General Practice Privacy Statement

 

 

Primacare is in partnership with Centric Health and wants to ensure the highest standard of medical care for our patients. We understand that a General Practice is a trusted community governed by an ethic of privacy and confidentiality. Our practices conform with the Medical Council guidelines and the privacy principles of the Data Protection Legislation. This Privacy Statement is about making your consent meaningful by advising you of our policies and practices on dealing with your medical information.

Legal basis for processing your data

The processing of personal data in general practice is necessary in order to protect the Vital interests of the patient and for the provision of health care and public health. Centric Health would also apply Contract as a Legal basis.

Patient Consent will be requested for all third-party queries.

Managing your information

• To provide for your care we need to collect and keep information about you and your health on

our records. The type of information we need to collect from you includes your name, address,

personal phone number, date of birth, marital status, nationality, PPS number, medical card

number, family history, ethnic background, current lifestyle, next of kin/emergency contact details

and details regarding previous medical history.

• Upon receipt of a signed Registration Form we use this data to communicate with you in the

interests of your own healthcare but will not forward it to anyone else without your expressed

consent. With your consent we can send you appointment reminders and test results.

• We may also contact you regarding relevant information or services to assist you in your

healthcare needs such as ECG, 24hr Blood Pressure Monitoring, flu vaccines or medical

assessments.

• We retain your information securely using digital technology however we do not Process or

transfer any Data outside the European Economic Area (“EEA”).

• We will only ask for and keep information that is necessary. We will attempt to keep it as accurate

and up to-date as possible. We will explain the need for any information we ask for if you are not

sure why it is needed.

• Please advise us if it has been longer than 5 years since you attended this Practice so we can

retrieve your medical record. Unless you have asked us to delete your record we mark your

record as ‘In-Active’ which means your record is electronically archived but not visible.

• Please inform us about any relevant changes that we should know about, such as change of

address, phone numbers, family circumstances, any new treatments or investigations being

carried out that we are not aware of. For all contact information see: https://www.centricgp.ie/

contact-us/.

• All persons in the practice (not already covered by a professional confidentiality code) sign a

confidentiality agreement that explicitly makes clear their duties in relation to personal health

information and the consequences of breaching that duty.

• Access to patient records is regulated to ensure that they are used only to the extent necessary

to enable the Clinicians and or Admin team to perform their tasks for the proper functioning of the

practice. In this regard, patients should understand that practice staff may have access to their

records for:

»» Identifying and printing repeat prescriptions for patients. These are then reviewed and signed by

the GP.

»» Generating a social welfare certificate for the patient.

»» Typing referral letters to hospital consultants or allied health professionals such as physiotherapists, occupational therapists, psychologists and dieticians.

»» Opening letters from hospitals and consultants. The letters could be appended to a patient’s paper file or scanned into their electronic patient record.

»» Scanning clinical letters, radiology reports and any other documents not available in electronic format.

»» Dealing with patient complaints.

»» Downloading laboratory results and Out of Hours Coop reports and performing integration of

these results into the electronic patient record.

»» Photocopying or printing documents for referral to consultants, attending an antenatal clinic or

when a patient is changing GP.

»» Checking for a patient if a hospital or consultant letter is back or if a laboratory or radiology result is back, in order to schedule a conversation with the GP.

»» When a patient makes contact with a practice, checking if they are due for any preventative

services, such as vaccination, ante natal visit, contraceptive pill check, cervical smear test, etc.

»» Handling, printing, photocopying and postage of medico legal and life assurance reports, and of

associated documents.

»» The practice is committed to guarding against accidental disclosures of confidential patient

information. Before disclosing identifiable information about patients, the practice will:

• Take into consideration Freedom of Information and Data Protection principles.

• Be clear about the purpose for disclosure.

• Have the patient’s consent for third party requests. A legal basis of Vital Interest and Contract for

processing personal Data.

• Have considered using anonymised information and be certain it is necessary to use identifiable information.

• Be satisfied that we are disclosing the minimum information to the minimum amount of people necessary.

• Be satisfied that the intended recipient is aware the information is confidential and that they have

their own duty of confidentiality.

Consent for Minors

Where we are required to gather the personal information of a minor (defined as a person aged under 18 years of age*), we will require the attendance and consent of a parent or guardian, and will only acquire and store such data with their permission, as well as the awareness of the minor themselves.

* In the medical area, the Non-Fatal Offences Against the Person Act, 1997 (Section 23) provides

that a minor who has reached the age of 16 can give consent to medical treatment and/or processing of their medical data.

