Owning Your Data In The Healthcare System: The Ins & Outs
How Your Data is Collected and Used
Under GDPR, your data is now handled differently by companies. While that may not sound like it relates to your healthcare, the HSE really is just a big company that needs to collect your data in order to know who you are, and your health history.
GDPR was introduced to ensure companies can’t misuse your data once they’ve collected it. So, you’re probably thinking, “what data do they collect exactly? And how do they use it?”
The company either collects your data directly or indirectly from you. In return, they now have a very serious responsibility toward you in protecting that data.
Below is a list from Citizens Information outlining what information you are entitled to under the GDPR legislation:
Contact info for the data protection officer
Purpose of the processing of data
The intended recipients of the data
Any intention to transfer the data outside the EU and if so, the data safety measures to protect data in that country
The period for which the data will be stored by them
Your right to request access, erase, restrict use of, object to the use of, your data
If the controller intends to process your data for a purpose other than the purpose for which it was collected, the controller must provide you with information about this purpose before the processing begins. - Citizens Information, 25 May 2018.
GDPR, You, and The Health System: Accessing Medical Records
In the public system, i.e. if you use the services of publicly-funded hospitals, or if you use a medical card or GP, the citizens information states some of the means you can access your info:
By routine and administrative access to Health Service Executive (HSE) records
Under the data protection laws
Under the Freedom of Information Act
If you are a private patient, Citizen’s Info states you can access your info:
Under data protection laws
On the basis of your contract with the medical service, or
By court order
Because data protection laws like GDPR are still relatively new, they’re probably the ones that you’re most curious about. As a patient using the health system it’s important to feel safe, that your data is being used in an appropriate manner, and that you have the right to access your info at any given time.
Should you think your data is being misused or processed in a way that’s not appropriate you can request the company to outline exactly what your data is being used for. They have the right to charge an admin fee for this, but it can be no more than €6.35 under current legislation.