Our Responsibilities at St Mary's GP
Fair Obtaining and Purpose specification:
Medical Records, Data Protection
A General Practice is a trusted community governed by an ethic of privacy and confidentiality.
In order to provide for your care, we need to collect and keep information about you and your health in your personal medical record.
Our policies are consistent with the Irish Medical Council guidelines and the privacy principles of the Data Protection Regulations.
This practice has adopted the requirements of 'Processing of Patient Personal Data: A Guideline for General Practitioners'.
For further details please ask at reception for a copy of our Private Privacy Statement or access the Guideline at: https://www.icgp.ie/go/in_the_practice/data_protection
At time of registration, personal details requested:
- Name: Identification purposes
- DOB: Identification purposes
- Address: Contact details and identification purposes
- Telephone number: Contact details
- Email: contact details
- PPS: Cervical Check, HSE claiming on certain procedures, via PCRS portal
- Private Insurance: Claiming on minor surgery procedures performed at St Mary's GP
- Next of Kin: In case of emergency
- Medical History: Needed for consultation purposes and to provide you with the best level of care
- Consultations: Medical issues disclosed to doctors/practitioners/nurses and other relevant people
Please note that we may contact you by email or SMS messaging. Please opt out at reception in writing or by email (email@example.com)
Data may be disclosed to third parties:
- Referrals to: Consultants, Radiology, Physiotherapy, and other parties involved in your treatment
- Claiming for procedures: private health insurance (Medserv), HSE/PCRS, Cervical Check, Social welfare, Garda Medical, and other parties aware to you
- Pharmacies: prescriptions may be faxed, posted or emailed
- Solicitors: If requested by patients. Please be aware that a consent request by your solicitor under the FOI or GDPR, will grant you solicitor access to all medical records
- Laboratories: MedLab, CUH, SIVUH, MUH and others if needed
- Social Services
At St Mary's GP Centre, we do not make use of your personal data for secondary reasons and we are fully registered with the Data Protection Commissioner.
All our data protection practices are open and transparent, Please enquire at reception or by email (firstname.lastname@example.org) for further information or clarification.
Please update us on your preferences to the data we hold on you and feel free to request personal data be deleted at any time. Please understand that medical records cannot be deleted for medico-legal reasons and to give you a safe and professional service.
Use and disclosure of information:
Personal data held at St Mary's GP Centre, will not be used or accessed outside its intended use of caring for you.
Staffs are trained and aware of the rules on how to handle your personal data for its intended use. In addition to this all staff at St Mary's GP Centre have signed a nondisclosure agreement. Non-medical staff will have access to your medical records for administrative purposes.
By registering at St Mary's GP Centre and visiting availing of the services provided we assume that you would be aware of how your personal data is used and when it might be shared by third parties as mentioned above.
Security of your personal data is a priority to us.
We mainly use the Socrates consultation management system, but may sometimes use other such systems that are GDPR compliant.
Your personal data password protected and encrypted on our computers, running on an internal server.
A back up is stored on Keep It Safe, a well recognized and GDPR compliant online provider.
IT provider: Cortell Technologies Limited – GDPR compliant and a well recognized Cork company.
How is data transferred to third parties?
A secure email known as Healthmail which is part of the HSE IT.
An online referral system for transferring referrals and receiving radiological and laboratory results known as Healthlink. It is associated with health mail and part of the HSE.
Zeus referrals: Part of Socrates consultation managemnt system
National postal system
Corrigan’s: Is a company based in cork and GDPR compliant. It provides a courier service for GPs and Local Health institutions. Locations serviced: Participating GPs, Local Hospitals, certain Solicitors, CUH Lab, MedLab, HSE storage.
Please be aware that the Healthmail and Healthlink systems are independently confirmed by the Health Service Executive as being fully secure as far as the IT security of the HSE can be guaranteed.
Zeus forms part of the Socrates information management systems and has independently accredited security measures in place to protect your personal data.
The security, storage and processing of medical data sent to consultants and third parties would be subject to their own privacy policies.
It is your responsibility to make sure your contact details are up to date at St Mary's GP Centre. Please inform St Mary's GP Centre of any changes to your contact details for them to be amended on your file.
We may make contact with you via SMS or email. Please opt out at reception if you do not agree to being contacted by one or both platforms.
Pitfalls/disturbance to services:
Faxes, under GDPR, are considered non secure. We will not be able to fax prescriptions to pharmacies as not to fall foul of the new regulations.
Personal data (letters, prescriptions) can only be given to the named patient. Family members/friends may not collect on their behalf, unless prior written notification/consent given to St Mary's GP Centre.
Personal emails are considered not secure under GDPR, due to this, we will not be able to email you results or other personal data.
Adequate, relevant and not excessive:
All your information collected at St Mary's GP Centre is collected for the purpose of caring for you to the highest standard and to allow St Mary's GP Centre claim for services funded by the HSE and other relevant health bodies.
If you would like any data such as PPS, Private Insurance details removed from your file, then please notify management. We hold on to such data to streamline your care with regards to specific services and avoid delay.
Accurate and up-to-date:
We aim to maintain your data up to date. Please help us keep your data secure by keeping your contact details up to date.
Medical records may be amended on receipt of OPD and discharge letters from secondary care.