Practice Privacy and Confidentiality Policy
Oran Medical Centre wants to ensure the highest standard of medical care for our patients. We understand that confidentiality is a fundamental principle of medical ethics and is central to the trust between patients and doctors. The privacy practices we adopt in our practice are in line with the Medical Council guidelines, the privacy principles of Data Protection legislation. We see our patients’ consent as being the key factor in dealing with their health information. This statement is about making consent meaningful by advising you of our policies and practices on dealing with your medical information.
Here in Oran Medical Centre, we have set out a summary of this policy in our Data Protection Patient Information Leaflet.
Managing your information
· In order to provide for patient, care we need to collect and keep information about patients and their health on our records.
· We commit to retaining patient information securely.
· We will only ask for and keep information that is necessary. We will attempt to keep it as accurate and up to date as possible. We will explain the need for any information we ask for if a patient is not sure why it is needed.
· We ask all patients to inform us about any relevant changes that we should know about. This would include such things as any new treatments or investigations being carried out that we are not aware of. Patients are asked to inform us of change of address and phone numbers.
· All persons in the practice (not already covered by a professional confidentiality code) sign a confidentiality agreement that explicitly makes clear their duties in relation to personal health information and the consequences of breaching that duty.
· Access to patient records is regulated to ensure that they are used only to the extent necessary to enable the employee in question, whether secretary, manager, or healthcare professional perform their tasks for the proper functioning of the practice. In this regard, patients should understand that practice staff may have access to their records for:
Ø Identifying and printing repeat prescriptions for patients. These are then reviewed and signed by the GP.
Ø Generating a social welfare certificate for the patient. This is then checked and signed by the GP.
Ø Typing referral letters to hospital consultants or allied health professional such as physiotherapists, occupational therapists, psychologists and dieticians.
Ø Opening letters from hospitals and consultants. The letters could be appended to a patient’s paper file or scanned into their electronic patient record.
Ø Scanning clinical letters, radiology reports and any other documents not available in electronic format.
Ø Downloading laboratory results and Out of Hours Coop reports and performing integration of these results into the electronic patient record.
Ø Photocopying or printing documents for referral to consultants, attending an antenatal clinic or when a patient is changing GP.
Ø Checking for a patient if a hospital or consultant letter is back or if a laboratory or radiology result is back, in order to schedule a conversation with the GP.
Ø When a patient makes contact with a practice, checking if they are due for any preventative services, such as vaccination, ante natal visit, contraceptive pill check, cervical smear tests, etc.
Ø Handling, printing, photocopying and postage of medico legal and life assurance reports, and of associated documents.
· The practice is committed to guarding against accidental disclosures of confidential patient information. Before disclosing identifiable information about patients, the practice will:
Ø Take into consideration Freedom of Information and Data Protection principles.
Ø Be clear about the purpose for disclosure.
Ø Have the patient’s consent or other legal basis for disclosing the information.
Ø Have considered using anonymised information and be certain it is necessary to use identifiable information.
Ø Be satisfied that we are disclosing the minimum information to the minimum amount of people necessary.
Ø Be satisfied that the intended recipient is aware the information is confidential and that they have their own duty of confidentiality.
Disclosure with consent
If a patient is capable of making their own decisions about their healthcare, we will get their consent before giving confidential information that identifies them to the patient’s relative’s close friends, or for research or to disease registers.
If the patient does not consent to disclosure of identifiable information, we will respect that decision except where failure to make the disclosure would put the patient or others at risk of serious harm or the disclosure is required by law or in the public interest as outline below.
Patients should understand and accept that their healthcare information must be shared within the healthcare team and with support staff to provide effective and safe care. If disclosure of a patient’s information within our practice or to other health care providers is necessary as part of a patient’s treatment and care, we will explain this to the patient and disclose the information to an appropriate person making sure they are aware of their duty of confidentiality. If a patient objects to the transfer of the information we deem necessary, we will explain to the patient that we cannot arrange referral or treatment without disclosing the information.
We recognise that clinical audit, quality assurance, education and training are essential for providing safe and effective healthcare. If we are providing patient information pursuant to of any of these activities, we understand the information must be anonymised or coded before it is disclosed outside the healthcare team. If that is not possible, we will make sure a patient is told about the disclosure in advance and given the opportunity to object. We will respect a patient’s wishes in respect of the disclosure.
