{"id":1224,"date":"2022-04-11T16:54:19","date_gmt":"2022-04-11T15:54:19","guid":{"rendered":"https:\/\/jshearthealth.ie\/?page_id=1224"},"modified":"2022-04-29T13:56:00","modified_gmt":"2022-04-29T12:56:00","slug":"privacy-policy-2","status":"publish","type":"page","link":"https:\/\/jshearthealth.ie\/privacy-policy-2\/","title":{"rendered":"Privacy Policy"},"content":{"rendered":"\t\t
1.1 Purpose<\/strong> JS Heart Health must comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 and the ePrivacy Directive (S.I. 336\/2011).<\/span><\/p> These regulations provide the legal framework for how JS Heart Health handles your personal information (including but not limited to patient health information).<\/p> The purpose of this Privacy Policy is to clearly communicate to you how JS Heart Health handles your personal information. It will give you a better and more complete understanding of the type of personal information that JS Heart Health holds about you and the way JS Heart Health handles that<\/p> 1.2 Currency<\/strong> 2.1 JS Heart Health\u2019s Legal Obligations<\/strong> By letter:<\/strong> Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, DO2 RD28, Ireland The DPC is an independent public authority which regulates how JS Heart Health may collect, use, disclose and store personal information and how individuals may access and correct personal information which JS Heart Health holds about them. For ease of reference, this Privacy Policy sets out JS Heart Health\u2019s position with respect to patient and other individuals\u2019 personal information separately but we treat each group equally.<\/p> 2.2 Terms used<\/strong> \u201cData concerning health\u201d means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.<\/p> \u201cPrimary purpose\u201d means the specific function or activity for which the information is collected. Any use or disclosure of the personal information for another purpose is known as the \u201csecondary purpose\u201d.<\/p> \u201cProcessing\u201d means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.<\/p> \u201cPseudonymisation\u201d means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.<\/p> \u201cData Controller\u201d means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. In this case, JS Heart Health fulfils this role.<\/p> \u201cProcessor\u201d means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.<\/p> \u201cConsent\u201d of the data subject means any freely given, specific, informed and unambiguous indication of the data subject\u2019s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.<\/p> \u201cPersonal data breach\u201d means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.<\/p> \u201cSupervisory authority\u201d means an independent public authority which is established by a Member State pursuant to Article 51 of the GDPR.<\/p> 2.3 Who does JS Heart Health collect information from?<\/strong> 2.3.1 Patients<\/strong> 2.3.2 Other individuals<\/b> 2.4 What information does JS Heart Health collect?<\/strong> Often this may include collecting information about your health history, family history, your ethnic background or your current lifestyle to assist the health care team in diagnosing and treating your condition as well as insurance details. Your personal information which may include diagnostic data will be taken during your engagement with the hospital for the purpose of assisting or recording developments in your treatment. This data may take many forms for example standard laboratory information, imaging information from areas such as Radiology and the Cathlab. JS Heart Health will, in all cases, manage your personal information contained in these clinical images in accordance with the General Data Protection Regulation and this Privacy Policy.<\/p> 2.4.2 Other individuals<\/strong> We will usually collect your personal information directly from you. Sometimes we may need to collect information about you from a third party; however, we will only do this where it is not reasonable or practical for us to collect this information directly from you.<\/p> 2.5 How does JS Heart Health store your information?<\/b> 2.5.1 Patients<\/strong> 2.5.2 Other individuals 2.6 How does JS Heart Health use your information?<\/strong> The secondary purpose is related (or for sensitive information, directly related) to the primary purpose for which you have given us the information and you would reasonably expect, or we have told you, that your information is usually disclosed for another purpose or to other individuals, organisations or agencies (see related secondary purposes set out below); JS Heart Health may use or disclose your personal information as specified above via electronic processes, where available or relevant.<\/p> Related secondary purposes include: Patient specific examples: You may be referred for diagnostic tests such as pathology or radiology and our staff may consult with senior medical experts when determining your diagnosis or treatment. With developments in technology (e.g. telemedicine) our staff may consult with health professionals and medical experts, both public and private, located remotely, including outside St. Vincent\u2019s Private Hospital, in relation to your diagnosis or treatment, including by sending health information and clinical images electronically. Our staff may also refer you to other health service providers, both public and private, for further treatment during and following your admission (for example, to a physiotherapist or outpatient for community health services). We may disclose your personal information to the relevant provider to the extent required for any such referral (including disclosing that information electronically).