all that we do, and take care to meet our legal and other duties, including compliance with relevant law, regulations, and guidanceUnder the General Data Protection Regulation (GDPR) Care-Connect has a legal duty to ensure patient data, supplied as part of the patient process within Centric Health, is kept secure and safe.Personal data will be obtained in a lawful, fair, and transparent manner for a specified purpose and will not be disclosed to any third party, except in a manner compatible with that purpose.“Personal data” means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller (“Care-Connect ”); All medical information is seen as “sensitive personal information” and we will endeavour to ensure your information is treated with the utmost respect and confidentiality.Care-Connect will conform with the Medical Council guidelines and the privacy principles of the Data Protection Legislation. This Privacy Statement is about making your consent meaningful by advising you of our policies and practices on dealing with your medical information.
‍

Who controls the use of your personal data?

Care-Connect whose registered address is Care-Connect, Floor 7, RSA House, Dundrum Town Centre, Sandyford Road, Dundrum, Dublin 16, D16 FC92 is the company that controls and is responsible for personal data that is collected in relation to your healthcare. If you have any queries in relation to the processing of your personal data, we have appointed a data protection officer that you can contact as follows:
by post at Data Protection Officer, Care-Connect, Floor 7, RSA House, Dundrum Town Centre, Sandyford Road, Dundrum, Dublin 16, D16 FC92
‍or by email at : dpo@care-connect.ie
‍

Managing your Information

To provide for your care we need to collect and keep information about you and your health on our records. The type of information we need to collect from you includes your name, address, personal phone number, date of birth, marital status, nationality, family history, ethnic background, current lifestyle, next of kin/emergency contact details and details regarding previous medical history.
Upon receipt of a completed “register your interest form”, we use this data to communicate with you in the interests of your own healthcare but will not forward it to anyone else without your expressed consent.
We may also contact you regarding relevant information or services to assist you in your healthcare needs such as ECG, 24hr Blood Pressure Monitoring, flu vaccines or medical assessments.
We will only ask for and keep information that is necessary. We will attempt to keep it as accurate and up to- date as possible. We will explain the need for any information we ask for if you are not sure why it is needed.
Please inform us about any relevant changes that we should know about, such as change of address, phone numbers, family circumstances, any new treatments or investigations being carried out that we are not aware of.
All persons working for Care-Connect (not already covered by a professional confidentiality code) sign a confidentiality agreement that explicitly makes clear their duties in relation to personal health information and the consequences of breaching that duty.
Access to patient records is regulated to ensure that they are used only to the extent necessary to enable the Clinicians and or Admin team to perform their tasks. In this regard, patients should understand that Care-Connect staff may have access to their records for:

·      Typing referral letters to hospital consultants or allied health professionals such as physiotherapists, occupational therapists, psychologists, and dieticians.
·      Opening letters from other GP Practices, hospitals, and consultants. Letters will be scanned into their electronic patient record.
·      Scanning clinical letters, radiology reports and any other documents not available in electronic format.
·      Dealing with patient complaints.
·      Checking for a patient if a hospital or consultant letter is back or if a laboratory or radiology result is back, to schedule an appointment or conversation with the GP.
‍
Care-Connect is committed to guarding against accidental disclosures of confidential patient information. Before disclosing identifiable information about patients, Care-Connect will:

·      Take into consideration Freedom of Information and Data Protection principles.
·      Be clear about the purpose for disclosure.
·      Be satisfied that we are disclosing the minimum information to the minimum amount of people necessary.

What personal data is collected?

To provide our services to you we need to process certain personal data in relation to you, which includes:

Biographical data – We collect the following biographical data: name, assumed names, address, phone number, email address, gender, family relationships (e.g., spouse, children), date of birth.
Interactions with us – If you interact with us, we will record details of those interactions (e.g., phone calls and logs of phone calls, email correspondence and hard copy correspondence). If you make a complaint, we will process details in relation to that complaint.
Online services – When you interact with us online (by computer, tablet, or smartphone), you will often provide personal data to us, which you will be aware of when using the services or for which you give consent. We also automatically collect data about your use of our services, such as the type of device you are using and its IP address, and how you interact with the services. Further details are available in the cookies policy that accompanies the relevant service.

Categories of Personal Data

1. Administrative: name, address, contact details (phone, mobile, e mail), dates of appointment.

PURPOSE OF PROCESSING:
Necessary to support the administration of patient care in general practice.
‍
LAWFUL OF PROCESSING:
Article 6.1(d): processing is necessary in order to protect the vital interests of the data subject or of another natural person; Article 6.1(e): processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; Special Categories are processed under the derogations in Articles 9.2(h) and 9.2(i). Please see the notes under this table.

2. Medical Record: Individual Health identifier, date of birth, gender, , family history, contact details of next of kin, contact details of carers, vaccination details, medication details, allergy details, current and past medical and surgical history, genetic data, laboratory test results, imaging test results, near patient test results, ECGs, Ultrasound scan images, and other data required to provide medical care.

PURPOSE OF PROCESSING:
Necessary to provide patient care in general practice.
‍
LAWFUL OF PROCESSING:
·      Article 6.1(d): processing is necessary in order to protect the vital interests of the data subject or of another natural person;
·      Article 6.1(e): processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
·      Special Categories are processed under the derogations in Articles 9.2(h) and 9.2(i).

Recipients with whom we share personal data
·      Health and Social Care Providers
Other GPs, Health Service Executive, Voluntary Hospitals, Private Hospitals and Clinics, Private Consultants, Physiotherapists, Occupational Therapists, Speech and Language Therapists, Social Workers, Palliative Care Services, Out of Hours Services, Pharmacies, Nursing Homes, Counselling Services, Diagnostic Imaging Services, Hospital Laboratories, Practice Support Staff, GP Locums, and other health care providers.
·      Data Processors with a contract
Rapid Health and Luscii Vitals who operate as software vendors.
·      Legal Arrangements
Medical Council.
·      Third Parties, with explicit patient consent
Solicitors, Insurance Companies, Health Insurance Companies, Banks.