Disclosure without consent
In certain circumstances we will be required to disclose patient information by law or in the public interest. We will inform the patient in advance of such an intended disclosure, unless this would cause the patient serious harm or would undermine the purposes of the disclosure.
We will disclose patient information where required by law, for example, pursuant to a court order or infectious disease notification or if we hold a reasonable belief that a crime involving a sexual assault or other violence has been committed against a child or other vulnerable person. We may make a disclosure in the public interest to protect a patient, other identifiable people or the wider community. Before making such a disclosure the practice will be satisfied that the possible harm the disclosure may cause to the patient is outweighed by the benefits that are likely to arise for the patient or others. The disclosure will be limited to the minimum information and minimum number of people necessary.
If a patient lacks capacity to give consent and is unlikely to regain capacity, we may consider making a disclosure only if it is in the best interests of the patient.
As a general rule where possible we will always tell the patient in advance that we are disclosing information without the patient’s consent and why the GP is doing so, unless to do so would put the patient or third party at risk of serious harm.
Request for records from a patient or third party before and after death of a patient.
If the practice receives a request from a patient to release a copy of a patient’s records, we will consider carefully the obligation to remove all references to third parties.
In the case of requests for disclosures to insurance companies or requests made by solicitors for a patient’s records we will only release the information with the patient’s signed and informed consent, having ensured that the patient understands in advance the extent of the intended disclosure.
We are aware that patient information remains confidential even after death. If it is not clear if a patient consented to the disclosure of information after death, we would consider how the disclosure might benefit or cause distress to the family or carers, the effect of disclosure on the reputation of the deceased and the purpose of disclosure. We will require written consent to disclosure of a deceased’s patient’s records from the personal representative or executor of the deceased’s will. We are aware that a GP’s discretion may be limited if a disclosure of a patient’s records is required by law.
Medical reports
We will only prepare a medical report on a patient with a patient’s consent. A report will be specific to the episode for which the report has been requested. We understand that a medical report requested by a third party such as an employer, insurance company or legal representative must be factual, accurate and not misleading. We will seek to ensure that the patient understands the scope and purpose of the report and that the GP cannot omit relevant information. We will also seek to ensure the patient is aware of our duty of care to them and to the person/company from whom the report was requested. We will take the patient through the report before we release it, so the patient appreciates the extent of the information we are reporting upon.
Recordings
We are committed to ensuring that any audio, visual or photographic recordings of a patient or relative of a patient, in which the person is identifiable, should only be made with express consent of that person. The recordings will be kept confidential as a part of the patient’s record of consent. We will do all we reasonably can to protect confidentiality of the recording. We will get consent before sharing such videos, photos or other images of a patient.
We will only take images of patients on a GP’s personal mobile device when necessary for the patient’s care. Such images will not identify a patient and shall only be kept for the minimum time necessary.
Medical certificates
In general, work-related Medical Certificates from a GP will only provide a confirmation that a patient is unfit for work with an indication of when the patient will be fit to resume work. Where it is considered necessary to provide additional information, we will discuss that with the patient. However, Social Welfare Certificates of Incapacity for work must include the medical reason the patient is unfit to work.
Your Data Protection rights.
Under Data Protection legislation, you have the right to:
• Withdraw consent to the processing of your personal information.
[Note: If you withdraw consent, we may not be able to continue to provide treatment and services to you. We will talk to you about the possible consequences of withdrawing consent, if and when you let us know that you are thinking of this. The withdrawal of consent will not undermine the lawfulness of processing carried out prior to the withdrawal.]
• Request to access the information we hold about you
• Request the correction of inaccuracies in / erasure of the information held about you
• Request the restriction of processing of the information we hold about you
• Exercise your entitlement to data portability
• Make a complaint to the Office of the Data Protection Commissioner of Ireland
Please address any rights requests by email to reception@oranmedical.com
Oran Medical Centre registered Data Protection Officer is Dr Martina Brennan Any queries, concerns, or requests to exercise your rights under Data Protection legislation may be addressed to Dr Martina Brennan at reception@oranmedical.com
Transferring to another practice
If you decide at any time and for whatever reason to transfer to another practice, we will facilitate that decision by making available to your new doctor a copy of your records on receipt of your signed consent from your new doctor. For medico-legal reasons we will also retain a copy of your records in this practice for an appropriate period which may exceed eight years.