NEDOC Ltd Privacy Statement
NEDOC Ltd works in partnership with the HSE to provide urgent out of hours GP Care to patients of participating practices. The HSE is the data controller for all patient data that is collected at the point of contact when patients ring 1800 777 911. The role of NEDOC Ltd is to provide administrative support to the GPs that participate in the NEDOC co-operative.
We respect your rights to privacy and to the protection of your personal information. The purpose of this privacy notice is to explain how we collect and use personal information for the delivery of our service and the day to day running our business.
All personnel working in NEDOC Ltd are bound by patient and data confidentiality agreements. To allow us to manage our business effectively we collect and process various categories of personal information throughout your healthcare journey with us, including your name, contact details and other details in respect of your consultation.
The HSE collects and stores special categories of information including your health record. NEDOC Ltd processes some of that data for the specific purpose of supporting the HSE and participating GPs in the administration of the service. This includes administration of communication in respect of, and financial management of NEDOC consultations.
You have the right to request, amend or delete personal information stored by NEDOC Ltd and can do so by emailing firstname.lastname@example.org. For access to your health records contact the Manager, Primary Care Out of Hours Service, St Bridgets Campus, Ardee, Co Louth.
Legal Basis for Processing Your Data
NEDOC Ltd is committed to complying with the EU GDPR Regulations. The processing of personal data and health records of patients attending the NEDOC service is necessary in order to protect the vital interests of the patient and for the provision of healthcare and public health. It is necessary for the organisational and financial administration of the service.
To help us operate the service we collect various categories of personal information, and often special categories of information including your health record, throughout your time using our service. This Personal Data may vary, but includes:
Managing your Information
In order to administer the operational and financial support to the HSE and GPs for patients attending NEDOC, we collect and keep information about your NEDOC attendances. We commit to:
Sharing Data With Third Parties
We share your information to third parties only when you have authorised us to do so and where it is necessary as part of our business practices or when there is a legal or statutory obligation to do so. Whenever we disclose information to third parties, we will only disclose the amount of personal information necessary to meet such business need or legal requirement.
At times we may need to pass some of your Personal Data to other health and social care professionals in order to support the provision of necessary treatment and care in NEDOC and with other health and social care services. In such circumstance we will only disclose the relevant part of your record. All such professionals as referenced are also legally bound to treat your information with the same duty of care and confidentiality and are subject to EU Data Protection Regulation.
For the purposes of complaints management, NEDOC Ltd will need to access your NEDOC consultation and provide it to the relevant GP and to the Medical Director. In some cases that record may also be referred to our Medical Indemnity company.
Patient records will not be released to any party without the signed consent of the patient. This applies to requests from Gardai, Solicitors, Social Services (unless it is in the interest/protection of the patient) or family members.
Appropriate measures will be taken to ensure that all such disclosures or transfers of your information to third parties will be completed in a secure manner.
For the purpose of safeguarding and securing our IT and database systems, NEDOC Ltd has third party contracts in place with our IT & database management companies who have to access our systems from time to time. We employ reasonable appropriate administrative, technical, personnel procedural and physical measures to safeguard Personal data against loss, theft and unauthorised access.
Use of Information for Training, Teaching and Quality Assurance / Clinical Audit of Performance
For the purpose of continuing medical education and training, and personal development, experienced GPs and GPs in Training often discuss case histories – in these situations, the identity of the patient concerned will be anonymised.
NEDOC Ltd works with the North East GP Training Scheme to facilitate the training of GPs in their out of hours learning. As part of this programme GP Registrars work in the NEDOC service and may be involved in your care. GP Registrars are bound by patient confidentiality at all times.
It is normal for patient information to be used for research or audit in order to improve services and standards of practice. GPs on the specialist register of the Medical Council are required to perform yearly clinical audits. Information used for such purposes is provided in an anonymised or psyeudonymised manner with all personal identifying information removed.
If it were proposed to use your Personal Data in a way where it would not be anonymous or the service was involved in external research, this would only occur with your explicit consent.
Retaining Your Personal Data
The period for which we retain information varies according to the use of that information. In some cases, there are legal requirements to keep data for a minimum period of time, including information in respect of payments and for health records. Unless specific legal requirements dictate otherwise, we will retain information no longer than is necessary for the purposes for which data were collected and processed.
As per statutory guidelines, all matters of finance are retained for a period of 6 years.
For the purpose of routine communications the retention period is 6 years unless there is an obligation to retain it longer (e.g. due to a legal case or medical council investigation).
Retention periods for medical records are taken from the HSE “National Hospitals Office, Code of Practice for Healthcare Records Management” and are in line with the recommendations of the Medical Indemnity Agencies and the Health Information and Quality Authority (HIQA). The HSE is the Data Controller of your health records and retention of that data is guided by the HSE. NEDOC Ltd. is a data processor of the health record controlled by the HSE and we are guided by the principals stated above. NEDOC Ltd will retain records for a period of 8 years unless it is in the interest of the Data Subject to retain it for longer. For further details on retention of personal data refer to the HSE.
Your right of access to your health information
You have the right of access to all the personal information held about you by the service. If you wish to access your records please contact the Manager, HSE Primary Care Out of Hours, St Bridgets Campus, Kells Rd., Ardee, Co Louth.
You have the right of access to all the personal information held about you by this office and can do so by putting the request in writing, with proof of identity (passport / driving licence / public services card) to Arlene Fitzsimons, Operations Manager, NEDOC Ltd., Farrell St., Kells, Co Meath. This provision excludes the health record itself which should be sought from the HSE directly from the Manager, HSE Primary Care Out of Hours, St Bridgets Campus, Kells Rd., Ardee, Co Louth.
You have other legal rights to control your information and the manner in which we process that Personal Data. These rights include:
Further information on these rights is accessible on www.dataprotection.ie.
Complaints on the use, retention and disposal of personal data can be submitted to email@example.com. You also have the right to lodge a complaint with the Data Protection Commissioner.
We hope this notice has been helpful to you and explained any issues that may arise regarding your Personal Data. If you have any queries please contact firstname.lastname@example.org or ring us on 046-9241533.
|Organisation Name||North East Doctor on Call Ltd (NEDOC Ltd)|
|Organisation Address||Farrell St., Kells, Co Meath|
|Lead for Data Protection||Arlene Fitzsimons|