Privacy Policy

Health Path Privacy Statement

+ What is a Privacy Policy?

A ‘privacy notice’ lets you know what happens to any personal data that you may give us or that we may collect from you or about you (as a patient, family member, carer or visitor). This notice is issued by Centric Health as a primary care healthcare provider and covers the information we hold about our patients who engage through Health Path.

 

+ Who are we and what do we do?

Centric Health is a high-quality Primary Care group with a growing network of family GP practices and patients across Ireland. The company was founded in 2004 by two doctors, Dr Maurice Cox (CEO) and Dr Ray Power (Medical Director). Centric Health was established with the goal to provide healthcare in a community setting, centered on the needs of our patients. We are constantly evolving and striving to ensure that we provide world-class care for more than 500,000 patients across Ireland. We are proud to say that we now have over 400 clinical staff working to support our patient’s need across our practices.

 

+ Why have we issued this Privacy notice individuals taking part in Health Path .

We are committed to being open about the information we collect about you, how we use this information, with whom we share it, and how we store and secure it. We recognise the importance of protecting personal and confidential information in all that we do and take care to meet our legal and other duties, including compliance with relevant laws, regulations, and guidance

Under the General Data Protection Regulation (GDPR) Centric Health has a legal duty to ensure patient data, supplied as part of the patient process within Centric Health, is kept secure and safe.

Personal data will be obtained in a lawful, fair, and transparent manner for a specified purpose and will not be disclosed to any third party, except in a manner compatible with that purpose.

“Personal data” means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller (“Centric Health”);

All medical information is seen as “sensitive personal information” and we will endeavor to ensure your information is treated with the utmost respect and confidentiality.

Our practices conform with the Medical Council guidelines and the privacy principles of the Data Protection Legislation. This Privacy Statement is about making your consent meaningful by advising you of our policies and practices on dealing with your medical information.

 

+ Who controls the use of your personal data?

Centric Health, whose registered address is Centric Health, Floor 7, RSA House, Dundrum Town Centre, Sandyford Road, Dundrum, Dublin 16, D16 FC92 is the company that controls and is responsible for personal data that is collected in relation to your healthcare.

Any medical data collected during the course of your participation within Health Path will be securely retained on a Patient Administration System (Socrates) in Blackrock Medical Centric Health.

If you have any queries in relation to the processing of your personal data, we have appointed a data protection officer that you can contact as follows: by post at:

Data Protection Officer, Floor 7 , RSA House, Dundrum Town Centre, Sandyford Road, Dundrum, Dublin 16, D16 FC92 or by email at DPO@centrichealth.ie

 

+Managing your Information

• To provide for your care we need to collect and keep information about you and your health on our The type of information we need to collect from you includes your name, address, personal phone number, date of birth, marital status, nationality, PPS number, medical card number, family history, ethnic background, current lifestyle, next of kin/emergency contact details and details regarding previous medical history.
• Upon receipt of a signed Registration Form we use this data to communicate with you in the interests of your own healthcare but will not forward it to anyone else without your expressed consent.
• We will only ask for and keep information that is necessary. We will attempt to keep it as accurate and up to- date as We will explain the need for any information we ask for if you are not sure why it is needed.
• Please inform us about any relevant changes that we should know about, such as change of address, phone numbers, family circumstances, any new treatments or investigations being carried out that we are not aware of.
• All persons in the practice (not already covered by a professional confidentiality code) sign a confidentiality agreement that explicitly makes clear their duties in relation to personal health information and the consequences of breaching that
• Access to patient records is regulated to ensure that they are used only to the extent necessary to enable the Clinicians and or Admin team to perform their tasks for the proper functioning of the practice. In this regard, patients should understand that practice staff may have access to their records for:
• Opening letters from other GP Practices, Hospitals and consultants. The letters could be appended to a patient’s paper file or scanned into their electronic patient record.
• Scanning clinical letters, radiology reports, and any other documents not available in electronic format.
• Dealing with patient
• Checking for a patient if a hospital or consultant letter is back or if a laboratory or radiology result is back, in order to schedule an appointment or conversation with the
• Handling, printing, photocopying and postage of medico legal and life assurance reports, and of associated

The practice is committed to guarding against accidental disclosures of confidential patient information. Before disclosing identifiable information about patients, the practice will:

• Take into consideration Freedom of Information and Data Protection
• Be clear about the purpose of the
• Be satisfied that we are disclosing the minimum information to the minimum amount of people necessary.
• Be satisfied that the intended recipient is aware the information is confidential and that they have their own duty of

+ What personal data is collected?

In order to provide the Health Path our services to you we need to process certain personal data in relation to you, which includes:

• Biographical data - We collect the following biographical data: name, assumed names, address, phone number, email address, gender, family relationships (e.g. spouse, children), date of birth, PPS number, GMS
• Payment data - If you pay by direct debit or receive payments through electronic funds transfers, we will collect the IBAN, BIC and the name of your bank/building society or your credit card details where relevant. This is only collected if you require following up consultation outside of the agreed consultations.
• Interactions with us - If you interact with us, we will record details of those interactions (e.g. phone calls and logs of phone calls, email correspondence and hard copy correspondence). If you make a complaint, we will process details in relation to that
• Online services - When you interact with us online (by computer, tablet or smartphone), you will often provide personal data to us, which you will be aware of when using the services or for which you give consent. We also automatically collect data about your use of our services, such as the type of device you are using and its IP address, and how you interact with the Further details are available in the cookies policy that accompanies the relevant service.

+Categories of Personal Data

Category of data	Purpose of Processing	Lawful of processing
Administrative: name, address, contact details (phone, mobile, e mail), dates of appointment     Medical Record: Individual Health identifiers,  date of birth, religion, sexual orientation, gender, family members, family history, contact details of next of kin, contact, vaccination details, medication details, allergy details, current and past medical and surgical history, genetic data, laboratory test results, imaging test results, near-patient test results, ECGs, Ultrasound scan images, and other data required to provide medical care	Necessary to support the administration of patient care in general practice         Necessary to provide patient care in general practice	Article 6.1(d): processing is necessary in order to protect the vital interests of the data subject or of another natural person;   Article 6.1(e): the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;   Special Categories are processed under the derogations in Articles 9.2(h) and 9.2(i). Please see the notes under this table
Account Details: record of billable services provided	Required for providing a service and billing.	Article 6.1(c): processing is necessary for compliance with a legal obligation to which the controller is subject(Revenue, Medical and Legal Obligations) , and Article 6.1(b) in relation to getting paid for providing a service to private patients