Privacy Statement

NEDOC Ltd Privacy Statement

NEDOC Ltd works in partnership with the HSE to provide urgent out of hours GP Care to patients of participating practices. The HSE is the data controller for all patient data that is collected at the point of contact when patients ring 1850 777 911.  The role of NEDOC Ltd is to provide administrative support to the GPs that participate in the NEDOC co-operative.

We respect your rights to privacy and to the protection of your personal information. The purpose of this privacy notice is to explain how we collect and use personal information for the delivery of our service and the day to day running our business.

All personnel working in NEDOC Ltd are bound by patient and data confidentiality agreements.  To allow us to manage our business effectively we collect and process various categories of personal information throughout your healthcare journey with us, including your name, contact details and other details in respect of your consultation.

The HSE collects and stores special categories of information including your health record.  NEDOC Ltd processes some of that data for the specific purpose of supporting the HSE and participating GPs in the administration of the service. This includes administration of communication in respect of, and financial management of NEDOC consultations.

You have the right to request, amend or delete personal information stored by NEDOC Ltd and can do so by emailing info@nedoc.ie. For access to your health records contact the Manager, Primary Care Out of Hours Service, St Bridgets Campus, Ardee, Co Louth.

Legal Basis for Processing Your Data

NEDOC Ltd is committed to complying with the EU GDPR Regulations.  The processing of personal data and health records of patients attending the NEDOC service is necessary in order to protect the vital interests of the patient and for the provision of healthcare and public health.  It is necessary for the organisational and financial administration of the service.

To help us operate the service we collect various categories of personal information, and often special categories of information including your health record, throughout your time using our service. This Personal Data may vary, but includes:

  • First and last name
  • Contact details including address and telephone number (mobile/home)
  • Gender & Date of birth
  • Medical card or GP Visit number and expiry date
  • The name of a relative/friend with whom you attended
  • The name and contact details of your own GP
  • Date and details of consultations with NEDOC
  • Method of payment for consultations (if a private patient)
  • Specific health guidance from your own GP

Managing your Information

In order to administer the operational and financial support to the HSE and GPs for patients attending NEDOC, we collect and keep information about your NEDOC attendances.  We commit to:

  • Retaining your information securely.
  • Asking only for and keeping information that is necessary. We will attempt to keep all data as accurate and up to date as possible. We will explain the need for any information we ask for if you are not sure why it is needed.
  • Asking you to inform us about any relevant changes that we should know about which may include change of contact number, address, updated GMS number or Doctor Visit number.
  • Having all persons working in NEDOC Ltd maintain up to date signed confidentiality agreements that explicitly make clear their duties in relation to personal health information and the consequences of breaching that duty.
  • Accessing minimal patient records to ensure those records are only used to the extent necessary to enable staff to perform their tasks for the proper functioning of the office. In this regard, patients should understand that NEDOC Ltd staff may have access to their personal records for:
    • The purpose of managing the financial and operational administration of the service in terms of confirming whether a patient holds a medical card or GP Visit Card or is a private patient; whether a patient was consulted in an NEDOC treatment centre or at home or in a Nursing Home or if a patient received telephone triage advice only.
    • The purpose of managing communication requests for information about NEDOC consultations that may arise from the attending patient or their guardian; solicitors; An Garda Siochána; consulting GP; own GP; HSE.
    • The purpose of managing a complaint or correspondence about a consultation.
    • The purpose of auditing GP work for the continuing improvement of the clinical consultation which involves gathering random consultations, anonymising identifiable personal data of those consultations, review of the consultations by the Medical Director for clinical review under agreed international guidelines. Following completion of clinical audits all data is destroyed.
    • Only the relevant part of your record will be accessed for the purposes required above.

Sharing Data With Third Parties

We share your information to third parties only when you have authorised us to do so and where it is necessary as part of our business practices or when there is a legal or statutory obligation to do so. Whenever we disclose information to third parties, we will only disclose the amount of personal information necessary to meet such business need or legal requirement.

At times we may need to pass some of your Personal Data to other health and social care professionals in order to support the provision of necessary treatment and care in NEDOC and with other health and social care services. In such circumstance we will only disclose the relevant part of your record. All such professionals as referenced are also legally bound to treat your information with the same duty of care and confidentiality and are subject to EU Data Protection Regulation.

