Seafield Dental and Aesthetic Data Protection Review and Enhancement Protocol Document in line with (GDPR 25/05/2018)
Data Protection Officers:
1. Dr. Aisling O Mahony
2. Claire Murphy
Inventory of Personal Data held
Date of birth
Historical: Dental Charting, Procedure Notes and Treatment plans – computerised since 2017
Why are you holding it?
Routine information for dental practice to provide care, contact the patient, be aware of the medical history. Models necessary to assess patient and generate laboratory work.
How did you obtain it?
Medical history, and patient details are filled out by the patient and scanned into computerised record.
How was it originally gathered?
Directly from the patient
How long will you retain it?
Retained for duration the patient attends the practice and in storage after 5 years
Written records – physically stored in a secure location in the practice
How secure is it, both in terms of encryption and accessibility?
Paper documents stored in a locked cupboard to which only clinicians have access
Do you ever share it with third parties and on what basis might you do this?
Information is only ever shared if referring the patient for:
OPG X ray,
Cone B CT radiographs
To another dentist
To a specialist, doctor or other clinician, laboratory with the consent of the patient.
Communicating with Staff and Service Users
All patients are informed of the data that is collected – personal details are provided by the patient.
Minimal information is collected and retricted to use within the dental clinic. It is not shared with any other party unless the patient is referred for x ray, lab work or to another clinician. Patients have to give consent for this. This information is for use within the clinic only and may not be used for any other purpose.
Retention : while the patient is in active treatment
Medical history is scanned and retained in the patients record.
Patients are made aware of their right to complain
There is no automated decision making and all information is kept with the EU.
Personal Privacy Rights
1. Patients can request a copy of their record at any time.
2. Any inaccuracies will be immediately corrected
3. Information will be erased if the patient requests this and the Medical Protection Society agree
4. We are not involved in direct marketing
5. No information is processed
6. Date is emailed if it is an x ray or a referral with the patients informed consent.
Request for DataPatients will have immediate access
The patient owns their own record
Medical Protection will be contacted if deletion is requested.
You must provide the personal data in a structured, commonly used and machine readable form. The information will be provided free of charge. If the patient requests it, we will transmit the data directly to another organisation if this is technically feasible. The clinic will respond within one month
All data is processed internally. This is a single clinic and not a multinational organisation.
The information will be provided free of charge. If the patient requests it, we will transmit the data directly to another organisation if this is technically feasible. The clinic will respond within one month.
Data retention is in line with medicolegal requirements.
Processing of Data :
Medicolegal reports – information is shared with the legal team with the consent of the patient.
Health Insurance Companies including Garda Medical Aid require copies of x rays, notes and dental charting. Patients sign consent for this.
Consent is freely given, specific, informed and unambiguous.
Parental or guardian consent is required up to the age of 16 years
Reporting Data Breaches
DPC is immediately iinformed of any personal data breach within 72 hours and will also be reported to the individual concerned.
Data Protection Impact Assessment
Any data processing changes will be subject to a DPIA before implementation of any new processes e.g introduction of new software, digitising practices etc.