Practice Privacy Statement
At Friel and McGahon Dental we make data protection our business and we want to be clear about how your data is used when you visit our website and choose Friel and McGahon Dental to deliver dental services to you. We seek your consent to obtain and process personal and sensitive data for the purpose of providing you with dental treatment safely and to the highest standards. We want you to know what we do with your personal and sensitive data and why we do it. With this privacy statement we aim to be as transparent and granular as possible. Naturally, if you have any questions you can reach out to us at firstname.lastname@example.org. This Privacy Statement is your guide to the principles of privacy and confidentiality which govern the collection, use, storage, disclosure and destruction of your personal data in this practice.
The Information and Compliance Officer in this practice is Dr. Fergus Friel.
Obtaining Personal Information
In order to deliver our services, Friel and McGahon Dental needs to process the following categories of personal and sensitive data. It is important to obtain, use and store information about you, your general and your dental health in order to provide dental care efficiently and reduce the risk of injury or other damage to your health. This personal and sensitive data includes:
• Personal details such as your name, age, address, telephone numbers, email address;
• Your doctor and relevant Medical Consultant(s);
• Your medical and dental history;
• X-rays, clinical photographs and study models;
• Information about proposed treatment, options, consent to treatment, treatment provided and its cost;
• Notes of conversations or incidents that might occur for which a record needs to be kept;
• Any correspondence with other healthcare professionals relating to you including agreed referrals to other healthcare
• Any correspondence with your healthcare insurers relating to treatment provided; and
• Med 2 forms so that you can make a claim for repayment of tax from the Revenue.
Your personal and sensitive data is stored on computer and on manual record. We will regularly update your personal data, including your medical care, to keep it relevant. We ask that you please inform us of any significant changes, such as a change of address or other contact details, at your earliest convenience. It is important to know that the collection, use or possible disclosure of this data may be crucial to our ability to safely provide you with the care you require; without your agreement to this process it may not be possible to undertake treatment.Lawful basis relied upon: consent or legitimate interest.
Personal Data is Kept for Specified, Explicit and Lawful Purposes
Your personal data is obtained, kept and used primarily for the purpose of providing you with healthcare efficiently and safely at all times. In the course of your care, members of the dental team may access your records:
• To prepare for and to complete your dental care;
• To identify and print a prescription;
• To generate a work certificate, to explain an absence from work as a result of a dental appointment or dental treatment;
• To email or print a referral letter to another healthcare professional;
• To open correspondence or any other documents from other healthcare professionals;
• To print or photocopy your records if you instruct us to forward them to another healthcare professional; and
• To collate, print, photocopy and post insurance or medico-legal reports.
It is practice policy to send you a courtesy reminder of when your next appointment is booked or due. This reminder is sent to you by SMS and electronic mail. We seek your consent to use your personal data for this propose and advise you of your right to refuse to have your data used for this purpose. Lawful basis relied upon: consent or legitimate interest.
HR and Finance
Friel and McGahon Dental collects curriculum vitaes (CVs), contact details (name, postal address, email, phone number), timesheets of employees, sick notes, PPSN for employees. Lawful bases relied upon: processing is necessary for compliance with a legal obligation such as Employment Law and Taxation laws. Processing is necessary for the performance of a contract (Employee Contract of Employment) to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. Legitimate interest: processing is necessary to ensure Friel and McGahon Dental is effective and efficient in its regular business activities.
Finance and Accounting
We collect financial data required to comply with Irish Tax law such as VAT numbers, PPS numbers, account details for the purpose of paying and sending invoices.
Under some circumstances, we are obligated to share personal data with third parties with whom we have no contractual relationship. Recipients of personal data may include: the Irish revenue commissioner and law enforcement should this be required for the investigation, detection, or prosecution of criminal offenses.
Access to your personal data is on a ‘need-to-know’ basis. This prohibits the release of your information to a spouse, partner or family member without your explicit consent. A guardian or carer may have the right to access information in the case of vulnerable adults, or those with diminished mental capacity. A parent or guardian will have access to your personal information if you are less than 18 years of age.
A copy of your dental records will be transferred to another practice or healthcare professional upon your written request.
Your consent will be sought before the release of any data to other healthcare professionals and then only the relevant part of your records will be released. All healthcare professionals are required to treat your personal data to the same standard of privacy as outlined in this statement.