<\/p> Your personal information will only be disclosed to those health care workers involved in, or consulted in relation to, your treatment and associated administration and to the extent required to meet that purpose.<\/p> These health professionals will share your personal information as part of the process of providing your treatment.<\/p> We will only do this while maintaining confidentiality of this information and protecting your privacy in accordance with the law.<\/p> As part of your care, we may be required to disclose your information to third party medical suppliers for the purpose of ordering specific products or to enable appropriate follow up, for example, if you require a medical implantable product as part of your treatment.<\/p> (b) Assessment for provision of health care services<\/i><\/b> (c) Your local doctor<\/i><\/b> (d) Other health service providers<\/i><\/b> We may provide information about your health records to another medical practitioner or health facility outside St. Vincent\u2019s Private Hospital without your consent in the event of an emergency where your life or health is at risk.<\/p> (e) Students and trainees<\/i><\/b> (f) Relatives, guardian, close friends or legal representative<\/i><\/b> (g) Other common uses<\/i><\/b> (i) Other uses with your consent<\/i><\/b> (j) Contractors under agreement<\/i><\/b> (k) Application for accreditation by health professionals<\/i><\/b> (m) Job applications<\/i><\/b> JS Heart Health may also store information provided by job applicants who were unsuccessful for the purposes of future recruitment or employment opportunities.<\/p> (n) Students \/ Trainees<\/i><\/b> JS Heart Health may also store information provided by students or trainees following placement for the purpose of future recruitment or employment opportunities.<\/p> (o) Education and community engagement<\/b><\/i> JS Heart Health may disclose your personal information to third parties for the purpose of confirming your attendance at the event including the provision of attendance records or certification.<\/p> 2.7 Access to and correction of your personal information<\/b> JS Heart Health will allow access or make the requested changes unless there is a reason under the GDPR or other relevant law to refuse such access or refuse to make the requested changes.<\/p> If we do not agree to change your personal information in accordance with your request, we will permit you to make a statement of the requested changes and we will enclose this with your personal information.<\/p> Should you wish to obtain access to or request changes to your personal information held by JS Heart Health please contact us at pa@jshearthealth.ie<\/p> JS Heart Health may recover reasonable costs associated with supplying this information to you.<\/p> 2.8 Data quality<\/b> 2.9 Data security<\/b> 2.10 Data Breech<\/b> 2.11 Cross border disclosure<\/b> 3.1 Data Protection Officer<\/b>
JS Heart Health is committed to ensuring the privacy and confidentiality of your personal information.<\/p>
This Privacy Policy was last updated in March 2022 and may change from time to time. The most up-to-date copy will be published on the JS Heart Health website or can be obtained by contacting us on the details set out at the end of this policy.<\/p>2. HOW JS HEART HEALTH HANDLES YOUR PERSONAL INFORMATION<\/strong><\/h4>
As mentioned in Part 1 of this Privacy Policy, JS Heart Health is required to comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. As part of this we are regulated by the Data Protection Commission (DPC) and acts as JS Heart Health\u2019s Supervisory authority.<\/p>
By email:<\/strong> info@dataprotection.ie<\/a>
Website:<\/strong> https:\/\/forms.dataprotection.ie\/<\/a>
By telephone:<\/strong> +353 (0761) 104 800<\/a><\/p>
In this Privacy Policy, we use the terms:
\u201cPersonal data\u201d means any information relating to an identified or identifiable natural person (\u2018data subject\u2019); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person:<\/p>
This Privacy Policy applies to JS Heart Health\u2019s collection and use of personal information from patients, visitors, next-of-kin, nominated support persons, referring doctors, all staff both clinical and support services such as Accredited Health Professionals, contracted health professionals, trainees (including medical professionals including registrars, fellows and advanced trainees), approved researchers, contractors, suppliers, and service providers engaged by us, medical representatives attending our facilities and other individuals engaged by or providing services to JS Heart Health.<\/p>
In order to provide you with the required health care services JS Heart Health will need to collect and use your personal information.<\/p>
In order to enable JS Heart Health to engage with you for the relevant primary purpose, JS Heart Health may need to collect and use your personal information. If you provide incomplete or inaccurate information to us or withhold personal information from us we may not be able to engage with you as required to meet that primary purpose.<\/p>
2.4.1 Patients<\/strong>
We collect personal information from you that is reasonably necessary to provide you with health care services and for administrative and internal business purposes related to your attendance at St. Vincent\u2019s Private Hospital.<\/p>
