Data Privacy Notice
What is a Privacy Policy?
A "privacy notice" lets you know what happens to any
personal data that you may give us or that we may collect from you or about you (as a patient,
family member, carer, or visitor). This notice is issued by Care-Connect as a primary care
healthcare provider, and covers the information we hold about our patients, their families and
other individuals who may use our services.
Who are we and what do we do?
Why have we issued this Privacy notice for our patients,
families, and others?
We are committed to being open about the information we collect about
you, how we use this information, with whom we share it, and how we store and secure it. We
recognise the importance of protecting personal and confidential information in all that we do,
and take care to meet our legal and other duties, including compliance with relevant law,
regulations, and guidanceUnder the General Data Protection Regulation (GDPR) Care-Connect has a
legal duty to ensure patient data, supplied as part of the patient process within Centric
Health, is kept secure and safe.Personal data will be obtained in a lawful, fair, and
transparent manner for a specified purpose and will not be disclosed to any third party, except
in a manner compatible with that purpose.“Personal data” means data relating to a living
individual who is or can be identified either from the data or from the data in conjunction with
other information that is in, or is likely to come into, the possession of the data controller
(“Care-Connect ”); All medical information is seen as “sensitive personal information” and we
will endeavour to ensure your information is treated with the utmost respect and
confidentiality.Care-Connect will conform with the Medical Council guidelines and the privacy
principles of the Data Protection Legislation. This Privacy Statement is about making your
consent meaningful by advising you of our policies and practices on dealing with your medical
information.
Who controls the use of your personal data?
Care-Connect whose registered address is Care-Connect, Floor 7, RSA
House, Dundrum Town Centre, Sandyford Road, Dundrum, Dublin 16, D16 FC92 is the company that
controls and is responsible for personal data that is collected in relation to your healthcare.
If you have any queries in relation to the processing of your personal data, we have appointed a
data protection officer that you can contact as follows:
by post at Data Protection Officer,
Care-Connect, Floor 7, RSA House, Dundrum Town Centre, Sandyford Road, Dundrum, Dublin 16, D16
FC92
or by email at : dpo@care-connect.ie
Managing your Information
What personal data is collected?
To provide our services to you we need to process certain personal data in relation to you, which includes:
Categories of Personal Data
1. Administrative: name, address, contact details (phone, mobile, e mail), dates of appointment.
PURPOSE OF PROCESSING:
Necessary to support the administration
of patient care in general practice.
LAWFUL OF PROCESSING:
Article 6.1(d):
processing is necessary in order to protect the vital interests of the data subject or of another
natural person; Article 6.1(e): processing is necessary for the performance of a task carried out in the
public interest or in the exercise of official authority vested in the controller; Special Categories
are processed under the derogations in Articles 9.2(h) and 9.2(i). Please see the notes under this
table.
2. Medical Record: Individual Health identifier, date of birth, gender, , family history, contact details of next of kin, contact details of carers, vaccination details, medication details, allergy details, current and past medical and surgical history, genetic data, laboratory test results, imaging test results, near patient test results, ECGs, Ultrasound scan images, and other data required to provide medical care.
PURPOSE OF PROCESSING:
Necessary to provide patient care in
general practice.
LAWFUL OF PROCESSING:
· Article 6.1(d): processing
is necessary in order to protect the vital interests of the data subject or of another natural
person;
· Article 6.1(e): processing is necessary for the performance of a task carried out in
the public interest or in the exercise of official authority vested in the controller;
· Special Categories are processed under the derogations in Articles 9.2(h) and
9.2(i).
Recipients with whom we share personal data
· Health and Social Care
Providers
Other GPs, Health Service Executive, Voluntary Hospitals, Private Hospitals
and Clinics, Private Consultants, Physiotherapists, Occupational Therapists, Speech and Language
Therapists, Social Workers, Palliative Care Services, Out of Hours Services, Pharmacies, Nursing Homes,
Counselling Services, Diagnostic Imaging Services, Hospital Laboratories, Practice Support Staff, GP
Locums, and other health care providers.
· Data Processors with a
contract
Rapid Health and Luscii Vitals who operate as software vendors.
· Legal Arrangements
Medical Council.
· Third Parties, with
explicit patient consent
Solicitors, Insurance Companies, Health Insurance Companies,
Banks.
How we use & Process your data
Care-Connect process clinical information about our patients to ensure that
all clinical staff have complete information to ensure you get the best treatment while under our care.
Each patient will have a unique Medical Record and all your details are kept within your unique medical
record.
We process your personal data to provide you with our services and to assist us in the
operation of our business. Under data protection law we are required to ensure that there is an
appropriate basis for the processing of your personal data, and we are required to let you know what
that basis is.There are various options under data protection law, but the primary bases that we use are
(a) processing necessary for the performance of our contracts with you, (b) processing necessary in
order for us to pursue our legitimate interests, (c) processing where we have your and/or your
dependents’ consent, (d) processing that is required under applicable law (e ) Vital Interest.
Legal requirements
In certain circumstances, we are required by law to report information to the appropriate authorities. This information is often provided after authority has been given by a qualified health professional. For example:
The Data Protection Commissioner may, for the purposes of the
investigation of a complaint under the Data Protection Acts, require the Care-Connect to provide any
documentation as is considered necessary information or documents for the purpose of a preliminary
examination or investigation.
Transfers outside of the European Economic Area (EEA)
Care-Connect process your data within the EEA.
Your Rights Under GDPR,
you have rights regarding the use of your personal details and Care-Connect as controller of that data
has a responsibility in how we handle this information. You have the right to data protection when your
details are:
What is the aim of these rights?
With Data Protection rights we help
you to make sure that the information stored with us about you is:
What should you expect?
What Care-Connect must do?
Care-Connect will comply with the
Principles of GDPR
Right to obtain a copy of your information
Under GDPR, you have a
right to obtain a copy, clearly explained, of any information relating to you kept on computer or in a
structured manual filing system or intended for such a system by any entity or organisation.
A
request for access can be made by completing the attached Subject Access Request and email to: info@care-connect,
and made a request or alternatively you can write to Data Protection Officer, Care-Connect, Floor 7, RSA
House, Dundrum Town Centre, Sandyford Road, Dundrum, Dublin 16, D16 FC92
Please
provide the following details:
Once you have made your request, you must be given the information within 30 calendar days
and free of charge. A charge will only apply if the request is deemed to be excessive or repetitive in
nature. If there are to be any delays we will contact, you and keep you up to date.
Can
access be refused?
Access can be refused to some or all the patient’s personal health
information, only, if providing access is likely to cause serious harm to the physical or mental health
of the requester or providing access would disclose the personal data of another person without their
consent or would disclose a confidential expression of opinion about the
requester.
Delivery
The recommended method of delivery of the request is
by
Retention of personal data
Care-Connect will retain your personal data
in accordance with our retention policy. This policy operates on the principle that we keep personal
data for no longer than is necessary for the purpose for which we collected it. It is also kept in
accordance with any legal requirements that are imposed on us. This means that the retention period for
your personal data will vary depending on the type of personal data. For further information about the
criteria that we apply to determine retention periods please see below:
Useful Links
Data Protection Commission: https://dataprotection.ie/
A guide to Data Protection and what it means for
you http://gdprandyou.ie/
Data Protection Officer
If you have any questions about your data
protection, you may contact Care-Connects Data Protection Officer:
Email: dpo@care-connect.ie
Letter: Data Protection Officer,
Care-Connect , Floor 7, RSA House, Dundrum Town Centre, Sandyford Road, Dundrum, Dublin 16, D16 FC92