Practice policy · GDPR

Privacy statement.

How we collect, store and safeguard your personal and health information at Bellview Clinics.

Data Controller: Dr Neil Healy, Managing Partner of Bellview Clinics
Address: Bellview Clinic, Dublin Rd, Mullingar, Co. Westmeath, N91 EK7R
Website: bellviewclinics.ie / bellviewclinics.com

Bellview Clinic wants to ensure the highest standard of medical care for our patients. We understand that a medical practice is a trusted group governed by an ethic of privacy and confidentiality. Our policies are in line with the Medical Council guidelines and the privacy principles of the Data Protection Legislation.

Processing your data

The processing of personal data in general practice is necessary to protect the interests of the patient and the provision of healthcare and public health. Under the General Data Protection Regulation (GDPR), our lawful basis for processing standard personal data (Article 6) relies on legal obligation and legitimate interests. For the processing of special category, sensitive health data (Article 9), our lawful basis is the provision of healthcare treatment.

Managing your information

  • To provide for your medical care, we need to collect and store information about you and your health on our records.
  • This information may include your name, address, DOB, phone number, marital status, PPSN, nationality, medical card number, family history, previous medical history, ethnic background, current lifestyle, and next of kin / emergency contact details.
  • A signed registration form is necessary to gather your information. We use this data to communicate with you in the interests of your own healthcare.
  • We will not forward this information to anyone without your expressed consent.
  • We require your consent to send you appointment reminders, test results, and to communicate with you regarding services in your best interest — e.g. ECGs, flu vaccines, and preventative medical assessments.
  • We securely retain your information in digital format.
  • We do not transfer data outside the European Economic Area (EEA).
  • Patients must inform the practice if any information held on file changes so we can update our system.
  • In some circumstances (e.g. non-attendance for a long period) we will archive your file on a separate secure database.
  • Patient records are only used to the extent necessary to enable clinicians and administration staff to perform their tasks for the proper functioning of the practice.

Examples of staff access include: identification, generating Social Welfare certificates, typing referral letters, scanning clinical letters/reports/results, handling patient feedback, downloading laboratory and hospital results, antenatal correspondence, checking preventative service eligibility, and completing medicolegal or life-assurance reports.

Safeguarding information

The practice is committed to safeguarding against accidental disclosures of confidential patient information. Before disclosing identifiable information, the practice will:

  • Take into consideration Freedom of Information and Data Protection principles.
  • Be clear about the purpose for disclosure.
  • Have the patient's consent for third-party requests.
  • Consider using anonymised information and be certain if it is necessary to use identifiable information.
  • Disclose the minimum information to the minimum number of people necessary.
  • Be satisfied that the recipient is aware the information is confidential and that they have their own duty of confidentiality.

Consent for minors

Where we gather personal information of a minor (a person under 18), we require the consent or attendance of a parent or guardian, and can only acquire and store this data with their permission and the awareness of the minor.

The Non-Fatal Offences Against the Person Act 1997 (Section 23) provides that a minor who has reached 16 can give consent to medical treatment and/or processing of their medical data.

Where parents are unable to provide consent, another responsible adult (e.g. school principal, social worker, Gardaí, or relative over 18) will be consulted to ensure any processing is done in the vital interests of the minor. Where possible, the minor will be made aware of the processing activity and its purposes.

Disclosures required or permitted under law

  • Infectious diseases: under the Health Act 1947 and 1953 (and 2016 amendment regulations), we are obliged to report notifiable diseases such as Lyme and measles. A full list is available at hpsc.ie/notifiablediseases.
  • Work-related medical certificates: these will only confirm you are unfit for work with an estimated return date. Social Welfare Certificates of Incapacity must include the medical reason.
  • Disclosures to insurance companies or solicitors: records will only be released with your consent.

Data retention periods

Our data retention policies adhere to the Data Protection Legislation including Article 5 of the GDPR (effective 25 May 2018).

In alignment with standards established by the Irish College of General Practitioners (ICGP) and the HSE, standard adult medical records (including copies retained when a patient transfers) are retained on our secure electronic system for 8 years after the date of last contact.

Anonymised information for training, teaching, research & audit

To provide the highest quality of care, clinical staff may access clinical information for training, audit, or consultation. This may include patient case histories or specific conditions — in such cases we only communicate the necessary information.

Our practice is involved with clinical training programmes and is affiliated with University Clinical Schools and the Irish College of General Practitioners. When GP audits are carried out, all patient identifying information is removed.

Your rights

  • Right to correction / rectification: if you feel personal information has been recorded inaccurately, you have the right to request a correction.
  • Right of access: you have the right to access the information held on your patient record at any time. The quickest way is to discuss with your doctor. Formal requests to the practice are dealt with within 30 days.

Transferring files to another practice

If a patient decides to transfer their medical care to another practice, we will facilitate that decision by making the file available to their new doctor. We require signed consent from your new doctor. We retain a copy of your file in an archived database for an appropriate period, which may exceed eight years.

CCTV

Our practices are monitored by CCTV cameras and backup systems for the purpose of preventing security breaches. As a member of the public your image will be captured; however, the practice will only disclose such footage to other parties where it is necessary to investigate a break-in or any other unauthorised access to our buildings.

Feedback

If you have any feedback in relation to this subject, please email info@bellviewclinic.ie with your details marked for the attention of the Data Protection Officer.