Data Protection Notice
Prof. Kevin Walsh and his practice (“we”, “us” or “our”) may need to process personal data about you including to provide medical treatment. We ensure that such personal data is processed in accordance with the General Data Protection Regulation (Regulation (EU) 2016/ 679) and the Data Protection Act 2018 (together “Data Protection Law”). This notice sets out details of the personal data processed, the purposes for which such personal data is processed, to whom your personal data may be disclosed and your rights under Data Protection Law.
Who controls the use of your personal data?
Prof. Kevin Walsh with an address at 56 Eccles Street, Dublin 7, D07 KW66 is the controller of personal data processed by his practice including for the purposes of providing medical treatment.
Your information may be provided to us or shared with hospitals and other professionals involved in your care (e.g. GP practices, hospitals, other clinicians and community services) or for public health reasons and they will each act as a separate controller of your personal data and are responsible for such processing as a controller. You should contact them directly if you have any queries about how they may use and process your personal data.
What personal data is collected and processed?
We may process personal data relating to you, including:
- Biographical data – Name, gender, ethnicity, age, date of birth, address, phone number, email address, other contact details.
- Next of Kin – Details of your next of kin or other person appointment to make health decisions on your behalf.
- Health data – Health data including medical history, family medical history, details of symptoms, details of medications prescribed or taken, details of vaccinations, medical information derived from examinations and tests (e.g. echo’s), details of medical procedures, details of hospital admissions and information about your lifestyle (e.g. strenuous physical work, employment, sports and exercise activities, smoking, alcohol and other substance usage).
- Booking data – Contact details, dates of clinic, tests and procedure appointments, attendance at appointments and other details that may be required (e.g. name, procedure to be undertaken) to book theatres, rooms and other equipment you may require as part of your care.
- Insurance details – Details of your insurer, policy, claims and other information.
- Interactions – If you interact with the practice, details of those interactions may be recorded (e.g. email correspondence, voicemails, clinic lists etc.).
Where is your personal data collected from?
Your personal data may be provided to us or made available from the following sources:
- Healthcare providers – Your GP, other healthcare professionals, hospitals or the HSE may provide information to the practice including in the form of referral letters, details of prior medical history or details of inpatient stay in a hospital.
- Care and community services – We may receive information about you from care and other community services.
- You – From you, where you provide information directly to us.
- Persons you ask to provide information – Where you have asked a party to provide us with information (e.g. employer, legal advisors etc.), we may receive information from them.
- Insurers – We may receive information from your health insurer in connection with health insurance cover and billing arrangements.
We may process your personal data including for the following purposes:
- Medical Services – To provide you with medical services (including clinical diagnosis, medical examinations and consultations), medical treatment and other services and to enable others to provide you with medical care and services.
- Reports – To provide reports about your health and details of any treatment and care that you need, received either from us or from other healthcare providers, such as your GP, primary care team, other hospitals and community health.
- Care management – Management of your care including making decisions about ongoing care and treatment.
- Public health – For public health reasons including in connection with the control of infectious diseases.
- Insurance – Process insurance claims and other administrative matters
- Management of our business – In connection with the management of our business (including in connection with clinic visits, invoicing and billing, quality control and audits).
- Legal matters – In connection with disputes and legal claims or where we are subject to legal requirements (e.g. we encounter an infectious disease that is subject to a mandatory reporting obligation or are the subject of a court order).
- Research – In connection with research including to investigate new treatments and interventions to ensure patient care is continually improved but only where permitted in accordance with applicable law.
Categories of recipients of your personal data
We may share your personal data with the following parties:
- Healthcare and other care providers – We may provide your personal data to others involved in your care (e.g. your GP or community services) or from whom you will receive care in the future (e.g. other clinicians to whom you have been referred to for further treatment).
- Next of Kin – We may provide information about your health to those who have been appointed as your attorney, next of kin or who have otherwise been appointed to make decisions about your health.
- Insurers – We may provide information to insurance companies in connection with claims made.
- Third parties – Where we are required, or you request us, to provide you or a third party with information about your health.
- Service providers – We may use service providers (e.g. IT providers) in our business but any such access or processing by them will be underpinned by appropriate contractual and confidentiality obligations.
