Our Lady’s Hospice & Care Services is committed to protecting the privacy of all who come in contact with our services, and takes its responsibility regarding the security of our service users and clients’ information very seriously. We will be clear and transparent about the information we are collecting and what we will do with that information.
This Policy sets out the following:
- What personal data we collect and process about you in connection with your relationship with us as a patient/resident; service user; volunteer; fundraiser; student; contractor; supplier; former and prospective employees; employees’ next of kin.
- What we do with that data;
- How we store the data and for how long;
- Who we transfer/disclose that data to;
- How we deal with your data protection rights;
- And how we comply with the data protection rules.
All personal data is collected and processed in accordance with Irish and EU data protection laws.
Our Lady’s Hospice & Care Services (referred to as ‘OLHCS’ and covering both Harold’s Cross and Blackrock sites) in this policy primarily refers to Our Lady’s Hospice & Care Services DAC is the “data controller” of all personal information that is collected and used about you (‘you’ refers to all who come into contact with our services, i.e. patient/resident; service user; volunteer; fundraiser; student; contractor; supplier; former and prospective employees; employees’ next of kin) for the purposes of the Irish Data Protection Act 2018. Our Lady’s Hospice & Care Services is registered with the Companies Registration Office (company registration number 352404) and the Charities Regulatory Authority (Charities registration number CHY1144).
This policy should help you to better understand how we use your personal information, it explains in detail the types of personal information we collect, what we use it for and who we may share it with. If you have any further questions about this policy or how we handle your personal information, which are not dealt with here, please get in touch with us by e-mailing the Data Protection Officer at [email protected]
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Personal data means any information relating to you which allows us to identify you, such as your name, contact details, and information provided to us for the purposes of healthcare delivery or contractual compliance.
We collect personal data from you when you at most points of contact for the purposes of the provision of healthcare, for support of healthcare provision for health and safety reasons, all of which are included in the attached table.
OLHCS only collects personal data for a specific purpose, in compliance with legislation, and the various reasons are outlined in the attached table.
We follow strict security procedures in the storage and disclosure of your personal data, and to protect it against accidental loss, destruction or damage. The data you provide to us is protected using TLS (Transport Layer Security) technology. TLS is the industry standard method of encrypting personal information and so that they can be securely transferred over the Internet.
We have appointed a Data Protection Officer (“DPO”) to oversee compliance with this policy. In addition, you always have the right to make a complaint at any time to a supervisory authority. The Irish Data Protection Commissioner is the lead data protection supervisory authority for OLHCS as an Irish data controller.
You can e-mail the Data Protection Officer at [email protected]
Under certain circumstances, by law you have the right to:
- Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it.
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request rectification of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Right to erasure – Article 17 of GDPR deals with the right to erasure. Because OLHCS has a requirement to keep medical records and also has a right to defend medico-legal claims, under Article 23.1(g) the right to erasure of medical records is not an absolute right and restrictions may apply. This would need to be examined on a case-by-case basis. The right to erasure does not apply if processing is necessary for one of the following reasons:
- to comply with a legal obligation;
- for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or
- for the establishment, exercise or defence of legal claims.
- if the processing is necessary for public health purposes in the public interest (eg protecting against serious cross-border threats to health, or ensuring high standards of quality and safety of health care and of medicinal products or medical devices);
- or if the processing is necessary for the purposes of preventative or occupational medicine (eg where the processing is necessary for the working capacity of an employee; for medical diagnosis; for the provision of health or social care; or for the management of health or social care systems or services). This only applies where the data is being processed by or under the responsibility of a professional subject to a legal obligation of professional secrecy (eg a health professional).
- Right to Restriction of Processing – Article 18 of GDPR deals with the right to restriction of processing. Where a patient is in dispute with a healthcare provider, they may request that their medical record be locked or archived so that further processing of, or changes to, the record do not occur. The patient needs to be made aware that continuing medical care by the GP cannot take place while the medical record is locked. Requests from patients to restrict processing should be in writing and signed.
- Object to automated decision-making including profiling, OLHCS does not use automated decision making or automated profiling services.
- Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
- Withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. You can withdraw your consent to our use of your personal data through [email protected] account
Patient Confidentiality Statement
Any information you disclose to the members of the team remains confidential unless there are very serious concerns about your safety or another person’s safety.
Confidentiality may be broken if you disclose that:
- You are at risk of harm
- That a child is being neglected or experiencing physical or sexual abuse (as mandated by law)
- That you have a suicide plan
- That you are at risk of harming yourself or somebody else
- That you were sexually abused in the past as there may still be a current risk to children or other adults from the alleged perpetrator
- That you have committed a serious criminal offense or are planning to do so in the future
If this happens we will not act without talking to you first and agreeing a course of action.