How we deal with your data and information
We value your privacy and want to let you know about changes we've made in how we use, store and share the information we hold about you.
When we receive a referral from your doctor, or interact with you via another approach, we create a healthcare record for you. A healthcare record refers to all information collected, processed and held both in manual and electronic formats concerning you and your care. It includes your name, age, gender, a unique identification number, clinical data, images, investigations, results, correspondence, and communications relating to you and your care. We create this record to provide you with the best medical care possible.
We have created this page to explain what data we keep on you, how we use it, how long we retain it, and with whom we share it.
- We keep a healthcare record on each patient in an electronic practice management system, in addition to some paper records. In addition to the information listed above, your file will also include some financial records, for example – an invoice issued to you, or a receipt for a payment you have made. Your credit/debit card details or bank details are not stored.
- The specific purpose of this healthcare record is to provide you with proper medical care. It will never be used for purposes such as marketing. On occasion, we might use certain aspects of your data for quality improvement measures within our practice, such as audit. You will never be identifiable in that circumstance.
- Our records will be kept accurate and up to date. The data protection laws state that data should be ‘adequate, relevant and limited to what is necessary’. Feel free to ask for clarification if needed. This information is always confidential.
- Data will typically be kept for 8 years after your last interaction with your doctor, as recommended in HSE and Medical Council guidelines. In certain circumstances, for example a case involving litigation, your data may be kept for longer.
- Confidentiality and Data security – most of our healthcare records are kept electronically. The information is stored securely within an electronic medical record, which is password protected. We employ enterprise-level data security practices. We limit the information that is collected and held about patients. All systems are protected by local and network firewalls. Paper files remain in locked filing cabinets, housed in our suite of offices which are locked when not in use.
- There is a number of scenarios in which we may share your data with a third party:
- To return a report to your GP or referring doctor
- To refer you for a test or investigation in another department or hospital
- To refer you to another medical consultant or allied health professional for ongoing care
- For billing purposes, your data will be shared with the relevant billing company. We do not send your full medical record - only enough details to process the claim in question. The billing companies are also legally bound by GDPR, and are committed to handing your data securely.
- Your data is also shared with your insurer to have your procedure reimbursed. Again, we do not share your full medical record, but provide only the information required to allow the claim to be reimbursed. Occasionally, we might provide clinical details in advance of a procedure to obtain ‘pre-approval’ for that procedure.
7. Under these new laws, you have a right to have access to your data. There are certain exceptions to this, for example where providing the medical record may cause a patient harm. Feel free to ask for clarification.
8. You have the right to have an error in your record corrected. In certain circumstances, you have the right to have your record deleted.
9. You have a right to complain if your feel your data is not being handled correctly. The contact person is the Data Protection Officer, Suite 10, 69 Eccles St, Dublin D07PC9X, Ireland.