Your consent will be sought in the case of:
• A report to dental insurance company;
• A medico-legal report;
• Any documentation relating to a “third party” Dental Scheme (e.g. Medical Card or PRSI scheme);
• There are certain activities where patient information may be used but where the information is anonymised, eliminating patient identification: for teaching purposes;
• Continuing Professional Development: because case studies are a very useful learning tool;
• Quality Assurance/Internal audit. Audit is a necessary tool in assessing and assuring the quality of your care; and
If Dr. Friel should cease practice or should die while still a practicing dentist, the dental team will be guided by the Dental Council’s Code of Practice relating to Professional Behaviour and Ethical Conduct in informing you, safeguarding your personal data and ensuring continuity of care where possible.
Every effort is made to ensure disclosed personal data is accurate and transferred securely.
Personal Data is Kept Safely
Dr. Fergus Friel is responsible for data security in this practice. Obtained personal data is accessed on a ‘need-to-know’ basis and thereafter, is stored securely:
• There is no access for unauthorised persons to manual records, fax machines, computers or computer monitors within the practice;
• The dental team is trained in the secure use of fax machines, email and the internet;
• The dental team is compliant with the practice’s security measures;
• Manual records are stored under lock and key;
• The practice premises is locked when unoccupied;
• The practice software is legally owned by Coincidental and is licenced for use by Friel and McGahon Dental;
• The practice software is updated regularly and password protected;
• Software security is audited;
• All clinical, financial and administrative records are backed up and encrypted off-site daily by Invistech (Friel and McGahon Dental’s IT Managed Service Provider). A contract for the security of off-site records is in place between Invistech and Microsoft Data Centre.
Dr. Friel is responsible for dealing with any incident where personal data has been put at risk of unauthorised disclosure, loss, destruction or alteration. Friel and McGahon Dental’s management of any data breach incident will comply with the advice of the Data Protection Commissioners Office (DPCO).
Personal Data is Kept Accurate, Complete and Up-to-date
A staff member will review your personal information with you on a regular basis to ensure we hold accurate, high quality records for you. Any changes to your personal details, your medical or dental status will be recorded in your records. We ask you to let us know of any changes in contact details at your earliest convenience.
Personal Data is Adequate, Relevant and not Excessive
Every effort is made to ensure that the information we collect and retain for you is in keeping with our aim to provide you with an efficient service and to care for you safely. We will explain the purpose of any information sought if you are not sure why.
Personal Data is Retained for no Longer than Necessary
We retain all adult records for 8 years after the last treatment. In the case of children and young adults, the records are kept until the patient’s 25th birthday; or their 26th birthday if the young person was 17 when they finished treatment. If a patient dies before their 18th birthday, records are kept for 8 years.
All records are disposed by a secure, certified, method of destruction (Dental Council Code of Practice relating to Professional Behaviour and Ethical Conduct, 2012).
You have the right to:
• Request a copy of information we hold about you;
• Request rectification of the data should there be any mistakes;
• Object to the use of your data and the right to block any specific uses of your data;
• Have the data we have on you permanently erased unless we have to retain this data to comply with a legal obligation by
European or Member State law or unless we have an overriding interest to retain it;
Where we rely on consent to process your personal data, you may withdraw consent at any time and you do not have to provide a reason for your withdrawal. If you wish to invoke any of the rights above please email us at email@example.com.
Your request will be dealt with in a timely manner. If you do not wish to have your personal data collected, used or disclosed as described in this Privacy Statement please discuss this matter with firstname.lastname@example.org. It is important to know that the collection, use or possible disclosure of this data may be crucial to our ability to safely provide you with the care you require; without your agreement to this process it may not be possible to undertake treatment.
If you have a complaint or concern with any aspect of how we process your personal information we would hope that you would notify email@example.com in the first place. You retain the right to make a complaint to the Data Protection Commissioner at all times.
If you have any questions in relation to this Privacy Statement or any issue that arises from it please email with firstname.lastname@example.org.
International Data Transfers
As a business, we rely on a few third parties’ services to make sure we are efficient and effective. We use Coincidental Software for example. Data protection compliance is a prerequisite in our vendor selection process. Some third parties may transfer data outside of the EU/EEA. All vendors used by Friel and McGahon Dental have one or more of the following international data transfer mechanisms in place:
• Standard Contractual Clauses (Model Clauses)
• Adequacy decision from the European Commission
• Certification under the EU/US Privacy Shield.
Dr. Fergus Friel,
Friel and McGahon Dental,
Email: email@example.com or firstname.lastname@example.org