KDOC respects and values the privacy of all our service users. We will only collect and use personal data as described below, in a way that is consistent with our obligations and your rights under GDPR. If you have any queries, please contact our Data Protection Officer:
Postal address: KDOC, Vista Primary Care Campus, Ballymore Road, Naas, Co. Kildare.
Phone number: 045 848 711.
What personal data do KDOC collect?
Patients who phone KDOC will first reach the Reception/ call centre team. The team will ask the patient for the following information which will be recorded in the GP Practice Management software: full name, date of birth, address, gender, caller details if not the patient (name, relationship to patient, phone number), daytime GP/ practice, presenting medical complaint, medical card number and expiry date (where applicable), payment details, etc.
Patients will be consulted with by a GP and/or nurse. Notes from patient consultations are entered electronically into each patient’s medical record on our GP Practice Management software. Medical records include details such as current and past medical, surgical & family history, medication history, allergies, diagnoses, treatment provided, prescribed medications, examination findings e.g. urinalysis, temperature, blood pressure, etc. This list is not exhaustive.
All calls are recorded. Only senior management personnel have access to call recordings which are only accessed for quality and training purposes.
We will not keep your personal data for any longer than necessary under legislative guidelines. All data on site and offsite is stored in Ireland within the European Economic Area (EEA).
What do KDOC use your personal data for?
KDOC uses your personal data to provide safe and suitable medical care and to support administrative functions of our service e.g. accounts and billing, receipt of patient queries/ complaints, access requests, pharmacy queries, etc.
KDOC will only request personal information that is necessary in order to provide our service from start to finish, to protect the vital interests of our patients and under legal obligations.
Does KDOC share any personal data?
KDOC will share patient health data under the following four categories: Health and social care providers, data processors with a contract, legal arrangements/ public health/ safety and third parties with explicit consent.
All patient consultations will be securely transmitted to the daytime practice/ GP nominated by the patient when contacting the service. This is in the interest patient safety and continuity of care.
If data needs to be sent to a 3rd party, it will be sent securely via post, email (HSE Healthmail), HSE Healthlink and/or fax.
|Health and Social Care Providers||The patient’s nominated daytime GP/ practice, co-op medical director e.g in the case of a clinical complaint/ quality issue, palliative care teams, ambulance services, pharmacies, Health Service Executive e.g. COVID referrals, hospitals e.g. a&e referral, hospital laboratories e.g. specimen samples.|
|Data processors, with a contract||GP Practice Software Vendors, Telecoms platform, Call Recording platform, CCTV vendor.|
|Legal Arrangements Public Health/ Safety||Coroner, Social Protection, Gardai.|
|Third parties with explicit patient consent||Solicitors, insurance companies, health insurance.|
The above list(s) are not exhaustive.
Security Measures in place
KDOC commissions regular security audits to ensure that appropriate measures are in place to secure patient data retained both electronically (eg. firewalls, anti-virus, anti-malware, encryption, access controls and security patches) and physically (restricted access, lock & key, etc.).
All staff in the service must adhere to a professional confidentiality code. This explicitly makes it clear their duties in relation to personal health information and the consequences of breaching that duty. Staff will only access patient data that they require to carry out their duty.
Under GDPR, patients have a number of rights, e.g. right to access, right to rectification, right to erasure and right to restriction of processing. Further information on these rights in the context of General Practice is described in the Guideline available at www.icgp.ie/data.
Right to access
Under Article 15 of GDPR, the patient has a right to access a copy of their medical record. If a patient wishes to make an access request, this will need to be done in writing and national ID provided e.g. passport/ driver licence. Please email firstname.lastname@example.org to request an ‘Access Request Form’ and further details on how to make an access request. KDOC will endeavour to release the document(s) within 30 days from when the request was received.
An individual can only make an Access Request for their own personal data. Legal guardians can also make an access request on behalf of a child. However, once a child is capable of understanding their rights to privacy and data protection, the child should normally decide for themselves whether to request access to data and make the request in their own name.