Where the parents of the minor are not in a position to provide such consent, the support and of a

recognized body will act ‘in loco parentis’ – for example, the family GP, school principal, social worker or Gardai will be consulted in order to ensure that any such processing of personal data is being done in the vital interests of the minor. As much as possible, the minor will be made aware of the processing activity and its purposes.

Disclosure of information to other health and social professionals

We may need to pass some of this information to other health and social care professionals to provide you with the treatment and services you need. Only the relevant part of your record will be released. These other professionals are also legally bound to treat your information with the same duty of care and confidence that we do.

Disclosures Required or Permitted Under Law

The law provides that in certain instances personal information (including health information) can be disclosed in the following circumstances:

• Infectious diseases Under Health Act 1947 and 1953 plus amendments and Infectious Diseases

Regs 1981 plus amendment Regs 2016, there is a list of diseases we are obliged to report e.g.

Measles, Anthrax, Lyme, Zika. For a full list please see www.hspc.ie/notifiablediseases

• Work related Medical Certificates from your GP will only provide a confirmation that you are unfit

for work with an indication of when you will be fit to resume work. Where it is considered necessary to provide additional information we will discuss that with you. However, Social Welfare Certificates

of Incapacity for work must include the medical reason you are unfit to work.

• Disclosures to insurance companies or requests made by solicitors for your records we will only

release the information with your signed consent.

Data Retention Periods

For clarity our data retention policies adhere to the Data Protection Legislation including Article 5

guidelines on (GDPR) General Privacy Data Regulations effective form 25th May 2018.

For existing Patients whose records are dormant, their records will be retained and marked ‘in-active’ as an electronic archive after [5] years. For a comprehensive description of our retention Principles please reference: https://www.hiqa.ie/system/files/Guidance-on-information-governance.pdf. Centric Health policy is in support of HSE guidelines.

Use of Anonymised information for training, teaching and quality assurance

To provide the highest level of care to the patient, Clinical staff may access clinical information for

training, audit or consultation. This may be regarding Patient Case Histories or Patients with specific conditions and in such cases this practice would only communicate the information necessary.

Our practice is involved in the clinical training of Undergraduate and Postgraduate health professionals GPs and is affiliated with University Clinical Schools and the Irish College of General Practitioners.

Use of Anonymised information for research, audit and quality assurance

We maintain and improve the quality of the patient service provided by training, teaching, audit

and research.

It is usual for patient information to be used for these purposes to improve services and standards

of practice.

GPs on the specialist GP register of the Medical Council are now required to perform audits. Information used for such purposes is done in a manner with all personal identifying information removed.

Right to Rectification

You have the right to have your information corrected, erased, restricted to specified individuals or object to it being processed. For clarity, this process is outlined on the Centric Health Website in the section on Privacy and Subject Access Requests.

Your right of access to your health information

You have the right of access to all the personal information held about you by this practice. If you wish to see your records in most cases it is the quickest to discuss this with your doctor who will outline the information in the record with you. You can make a formal written access request to the practice and the matter can be dealt with formally within 30 days. https://www.centricgp.ie/subject-access-requests/.

Transferring to another practice

If you decide at any time and for whatever reason to transfer to another practice, we will facilitate

that decision by making available to your new doctor a copy of your records on receipt of your signed consent from your new doctor For medico-legal reasons we will also retain a copy of your records in this practice for an appropriate period of time which may exceed eight years. However, we mark your medical record ‘in-active’ and therefore it is ‘archived’ and not visible to the GP Practice team.

CCTV

For security reasons, the General Practice may have CCTV cameras at the different access points in the building in order to prevent intruders or individuals who could damage property of the General Practice or remove goods or information from the General Practice without authorisation. As a member of the public or staff of the General Practice your image will be captured on such CCTV cameras, however the General Practice will only disclose such CCTV footage to other parties where necessary to investigate a break in or other unauthorised access to the General Practice

Making a complaint

If the General Practice does not agree to provide you with access to your personal information or you have a complaint about our information handling practices you have a right to lodge a complaint with our Data Protection Officer by email at DPO@Centrichealth.ie or you can contact the Office of the Data Protection Commission by visiting https://www.dataprotection.ie/docs/complaints/1592.html

Questions

We hope this statement has explained any issues that might arise. If you have any queries about this Privacy Statement, please email DPO@Centrichealth.ie.