How we use & Process your data

Care-Connect process clinical information about our patients to ensure that all clinical staff have complete information to ensure you get the best treatment while under our care. Each patient will have a unique Medical Record and all your details are kept within your unique medical record.

We process your personal data to provide you with our services and to assist us in the operation of our business. Under data protection law we are required to ensure that there is an appropriate basis for the processing of your personal data, and we are required to let you know what that basis is.There are various options under data protection law, but the primary bases that we use are (a) processing necessary for the performance of our contracts with you, (b) processing necessary in order for us to pursue our legitimate interests, (c) processing where we have your and/or your dependents’ consent, (d) processing that is required under applicable law (e ) Vital Interest.
‍

Legal requirements

In certain circumstances, we are required by law to report information to the appropriate authorities. This information is often provided after authority has been given by a qualified health professional. For example:

Where we encounter infectious diseases, which may endanger the safety of others e.g. COVID 19, meningitis or measles.
Where a formal court order has been issued.
Section 7(1)(a) of the Ombudsman Act 1980 provides the Ombudsman with powers to acquire information or documents for the purpose of a preliminary examination or investigation by him or her under the Act.
Ombudsman for Children: Section 14 of the Ombudsman for Children Act 2002 provides the Ombudsman for Children with the power to acquire information.

The Data Protection Commissioner may, for the purposes of the investigation of a complaint under the Data Protection Acts, require the Care-Connect to provide any documentation as is considered necessary information or documents for the purpose of a preliminary examination or investigation.
‍
Transfers outside of the European Economic Area (EEA) Care-Connect process your data within the EEA.
‍
Your Rights Under GDPR, you have rights regarding the use of your personal details and Care-Connect as controller of that data has a responsibility in how we handle this information. You have the right to data protection when your details are:

Held on a computer.
Held on paper or other manual form as part of a filing system; and
images of your data, e.g. XRAY

What is the aim of these rights?
With Data Protection rights we help you to make sure that the information stored with us about you is:

Accurate and up to date.
Only available to those who should have it.
Only used for stated purposes.
Stored securely.

What should you expect?

Expect fair treatment from Care-Connect and our staff in the way we obtain keep, use and share your information.
That you have the right to be fully informed in why we are collecting your information and how we are using it.
That you have the right to object to Care-Connect using your details for a particular purpose.
That you have the right to ensure inaccurate information about you is corrected when it is safe to do so.
Request to see a copy of all information kept about you unless exceptional circumstances apply.
Complain to the Data Protection Commissioner if you feel your data protection rights are being infringed.

What Care-Connect must do?
Care-Connect will comply with the Principles of GDPR

To obtain information lawfully, fairly and transparently.
Collect only data necessary for a specific purpose(s) and only use this data for set purpose.
Ensure the information is accurate and up to date. We will need your help for this, so please inform us if you have changed any contact or next of kin details.
Data is stored as long as necessary to provide excellent care.
We will endeavour to keep your data safe and secure.

Right to obtain a copy of your information
Under GDPR, you have a right to obtain a copy, clearly explained, of any information relating to you kept on computer or in a structured manual filing system or intended for such a system by any entity or organisation.

A request for access can be made by completing the attached Subject Access Request and email to: info@care-connect, and made a request or alternatively you can write to Data Protection Officer, Care-Connect, Floor 7, RSA House, Dundrum Town Centre, Sandyford Road, Dundrum, Dublin 16, D16 FC92
‍
Please provide the following details:

Legal name & date of birth.
Be accompanied by appropriate identification example Current Irish Driver’s License, Valid Passport and Proof of address example a current utility bill. This is to make sure that personal information is not given to the wrong person.

Once you have made your request, you must be given the information within 30 calendar days and free of charge. A charge will only apply if the request is deemed to be excessive or repetitive in nature. If there are to be any delays we will contact, you and keep you up to date.
‍
Can access be refused?
Access can be refused to some or all the patient’s personal health information, only, if providing access is likely to cause serious harm to the physical or mental health of the requester or providing access would disclose the personal data of another person without their consent or would disclose a confidential expression of opinion about the requester.

Delivery
The recommended method of delivery of the request is by‍

Registered post via An Post service.
Emailed using an agreed password and confirming receipt.

Retention of personal data
Care-Connect will retain your personal data in accordance with our retention policy. This policy operates on the principle that we keep personal data for no longer than is necessary for the purpose for which we collected it. It is also kept in accordance with any legal requirements that are imposed on us. This means that the retention period for your personal data will vary depending on the type of personal data. For further information about the criteria that we apply to determine retention periods please see below:

Statutory and regulatory obligations – As we work in a highly regulated industry, we have certain statutory and regulatory obligations to retain personal data for set periods of time.
Managing legal claims – When we assess how long we keep personal data we consider whether that data may be required in order to defend any legal claims which may be made. If such data is required, we may keep it until the statute of limitations runs out in relation to the type of claim that can be made.
Business requirements – As we only collect personal data for defined purposes, we assess how long we need to keep personal data for to meet our reasonable business purposes.

Useful Links
‍Data Protection Commission: https://dataprotection.ie/
A guide to Data Protection and what it means for you http://gdprandyou.ie/

Data Protection Officer
If you have any questions about your data protection, you may contact Care-Connects Data Protection Officer:
Email: dpo@care-connect.ie
Letter: Data Protection Officer, Care-Connect , Floor 7, RSA House, Dundrum Town Centre, Sandyford Road, Dundrum, Dublin 16, D16 FC92