What is a Privacy Policy?
A "privacy notice" lets you know what happens to any personal
data that you may give us or that we may collect from you or
about you (as a patient, family member, carer, or visitor). This
notice is issued by Care-Connect as a primary care healthcare
provider, and covers the information we hold about our patients,
their families and other individuals who may use our
services.
Who are we and what do we do?
Why have we issued this Privacy notice for our
patients, families, and others?
We are committed to being open about the information we collect
about you, how we use this information, with whom we share it,
and how we store and secure it. We recognise the importance of
protecting personal and confidential information in all that we
do, and take care to meet our legal and other duties, including
compliance with relevant law, regulations, and guidanceUnder the
General Data Protection Regulation (GDPR) Care-Connect has a
legal duty to ensure patient data, supplied as part of the
patient process within Centric Health, is kept secure and
safe.Personal data will be obtained in a lawful, fair, and
transparent manner for a specified purpose and will not be
disclosed to any third party, except in a manner compatible with
that purpose.“Personal data” means data relating to a living
individual who is or can be identified either from the data or
from the data in conjunction with other information that is in,
or is likely to come into, the possession of the data controller
(“Care-Connect ”); All medical information is seen as “sensitive
personal information” and we will endeavour to ensure your
information is treated with the utmost respect and
confidentiality.Care-Connect will conform with the Medical
Council guidelines and the privacy principles of the Data
Protection Legislation. This Privacy Statement is about making
your consent meaningful by advising you of our policies and
practices on dealing with your medical information.
Who controls the use of your personal data?
Care-Connect whose registered address is Care-Connect, Floor 7,
RSA House, Dundrum Town Centre, Sandyford Road, Dundrum, Dublin
16, D16 FC92 is the company that controls and is responsible for
personal data that is collected in relation to your healthcare.
If you have any queries in relation to the processing of your
personal data, we have appointed a data protection officer that
you can contact as follows:
by post at Data Protection
Officer, Care-Connect, Floor 7, RSA House, Dundrum Town Centre,
Sandyford Road, Dundrum, Dublin 16, D16 FC92
or by email at : dpo@care-connect.ie
Managing your Information
What personal data is collected?
To provide our services to you we need to process certain personal data in relation to you, which includes:
Categories of Personal Data
1. Administrative: name, address, contact details (phone, mobile, e mail), dates of appointment.
PURPOSE OF PROCESSING:
Necessary to support
the administration of patient care in general practice.
LAWFUL OF PROCESSING:
Article 6.1(d): processing is necessary in order to protect the
vital interests of the data subject or of another natural person;
Article 6.1(e): processing is necessary for the performance of a
task carried out in the public interest or in the exercise of
official authority vested in the controller; Special Categories are
processed under the derogations in Articles 9.2(h) and 9.2(i).
Please see the notes under this table.
2. Medical Record: Individual Health identifier, date of birth, gender, , family history, contact details of next of kin, contact details of carers, vaccination details, medication details, allergy details, current and past medical and surgical history, genetic data, laboratory test results, imaging test results, near patient test results, ECGs, Ultrasound scan images, and other data required to provide medical care.
PURPOSE OF PROCESSING:
Necessary to provide
patient care in general practice.
LAWFUL OF PROCESSING:
· Article 6.1(d): processing is
necessary in order to protect the vital interests of the data
subject or of another natural person;
· Article 6.1(e): processing is
necessary for the performance of a task carried out in the public
interest or in the exercise of official authority vested in the
controller;
· Special Categories are
processed under the derogations in Articles 9.2(h) and 9.2(i).
Recipients with whom we share personal data
· Health and Social Care
Providers
Other GPs, Health Service Executive, Voluntary Hospitals, Private
Hospitals and Clinics, Private Consultants, Physiotherapists,
Occupational Therapists, Speech and Language Therapists, Social
Workers, Palliative Care Services, Out of Hours Services,
Pharmacies, Nursing Homes, Counselling Services, Diagnostic Imaging
Services, Hospital Laboratories, Practice Support Staff, GP Locums,
and other health care providers.
· Data Processors with a
contract
Rapid Health and Luscii Vitals who operate as software vendors.
· Legal Arrangements
Medical Council.
· Third Parties, with explicit
patient consent
Solicitors, Insurance Companies, Health Insurance Companies,
Banks.
How we use & Process your data
Care-Connect process clinical information about our patients to
ensure that all clinical staff have complete information to ensure
you get the best treatment while under our care. Each patient will
have a unique Medical Record and all your details are kept within
your unique medical record.
We process your personal data
to provide you with our services and to assist us in the operation
of our business. Under data protection law we are required to ensure
that there is an appropriate basis for the processing of your
personal data, and we are required to let you know what that basis
is.There are various options under data protection law, but the
primary bases that we use are (a) processing necessary for the
performance of our contracts with you, (b) processing necessary in
order for us to pursue our legitimate interests, (c) processing
where we have your and/or your dependents’ consent, (d) processing
that is required under applicable law (e ) Vital Interest.
Legal requirements
In certain circumstances, we are required by law to report information to the appropriate authorities. This information is often provided after authority has been given by a qualified health professional. For example:
The Data Protection Commissioner may, for the
purposes of the investigation of a complaint under the Data
Protection Acts, require the Care-Connect to provide any
documentation as is considered necessary information or documents
for the purpose of a preliminary examination or investigation.
Transfers outside of the European Economic Area (EEA) Care-Connect process your data within the EEA.
Your Rights Under GDPR, you have rights regarding the use of your personal
details and Care-Connect as controller of that data has a
responsibility in how we handle this information. You have the right
to data protection when your details are:
What is the aim of these rights?
With Data
Protection rights we help you to make sure that the information
stored with us about you is:
What should you expect?
What Care-Connect must do?
Care-Connect will
comply with the Principles of GDPR
Right to obtain a copy of your information
Under GDPR, you have a right to obtain a copy, clearly explained,
of any information relating to you kept on computer or in a
structured manual filing system or intended for such a system by any
entity or organisation.
A request for access can be made
by completing the attached Subject
Access Request
and email to:
info@care-connect, and made a request or alternatively you can write to Data
Protection Officer, Care-Connect, Floor 7, RSA House, Dundrum Town
Centre, Sandyford Road, Dundrum, Dublin 16, D16 FC92
Please provide the following details:
Once you have made your request, you must be given the information
within 30 calendar days and free of charge. A charge will only apply
if the request is deemed to be excessive or repetitive in nature. If
there are to be any delays we will contact, you and keep you up to
date.
Can access be refused?
Access can be refused to some or all the patient’s personal health
information, only, if providing access is likely to cause serious
harm to the physical or mental health of the requester or providing
access would disclose the personal data of another person without
their consent or would disclose a confidential expression of opinion
about the requester.
Delivery
The
recommended method of delivery of the request is by
Retention of personal data
Care-Connect will
retain your personal data in accordance with our retention policy.
This policy operates on the principle that we keep personal data for
no longer than is necessary for the purpose for which we collected
it. It is also kept in accordance with any legal requirements that
are imposed on us. This means that the retention period for your
personal data will vary depending on the type of personal data. For
further information about the criteria that we apply to determine
retention periods please see below:
Useful Links
Data Protection
Commission: https://dataprotection.ie/
A guide to Data Protection and what it means for you http://gdprandyou.ie/
Data Protection Officer
If you have any
questions about your data protection, you may contact Care-Connects
Data Protection Officer:
Email:
dpo@care-connect.ie
Letter: Data Protection Officer,
Care-Connect , Floor 7, RSA House, Dundrum Town Centre, Sandyford
Road, Dundrum, Dublin 16, D16 FC92