Data Protection Statement
Data Protection Statement
Our Lady’s Hospice & Care Services | Privacy Notice | February 2023
Introduction:
Under the General Data Protection Regulation (GDPR) we are obliged to have a fair processing notice for personal data. This is often referred to as a Privacy Notice. It provides information about the ways in which we process (collect, store and use) your personal data as a patient/client of this organisation.
Personal data means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller, Our Lady’s Hospice & Care Services (OLHCS).
All medical information under GDPR is deemed a special category of personal information and, as a healthcare provider, we will endeavour to ensure your information is treated with the utmost respect and confidentiality.
Our Lady’s Hospice & Care Services is very seriously committed to protecting the privacy of all who come in contact with our services, and this includes protecting information or data of a personal and confidential nature which you give to us. We will be clear and transparent about the information which we collect and what we do with that information.
It is very important that you note it is not always possible to maintain confidentiality and OLHCS has a legal obligation to disclose facts at certain times. However, any information you disclose to the members of the team taking care of you remains confidential unless there are very serious concerns about your safety or another person’s safety.
Confidentiality may be broken if you disclose that:
- You are at risk of harm;
- That a child is being neglected or experiencing physical or sexual abuse (as mandated by law);
- That you have a suicide plan;
- That you are at risk of harming yourself or somebody else;
- That you were sexually abused in the past as there may still be a current risk to children or other adults from the alleged perpetrator;
- That you have committed a serious criminal offence or are planning to do so in the future.
If this happens we will not act without talking to you first and agreeing a course of action.
If you require basic information about OLHCS’s information handling practices, view our FAQs under the heading ‘Information Governance’ on our website. This includes a summary of how OLHCS collects, uses and discloses your personal information, and how you can contact OLHCS if you would like to access or request a correction to any personal information which OLHCS holds on you.
If you require more detailed information about OLHCS’s information handling practices, then please read this document.
Contact Details:
Data Controller
Our Lady’s Hospice & Care Services
Harold’s Cross, Dublin 6W
Tel: (01) 4068725
Email: Info@olh.ie
Data Protection Officer
Ambit Compliance
Data Protection Lead
Patricia Pierce
Tel: (01) 4068725
Email: ppierce@olh.ie
Data Controller:
Our Lady’s Hospice & Care Services (referred to as ‘OLHCS’, (covering Harold’s Cross, Blackrock and Wicklow sites) refers to Our Lady’s Hospice & Care Services DAC and is the “data controller” of all personal information that is collected and used about you for the purposes of the Irish Data Protection Act 2018. Our Lady’s Hospice & Care Services is registered with the Companies Registration Office (company registration number 352404) and the Charities Regulatory Authority (Charities registration number CHY1144).
OLHCS collects data from you and, as a Data Controller, this means that we take full responsibility for protecting that information, only collect the information we require and only sharing that information when it is essential by law, or essential for your healthcare delivery. We also have to ensure that anyone we share your information with has implemented a high standard of security to protect your information.
Data protection Legislation
All personal data we gather will be processed in accordance with all applicable data protection laws and principles, including the General Data Protection Regulation (EU) 2016/679 and the Data Protection Acts 1988 – 2018 (as amended).
For more information on Data Protection please view the Data Protection Commission website: https://www.dataprotection.ie/en/individuals.
What Data we Collect:
Personal data means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller. For example, your name, date of birth, address – these clearly identify you, and you alone.
It covers any information that relates to an identifiable, living individual.
Sensitive personal data is defined in the Data Protection Acts as any personal data as to:
- the racial or ethnic origin, the political opinions or the religious or philosophical beliefs of the data subject
- whether the data subject is a member of a trade union
- the physical or mental health or condition or sexual life of the data subject,
- the commission or alleged commission of any offence by the data subject, or
- any proceedings for an offence committed or alleged to have been committed by the data subject, the disposal of such proceedings or the sentence of any court in such proceedings.
As a patient or resident at OLHCS, we collect information on your physical and mental health, we collect information on racial or ethnic origin, we ask you if you have a religious belief. All of these qualify as sensitive personal data. The Data Protection Acts require additional conditions to be met for the processing of such data. Usually this would be your explicit consent. With the provision of healthcare there is not a need for explicit consent as the relationship between OLHCS and you as a patient or resident is defined under:
Lawfulness of Processing
Article 6 (1) covers the lawful bases on which a data controller (OLHCS) may process personal data.
- Subsection (e) of this paragraph is that processing is necessary for a task carried out in the public interest or in the exercise of official authority vested in the controller; in our case this official authority is vested in us through the Health Act 2004 (as amended).
The data that we typically process for patients and service users is classified in legislation as “Special Category” data, i.e. racial or ethnic origin, religious or philosophical beliefs, genetic data, biometric data, health data, sex life details and sexual orientation. The processing of this data is strictly prohibited in general circumstances However, under Article 9 (2) (h) OLHS may process this special category personal data in the provision of health and social care services or the management of health and social care systems and services on the basis of Irish law (Health Act / Mental Health Act etc.).
How do we collect your personal data?
OLHCS collects information in a number of different ways.
This might be from a referral made by your GP or another healthcare professional you have seen, or perhaps directly from you, over the telephone or on a form you have completed. There may also be times when information is collected from your relatives or first point of contact, e.g. if you are unable to provide the information yourself. During your treatment, health specific data will be collected by the doctors, nurses and healthcare staff taking care of you, and will be held in your patient chart (this can be paper and/or electronic).
What information do we collect?
The information that we collect about you may include details such as:
- Name; Address; Telephone; e-mail; date of birth; first point of contact
- Any contact we have had with you through appointments or previous attendance at OLHCS
- Details and records of treatment and care, notes and reports about your health, including those provided to us by a previous healthcare organisation as essential medical information
- Results of diagnostic tests
- Financial and health insurance information
- Other relevant information from people who have previously cared for you
- We may also collect other information about you, such as your sexuality, race or ethnic origin, religious or other beliefs, and whether you have a disability or require any additional support with appointments (like an interpreter or advocate).
- CCTV and security information.
What do we use your personal data for?
OLHCS only collects personal data for a specific purpose, and in compliance with legislation, and the various reasons are outlined in the attached table.
Security of your personal data:
We follow strict security procedures in the storage and disclosure of your personal data, and to protect it against accidental loss, destruction or damage. We have an Information Technology (IT) Department who look after the technical aspects of security. The data you provide to us is protected using TLS (Transport Layer Security) technology. TLS is the industry standard method of encrypting personal information and so that they can be securely transferred over the Internet.
We may disclose your information to trusted third parties for the purposes set out in the attached table. We require all third parties to have appropriate technical and operational security measures in place to protect your personal data, in line with Irish and EU law on data protection rules.
Outside of the technical IT security, we also ensure that paperwork is secure. Every staff member in OLHCS is trained on what / what not to do with your information. Your medical records must be kept secure at all times, and only accessible to staff who need to access them. Records are locked away in a secure location when not in use
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
ePrivacy Regulations
All marketing activity is carried out in compliance with the ePrivacy Regulations (S.I. 336/2011).
Third Party Websites
This privacy policy does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements and policies of these websites prior to making use of them. Examples used on our site include Facebook, X (Twitter), YouTube, LinkedIn, Instagram.