Practice Name: Millbrae Surgery (hereinafter called "the Practice")
Practice Address: Pound St, Glebe, Stranorlar, Co. Donegal F93 A34A
Practice Phone Number: 0749131023
Data Controllers: Drs Denis McCauley, Sally Mullen, Ciaran Ó'Fearraigh and Rachel Boner
Lead for Data Protection: Caroline McCabe
Practice Privacy Statement
The Practice wants to ensure the highest standard of medical care for our patients. We understand that a General Practice is a trusted community governed by an ethic of privacy and confidentiality. Our approach is consistent with the Medical Council guidelines and the privacy principles of the Data Protection Regulations. It is not possible to undertake medical care without collecting and processing personal data and data concerning health. In fact, to do so would be in breach of the Medical Council’s ‘Guide to Professional Conduct and Ethics for Doctors’. This statement is about advising you of our policies and practices on dealing with your medical information.
Legal Basis for Processing Your Data
The Practice has voluntarily signed up for the ICGP Data Protection Guideline for GPs. The processing of personal data in general practice is necessary in order to protect the vital interests of the patient and for the provision of health care and public health. You can access the Guideline at http://www.icgp.ie/data. In most circumstances we hold your data until 8 years after your death or 8 years since your last contact with the practice. There are exceptions to this rule and these are described in the Guideline referenced above.
Managing Your Information
In order to provide for your care here we need to collect and keep information about you and your health on our records.
We retain your information securely.
We will only ask for and keep information that is necessary. We will attempt to keep it as accurate and up to-date as possible. We will explain the need for any information we ask for if you are not sure why it is needed.
We ask you to inform us about any relevant changes that we should know about. This would include such things as any new treatments or investigations being carried out that we are not aware of. Please also inform us of change of address and phone numbers.
All persons in the practice (not already covered by a professional confidentiality code) sign a confidentiality agreement that explicitly makes clear their duties in relation to personal health information and the consequences of breaching that duty.
Access to patient records is regulated to ensure that they are used only to the extent necessary to enable the secretary or manager to perform their tasks for the proper functioning of the practice. In this regard, patients should understand that practice staff may have access to their records for:
Identifying and printing repeat prescriptions for patients. These are then reviewed and signed by the GP.
Generating a sickness certificate for the patient. This is then checked and signed by the GP.
Typing referral letters to hospital consultants or allied health professionals such as physiotherapists, occupational therapists, psychologists and dieticians.
Opening letters from hospitals and consultants. The letters could be appended to a patient’s paper file or scanned into their electronic patient record.
Scanning clinical letters, radiology reports and any other documents not available in electronic format.
Downloading laboratory results and Out of Hours Coop reports and performing integration of these results into the electronic patient record.
Photocopying or printing documents for referral to consultants, attendance at an antenatal clinic or when a patient is changing GP.
Checking for a patient if a hospital or consultant letter is back or if a laboratory or radiology result is back, in order to schedule a conversation with the GP.
When a patient makes contact with a practice, checking if they are due for any preventative services, such as vaccination, ante natal visit, contraceptive pill check, cervical smear test, etc.
Handling, printing, photocopying and postage of medico legal and life assurance reports, and of associated documents.
Sending and receiving information via Healthmail, secure clinical email.
And other activities related to the support of medical care appropriate for practice support staff.
Disclosure of Information to Other Health and Social Care Professionals
We may need to pass some of this information to other health and social care professionals in order to provide you with the treatment and services you need. Only the relevant part of your record will be released. These other professionals are also legally bound to treat your information with the same duty of care and confidentiality that we do.
Disclosures Required or Permitted Under Law
The law provides that in certain instances personal information (including health information) can be disclosed, for example, in the case of infectious diseases.
Disclosure of information to Employers, Insurance Companies and Solicitors:
In general, work related Medical Certificates from your GP will only provide a confirmation that you are unfit for work with an indication of when you will be fit to resume work. Where it is considered necessary to provide additional information we will discuss that with you. However, Department of Social Protection sickness certs for work must include the medical reason you are unfit to work.
In the case of disclosures to insurance companies or requests made by solicitors for your records we will only release the information with your signed consent.
Use of Information for Training, Teaching and Quality Assurance
It is usual for GPs to discuss patient case histories as part of their continuing medical education or for the purpose of training GPs and/or medical students. In these situations the identity of the patient concerned will not be revealed.
