Practice Privacy Statement

This Practice wants to ensure the highest standard of medical care for our patients. We understand that a General Practice is a trusted community governed by an ethic of privacy and confidentiality. Our approach is consistent with the Medical Council guidelines and the privacy principles of the Data Protection Regulations. It is not possible to undertake medical care without collecting and processing personal data and data concerning health. In fact, to do so would be in breach of the Medical Council's 'Guide to Professional Conduct and Ethics for Medical Practitioners.' The purpose of this privacy notice is to explain how we collect and use personal data for the provision of our services and the day-to-day running of this GP practice.

​

The personal data we process

​

In order to provide for your care here we need to collect and keep information about you and your health on our records. This information/ data may include:

• Personal details about you, such as name, date of birth, PPS Number, address, next of kin, contact details (mobile phone number) etc.

• Information relating to your treatment and care; notes and reports about your health which assist our staff in providing care and treatment to you; results of investigations, such as x-rays and blood tests

• Relevant information from other health and social care professionals, other healthcare agencies and your carers and relatives

• Financial and health insurance information

We may also process certain special categories of information, which may include racial or ethnic origin, religious or philosophical beliefs, the processing of genetic data, biometric data for the purpose of uniquely identifying a person, data concerning health or data concerning a person's sex life or sexual orientation.

​

Legal Basis for Processing Your Data

This GP Practice's lawful basis for processing personal data of service users are as follows:

• Processing is necessary for the performance of a contract or to take steps to execute a contract with you as the data subject as per Article 6(1)(b) of the GDPR. This would apply to the provision of basic administrative services and the performance of office tasks.

• The processing is necessary in order to protect the vital interests of the person (referred to as the data subject in data protection language) as per Article 6(1)(d) of the GDPR. This would apply in emergency situations when the patient is unconscious, sharing information with other emergency services for rescue or relocation in storms, etc.

• The processing is necessary for a task carried out in the public interest or in the exercise of official authority vested in the controller as per Article 6(1)(e) of the GDPR.

Special categories of data are defined by the GDPR and include things like racial or ethnic origin, religious or philosophical beliefs, genetic data, biometric data, health data, sex life details and sexual orientation. The processing of special categories of personal data is permitted in circumstances as set out in Article 9 of the GDPR.

 

We will only process special categories of personal data where it is necessary:

• for the purposes of preventative or occupational medicine,

• for medical diagnosis,

• for the provision of healthcare, treatment or social care,

• for the management of health or social care systems and services, or contract with a health professional pursuant to a contract with the health professional.

Processing is lawful where it is undertaken by or under the responsibility of:

• a health practitioner,

• a person who, in the circumstances, owes a duty of confidentiality to the data subject that is equivalent to that which would exist if that person were a health practitioner, for example, the GP practice secretary, Receptionist, GP practice staff, etc.

 

If the purpose of the processing is for a reason other than the reasons outlined above, we will seek explicit consent to process your sensitive personal data (referred to as special categories of data under the GDPR).

 

How we obtain information

We may obtain your information from a variety of sources, including information you give to us. During your treatment and care within the GP practice, health-specific data will be collected by the doctors, nurses and other healthcare professionals taking care of you and will be held in your patient/client file (this can be paper and/or electronic).
We may also receive your personal information from third parties, for example, your previous GP, dentist, social worker, or pharmacist. There may also be times when information is collected from your relatives or next of kin, e.g. if you are in a Medical Emergency or are very unwell and unable to communicate.

 

Your rights

You have certain legal rights concerning your information and the manner in which we process it. This includes:

• a right to get access to your personal information;

• a right to request us to correct inaccurate information, or update incomplete information;

• a right to request that we restrict the processing of your information in certain circumstances;

• a right to request the deletion of personal information, excluding medical records;

• a right to receive the personal information you provided to us in a portable format;

• a right to object to us processing your personal information in certain circumstances;

• a right to lodge a complaint with the Data Protection Commission (DPC).

