PROTECTING YOUR DATA PATIENT INFORMATION
PROTECTING YOUR DATA
Table of Contents 1 Introduction 2 2 How do we collect information 3 3 What do we use information for 4 4 Who do we share information with 10 5 What Information is Collected 11 6 How Long is Data Retained 12 7 Know Your Rights 13 8 Cookies 17
1 Introduction Beacon Hospital is committed to protecting all personal patient data which is captured during patient treatment visits This information booklet sets out the types of data we collect it explains how we capture use and protect your personal data which Beacon Hospital collects and stores during the course of patient treatment We want to clearly outline what your rights are in respect of your information and how we process it in Beacon Hospital This information booklet is to help you understand how we use your personal data Please note that we reserve the right to update this information booklet as required The most recent version of this document can be found on our website www beaconhospital ie 1 1 Company Information References to us our and we refer to Beacon Hospital Sandyford Limited and any associated companies 1 2 Legislation All personal data gathered at Beacon Hospital will be processed in accordance with all applicable data protection laws and principles These include the EU General Data Protection Regulation 2018 and the applicable Irish Data Protection Acts 1 3 Queries and Complaints If you require further information about the way in which your personal data will be used or if you are unhappy with the way we have handled your personal data please submit your concerns to dataprotection beaconhospital ie 2
You have the right to lodge a complaint with the Office of the Data Protection Commissioner To contact the Office of the Data Protection Commissioner please use the following details Data Protection Commissioner Canal House Station Road Portarlington County Laois Telephone 353 0 761 104 8000 Telephone 353 0 57 868 4800 Email info dataprotection ie LoCall Number 1890 252 231 Fax 353 0 57 868 4757 Please note that we will take all appropriate steps to keep your personal data safe In the unlikely event that we have a data breach we will notify you about the breach where possible and inform you of corrective actions taken 2 How do we collect information We collect personal data to provide our services to you This data may be collected directly by our staff or by medical consultants GPs or other healthcare professionals who refer you to Beacon Hospital or are involved in your treatment Sometimes we may request that other healthcare providers such as other hospitals and pharmacies provide us with data relating to you in order to ensure the quality of our service to you is of the highest standard 3
3 What do we use information for We use your personal data so that we can provide the highest quality of healthcare possible As part of your care in the hospital there may be some tests that for whatever reason we are unable to carry out within the hospital For example certain blood tests and samples may require further specialist analysis by an external Reference Laboratory and your data will be shared with them The Hospital is an academic hospital and provides training to medical nursing and other health care professionals students Our entire team receives specific training at orientation around keeping your data and personal information secure Specifically we may use the personal data we gather for the following purposes PROCESS DESCRIPTION LAWFUL BASIS FOR PROCESSING Admissions and Bookings We collect data regarding admission to the hospital in the form of admission and general consent forms which you will be requested to complete The use of the data is necessary for the performance of a contract to which the patient is party to or at the request of the patient prior to entering a contract The data we collect at this point is necessary for your hospital attendance and to provide you with the healthcare you have elected to receive This is outlined on the terms and conditions of your admissions form This data will be used throughout the patient s treatment in order to book theatres patient rooms diagnostics and to facilitate efficient scheduling 4 The use of the data is necessary to protect the vital interests of the patient or of another person The use of the data is necessary for provision of health care or treatment pursuant to a contract with a health professional
Insurance and Payment Details Patient data collected on admission will be used to verify insurance cover with the patient s insurer or other third party responsible for the payment of treatment The use of the data is necessary for the performance of a contract to which the patient is party or to take steps at the request of the patient prior to entering a contract Patient data may also be shared with third party billing agencies contracted by consultants or other healthcare professionals involved with patient treatment Document Patient Data During Treatment We document data regarding each patient s treatment and progress on our various systems as well as on paper documents which are stored in each patient s medical record and in other locations The use of the data is necessary for medical diagnosis and for the provision of health care or treatment pursuant to a contract with a health professional Patient data may also be used for clinical audit and quality purposes Generating Prescriptions and Ordering Medication Patient data is used to accurately prescribe and administer medications required as part of your treatment Beacon Hospital is often required to order medication from external providers for this purpose Use of the data is necessary for medical diagnosis and for the provision of health care or treatment pursuant to a contract with a health professional 5
