Under the General Data Protection Regulation (GDPR) the Beacon Hospital has a legal duty to ensure patient data, supplied as part of the patient process in the Beacon Hospital, is kept secure and safe.
Personal data will be obtained in a lawful, fair and transparent manner for a specified purpose and will not be disclosed to any third party, except in a manner compatible with that purpose.
“Personal data” means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller (“the Beacon Hospital”);
All medical information is seen as sensitive personal information and as hospital we will endeavour to ensure your information is treated with the utmost respect and confidentiality
The Beacon Hospital needs to process clinical information about our patients to ensure that all clinical staff have complete information to ensure you get the best treatment while under our care.
Each patient will have a unique Medical Record and all your details are kept within your unique medical record. Your information may be used in the following circumstances
- Your information is shared with other health professionals involved in your care; this can include but is not limited to GP practices, other hospitals, other hospital departments who are involved in providing you with your care and community services.
- Depending on your circumstances we may also need to share your information with external organisations to provide you with your treatment, drugs or equipment, this can include but is not limited to the voluntary sector, care homes, pharmaceutical companies, private health care providers and external companies who provide specialist equipment.
The Beacon Hospital is required to send patient details as necessary to the insurance companies in order to get a claim paid. When a patient is registered you are asked to sign the insurance declaration. This will detail what the insurance company will expect to receive. Often an insurance company will request an audit of claims paid. The Beacon Hospital will supply only the information for that claim once received in writing from the insurance company
Consultants billing / secretaries
Beacon hospital will send patient details to the consultants billing company or secretaries as requested in order to complete a claim. The Beacon Hospital send only information necessary to process that claim.
Your information could be used for research but only
- When anonymised or
- With your consent.
Research seeks to investigate new treatments, interventions and management procedures so that patient care is continually improved.
In certain circumstances; we are required by law to report information to the appropriate authorities. This information is often provided after authority has been given by a qualified health professional. For example:
- Where we encounter infectious diseases which may endanger the safety of others e.g. meningitis or measles
- Where a formal court order has been issued
- Section 7(1)(a) of the Ombudsman Act 1980 provides the Ombudsman with powers to acquire information or documents for the purpose of a preliminary examination or investigation by him or her under the Act.
- Ombudsman for Children: Section 14 of the Ombudsman for Children Act 2002 provides the Ombudsman for Children with the power to acquire information
Clinical Audits & accreditation
Beacon Hospital is accredited by Joint Commission International. As part of this accreditation process, audits are required to be completed regularly to ensure every aspect of a patients care, patient safety and quality of service delivery is optimised. These audits may include patients chart reviews and a review of your clinical information.
The Data Protection Commissioner may, for the purposes of the investigation of a complaint under the Data Protection Acts, require the Beacon Hospital to provide any documentation as is considered necessary information or documents for the purpose of a preliminary examination or investigation.
give copy of personal data to an individual, on request, unless exceptional circumstances apply
Under GDPR, you have rights regarding the use of your personal details and the Beacon Hospital as controller of that data has a responsibility in how we handle this information.
You have the right to data protection when your details are:
- held on a computer;
- held on paper or other manual form as part of a filing system; and
- images of your data, e.g. XRAY
What is the aim of these rights?
With Data protection rights we help you to make sure that the information stored with us about you is:
- Accurate and up to date;
- Only available to those who should have it;
- Only used for stated purposes.
- Stored securely
What should you expect
- Expect fair treatment from Beacon Hospital and our staff in the way we obtain keep, use and share your information.
- That you have the right to be fully informed in why we are collecting your information and how we are using it.
- That you have the right to object to Beacon Hospital using your details for particular purposes.
- That you have the right to ensure inaccurate information about you is corrected when it is safe to do so.
- Request to see a copy of all information kept about you unless exceptional circumstances apply
- Complain to the Data Protection Commissioner if you feel your data protection rights are being infringed.
What Beacon Hospital must do?
Beacon Hospital will comply with the Principles of GDPR
- To obtain information lawfully, fairly and transparently;
- To collect it for a specific or specific purposes and only use this data for those purposes
- Collect only the data necessary for the purpose above
- Collect only data necessary for a specific purpose(s) and only use this data for set purpose
- Ensure the information is accurate and up to date
- Data is stored as long as necessary to provide you excellent care
- We will ensure with your help to keep it accurate and up to date …already above
- We will endeavour to keep your data safe and secure.
Under GDPR, you have a right to obtain a copy, clearly explained, of any information relating to you kept on computer or in a structured manual filing system or intended for such a system by any entity or organisation.
A request for access, release or copy of personal data can only be made by the patient or any third party (registered next-of-kin or solicitors authorised by patients, Patient Legal Guardian or Power of Attorney) it must be:
- sent in writing to Medical Records, Beacon Hospital, Beacon Court, Sandyford, D18 AK68
- Supply relevant information to locate records
- Include legal name, date of birth and date of service and Medical record number (if possible)
- Be accompanied by appropriate identification example Current Irish Driver’s License, Valid Passport and Proof of address example a current utility bill. This is to make sure that personal information is not given to the wrong person.
Once you have made your request, you must be given the information within 1 month.
The relevant treating Consultant/s will be contacted informing him/her of the request. Consultation with the patient is encouraged, particularly to assist in the identification of the actual documents to which access is sought or to narrow the field of inquiry, for example to a particular admission if possible.
Beacon Hospital Patient Safety and Quality Department will also be notified of the request.
Can access be refused?
Access can be refused to some or all of the patient’s personal health information, only, if providing access is likely to cause serious harm to the physical or mental health of the requester or providing access would disclose the personal data of another person without their consent or would disclose a confidential expression of opinion about the requester.
The recommended method of delivery of the request is registered post via An Post service. The copy may be collected by hand – but proof of identification will be required.
If you have any questions about your data protection rights in our Hospital, you may contact the hospital’s Data Protection Officer by:
Data Protection Officer: Mr. Brian Fitzgerald, Deputy CEO, Beacon Hospital
Letter: Mr. Brian Fitzgerald, Data Protection Officer, Deputy CEO, Beacon Hospital, Sandyford, Dublin 18.