- Regulators and courts – In certain circumstances, we may be obliged to provide information to regulators or otherwise required to provide information as a matter of law (e.g. Court order)
- Health Service Executive (HSE) – We may provide personal data about you to the HSE for public health reasons including in connection with vaccination programs from which you will benefit.
Under Data Protection Law, we are required to ensure that there is an appropriate legal basis for the processing of your personal data. The primary legal bases that we rely on are:
- Performance of a contract – Where any such processing is necessary for the performance of a contract with you (or for taking steps at your request with a view to entering into a contract with you).
- Legal obligations – Where any such processing is necessary to comply with our legal and regulatory obligations.
- Vital interests – Where any such processing is necessary to protect your vital interests or those of another person.
- Legitimate interests – Where such processing is necessary for the purposes of our legitimate interests or those of a third party. We will only process your personal data for the purposes of our legitimate interests where we are of the view that to do so would not constitute an unwarranted interference with your own interests or fundamental rights and freedoms. Such interests may include: (i) ensuring your on-going care and health management; (ii) managing and operating our practice in an efficient and effective manner; (iii) co-operating with and assisting regulatory bodies and other competent authorities; and (iv) protecting and defending our rights and legal position.
- Consent – Your consent (where we have sought it and you have provided it to us), and in which case, you can withdraw your consent at any time.
The legal bases on which we collect, process and transfer information relating to you which may be regarded as a special category of data (e.g. health data), in the manner described above are:
- Vital interests – Where such processing is necessary to protect your vital interests or those of another person where there is a consent capacity issue
- Healthcare – Where the processing is necessary: (i) for medical diagnosis; (ii) for the provision of medical care or treatment; (iii) for management of health; or (iii) pursuant to a contract with a health practitioner, provided such is undertaken under the responsibility of a health practitioner or a person who owes an equivalent duty of confidentiality.
- Insurance – Where any such processing of health data is necessary for the purposes of health insurance or health-related insurance;
- Public health – Where such processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health, and provided suitable and specific measures are put in place to safeguard fundamental rights and freedoms.
- Legal matters – Where any such processing is necessary for the purpose of: (i) obtaining legal advice, (ii) establishing, exercising or defending legal claims and rights, or (iii) any legal proceedings (including prospective legal proceedings) or legal claims (including prospective legal claims).
Necessity of provision of certain information and consequences
We may require certain personal data including in order to provide medical treatment to you or for such other purposes that we notify you of. If you do not provide us with this information, then we may not be in a position to continue dealing with you in compliance with our obligations and internal policies, or to perform tasks for your benefit.
We will retain your personal data for no longer than is necessary for the purposes set out in this notice. The criteria used to determine the retention periods include: (i) how long that personal data is needed for the purposes for which it was collected; and (ii) whether it is necessary to retain such data due to a legal, contractual or similar obligation and, if relevant, to deal with any claim or dispute that might arise or investigation or otherwise as necessary to protect or defend our rights and legal position.
We do not transfer personal data outside of the European Economic Area. If this changes in the future, we will ensure that appropriate measures are in place to comply with our obligations under applicable Data Protection Law governing such transfers.
Your rights and how to update your information
You have the following rights, in certain circumstances and subject to certain restrictions, in relation to your personal data:
- Right to access the data – You have the right to request access to your personal data that we hold about you, together with other information about our processing of that personal data.
- Right to rectification – You have the right to request that any inaccurate data that is held about you is corrected or if we have incomplete information you may request that we update the information such that it is complete.
- Right to erasure – You have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten.
- Right to restriction of processing or to object to processing – You have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.
- Right to data portability – You have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format.
- Right to withdraw your consent – Where our processing of your personal data is based on you having provided your consent, you have the right to withdraw such consent.
In order to exercise any of the rights set out above, you can email us at: email@example.com. We are required to keep all data accurate and up to date. To enable us to do this more easily, please inform us of any significant changes to your personal data, such as change of address or contact telephone numbers.
If you are not happy with the way we have used your information or addressed your rights, you have the right to make a complaint to the Irish Data Protection Commission, whose contact details can be found at www.dataprotection.ie
If you have any questions or concerns regarding this notice, please contact us at: firstname.lastname@example.org