We will usually collect your health & Insurance information directly from you. Sometimes, we may need to collect information about you from a third party (such as a relative or another health service provider).<\/p>
We collect personal information from you that is reasonably necessary to engage with you for the primary purpose, including the provision of services by JS Heart Health, for JS Heart Health\u2019s functions or activities and for administrative and internal business purposes related to your dealings with JS Heart Health.<\/p>
JS Heart Health may store the personal information we collect from you in various forms. These forms include electronic and hard copy. Technical and organisational measures have been put in place to ensure the information is stored securely. These include, but are not limited to, strict access controls and, where possible, encryption. JS Heart Health will comply with the GDPR, and this Privacy Policy, in respect of your personal information in whatever form that information is stored by us.<\/p>
Storage of personal information may be in physical (paper) form and may also include storage through electronic systems for storage of personal information (including clinical images taken for diagnostic or treatment purposes) on some diagnostic equipment where you have undergone a diagnostic procedure using such equipment in St. Vincent\u2019s Private Hospital.<\/p>
Personal information may be stored in various forms including electronic and\/or paper systems in accordance with usual practices, and subject to the purposes of your engagement with JS Heart Health<\/p>
JS Heart Health only uses your personal information for the primary purpose for which you have given the information to us, unless one of the following applies:<\/p>
you have consented for us to use your information for another purpose, for example research, transmission to Insurers & processing by billing companies
JS Heart Health is required or authorised by law to disclose your information for another purpose (see related secondary purposes set out below);
the disclosure of your information by JS Heart Health will prevent or lessen a serious and\/or imminent threat to somebody\u2019s life, health or safety or to public health or public safety; or
the disclosure of your information by JS Heart Health is reasonably necessary for the enforcement of a criminal law or a law imposing a penalty or sanction, or for the protection of public revenue.<\/p>
The following is a list of examples of related secondary purposes for which JS Heart Health may use your personal information, but it is not an exhaustive list.<\/p>
(a) Use among health professionals to provide your treatment<\/i><\/b>
Modern health care practices mean that your treatment will be provided by a team of health professionals working together.<\/p>
JS Heart Health may collect your personal information for the purpose of assessing your suitability for health care services at a JS Heart Health. Where personal information is collected and you do not become a patient of JS Heart Health, your personal information may be retained. Where your assessment has been conducted at the request of your GP, JS Heart Health will report the outcome of the assessment to that GP as it may be relevant to any ongoing treatment or care provided to you by them.<\/p>
JS Heart Health will usually send a discharge summary to your referring medical practitioner or nominated general practitioner following an admission. This is in accordance with long-standing health industry practice and is intended to inform your doctor of information that may be relevant to any ongoing care or treatment provided by them. This discharge summary may be sent to your referring medical practitioner or general practitioner electronically.
If your nominated general practitioner has changed or your general practitioner\u2019s details have changed following a previous admission, you must let us know.<\/p>
If in the future you are being treated by a medical practitioner or health care facility that needs to have access to the health record of your treatment, we will provide a copy of your record to that medical practitioner or health care facility provide this request is processed in the correct manner.<\/p>
JS Heart Health supports the placement of students and trainees at JS Heart Health and these students and trainees may have access to your personal information for the purpose of the placement. Students and trainees on placement at JS Heart Health are required to comply with the GDPR (or other relevant privacy legislation) and our Privacy Policy.<\/p>
We may provide information about your condition to your spouse or partner, parent, child, other relatives, close personal friends, guardians, or a person exercising your power of attorney under an enduring power of attorney or who you have appointed your enduring guardian, unless you tell us that you do not wish us to disclose your personal information to any such person.<\/p>
In order to provide the best possible environment in which to treat you, we may also use your personal information where necessary for:
activities such as quality assurance processes, accreditation, audits, risk and claims management, patient experience and satisfaction surveys and staff education and training;
invoicing, billing and account management, including storage of provider details on JS Heart Health billing systems, transmission to Insurers and processing by billing companies.
