Royal Victoria Eye & Ear Hospital (hereafter referred to as ‘RVEEH’ or the ‘Hospital’) takes the safety, security and accuracy of your personal information very seriously and is committed to ensuring the Hospital observes due diligence in maintaining the privacy and confidentiality of your personal information.RVEEH, as a HSE publicly funded institution, is obligated to comply with the accountability requirements outlined under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. This legal framework ensures that RVEEH handles your personal information (including but not limited to patient health information) in a manner consistent with regulatory requirements.
This Online Privacy Statement describes how RVEEH handles personal information, thereby giving you the data subject a better and more complete understanding regarding the types of personal information that RVEEH holds about you and how RVEEH handles such information.
- Article 6(1)(c) “Processing is necessary for compliance with a legal obligation to which the Hospital as a Controller of personal data is subject” e.g., compliance with the Health Act, Health and Safety Act, Children First Act etc.
- Article 6(1)(b) GDPR “processing necessary for performance of contract” with the data subject (e.g. in the case of private patients) or Article 6(1)(e) – ‘processing is necessary for the performance of a task carried out in the public interest (e.g. in the event of a pandemic) or in the exercise of official authority vested in the Hospital as Controller, or Article 6(1)(f) – processing is necessary for the purposes of legitimate interests (e.g. improving patient care).
- Article 9(2)(h) GDPR– ‘processing is necessary for the purpose of preventative…medicine…the provision of health or social care or treatment or the management of health or social care systems and service…’ or Article 9(2)(i) – ‘processing is necessary for reasons of public interest in the area of public health, such as…ensuring high standards of quality and safety of health care…’
- Data Protection Act 2018, Section 52(1) (a) – ‘for the purposes of preventative or occupational medicine’, Section 52(1) (d) ‘for the provision of medical care, treatment or social care’ and/or Section 52(1) (e) ‘for the management of health or social care systems and services’ which allows patient information to be used for clinical audit provided that appropriate measures are taken to safeguard the fundamental rights of patients, staff, and visitors.
- Data Protection Act 2018, Section 53(b) – ‘ensuring high standards of quality and safety of health care…’
This includes but may not be limited to;
- Name, Contact Details, Date of Birth, Details of your GP, Details of Next of Kin, etc;
- Where required, we may collect information regarding your family history, ethnic background (where appropriate) or your current lifestyle to assist the health care team in diagnosing and treating your condition;
- For Health insurance purposes, we will collect your financial details, if you have health insurance and wish to avail of private patient care;
- Image data which includes CCTV footage;
- Clinical information which includes x-rays, diagnosis, treatments, prescriptions, procedures, notes and reports about your health etc.;
- Information about those who care for you and know you well e.g. family members, health care professionals etc.
At RVEEH, we will only collect and process personal information from you that is reasonably necessary to provide you where appropriate with effective patient care as well as administrative and internal business purposes related to your attendance at RVEEH. Often this may include collecting information about your health history. We will usually collect your health information directly from you. Sometimes, we may need to collect information about you from a third party (such as a relative or another health service provider).We will use your personal information in the following ways;
- To assist in making the right decision regarding your care and ensure that your treatment is appropriate, safe and effective,
- To collaboratively work with colleagues and partners in other organisations who may be involved in your care,
- To support the health of the general public,
- To carry out period review of healthcare we provide to you. This is known as an audit and is aimed at provided to improve service quality and ensure future service needs are met,
- As an academic institution, we may use your information to train healthcare professionals e.g. Junior Doctors, Nurses, Researchers etc.
- To provide reports to external agencies as required
- To facilitate and assist health research. In keeping with requirements under the Health Research Regulation, where you consent to your personal data being used for health research, the Hospital undertake to protect your personal information by either pseudonymising (this means partly de-identifying your personal information before it is used or shared) or anonymising (removing all traces of personally identifiable information before it is used or shared. Where this is not possible you will be asked to give your consent before your personal information is used).