In other situations, however, it may be beneficial for other doctors within the practice to be aware of patients with particular conditions and in such cases this practice would only communicate the information necessary to provide the highest level of care to the patient.
Our practice is involved in the training of GPs and is attached to a General Practice Training Programme. As part of this programme GP Registrars will work in the practice and may be involved in your care
Use of Information for Clinical Audit
It is usual for patient information to be used for clinical audit in order to improve services and standards of practice. GPs on the specialist register of the Medical Council are required to perform yearly clinical audits. Information used for such purposes is done in an anonymised or pseudonymised manner with all personal identifying information removed.
If it were proposed to use your information in a way where it would not be anonymous or the Practice was involved in external research we would discuss this further with you before we proceeded and seek your written informed consent. Please remember that the quality of the patient service provided can only be maintained and improved by training, teaching, audit and research.
Your Right of Access to Your Health Information
You have the right of access to all the personal information held about you by this practice. If you wish to see your records, in most cases the quickest way is to discuss this with your doctor who will review the information in the record with you. You can make a formal written access request to the practice and receive a copy of your medical records. These will be provided to you within thirty days, without cost.
Transferring to Another Practice
If you decide at any time and for whatever reason to transfer to another practice we will facilitate that decision by making available to your new doctor a copy of your records on receipt of your signed consent from your new doctor. For medico-legal reasons we will also retain a copy of your records in this practice for an appropriate period of time which may exceed eight years.
You have other rights under data protection regulations in relation to transfer of data to a third country, the right to rectification or erasure, restriction of processing, objection to processing and data portability. Further information on these rights in the context of general practice is described in the Guideline available at http://www.icgp.ie/data. You also have the right to lodge a complaint with the Data Protection Commissioner.
We hope this statement has explained any issues that may arise. If you have any questions, please speak to the practice manager or your doctor.
Website Privacy Notice
This Website Privacy Notice governs the manner in which the Practice [the Data Controller(s) are listed above] collects, uses, maintains and discloses information collected from users (each, a “User”) of this website (“Site”). Practice Ally Ltd (trading as GP Practice Ally) is employed by the Practice to be the Data Processor of this information via this website (you can read their Privacy Notice here). GP Practice Ally does not control any of the data collected by the Site. This Website Privacy Notice applies only to the Site and all services offered online by the Site.
While every effort is made to ensure the Site remains up to date, information on this website is for use as a general guide only, and is subject to change at any time. Please contact the practice if you require further information.
Each time any visitor uses the Site, we may collect one or both of two different types of information.
Non-individual specific statistics: The first type of information is statistical and analytical information collected on a non-individual specific basis about visitors to our website. We gather general information about how many visitors use the website, how many visitors return to the website, what pages they visit etc. This information lets us monitor traffic on the website so that we can manage its capacity, efficiency, design and content. It helps us to understand website traffic patterns and to know, for example, which parts of the website are the most popular/useful.
Personal information: The second type is information which is personal or particular to a specific visitor. This information is collected by specific request so you will be fully aware when you are providing this information to us. This might arise when you book an appointment online/email us etc.
Web browser cookies
How we use collected information
The Practice collects and uses Users' personal information for the following purposes:
To administer services: We will use the information submitted via our various online service features to deliver the requested services where possible;
To send emails or SMS messages, where consent has been provided;
To personalise user experience: We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site;
To improve our Site: We continually strive to improve our website offerings based on the information and feedback we receive from you;
To improve customer service: Your information helps us to more effectively respond to your pa service requests and support needs.
The email address Users provide will only be used to respond to their enquiries, and/or other requests or questions.
How we protect your information
While we adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access to your personal information, the Practice cannot guarantee the security of your personal information transmitted via our Site. Transmission of your personal information is at your own risk. Once we receive your personal information, we will use appropriate security measures to seek to prevent unauthorised access or disclosure.
Sharing your personal information
We do not sell, trade, or rent Users personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above. We may use third party service providers to help us operate our business and the Site or administer activities on our behalf, such as sending out newsletters or surveys. We may share your information with these third parties for those limited purposes provided that you have given us your permission.
Third party websites
Users may find content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website’s own terms and policies.
Changes to this Privacy Notice
The Practice has the discretion to update this Privacy Notice at any time. When we do, we will revise the updated date at the bottom of this page. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this Privacy Notice periodically and become aware of modifications.
Last Updated: 21/02/2023