Practice Privacy Statement, May 2018

We seek your consent to obtain and process personal data for the purpose of providing you with dental treatment safely and to the highest standards. This Statement is your guide to the principles of privacy and confidentiality that govern the collection, use, storage, disclosure and destruction of your personal data in this practice.

The Data Compliance Officer in this practice is Dr Ken Heritage.

It is important to obtain, use and store information about you, your general and your dental health in order to provide dental care efficiently and safely. This personal data includes:

  • Personal details such as your name, age/DOB, address, telephone numbers, email address
  • Your doctor and relevant Medical Consultant(s)
  • Your medical and dental history and dental charting, procedure notes.
  • X-rays, clinical photographs and study models
  • Information about proposed treatment, options, consent to treatment, treatment provided and its cost
  • Notes of conversations or incidents that might occur for which a record needs to be kept
  • Any correspondence with other healthcare professionals relating to you including agreed referrals to other healthcare professionals

Your personal information is stored on computer. This practice is registered with the Data Protection Commissioner.

We will regularly update your personal data, including your medical care, to keep it relevant. We ask that you please inform us of any significant changes, such as a change of address or other contact details, at your earliest convenience. It is important to know that the collection use or possible disclosure of this data may be crucial to our ability to safely provide you with the care you require; without your agreement to this process, it may not be possible to undertake treatment.

You have access to a copy of your personal data upon written request and the right to have data rectified if incorrect. We will collect only the minimum information required. It will not be shared with any other party unless the patient is referred, with consent, to another clinician. There is no automated decision making and all information is kept within the EU.

Personal data is kept for specified, explicit and lawful purposes

Your personal data is obtained, kept and used primarily for the purpose of providing you with healthcare efficiently and safely at all times. Staff within the practice will have access to the data on a ‘need to know’ basis to ensure you receive the highest standard of care. In the course of your care, members of the dental team may access your records.

  • To prepare for and to complete your dental care
  • To identify and print a prescription
  • To generate a work certificate
  • To type, if dictated or print a referral letter to another healthcare professional
  • To open correspondence or any other documents from other healthcare professionals
  • To print or photocopy your records if you instruct us to forward them to another healthcare professional
  • To collate, print, photocopy and post insurance or medico-legal reports.

It is practice policy to remind you of your appointment. This reminder is by phone call. We seek your consent to use your personal date for this purpose and advise you of your right to refuse to have your data used for this purpose. We are not involved in direct marketing.

Sharing of data with 3rd parties

We will share essential details only, required for your treatment with laboratories used in carrying out that treatment.

Personal data is only used and disclosed for the purpose of your care

All members of the dental team adhere to the practice’s Code on Confidentiality in compliance with the Data Protection Acts, 1988 and 2003, and the Dental Council’s Code of Practice relating to Professional Behaviour and Ethical Conduct, 2012).

Any disclosure of personal data, without your consent, can only be done for specified, legitimate reasons (8(a-h), Data Protection Act, 1988; Section 10, Dental Council’s Code of Practice relating to Professional Behaviour and Ethical Conduct, 2012).

Access to your personal data is on a ‘need-to-know’ basis. This prohibits the release of your information to a spouse, partner or family member without your explicit consent. A guardian or carer may have the right to access information in the case of vulnerable adults or this with diminished mental capacity. A parent or guardian will have access to your personal information if you are less than 16 years of age.

A copy of your dental records will be transferred to another practice or healthcare professional upon your written request – where possible this will be completed within one month.

Consent given by you must be freely given, specific, informed and unambiguous.

Your consent will be sought before the release of any data to other healthcare professionals and then only the relevant part of your records will be released. All healthcare professionals are required to treat your personal data to the same standard of privacy as outlined in this statement.

Your consent will be sought in the case of:

  • A report to dental insurance company
  • A medico-legal report
  • Any documentation relating to a “third party” Dental Scheme (e.g. PRSI scheme)

There are certain activities where patient information may be used but where the information is anonymised, eliminating patient identification:

  • Teaching
  • Continuing Professional Development; case studies are a very useful learning tool.
  • Quality Assurance/Internal audit; audit is a necessary tool in assessing and assuring the quality of your care
  • Research

If Dr Ken Heritage, should cease practice or should die while still a practicing dentist, the dental team will be guided by the Dental Council’s Code of Practice relating to Professional Behaviour and Ethical Conduct in informing you, safeguarding your personal data and ensuring continuity of care where possible,

Every effort is made to ensure disclosed personal data is accurate and transferred securely.

Personal data is kept safely

Dr Ken Heritage is responsible for data security in this practice.

Obtained personal data is accessed on a ‘need-to-know’ basis and thereafter, is stored securely:

  • There is no access for unauthorised persons to computers or computer monitors within the practice.
  • The dental team is trained in the secure use of email and the internet
  • The dental team is compliant with the practice’s security measures
  • The practice premises is locked and alarmed when unoccupied
  • The practice software is updated regularly and password protected
  • Software security is audited
  • All clinical, financial and administrative records are automatically backed up off-site daily. A contract for the security of off-site records in place between Dr Ken Heritage and Carestream Dental Ltd.

Personal data is kept accurate, complete and up-to-date

A staff member will review your personal information with you in a regular basis to ensure we hold accurate, high quality records for you.

Any changes to your personal details, your medical or dental status will be recorded in your records. We ask you to let us know of any changes in contact details at your earliest convenience.

Personal data is adequate, relevant and not excessive

Every effort is made to ensure that the information we collect and retain for you is in keeping with our aim to provide you with an efficient service and to care for you safely. We will explain the purpose of any information sought if you are not sure why.

Reporting data breaches

The Data Protection Commissioner will be informed immediately of any personal data breach within 72 hours, and such breach will also be reported to the individual concerned. Dr Ken Heritage is responsible for dealing with any incident where personal data has been put at risk of unauthorised disclosure, loss, destruction or alteration. Management of any breach incident will comply with the advice of the Data Protection Commissioner (Personal Data Security Breach Code of Practice).

Data Protection Impact Assessment

Any data processing changes will be subject to a Data protection impact assessment before implementation of any new processes, e.g. introduction of new software, digitising practices etc.

Your Rights

You are legally entitled to a photocopy of your personal data upon written request. As well as a right of access, you also have the right to have any inaccuracies in your data rectified and to have the data erased. (NOTE: The maximum fee for an access request is € ). You will be provided with a photocopy of an x-ray in response to an access request.

All written requests should be addressed to:

Dr Ken Heritage, Dental Practice, Knockroe, Castlerea, Co Roscommon.

Your request will be dealt with in a timely manner.

If you do not wish to have your personal data collected, used or disclosed as described in this Statement please discuss this matter with Dr Ken Heritage. It is important to know that the collection, use or possible disclosure of this data may be crucial to our ability to safely provide you with the care you require. Without your agreement to this process, it may not be possible to undertake treatment.

Co. Roscommon,
F45 HV20,
Tel: (094) 962 0255
Fax: (094) 962 0255