Reporting Infectious Diseases All medical practitioners including clinical directors of diagnostic laboratories are required to notify the Medical Officer of Health MOH Director of Public Health DPH of certain notifiable diseases The list of notifiable diseases is available on the HPSC website https www hpsc ie This information is used to prevent the spread of infection facilitating the early detection of outbreaks It is also used to monitor the burden and changing level of diseases which can provide evidence for public health interventions such as immunisation This is completed in accordance with infectious disease regulations MultiDisciplinary Team Meetings Data may be shared with external healthcare specialists who will discuss patient symptoms and ensure patient treatment is based on best practice This is necessary for medical diagnosis and for the provision of health care or treatment pursuant to a contract with a health professional In accordance with the Health Act 1997 National Cancer The data of patients Registry Ireland receiving treatment for cancer will be shared with the National Cancer Registry Ireland The data is used to monitor trends and outcomes in different cancer types In accordance with Statutory Instrument 19 of 1991 Reporting to the National Haemovigilance Office NHO 6 Any serious adverse reactions event or near miss involving blood products is reported to the NHO The use of this data is necessary to ensure high standards of quality and safety of health care In accordance with both EU and Irish legislation
Handover Documentation Notes on patient wellbeing and status are documented to facilitate handovers among Beacon Hospital nursing staff at shift changes The use of the data is necessary for medical diagnosis and for the provision of health care or treatment pursuant to a contract with a health professional Patient Discharge Data is recorded on discharge forms including prescriptions and discharge letters The use of the data is necessary for provision of health care or treatment pursuant to a contract with a health professional Post treatment results and procedural details are sent to the referring healthcare professional to inform them of their patient s progress and to facilitate the provision of ongoing healthcare We may also liaise with your next of kin or other designated persons with respect to discharge arrangements where necessary Generating Invoices for Treatment On completion of treatment patient medical records are used to ensure the patient is accurately billed by Beacon Hospital consultants and other healthcare professionals for treatment received at the Clinic The use of the data is necessary to ensure high standards of quality and safety of health care The use of the data is necessary to protect the vital interests of the patient where the patient is incapable of giving consent The use of this data is necessary as part of our billing and invoicing procedures as per the terms and conditions outlined on our admissions form Third party billing consultants are engaged in order to generate invoices on behalf of hospital consultants 7
8 Patient Satisfaction Survey On completion of your care at Beacon Hospital we may contact you using the details which you provided and request that you complete our patient satisfaction survey The use of the data is in our legitimate interests to improve the quality of the healthcare which we provide Ongoing Monitoring of Implanted Devices Patients will often be asked to return to the clinic in order for us to monitor the patient s condition post implantation The use of the data is necessary for provision of health care or treatment pursuant to a contract with a health professional Some implanted cardiac devices are remotely monitored from external databases The use of the data is necessary to ensure high standards of quality and safety of health care The use of the data is necessary to protect the vital interests of the patient where the patient is incapable of giving consent Transfers to an Alternative Healthcare Provider When a patient engages an alternative healthcare provider the patient or the healthcare provider on the patient s behalf will be provided with a copy of the patient s medical record The use of the data is necessary for medical diagnosis and for the provision of health care or treatment pursuant to a contract with a health professional Retention of Tissue Samples Patient tissue samples are labelled with patient data and retained in the clinic laboratory The use of the data is necessary to ensure high standards of quality and safety of health care In accordance with the Terms and Conditions of the National Accreditation Board and the Royal College of Pathologists Guidelines
Handling Enquiries General enquiries are received from patients patient relatives and other members of the public Patient data will only be disclosed on completion of identity verification The use of the data is in our legitimate interests as a healthcare provider The use of the data is necessary for the management of health services CCTV Footage CCTV cameras are in operation in common areas both inside and outside of the hospital in order to protect our staff patients and property The use of the data is in our legitimate interests as a healthcare provider Contractor Visitor Sign In Visitor data is recorded at our reception to keep a log of external parties who are operating within the hospital e g external contractors students and medical device representatives The use of the data is in our legitimate interests as a healthcare provider Investigate Complaints Where complaints are received from patients or other members of the public we will process the necessary data in order to investigate the complaint The use of the data is necessary for the management of health services Sometimes patient data may be accessed during system repairs and updates as required Patient data will also be used in order for the hospital to maintain system back ups in the event of an IT system failure The use of the data is necessary for the management of health services System Maintenance The use of the data is necessary to ensure high standards of quality and safety of health care The use of the data is necessary to ensure high standards of quality and safety of health care 9
