Who we are
Data Protection & Confidentiality
Obtaining personal information
We collect and store information about you, your general and your dental health in order to provide dental care efficiently and safely. We also use your data to communicate with you about advised treatment and upcoming appointments you have made with us. All patients receive communications as part of our professional duty of care to remind them when a dental visit or hygiene visit is due as advised by their clinician. The personal data we obtain from you includes:
- Personal details including your name, date of birth, address, telephone numbers, alternative contact details, email address.
- Link to family members that attend our practice e.g. spouse or children.
- Your doctor and relevant Medical Consultant(s)
- Your medical and dental history
- X-rays, clinical photographs, digital scans and study models.
- Information about proposed treatment, options, consent to treatment, treatment provided and its cost, clinical notes, general notes relating to any communication with you or regarding your attendance at our practice
- Notes of conversations or incidents that might occur for which a record needs to be kept
- Correspondence with other healthcare professionals relating to you including agreed referrals to other healthcare professionals
- PPSN and Insurance Details if you require us to liaise with 3rd parties on your behalf for payment or application for your dental treatment including the department of Social Welfare, and others you may request.
- Your financial agreements and history with our practice.
- We do not store payment card details.
- Appointment times and dates with our practice.
How We Keep your Personal Information Safe
We keep our building, our computers and files secure. Visitors to the practice do not have access to patient data. Your personal information is stored on computers which are password protected. Our Practice Software is and meets international data protection standards including GDPR and is accessible only by active members of our team with a legitimate reason for accessing your data. Our practice network is secure and protected with all recommended antivirus, malware and other IT security measures. These are audited regularly to ensure they are effective and current. This service is provided by Mother Board and they are GDPR compliant.
All of our team are trained in confidentiality and data protection and have legal confidentiality agreements regarding your information. We operate secure backup systems which are regularly audited.
Registration with the Data Commissioner
This practice is registered with the Data Protection Commissioner.
Personal data is kept accurate, complete and up-to-date
You have access to a copy of your personal data upon written request and the right to have data rectified if incorrect.
Personal data is kept for specified, explicit and lawful purposes
We collect and store your data for the following reasons
• to prevent injury or other damage to the health of the data subject
•The performance of a contract to which the data subject is a party;
•for the purpose of the legitimate interests of Dental Tech Group.
Your personal data is obtained, kept and used primarily for the purpose of providing you with healthcare efficiently and safely. Staff within the practice will have access to the data on a ‘need-to-know’ basis to ensure you receive the highest standard of care.
We communicate with our patients regarding appointments they have booked by text, email, telephone and post. You may opt out of these communications at any time directly with us or by using our contact details above. Our team may ask to confirm your identity. We communicate with our patients when a dental visit or hygiene visit has been recommended and is shortly due, or overdue. We do this to help safeguard your dental health and as part of our duty of care to you. You may opt out of these communications at any time directly with us or by using our contact details above. Opting out of these reminders may adversely affect you dental health.
We may ask for your specific consent to contact you separately with regard to practice newsletters, information on services or products we feel may be of interest to you. These separate communications require your permission and you may opt-out at any time using the included link on the relevant communication or by contacting us directly at the above contact details.
All members of the dental team adhere to the practice’s Code on Confidentiality in compliance with the Data Protection Acts, 1988 and 2003, and the Dental Council’s Code of Practice relating to Professional Behaviour and Ethical Conduct, 2012. Any disclosure of personal data, without your consent, can only be done for specified, legitimate reasons (8 (a-h), Data Protection Act, 1988; Section 10, Dental Council’s Code of Practice relating to Professional Behaviour and Ethical Conduct, 2012).
Access to your personal data is on a ‘need-to-know’ basis. This prohibits the release of your information to a spouse, partner or family member without your explicit consent. A guardian or carer may have the right to access information in the case of vulnerable adults or those with diminished mental capacity. A parent or guardian will have access to your personal information if you are less than 16 years of age.
Copy of your Dental Records
A copy of your dental records will be transferred to another practice or healthcare professional upon your written request.
Your consent will be sought before the release of any data to other healthcare professionals and then only the relevant part of your records will be released. All healthcare professionals are required to treat your personal data to current Data Protection standards. Your consent will be sought in the case of: A report to dental insurance company, a medico-legal report, any documentation relating to a “third party” Dental Scheme (e.g. PRSI scheme, dental Insurance or Payers)
There are certain activities where patient information may be used but where the information is anonymised, eliminating patient identification: Teaching, Continuing Professional Development. Quality Assurance/Internal audit necessary in assessing and assuring the quality of your care.
If DENTIST should cease practice or should die while still a practicing dentist, the dental team will be guided by the Dental Council’s Code of Practice relating to Professional Behavior and Ethical Conduct in informing you, safeguarding your personal data and ensuring continuity of care where possible.
Personal data is adequate, relevant and not excessive
Every effort is made to ensure that the information we collect and retain for you is in keeping with our aim to provide you with an efficient service and to care for you safely. We will explain the purpose of any information sought if you are not sure why.
Personal data is retained for no longer than necessary
We retain adult records for 8 years after the last treatment. In the case of children and young adults that cease treatment, the records are kept until the patient’s 25th birthday; or their 26th birthday if the young person was 17 when they finished treatment. If a patient dies before their 18th birthday, records are kept for 8 years.
All records are disposed by a secure, certified, method of destruction (Dental Council Code of Practice relating to Professional Behaviour and Ethical Conduct, 2012).
Bevin Mahon is responsible for dealing with any incident where personal data has been put at risk of unauthorised disclosure, loss, destruction or alteration. Management of any breach incident will comply with the advice of the Data Protection Commissioner
Only secure and trusted third parties have access to your data in the course of required operations, business analysis and security. This is currently limited to our IT providers and Software providers as listed above. These providers are GDPR compliant and only process your information at our request. Cloud based transfer where required is secure and is currently held on servers in Ireland. Where servers may be located outside of the EEA or UK in future we will ensure our providers provide the same level of security to your data to protect your rights.
You are legally entitled to a copy of your personal data upon written request, or by email from the email account we have on you record. We may ask for confirmation of your identity to ensure confidentiality. As well as a right of access you also have the right to have any inaccuracies in your data rectified and to have the inaccuracies erased. (NOTE: The maximum fee for an access request is €6.35). You may be provided with a printed paper copy of a digital x-ray in response to an access request or a digital copy of your records. We will provide this within 40 days of your request where possible, and if not possible we will contact you to advise of the reason and the expected date.
If you have a complaint or concern with any aspect of how we process your personal information please contact us directly at the above contact details. You retain the right to make a complaint to the Data Protection Commissioner at all times.
Children & other vulnerable individuals
Children’s data is protected in the same manner as adult data. . A guardian or carer may have the right to access information in the case of vulnerable adults or those with diminished mental capacity. A parent or guardian will have access to your personal information if you are less than 16 years of age.