Effective Date: 01/08/2024

 

Maynooth Orthodontics is committed to ensuring the confidentiality and security of patient information in compliance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and the guidelines of the Dental Council of Ireland.  

This policy applies to all staff members, including clinical and administrative personnel, and any third parties handling patient data. It covers all patient records, both digital and physical, as well as verbal communications.

Maynooth Orthodontics will regularly update patient personal data, including medical data, to keep it relevant. Patients are asked to inform us of any significant changes, such as a change of address or other contact details.

 

Information we collect:

  • Personal details (name, date of birth, phone number, address, email address etc.) 
  • Medical data (medical/dental records, photographs, radiographs, digital/physical models and third party correspondence etc.) 
  • Information about proposed options, consent, treatment provided and cost 
  • Conversations or incidents that may have occurred 
  • Digital footprint including users’ IP address, operating system and browser type. This is statistical data only and does not identify any individual. 

 

We collect and process personal and medical data to:

  • Provide appropriate orthodontic treatment and care
  • Maintain accurate medical records
  • Comply with legal and regulatory requirements
  • Communicate with patients regarding appointments and treatment 

 

How your data is managed:

  • All personal data is stored securely electronically on a password protected cloud based patient management system with encryption. Some electronic personal data is stored locally and remotely backed up.
  • Paper records are not routinely used in Maynooth Orthodontics. If they have to be used they are kept secure in a locked storage cabinet on site.
  • Patient data will only be accessed by authorised personnel with appropriate access controls on a ‘need-to-know’ basis for the purpose of providing treatment or managing patient care.
  • Some third parties may have limited access to a patient's personal data in order to provide appropriate orthodontic treatment and care, data processing and communication. These include but may not be limited to:#
    • Cloud based patient management software – Orthobridge Ltd.
    • Other healthcare professionals involved in a patient’s treatment
    • A patient’s referring dentist
    • Third-party service providers assisting with orthodontic care and finance (e.g., Dental labs, Gocardless, Stripe etc.)
  • Where data is backed up remotely, this data is kept on servers located within the European Union. We take all reasonable steps to ensure your data is processed discretely and kept securely. If we are required to transfer a patient’s personal information to a country outside the EU, we will take the necessary steps to ensure appropriate protection is in place in line with data protection laws.

 

Principles of Confidentiality

  • All patient data is treated as strictly confidential.
  • All computers and software are regularly updated, password protected and have an up to date digital security protection.
  • Patient data will not be disclosed to third parties without a patient’s explicit consent unless required by law or in exceptional circumstances (e.g., safeguarding concerns, court orders, or public health requirements).
  • Conversations regarding a patient's treatment will not take place in public areas to avoid inadvertent disclosure.

 

Patients have the right to:

  • Access a copy of their personal records in a timely fashion.
  • Request correction of inaccurate or incomplete data, delete or restrict any information
  • Withdraw consent for data processing, subject to legal and professional obligations.
  • Request the deletion of personal data where appropriate (subject to retention policies and legal obligations).

 

Staff Policies

  • Staff members are regularly trained in data protection policies and they must comply with strict access protocols to patient information.
  • Any data breaches will be reported in accordance with GDPR requirements and may result in disciplinary action.

 

Disclosure of Information

  • Personal data cannot be released to anyone including a spouse, partner or family member without a patient’s explicit consent. A guardian or carer may have the right to access information in the case of vulnerable adults or those with diminished mental capacity. A parent or guardian will have access to your personal information if you are less than 16 years of age.
  • Any disclosure of personal data, without consent, can only be done for specified, legitimate reasons i.e. if legally mandated (by a court of law, tribunal or other body established by an Act of the Oireachtas) for the protection of the patient or the public.
  • If a patient’s information is disclosed, for any reason,  it will be recorded on their chart  and the patient will be told unless it would undermine the purposes of the disclosure. 
  • Patient confidentiality is continued to be respected even after the patient has died.
  • Every effort is made to ensure disclosed data is accurate and transferred securely. 

 

Retention and Disposal of Records

  • Patient records are retained in line with the Dental Council of Ireland’s guidelines and statutory requirements and will be retained for a minimum of eight years after the last treatment date or until a patient reaches  the age of 25 years whichever is longer.
  • When records are no longer required, they will be securely destroyed in compliance with data protection laws, and a certificate of destruction will be kept.

 

Complaints and Breaches

  • For any queries or concerns about this policy, how we process any of your personal information or concerns regarding the confidentiality of your data, please contact Maynooth Orthodontics on 01-6874878 or info@maynoothortho.com
  • Any data breaches will be reported to the Data Protection Commission where required under GDPR (21 Fitzwilliam Square South Dublin 2, D02 RD28, Ireland (+353 57 868 4800 //info@dataprotection.ie/ www.dataprotection.ie))

 

Policy Review

  • This policy will be reviewed annually or sooner if there are changes in legislation or professional guidelines.