Call Recording Telephone calls made to our enquiries line are not recorded Some details around your query may be added to our call management system The use of the data is in our legitimate interests as a healthcare provider The use of the data is necessary to ensure high standards of quality and safety of health care Wi Fi We provide a free Wi Fi service for staff and public use but we do not collect any personal data when providing this service This does not require a lawful basis as no personal data is captured 4 Who do we share information with There are various circumstances in which we may share personal data with other parties Generally this includes your representatives our representatives and some pre advised third parties We may occasionally disclose your information to the following categories of companies or organisations to which we handover the responsibility to handle services on our behalf Any medical consultants involved in your treatment at Beacon Hospital Any party which you have given us permission to speak with family friends or otherwise regarding your treatment Your next of kin where you are not in a situation to grant us permission GPs and other healthcare professionals involved in your care Healthcare specialists whose opinion may aid us in effective medical diagnosis and or treatment Healthcare providers engaged to assist with your treatment certain providers have facilities which assist us in providing you with efficient and effective treatment 10
Your health insurer or their representative or any other third party provider with whom you have an agreement to cover the cost of your treatment Billing agencies engaged by your consultant or other healthcare professionals involved in your treatment Legal representatives as necessary Statutory bodies and health boards as required by EU and Irish law We take steps to ensure that any third party partners who handle your information comply with data protection legislation and protect your information to the same extent as we do We only disclose personal information that is necessary for them to provide the service that they are undertaking on our behalf We will aim to anonymise your information or use aggregated non specific data sets where possible On occasion we may transmit your data outside of the European Economic Area In such circumstances we will ensure that the data is transferred in a secure manner in accordance with data protection legislation and with your consent If you would like more information about the relevant safeguards in place for the transfer of personal data to countries or companies outside the European Economic Area please contact us using the details outlined in Section 1 above 5 What Information is Collected As a healthcare provider we need to collect many categories of personal data about our patients the majority of which is highly sensitive in nature While the type of personal data we process may change occasionally we believe it is important that you are aware of the types of personal data we gather and use 11
The following table is a non exhaustive list of the categories and types of personal data we use to perform our duties Please note that the information listed under one category may be used for the performance of a task or in relation to activities listed under another heading or as outlined in Section 3 above REASON TYPE OF DATA COLLECTED Admissions Contact details date of birth next of kin details medical history reason for admission family medical history GP details health insurance payment details nationality and religious beliefs can be volunteered by patient Referrals Contact details date of birth treatment for which patient is being referred MRN GP details details of referring party family medical history During Medical Diagnosis Treatment Medical data relating to current and past treatment Quality Improvement Patient feedback enquiries received log of calls received log of complaints received clinical incident forms submitted Clinic Security CCTV footage visitor sign in logs 6 How Long is Data Retained We only keep your information for as long as is necessary for the purpose for which it was originally obtained Please note that the retention periods for medical information are defined on a case by case basis as required for the provision of healthcare to the patient In this regard retention periods for medical information will be defined based on the individual circumstance of each patient We will take all necessary steps to ensure that the privacy of information is maintained upon disposal 12
7 Know Your Rights You have a number of rights when it comes to your personal data as per legislation set out under GDPR On receipt of a valid request to invoke one of your rights we will do our best to adhere to your request as promptly as reasonably possible however restrictions may apply in certain situations Where do I send requests Please send all your requests to the contact details provided in Section 1 with as much detail as possible regarding your requirements to enable us to deal with your request efficiently To answer your request we may ask you to provide identification for verification purposes How long will a request take to complete Upon receipt of a request as per legislation set out under GDPR we will have 30 days to provide a response with an extension of two further months if required If we require more time to deal with your request we will notify you of the delay and the factors responsible for the delay within 30 days of the receipt of the request If we refuse your request we will notify you within 30 days of the receipt of the request accompanied by the reason for refusal You are entitled to contact the Office of the Data Protection Commissioner if we refuse your request How much does it cost to submit a request We will not charge a fee for any requests provided we do not consider them to be unjustified or excessive If we do consider these to be unjustified or excessive we may charge a reasonable fee also applicable for multiple copies or refuse the request Right of Access You have a right to know what personal data we hold on you why we hold the data and how we are using the data 13
