This Privacy Notice explains how your personal data is handled by the Brookhaven Healthcare Group. This notice applies to prospective residents, residents and visitors to Brookhaven Healthcare. Brookhaven Healthcare is the data controller in respect of the information that we process about you to provide healthcare services.
This notice explains what personal information we collect, hold and share in support of these purposes and your rights in respect of the data we hold about you. Your privacy is important to us, so if there is anything in this privacy notice that is unclear or you do not understand, please contact the Data Protection Officer at firstname.lastname@example.org
DATA PROTECTION PRINCIPLES
Under the General Data Protection Regulations (GDPR) all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that
- processing is fair, lawful and transparent
- data is collected for specific, explicit, and legitimate purposes
- data collected is adequate, relevant and limited to what is necessary for the purposes of processing
- data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
- data is not kept for longer than is necessary for its given purpose
- data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisational measures
DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
To support the delivery of appropriate care and treatment to you, to adhere to our contract of care with you and to meet certain legal requirements, Brookhaven Healthcare will collect, store, and use categories of personal information about you. This personal data may include the following:
- Pre-admission assessment details
- Information that you give us when you enquire or become a resident of Brookhaven Healthcare such as your name, address, contact details (including email address and phone number)
- Information you give us when you make a payment to us, such as financial or credit card information
- Interacting with us when you are a next of kin of one of our residents. The type of information we may collect includes your name; phone number; address; email address, and credit card details
- Information you give us when you sign the Visitors Book
- Individual assessment and care plans for all residents
- A recent photograph of all residents
- Resident’s name, address, date of birth, sex, and marital status
- Details of emergency contacts, including the name, address and telephone number of resident’s next of kin or of any person authorised to act on his/her behalf
- The name, address and telephone number of the resident’s GP and of any officer of the Health Service Executive whose duty it is to supervise his/her welfare
- The date the resident was first admitted to the residential home
- The date the resident was discharged
- Details of the resident’s transfer from the residential home, where applicable
- The name and address of any authority, organisation or other body, which arranged the resident’s admission to the residential home
- A record of the resident’s medical, nursing and psychiatric (where appropriate) condition at the time of admission
- Details of the resident’s care plan, in respect of medication, nursing care, specialist health care or nutrition
- Daily progress notes that provide a nursing record of the resident’s health and condition and treatment given
- Medication records of each drug and medicine administered to the resident
- A record of on-going medical assessment, treatment and care provided by the residential home and GP (these may include the initial Comprehensive Assessment Form, a copy of the ‘Fair Deal’ Care Needs Assessment, Dependency Assessments, Individual Assessments on specific needs, e.g. continence, falls and nutritional assessments
- A record of all the resident’s medical referrals and follow-up medical appointments
- A record of the resident’s decisions not to receive certain medical treatments or refused treatment
- A record of any accidents or incidents that may have happened to residents during their time in the residential home
- A record of any specialist communication needs of the resident
- A record of all money or other valuables deposited by the resident within the residential home.
- A record of any furniture brought by the resident to the residential home
- A copy of any correspondence to or from the residential home to residents in relation to their care, including a copy of the Contract of Care.
- A record of any complaints received from or about residents
Other records retained in relation to your personal information include:
- Financial information in relation to the ‘Fair Deal’ contribution and any additional fees payable under the Contract of Care or where Brookhaven Healthcare has been appointed as a pension agent for a resident. This may include bank details, individual statements and invoices for care services provided
- Notification forms that Brookhaven Healthcare is required to send to HIQA
- Risk assessments
- Images stored on the CCTV systems in use at our facilities for safety and security purposes
We may also process some kinds of more sensitive information about you that is classed as ‘special category’ data, and which receives additional protections under law, and in terms of our processing of it. This includes data about:
- health, medical conditions or disabilities
- religion or beliefs
- political opinions
- sexual orientation
- Biometric data
OUR LAWFUL BASIS FOR USES OF YOUR DATA
Under data protection laws we must have a legitimate and lawful basis for processing your personal data. The lawful basis for the processing of much of the data listed above is based on legal requirements and our contract obligations with you.