 

Some of these rights only apply in certain circumstances and so are not guaranteed or absolute rights. Please contact our Reception if you have any queries or concerns about your rights.

 

Access to your records

You can access your records by making a subject access request (SAR) and forms are available for this purpose at the reception. You can also call the reception with a request; however, you will still need to submit a written request clarifying the scope of your request. It is important that you provide satisfactory evidence of identification and a sufficient description of the information that you are looking for.

​

How do we use your information?

We use your information to manage and deliver your care and treatment to ensure that the treatment is safe and effective, that the right decisions are made about your care, and so that we can coordinate with other organisations that may be involved in your care.

Your information may be used to:

• Typing referral letters to hospital consultants or allied health professionals such as physiotherapists, occupational therapists, psychologists and dieticians.

• Opening letters from hospitals and consultants. The letters could be appended to a patient's paper file or scanned into their electronic patient record.

• Scanning clinical letters, radiology reports and any other documents not available in electronic format.

• Downloading laboratory results and Out of Hours Coop reports and performing integration of these results into the electronic patient record.

• Accurately verify your identity and associate you with your healthcare records.

• Review the care and treatment provided to ensure it is of the highest standard possible and to evaluate and improve the safety of our services. This can be carried out by multiple quality improvement methods e.g. audits, clinical audit, patient experience and satisfaction surveys

• Investigate complaints, legal claims and adverse incidents.

• Plan the future demand in the health services e.g. analysing peak attendance times, staffing levels and average length of stay; establishing the projected demand by disease/condition.

• Protect the wider public interests e.g. Influenza, winter vomiting bug, COVID-19

• Provide training and development to health professionals, who may join our GP practice.

• Invoicing, billing and account management.

• Remind you of appointments by text and/or email.

• Identify patients suitable for clinical trials/research.

• Handle medico-legal and life assurance reports.

• Send and receive information via Healthmail, a secure clinical email

• And other activities related to the support of medical care appropriate for practice support staff

 

Transferring information overseas

We may transfer your information to organisations in other countries, which is necessary to provide you with health and social care services, on the basis that anyone to whom we pass it protects it in the same way we would and in accordance with applicable data protection laws.

 

Transferring to Another Practice

If you decide at any time and for whatever reason to transfer to another practice, we will facilitate that decision by making available to your new doctor a copy of your records on receipt of your signed consent from your new doctor. For medico-legal reasons we will also retain a copy of your records in this practice for an appropriate period of time which may exceed eight years.

 

Disclosure of Information to Other Health and Social Care Professionals

We may need to pass some of this information to other health and social care professionals in order to provide you with the treatment and services you need. Only the relevant part of your record will be released. These other professionals are also legally bound to treat your information with the same duty of care and confidentiality that we do.

​

Disclosures Required or Permitted Under Law

The law provides that, in certain instances, personal information (including health information) can be disclosed, for example, in the case of infectious diseases.

• Disclosure of information to Employers, Insurance Companies and Solicitors. In general, work-related Medical Certificates from your GP will only provide confirmation that you are unfit for work, with an indication of when you will be fit to resume work. Where it is considered necessary to provide additional information, we will discuss that with you. However, Department of Social Protection sickness certificates for work must include the medical reason you are unfit to work

• In the case of disclosures to insurance companies or requests made by solicitors for your records, we will only release the information with your signed consent.

 

How do we keep your records secure and confidential?

​

We are committed to ensuring that your information is secure with us and with the third parties who act on our behalf. We have a number of security precautions in place to prevent the loss, misuse or alteration of your information. All staff working for the GP practice have a duty to keep information about you confidential. The GP practice has strict

information security policies and procedures in place to ensure that information about

you is safe, whether it is held in paper or electronic format

 

Retention period

The GP practice will only retain your personal data for as long as is necessary to fulfil the purpose for which the data was collected. This period will also include and in certain

instances be informed by legislations that create a legal obligation for the GP practice to

retain your personal data for regulatory purposes. In certain circumstances, the GP

practice may anonymise your personal data so that it can no longer be associated with

you.