Aut Even Patient Data Protection Notice
Who we are and how to contact us
Aut Even Hospital Limited (“Aut Even”) is the controller of the personal data of patients attending the hospital.
We can be contacted at:
Aut Even Hospital,
056 777 5275 / email@example.com
Aut Even’s Data Protection Officer can be contacted by post or phone at the above address, or by email at firstname.lastname@example.org
How your personal data is used and the legal basis for its processing
We process your personal data for medical purposes to provide healthcare services to you, on the basis of your contract with Aut Even or, for public patients being treated under the National Treatment Purchase Fund (NTPF) scheme or treated on behalf of the Health Service Executive (HSE) during the COVID-19 crisis, the performance by the HSE and NTPF of their functions and responsibilities under legislation. Medical purposes include medical diagnosis, treatment and further management, preventive medicine and the provision of healthcare services, including audit and quality improvement.
In general, your data may only be processed for medical research purposes on the basis of your informed and explicit consent. However, there are limited circumstances in which your data may be used for medical research or public health purposes without your consent. Examples would include our legal obligation to provide patient data to the National Cancer Registry, or the Health Protection Surveillance Centre.
Data collected about you
To provide treatment to you, Aut Even needs to process your medical records and related personal information, such as your address and other contact details.
How your personal data is collected
We obtain your personal data directly from you in the course of your diagnosis and treatment. We may also be provided with information necessary for your treatment by other healthcare providers, such as your GP or other hospitals which have been involved in your care and treatment.
How your personal data is disclosed
Your data will be provided as necessary for medical purposes to those involved in your treatment and care including, where applicable, other hospitals or your health insurer. Medical consultants practicing at Aut Even are independent medical practitioners and not employees of the hospital. The consultants are joint controllers with Aut Even of hospital medical records relating to their patients.
Your data may also be disclosed where required or authorised by law, for example, for medical research or public health purposes.
Aggregate anonymised statistics of public patients treated by Aut Even on behalf of the HSE during the COVID-19 crisis are provided to the NTPF, but it receives no specific details about individual patients.
Aut Even may from time to time use service providers located outside of the European Union to process patient data. When this is done, at least one of the following safeguards to protect your personal data to a similar level as within Europe will be applied, i.e.:
- We will use service providers located in countries which have been designated by the European Commission as having an adequate national standard of data protection, or;
- For transfers to the United States of America, our service providers may be registered under and have committed to adhering to the Privacy Shield Framework, or;
- We will require our service providers to adopt the standard data protection contract clauses pre-approved by the European Commission.
We will only retain your personal data for as long as is necessary to fulfil the medical purposes for which it is recorded, including any legal or regulatory requirements to maintain records.
Your Data Protection rights
- You have the right to be provided on request with a copy of your personal data. For requests for health related data, we are obliged to consult with the appropriate health practitioner (normally, your treating clinician) to ensure providing the data to you will not result in serious harm to your physical or mental health.
- You have the right to rectification of inaccurate data we may have recorded about you.
- You have the right to the erasure of your data (“right to be forgotten”) which we no longer have justification for recording.
- You have the right to object to processing of your data which is being done by Aut Even on the basis of its legitimate interests.
- You have the right to restrict the processing of your personal data when:
- the basis for its processing is in dispute;
- its accuracy is in dispute;
- we cannot establish a lawful basis for its processing, but you do not wish it to be erased;
- we no longer need your data, but you need it for the establishment, exercise, or defence of legal claims;
- you object, where applicable, to our processing of your data on the basis of our legitimate interests, pending verification of whether your interests override ours.
- You have the right to be provided with a copy of your data in machine readable format, or to have it transferred directly to another data controller (“data portability”).
If you are not satisfied with our responses or are otherwise concerned with how we process your personal data, you also have the right to make a complaint to the Data Protection Commission