Where we have a specific legal obligation that requires the processing of personal data, the legal basis is:
Article 6(1)(c) – processing is necessary for compliance with a legal obligation to which the controller is subject.
Where we process your data to perform our contract obligations the legal basis is:
Article 6(1)(b) of the GDPR – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Where we process special categories data the condition is: Article 9 (2)(h) – Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services.
Where relevant we may process your personal information to look after your vital interests in the event of an emergency.
Where we rely on consent as the lawful basis this requires a very clear and specific statement of consent for your personal data to be processed for a specific purpose with a positive opt-in.
You have the right to refuse/withdraw consent to information processing at any time.
Brookhaven Healthcare uses your personal information in the following ways:
- To process your enquiry about Brookhaven Healthcare Services
- To assist when doing a Pre-Admission Assessment
- To provide information to all healthcare staff involved in your care about your wishes and care plans
- To provide information on areas for improvement of care within the organisation through audits so that we can provide you with the best service possible
- To enable accurate billing and account processing
- To meet our legal and regulatory obligations
- To help inform decisions that we make about your care.
- To work effectively with other organisations who may be involved in your care
- To improve resident safety.
CHANGE OF PURPOSE
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, where this is required or permitted by law.
FAILURE TO PROVIDE PERSONAL INFORMATION
If you fail to provide certain information when requested, we may not be able to comply with contractual obligations and perform the contract we have entered with you or we may be prevented from complying with our legal obligations.
HOW PERSONAL INFORMATION IS COLLECTED
We collect personal information about you from:
- You directly during the pre- admission and admission process
- Your family members and/or next of kin or representative
- Your referring GP
- Other hospitals (where you are being admitted to one of our healthcare facilities from another hospital)
- Health and Social Care Professionals
WHO WE SHARE YOUR DATA WITH?
In order to ensure that our residents receive the best care we may share your data with:
- Ambulance Services
- Health professionals, independent consultants and other hospitals that require your personal data as part of the provision of medical treatment
- Regulatory bodies such as HIQA, the Health and Safety Authority and the HSE where we are obliged to make data available as required
- Outsourced service providers
- Health insurers to secure payment for your treatment where it is covered by your private health insurance policy
- Relevant personnel where we are under a duty to disclose or share your information in order to comply with any legal obligation or where we need to comply with our contractual duties to you
KEEPING YOUR INFORMATION UP TO DATE
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to those employees, contractors and other third parties on a strict need-to-know basis, i.e. who need the access in order to fulfil the tasks and duties relating to service provision. All service providers are permitted to process your personal data based on our instructions, they are subject to a duty of confidentiality, and they are required to be compliant and demonstrate compliance with Personal Data Protection.
Our IT systems are protected against unauthorised access with various level of controlled and password protected access rights.
Where personal records are kept in paper format these are stored securely with controlled access.
We have implemented procedures to deal with any actual or suspected data security breach and will notify you and any applicable authority about a breach where we are legally required to do so.
RETENTION OF YOUR DATA
We only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Under certain circumstances, you have the right to:
- Request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are collecting and using it lawfully.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to use it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground.
- Request the restriction of collecting and using your personal information. This enables you to ask us to suspend the usage of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the data portability of your personal information to another party.
- Right to lodge a complaint to supervisory authority.
- Right to withdraw consent. In circumstances where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.
You may exercise any of the above rights by emailing the Data Protection Officer at email@example.com or by post to Brookhaven Healthcare, Talbot Lodge, Kinsealy Lane, Malahide, County Dublin.
CHANGES TO THIS PRIVACY NOTICE
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. This Privacy Notice was updated on September 3rd,2019.
QUESTIONS ABOUT THIS NOTICE
If there is anything in this notice that you are unclear about, please contact our Data Protection Officer at firstname.lastname@example.org or by post to Brookhaven Healthcare, Talbot Lodge, Kinsealy Lane, Malahide, County Dublin.
The Data Protection Officer will answer any queries you may have concerning this privacy notice or the way in which we process your personal data.
Should you not be satisfied with our response to your concerns or believe that we have not complied with our data protection obligations you may lodge a complaint with the Data Protection Commission. Contact details for the Data Protection Commission are as follows:
Phone Number: 0761 104 800 or 0578 684 800
Postal Address: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2