Privacy

Practice Privacy Statement

MedHub wants to ensure the highest standard of medical care for our patients. We understand that a medical centre is a trusted community governed by an ethic of privacy and confidentiality. Our approach is consistent with the Medical Council guidelines and the privacy principles of the Data Protection Regulations. It is not possible to undertake medical care without collecting and processing personal data and data concerning health. In fact, to do so would be in breach of the Medical Council’s ‘Guide to Professional Conduct and Ethics for Doctors’. This information is about advising you of our policies and practices in dealing with your medical information.


Legal Basis for Processing Your Data

All the doctors involved with MedHub are members of the Irish College of General Practitioners (ICGP) and have signed up for the ICGP Data Protection Guideline for GPs. The processing of personal data is necessary in order to protect the vital interests of the patient and for the provision of health care and public health. You can access the Guideline at https://www.icgp.ie/data.


Managing Your Information

In order to provide for your care here, we need to collect and keep information about you and your health on our records.

  • We retain your information securely.

  • We will only ask for and keep the information that is necessary. We will attempt to keep it as accurate and up-to-date as possible. We will explain the need for any information we ask for if you are not sure why it is needed.

  • All persons in the practice (not already covered by a professional confidentiality code) sign a confidentiality agreement that explicitly makes clear their duties in relation to personal health information and the consequences of breaching that duty.

  • Access to patient records is regulated to ensure that they are used only to the extent necessary to enable the support staff or managers to perform their tasks for the proper functioning of the service.

In this regard, patients should understand that practice staff may have access to their records for:

  • Generating necessary certificates for the patient. This is then checked and signed by the GP.

  • Typing referral letters to hospital consultants, specified general practitioners or allied health professionals.

  • Scanning clinical letters and any other documents not available in electronic format.

  • Downloading laboratory results and Out of Hours doctor reports and performing integration of these results into the electronic patient record.

  • Photocopying or printing documents for referral to consultants/public health.

  • Checking for a patient if a hospital or a laboratory result is back, in order to schedule a conversation with the GP.

  • And other activities related to the support of medical care appropriate for practice support staff.


Embedded Content From Other Websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


Disclosure of Information to Other Health & Social Care Professionals

We may need to pass some of this information to other health and social care professionals in order to provide you with the treatment and services you need. Only the relevant part of your record will be released. These other professionals are also legally bound to treat your information with the same duty of care and confidentiality that we do.


Disclosures Required or Permitted Under Law

The law provides that in certain instances personal information (including health information) can be disclosed, for example, in the case of infectious diseases.


Disclosure of Information to Employers, Insurance Companies & Solicitors:

  • In general, work-related Medical Certificates from your GP will only provide a confirmation that you are unfit for work with an indication of when you will be fit to resume work. Where it is considered necessary to provide additional information we will discuss that with you. However, Department of Social Protection sickness certs (“Social Welfare Certs”) for work must include the medical reason you are unfit to work.

  • In the case of disclosures to insurance companies or requests made by solicitors for your records, we will only release the information with your signed consent.


Use of Information for Training, Teaching & Quality Assurance

It is usual for clinicians to discuss patient case histories as part of their continuing medical education or for the purpose of training clinicians and/or medical students. In these situations, the identity of the patient concerned will not be revealed.

In other situations, however, it may be beneficial for other doctors within the practice to be aware of patients with particular conditions and in such cases, this practice would only communicate the information necessary to provide the highest level of care to the patient.


Use of Information for Research & Audit

It is usual for patient information to be used for research and audit in order to improve services and standards of practice. GPs on the specialist register of the Medical Council are required to perform yearly clinical audits. Information used for such purposes is done in an anonymised or pseudonymised manner with all personal identifying information removed.

If it were proposed to use your information in a way where it would not be anonymous or the practice was involved in external research we would discuss this further with you before we proceeded and seek your written informed consent. Please remember that the quality of the patient service provided can only be maintained and improved by training, teaching, audit and research.


Your Right of Access to Your Health Information

You have the right of access to all the personal information held about you by this practice. If you wish to see your records, in most cases the quickest way is to discuss this with your doctor, who will review the information in the record with you. You can make a formal written access request to the practice and receive a copy of your medical records. These will be provided to you within thirty days.


Other Rights

You have other rights under data protection regulations in relation to the transfer of data to a third country, the right to rectification or erasure, restriction of processing, objection to processing and data portability. Further information on these rights in the context of general practice is described in the Guideline at https://www.icgp.ie/data. You also have the right to lodge a complaint with the Data Protection Commissioner.


Categories of Personal Data

1. Administrative
Name, address, contact details (phone, mobile, email), dates of appointment

Purpose of Processing:
Necessary to support the administration of patient care in general practice.

Lawfulness of Processing:
Article 6.1(d): processing is necessary in order to protect the vital interests of the data subject or of another natural person; Special Categories are processed under the derogations in Articles 9.2(h) and 9.2(i). Please see the notes under this table.

2. Medical Record
Individual Health identifier, date of birth, sexual orientation, gender, medication details, allergy details, current and past medical history, genetic data, laboratory test results, imaging test results, near-patient test results, ultrasound scan images, and other data required to provide medical care.

Purpose of Processing:
Necessary to provide patient care in general practice. 

3. Account Details
Record of billable services provided, patient name, address, contact details, billing and payment records.

Purpose of Processing:
Required for providing a service and billing.

Lawfulness of Processing:
Article 6.1(c): processing is necessary for compliance with a legal obligation to which the controller is subject (Revenue, Medical and Legal Obligations), and Article 6.1(b) in relation to getting paid for providing a service to private patients.


Recipients With Whom We Share Personal Data

1. Health & Social Care Providers
Other GPs, Health Service Executive, Voluntary Hospitals, Private Hospitals and Clinics, Private Consultants, Pharmacies, Nursing Homes, Counselling Services, Diagnostic Imaging Services, Hospital Laboratories, and other health care providers.

2. Data Processors, With a Contract
GP Practice Software Vendor (Clanwilliam Health), Online Data Backup Companies (RCSI), Healthlink, Squarespace.

3. Legal Arrangements
Coroner, Revenue, Social Protection, Medical Council.

4. Public Health
Infectious disease notifications, influenza surveillance.

5. Third Parties, With Explicit Patient Consent
Solicitors, Insurance Companies, Health Insurance Companies, Banks.


Questions

We hope this privacy policy has explained any issues that may arise. If you have any questions, please speak to the practice secretary or your doctor. 


Date last accessed 12th Jan 2023