What impact will GDPR have on our practice?

The General Data Protection Regulation (GDPR) is an EU regulation intended to unify and strengthen data protection for European citizens. GDPR comes into effect on May 25, 2018. It will replace the existing Data Protection Acts 1998 and 2003.

Elmwood Medical Practice wants to ensure the highest standard of medical care for our patients. We understand that confidentiality is a fundamental principle of medical ethics and is central to the trust between patients and doctors. The privacy practices we adopt in our practice are in line with the Medical Council guidelines, the privacy principles of Data Protection legislation.

Elmwood Medical Practice reserves the right to amend this policy at any time, at its discretion. You are encouraged to review this policy from time to time. We will notify you of changes to this policy where we are required to do so.


What information do we collect about you?

When you attend or register with us as a patient, we collect the personal details specified in the patient registration form. With your prior knowledge and consent, we may take up copies of your medical records from a previous GP etc. Your GP is also likely to receive updates from other health professionals, hospitals etc involved in your treatment and care.


Why do we collect this information?

We collect this information to provide appropriate treatment and services to you and to ensure your continuity of care and patient safety. We also collect information when required to by law.


On what basis do we process this information?

Your personal information is mostly collected directly from you and processed by us with your knowledge and express consent. You may withdraw your consent to the processing of your personal information at any time. Sometimes, we need to process your personal information to fulfil a legal contract between you and Elmwood Medical Practice. For example, we will process your laser / credit card details in order to take payment etc.

Sometimes, your personal information may be processed in accordance with Elmwood Medical Practice legal obligations, e.g. mandatory reporting obligations in relation to infectious diseases etc.


Who will we share your information with?

We may share your information with other healthcare professionals and third party service providers e.g. laboratories when it is necessary and appropriate for your treatment and care.


How long do we keep hold of your information?

We retain records in accordance with the National Hospitals Office (NHO) Code of Practice for Healthcare Records Management which can be viewed at www.hse.ie.


Data Protection Office

Elmwood Medical Practice registered Data Protection Officer is Elaine Drinan & Ciara Burke. Any queries, concerns or requests to exercise your rights under Data Protection legislation may be addressed to Elaine Drinan or Ciara Burke at supervisor@elmwood.ie

Under Data Protection legislation, you have the right to:

Withdraw consent to the processing of your personal information.
Note: If you withdraw consent, we may not be able to continue to provide treatment and services to you. We will talk to you about the possible consequences of withdrawing consent, if and when you let us know that you are thinking of this. The withdrawal of consent will not undermine the lawfulness of processing carried out prior to the withdrawal.

- Request to access the information we hold about you.

- Request the correction of inaccuracies in / erasure of the information held about you.

- Request the restriction of processing of the information we hold about you.

- Exercise your entitlement to data portability.

-Make a complaint to the Office of the Data Protection Commissioner of Ireland.

Please address any rights requests by email to supervisor@elmwood.ie


Our Website

Each time any visitor uses the Elmwood Medical Practice website, we may collect one or both of two different types of information.

Non-individual specific statistics
The first type of information is statistical and analytical information collected on a non-individual specific basis about visitors to the our website. We gather general information about how many visitors use the website, how many visitors return to the website, what pages they visit etc. This information lets us monitor traffic on the website so that we can manage its capacity, efficiency, design and content. It helps us to understand website traffic patterns and to know, for example, which parts of the website are the most popular / useful.

Personal information
The second type is information which is personal or particular to a specific visitor. This information is collected by specific request so you will be fully aware when you are providing this information to us. This might arise when you book an appointment online.

Security of information transmitted to our website
Elmwood Medical Practice cannot guarantee the security of your personal information transmitted to our website. Transmission of your personal information is at your own risk. Once we receive your personal information, we will use appropriate security measures to seek to prevent unauthorised access or disclosure.

External websites
Our website may contain links to and from other websites. Those websites have their own privacy policies and Elmwood Medical Practice does not accept any responsibility or liability for those policies. You are advised to check those policies before you submit any personal information to those websites.