“Personal data” relates to any data regarding a living individual who has, or can be, identified from that data, or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller. In this case, the controller is Beacon Hospital.
Under the European General Data Protection Regulation (GDPR), Beacon Hospital has a legal duty to ensure all patient data, supplied as part of the patient process within the hospital, is kept safe and secure.
Personal data will only be obtained in a lawful, fair and transparent manner for a specified purpose and will never be disclosed to a third party, except in a manner necessary and compatible with that same purpose.
All medical information is treated as being sensitive personal information and as a hospital, we will endeavour to ensure all of this information is treated with the utmost respect and confidentiality.
Data Protection at Beacon Hospital
How do Beacon Hospital use my information?
Beacon Hospital needs to process clinical information about our patients to ensure that all clinical staff have complete information to ensure you get the best treatment while under our care.
Each patient will have a unique Medical Record and all your details are kept within your unique medical record. Your information may be used in the following circumstances
- Your information is shared with other health professionals involved in your care; this can include but is not limited to GP Practices, other hospitals, other hospital departments who are involved in providing you with your care and community services.
- Depending on your circumstances we may also need to share your information with external organisations to provide you with your treatment, drugs or equipment, this can include but is not limited to the voluntary sector, care homes, pharmaceutical companies, private health care providers and external companies who provide specialist equipment.
Beacon Hospital is required to send patient details as necessary to the insurance companies in order to get a claim paid. When a patient is registered you are asked to sign the insurance declaration. This will detail what the insurance company will expect to receive. Often an insurance company will request an audit of claims paid. Beacon Hospital will supply only the information for that claim once received in writing from the insurance company.
Consultants billing / secretaries
Beacon Hospital will send patient details to the consultants billing company or secretaries as requested in order to complete a claim. Beacon Hospital send only information necessary to process that claim.
Your information could be used for research but only
- When anonymised or
- With your consent.
Research seeks to investigate new treatments, interventions and management procedures so that patient care is continually improved.
In certain circumstances; we are required by law to report information to the appropriate authorities. This information is often provided after authority has been given by a qualified health professional. For example:
- Where we encounter infectious diseases which may endanger the safety of others e.g. meningitis or measles.
- Where a formal court order has been issued.
- Section 7(1)(a) of the Ombudsman Act 1980 provides the Ombudsman with powers to acquire information or documents for the purpose of a preliminary examination or investigation by him or her under the Act.
- Ombudsman for Children: Section 14 of the Ombudsman for Children Act 2002 provides the Ombudsman for Children with the power to acquire information.
Clinical Audits & accreditation
Beacon Hospital is accredited by Joint Commission International. As part of this accreditation process, audits are required to be completed regularly to ensure every aspect of a patients care, patient safety and quality of service delivery is optimised. These audits may include patients chart reviews and a review of your clinical information.
The Data Protection Commissioner may, for the purposes of the investigation of a complaint under the Data Protection Acts, require Beacon Hospital to provide any documentation as is considered necessary information or documents for the purpose of a preliminary examination or investigation.
Right to Obtain a Copy of your Information
Under GDPR, you have a right to obtain a copy, clearly explained, of any information relating to you kept on computer or in a structured manual filing system or intended for such a system by any entity or organisation.
A request for access, release or copy of personal data can only be made by the patient or any third party (registered next-of-kin or solicitors authorised by patients, Patient Legal Guardian or Power of Attorney) it must be:
- Sent in writing to Data Request, Beacon Hospital, Beacon Court, Sandyford, D18 AK68, or email firstname.lastname@example.org
- Supply relevant information to locate records.
- Include legal name, date of birth and date of service.
- Be accompanied by appropriate identification example Current Irish Driver’s License, Valid Passport. This is to make sure that personal information is not given to the wrong person.
Once you have made your request, you must be given the information within 1 month.
The relevant treating Consultant/s will be contacted informing him/her of the request. Consultation with the patient is encouraged, particularly to assist in the identification of the actual documents to which access is sought or to narrow the field of inquiry, for example to a particular admission if possible.
Beacon Hospital Patient Safety and Quality Department will also be notified of the request.
Can access be refused?
Access can be refused to some or all of the patient’s personal health information, only if providing access is likely to cause serious harm to the physical or mental health of the requester or providing access would disclose the personal data of another person without their consent or would disclose a confidential expression of opinion about the requester.
The recommended method of delivery of the request will be sent electronically. The copy may be collected by hand – but proof of identification will be required.
Give copy of personal data to an individual, on request, unless exceptional circumstances apply.
Under GDPR, you have rights regarding the use of your personal details and Beacon Hospital as controller of that data has a responsibility in how we handle this information.
You have the right to data protection when your details are:
- held on a computer;
- held on paper or other manual form as part of a filing system; and
- images of your data, e.g. XRAY
What is the aim of these rights?
With Data protection rights we help you to make sure that the information stored with us about you is:
- Accurate and up to date
- Only available to those who should have it
- Only used for stated purposes
- Stored securely
What should you expect
- Expect fair treatment from Beacon Hospital and our staff in the way we obtain keep, use and share your information.
- That you have the right to be fully informed in why we are collecting your information and how we are using it.
- That you have the right to object to Beacon Hospital using your details for particular purposes.
- That you have the right to ensure inaccurate information about you is corrected when it is safe to do so.
- Request to see a copy of all information kept about you unless exceptional circumstances apply
- Complain to the Data Protection Commissioner if you feel your data protection rights are being infringed.
What Beacon Hospital must do
Beacon Hospital will comply with the Principles of GDPR
- To obtain information lawfully, fairly and transparently
- To collect it for a specific or specific purposes and only use this data for those purposes
- Collect only the data necessary for the purpose above
- Collect only data necessary for a specific purpose(s) and only use this data for set purpose
- Ensure the information is accurate and up to date
- Data is stored as long as necessary to provide you excellent care
- We will endeavour to keep your data safe and secure.
A guide to Data Protection and what it means for you http://gdprandyou.ie/
Data Protection officer
Beacon Hospital’s Data Protection officer, Brian Fitzgerald can be contacted via email email@example.com or via telephone 01 650 4647 or by post addressed to:
Mr Brian Fitzgerald
Data Protection Officer