As a rule, RVEEH will only use your personal information for the primary purpose for which you have disclosed it to us, unless one of the following applies:
A secondary purpose for processing has arisen and its related to the primary purpose for which you disclosed your personal information to us. For example, we may need to disclose your personal data to other health or public bodies,
You have given us consent to use your personal data for another purpose, e.g. health research,
RVEEH is required or authorised by Union or member state law to disclose your personal data,
Personal data disclosure by RVEEH will prevent or lessen a serious and/or impending threat to life, health or safety of an individual or the public at large (e.g. prevent outbreak of disease),
Personal data disclosure is necessary for the investigation or prevention of crime,
Related secondary purposes may include but not limited to:
- Disclosure of your personal data among health professionals to facilitate effective provision of treatment;
- Recruitment and selection;
- Assessment for provision of health care services;
- Disclosure to your GP (where required) is in accordance with international norms and long-standing medical practice and is intended to inform your doctor of information that may be relevant to any ongoing care or treatment provided by them. If your nominated general practitioner has changed or your general practitioner’s contact details have changed following a previous admission, you must inform the Hospital as soon as possible;
- Other health service providers may require access to a copy of your record. The Hospital may need to provide information about your health records to another medical practitioner or health facility outside RVEEH without your consent in the event of an emergency where your life or health is at risk,
- Relatives, guardian, close friends or legal representative. The Hospital may provide information about your condition to your spouse or partner, parent, child, other relatives, close personal friends, guardians, or a person exercising your power of attorney under an enduring power of attorney or who you have appointed your enduring guardian, unless you tell us that you do not wish us to disclose your personal information to any such person.
Other RVEEH Healthcare Group entities – RVEEH may share your personal information amongst its other Group Hospital’s listed below. For example, this may occur where you are transferred between any of RVEEH’s Healthcare Group hospitals or to coordinate your care. The hospitals include;
- St Vincent’s University Hospital;
- Mater Hospital;
- James’s Hospital;
- Primary Care Centres in the Ireland East catchment area.
Other secondary uses may include review of quality assurance processes, accreditation, audits, risk and claims management, patient experience and satisfaction surveys, staff education and training, invoicing, billing and account management, including storage of provider details on RVEEH billing software. We may also send you standard reminders, for example for appointments and follow-up care, either by text message or email to the contact number or address which you have provided to us.
Where required, we may anonymise or aggregate the personal information that we collect for the purpose of service management; monitoring, planning and development.
Where processing is required for the purpose of health research, we undertake to comply with requirements defined under the Health Research Regulation. Any participation in a trial or research study will require your consent unless such research is public interest based.
As a data subject (i.e. someone about whom personal data relates), you have been conferred with specific rights with regards to your personal information. These are;
- The right to establish whether RVEEH stores or holds information about you;
- The right to access your personal data;
- The right to rectification of your personal data where inaccuracies exist;
- The right to erasure of your personal data under certain conditions;
- The right to data portability;
- The right to object to processing of your personal data;
- The right to restrict processing of your personal data;
- Rights in relation to automated decision making, including profiling.
If you want to know what personal data RVEEH has about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). The process for requesting access to a copy of your personal information is known as a “subject access request”.All subject access requests should be made in writing and sent to the email or postal addresses shown in the Contact Us section. The Hospital shall endeavour to respond to your subject access request within the one month defined response threshold. As a default rule, we aim to fully respond to your request including providing you with a copy of your personal data within that timeframe. In some cases, the response may take longer, particularly if the nature of your request is more complex, more time may be required. Response to complex access requests may take a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs.
21 Fitzwilliam Square South,
D02 RD28.By Email: firstname.lastname@example.orgOnline: https://forms.dataprotection.ie/contact.
By Telephone: +353 (0761) 104 800
|Method of Communication||To Access Your Information||To Lodge a Complaint||Data Protection Officer|
|Post||Patient Services Department||Quality and Safety Department||Data Protection Officer|
|Royal Victoria Eye & Ear Hospital||Royal Victoria Eye & Ear Hospital||Royal Victoria Eye & Ear Hospital|
|Adelaide Road||Adelaide Road||Adelaide Road|
|Dublin 2||Dublin 2||Dublin 2|
|D02 XK51||D02 XK51||D02 XK51|
|Telephone||+353 1 664 4600||+353 1 708 8549|
RVEEH reserves the right to amend this without notice to end users at any time, for any reason, and will signal a change by revising the “Last updated” date at the bottom of this page.This page was last updated on 12 November 2019.