For the purposes of complaints management, NEDOC Ltd will need to access your NEDOC consultation and provide it to the relevant GP and to the Medical Director. In some cases that record may also be referred to our Medical Indemnity company.

Patient records will not be released to any party without the signed consent of the patient. This applies to requests from Gardai, Solicitors, Social Services (unless it is in the interest/protection of the patient) or family members.

Appropriate measures will be taken to ensure that all such disclosures or transfers of your information to third parties will be completed in a secure manner.

For the purpose of safeguarding and securing our IT and database systems, NEDOC Ltd has third party contracts in place with our IT & database management companies who have to access our systems from time to time.  We employ reasonable appropriate administrative, technical, personnel procedural and physical measures to safeguard Personal data against loss, theft and unauthorised access.

Use of Information for Training, Teaching and Quality Assurance / Clinical Audit of Performance

For the purpose of continuing medical education and training, and personal development, experienced GPs and GPs in Training often discuss case histories – in these situations, the identity of the patient concerned will be anonymised.

NEDOC Ltd works with the North East GP Training Scheme to facilitate the training of GPs in their out of hours learning. As part of this programme GP Registrars work in the NEDOC service and may be involved in your care.  GP Registrars are bound by patient confidentiality at all times.

It is normal for patient information to be used for research or audit in order to improve services and standards of practice.  GPs on the specialist register of the Medical Council are required to perform yearly clinical audits.  Information used for such purposes is provided in an anonymised or psyeudonymised manner with all personal identifying information removed.

If it were proposed to use your Personal Data in a way where it would not be anonymous or the service was involved in external research, this would only occur with your explicit consent.

Retaining Your Personal Data

The period for which we retain information varies according to the use of that information.  In some cases, there are legal requirements to keep data for a minimum period of time, including information in respect of payments and for health records.  Unless specific legal requirements dictate otherwise, we will retain information no longer than is necessary for the purposes for which data were collected and processed.

As per statutory guidelines, all matters of finance are retained for a period of 6 years.

For the purpose of routine communications the retention period is 6 years unless there is an obligation to retain it longer (e.g. due to a legal case or medical council investigation).

Retention periods for medical records are taken from the HSE “National Hospitals Office, Code of Practice for Healthcare Records Management” and are in line with the recommendations of the Medical Indemnity Agencies and the Health Information and Quality Authority (HIQA). The HSE is the Data Controller of your health records and retention of that data is guided by the HSE.  NEDOC Ltd. is a data processor of the health record controlled by the HSE and we are guided by the principals stated above. NEDOC Ltd will retain records for a period of 8 years unless it is in the interest of the Data Subject to retain it for longer. For further details on retention of personal data refer to the HSE.

Your right of access to your health information

You have the right of access to all the personal information held about you by the service. If you wish to access your records please contact the Manager, HSE Primary Care Out of Hours, St Bridgets Campus, Kells Rd., Ardee, Co Louth.

You have the right of access to all the personal information held about you by this office and can do so by putting the request in writing, with proof of identity (passport / driving licence / public services card) to Arlene Fitzsimons, Operations Manager, NEDOC Ltd., Farrell St., Kells, Co Meath.  This provision excludes the health record itself which should be sought from the HSE directly from the Manager, HSE Primary Care Out of Hours, St Bridgets Campus, Kells Rd., Ardee, Co Louth.

Other Rights

You have other legal rights to control your information and the manner in which we process that Personal Data. These rights include:

  • access to your personal information
  • to correct inaccurate information, or update incomplete information
  • to restrict or object to the processing of your information in certain circumstances
  • to transfer your personal data to another service provider
  • to receive your personal information in a portable format
  • to withdraw consent to the processing of Personal Data at any time
  • to have your data erased (where appropriate and under Statutory Guidelines)

 

Further information on these rights is accessible on www.dataprotection.ie.

Complaints on the use, retention and disposal of personal data can be submitted to info@nedoc.ie. You also have the right to lodge a complaint with the Data Protection Commissioner.

We hope this notice has been helpful to you and explained any issues that may arise regarding your Personal Data. If you have any queries please contact afitzsimons@nedoc.ie or ring us on 046-9241533.

Organisation NameNorth East Doctor on Call Ltd (NEDOC Ltd)
Organisation AddressFarrell St., Kells, Co Meath
Company Telephone046-9241533
Data ControllerNo
Lead for Data ProtectionArlene Fitzsimons
DPONot Necessary