the purpose of complying with any applicable laws \u2013 for example, in response to a subpoena or compulsory reporting to State authorities (for example, National Cancer Registry);
the purpose of sending you standard reminders, for example for appointments and follow-up care, by text message or email to the number or address which you have provided to us; and
we may anonymise or aggregate the personal information that we collect for the purpose of service management; monitoring, planning and development.
To identify patients that might be suitable for clinical trials\/research. Any participation in a trial or research study will require your consent.<\/p>
With your consent we may also use your information for other purposes such as including sharing your information with your insurance company and research.
Other non-patient specific examples:.<\/p>
JS Heart Health may provide, or allow access to, personal information to contractors engaged to provide professional services to JS Heart Health (e.g. Information Communication Technology providers) or to contractors to whom aspects of our services are outsourced. Where we outsource any of our services or hire contractors to perform professional services this will be done as part of a Service Provider Agreement which contains a Data sharing component that complies with the GDPR and where applicable our Privacy Policy.<\/p>
JS Heart Health collects personal information from health professionals seeking accreditation and submitting to the credentialing process. Personal information provided by health professionals in this context is collected, used, stored and disclosed by JS Heart Health for the purposes of fulfilling its obligations in connection with the accreditation sought.<\/p>
JS Heart Health collects personal information of job applicants who have responded to an advertised position for the primary purpose of assessing and (if successful) engaging applicants. The purpose for which JS Heart Health uses personal information of job applicants includes:
managing the individual\u2019s employment, engagement or placement;
insurance purposes; and
ensuring that it holds relevant contact information.<\/p>
JS Heart Health collect personal information of students or trainees on placement for the primary purposes of providing the placement and facilitating assessment. The purposes for which JS Heart Health uses personal information of students or trainees include:
managing the individual\u2019s placement;
ensuring the quality and safety of clinical care provided to JS Heart Health patients;
insurance purposes;
ensuring that it holds relevant contact information; and
satisfying its legal obligations including obligations under any placement agreement.<\/p>
JS Heart Health may offer opportunities for health practitioners to participate in educational events or seminars for the purpose of continuing professional development or community engagement. When you register for or attend an event, JS Heart Health may collect your personal information for the purpose of providing the service and recording your attendance.<\/p>
You have a right to have access to the personal information that we hold about you (for patients, this includes health information contained in your health record). You can also request an amendment to personal information that we hold about you should you believe that it contains inaccurate information. The request will be reviewed with the relevant parties.<\/p>
JS Heart Health will take reasonable steps to ensure that your personal information which we may collect, use or disclose is accurate, complete and up-to-date.<\/p>
JS Heart Health will take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. We use technologies and processes such as access control procedures, network firewalls, encryption and physical security to protect your privacy.<\/p>
A personal data breach means a breach of security that has led to the accidental or unlawful disclosure, alteration, loss or destruction of personal data. If a data breech poses any risk to a patient(s) right to privacy JS Heart Health will report this to the DPC. If the risk to a patients right to privacy is high and measures to eliminate this risk cannot be implemented the patient will be promptly informed. The data controller will keep a log of all personal data breeches, whether or not they need to be reported.<\/p>
JS Heart Health may enter into arrangements with third parties to store data we collect or to access the data to provide services (such as data processing), and such data may include personal information, outside of the EEA. JS Heart Health will take reasonable steps to ensure that the third parties do not breach the GDPR requirements. The steps JS Heart Health will take may include ensuring the third party is bound by privacy protection obligations which are the same (or substantially the same) as those which bind JS Heart Health and requiring that the third party has information security measures in place which are of an acceptable standard and approved by JS Heart Health.<\/p>3. HOW TO CONTACT JS HEART HEALTH about privacy issues<\/b><\/h4>
If you have questions or comments about this Privacy Policy, you can contact us:
By letter: JS Heart Health, Suite 11, St. Vincent\u2019s Private Hospital, Merrion Road, Dublin 4<\/p>