When submitting your request please provide us with information to help us verify your identity and as much detail as possible to help us identify the information you wish to access i e date range subject of the request Identity verification will require a copy of your photographic ID as well as the provision of three unique identifying factors from your medical record If the request is submitted by a third party such as a solicitor on your behalf the request will be required to include written authorisation from you for the provision of a specific data to the third party Right to Rectification You have a right to request that the personal data held in relation to you is up to date and accurate Where it is agreed that information is inaccurate or incomplete we encourage you to contact us to have this information rectified Upon receipt of your request we will ensure that the personal data is rectified and as up to date as is reasonably possible Right to Erasure You have the right to seek the erasure of personal data relating to you in the following circumstances The personal data is no longer required for the purposes for which is was obtained The personal data is being used unlawfully However we will be unable to fulfil an erasure request if the personal data is required for the treatment of an active patient We cannot delete data which is being held in the public interest such as for protecting against cross border threats or ensuring high standards of quality and safety of health care Please be aware that in certain circumstances we may need to retain 14
some information to ensure your preferences are respected in the completion of our duties For example we cannot erase all information about you where you have also asked us not to send you marketing material Otherwise your preference not to receive marketing material would be erased Right to Restriction You have the right to restrict the extent for which your personal data is being used by us in circumstances where Where it is agreed that the personal data is not accurate restriction period will exist until we update your information The processing of the personal data is unlawful but you wish to restrict the use of the data rather than erase it Where the personal data is no longer required by us but you require the retention of the data for the establishment exercise or defence of a legal claim You have a pending objection to the future use of your personal data When the use of your data has been restricted your personal data will only be further used with your consent for the establishment exercise or defence of legal claims for the protection of the rights of other people or for reasons important to public interest such as for protecting against cross border threats or ensuring high standards of quality and safety of health care We will contact you to confirm when the request for restriction is fulfilled and will only lift the restriction after we have informed you that we are doing so 15
Right to Data Portability You have the right to the provision of all personal data which you provided to us provided to you in a structured commonly used and machine readable format where The lawfulness of the use of your personal data by us is reliant on the basis of a contract The lawfulness of the use of your personal data by us is reliant on the provision of your consent The data is being utilised by fully automated means You may also request that we send this personal data to another legal entity where technically feasible We will only refuse such a request if the data being requested may adversely affect the rights and freedoms of others Right to Object You have the right to object to the further use of your personal data where The lawfulness of the use of your personal data by us is reliant on the basis of our legitimate interests Where the data is non sensitive and being used for reasons in the public interest Where the data is being used for direct marketing purposes If you wish to object to the use of your data please contact us with your request We will then stop using the data of personal data unless it is required for legal proceedings Right not to be subject to Automated Decision Making including Profiling You have a right not to be subject to a decision based solely on automated processing or profiling where such decisions would have a legal effect or significant impact on you 16
Currently we do not employ any systems which use automated decision making or profiling on data relating to our patients Where we or one of our third party processors use profiling which produces legal effects for you or otherwise significantly affects you you will have the right to object to such processing 8 Cookies Beacon Hospital respects the privacy of all visitors to our websites Our website employs cookies in order to operate effectively more information on how our website uses cookies can be found at www beaconhospital ie 17
Beacon Hospital Sandyford Dublin 18 D18 AK68 Tel 01 293 6600 www beaconhospital ie Version 7 10 2022 18