We seek your consent to obtain and process personal data for the purpose of providing you with dental treatment safely and to the highest standards. This Statement is your guide to the principles of privacy and confidentiality which govern the collection, use, storage, disclosure and destruction of your personal data in this practice.

It is important to obtain, use and store information about you, your general and your dental health in order to provide dental care efficiently and reduce the risk of injury or other damage to your health.

This Personal Data Includes:

• Person details such as your name, age, address, telephone numbers, email address.
• Your doctor and relevant Medical Consultants(s).
• Your Medical & Dental history.
• X-rays, Clinical photographs and study models.
• Information about the proposed treatment, options, concent to treatment, treatment provided & its cost.
• Notes of conversations or incidents that might occur for which a record needs to be kept.
• Any Correspndance with other healthcare professionsal relating to you including agreed referrals to other healthcare professionals.

Your personal information is stored on computer. We will regularly update your personal data, including your medical care, to keep it relevant. We ask that you please inform us of any significant changes, such as a change of address or other contact details, at your earliest convenience. It is important to know that the collection, use or possible disclosure of this data may be crucial to our ability to safely provide you with the care you require; without your agreement to this process it may not be possible to undertake treatment. You have access to a copy of your personal data upon written request and the right to have data rectified if incorrect. Personal data is kept for specified, explicit and lawful purposes. Your personal data is obtained, kept and used primarily for the purpose of providing you with healthcare efficiently and safely at all times. Staff within the practice will have access to the data on a ‘need-to-know’ basis to ensure you receive the highest standard of care. In the course of your care, members of the dental team may access your records:

• To prepare for and to complete your dental care
• To indentify and print a prescription
• To generate a work certificate
• To type, if dictated or print a referall letter to another healthcare professional.
• To open correspondance or any other document from other healthcare professionals.
• To print or photocopy your records if you instruct us to forward them to another healthcare professional
• To Collate, print, photocopy, and post insurance or medico-legal reports.

It is practice policy to send you a reminder of when your next ‘check-up’ is due. This reminder is sent to you by post/electronic mail or text message. We seek your consent to use your personal data for this propose and advise you of your right to refuse to have your data used for this purpose.

We may need to pass some of this information to other health and social care professionals in order to provide you with the treatment and services that you need. Only the relevant part of your record will be released. These other professionals are also legally bound to treat your information with the same duty of care and confidentiality that we do, examples include:

Your general medical practitioner

Other health care professionals caring for you (e.g. Hospital, Specialist Dentist)

Private dental schemes of which you are a member (e.g. VHI, Garda medical aid, Irish Life, Hospital Saturday Fund)

Specific external Lab Technicians we use to carry out certain work (For a list of the lab technicians please ask at reception)

• All members of the dental team adhere to the practice’s Code on Confidentiality in compliance with the Data Protection Acts, 1988 and 2003, and the Dental Council’s Code of Practice relating to Professional Behaviour and Ethical Conduct, 2012.
• Any disclosure of personal data, without your consent, can only be done for specified, legitimate reasons (8 (a-h), Data Protection Act, 1988; Section 10, Dental Council’s Code of Practice relating to Professional Behaviour and Ethical Conduct, 2012).
• Access to your personal data is on a ‘need-to-know’ basis. This prohibits the release of your information to a spouse, partner or family member without your explicit consent. A guardian or carer may have the right to access information in the case of vulnerable adults or those with diminished mental capacity. A parent or guardian will have access to your personal information if you are less than 16 years of age. You will have the option on your initial assessment when filling out our medical history form to consent to specific persons, family members ect. having access to your personal data (e.g. treatment notes, fees) over the duration of your treatment.
• A copy of your dental records will be transferred to another practice or healthcare professional upon your written request. Your consent will be sought before the release of any data to other healthcare professionals and then only the relevant part of your records will be released. All healthcare professionals are required to treat your personal data to the same standard of privacy as outlined in this statement. For Medico-Legal reasons we will also retain a copy of your records in this practice for an appropriate period of time which may not exceed 8 years.

• A report to dental insurance company

• A medico-legal report

• Any documentation relating to a “third party” Dental Scheme (e.g. Health Insurance scheme) There are certain activities where patient information may be used but where the

Information is anonymised, eliminating patient identification:

• Teaching

• Continuing Professional Development. Case studies are a very useful learning tool

• Quality Assurance/Internal audit. Audit is a necessary tool in assessing and assuring the quality of your care

• Research

If a DENTIST should cease practice or should die while still a practicing dentist, the dental team

will be guided by the Dental Council’s Code of Practice relating to Professional Behaviour and

Ethical Conduct in informing you, safeguarding your personal data and ensuring continuity of

care where possible. Every effort is made to ensure disclosed personal data is accurate and transferred securely.

Obtained personal data is accessed on a ‘need-to-know’ basis and thereafter, is stored securely:

• The Check-in machine will only show the initials of each patient’s first name and surname alongside their appointment time to prevent patient identity.

• There is no access for unauthorised persons to manual records, fax machines or computers within the practice.

• Computer monitors that are in view in our surgeries will not have sensitive or personal information open on the desktop at any time, with the exception of it being data relating to the patient in the surgery at the time

• The dental team is trained in the secure use of fax machines, email and the internet

• The dental team is compliant with the practice’s security measures

• All manual patient referrals/records received in clinic are scanned to the relevant patient chart and shredded at end of working day with the aim of having as much of a paperless environment as is possible and securing data in an online capacity

• The practice premises is locked and alarmed when unoccupied

• The practice software is legally owned

• The practice software is updated regularly and password protected

• Software security is audited

• All clinical, financial and administrative records are backed up off-site daily

• In addition to this all clinical, financial and administrative records are also backed up on-site daily and stored in a fireproof box at end of working day

• The server has a firewall, is backed up and has an antivirus. Each computer is fitted with anti-virus software. We operate a clean desk policy- at the end of the day all paperwork is shredded from that day.

• Personal data is kept accurate, complete and up-to-date. A staff member will review your personal information with you on a regular basis to ensure we hold accurate, high quality records for you. Any changes to your personal details, your medical or dental status will be recorded in your records. We ask you to let us know of any changes in contact details at your earliest convenience.

• Personal data is adequate, relevant and not excessive. Every effort is made to ensure that the information we collect and retain for you is in keeping with our aim to provide you with an efficient service and to care for you safely. We will explain the purpose of any information sought if you are not sure why.

• Personal data is retained for no longer than necessary. We retain all adult records for 11 years after the last treatment. In the case of children and young adults, the records are kept until the patient’s 25th birthday; or their 26th birthday if the young person was 17 when they finished treatment. If a patient dies before their 18th birthday, records are kept for 8 years. All records are disposed by a secure, certified, method of destruction (Dental Council Code of Practice relating to Professional Behaviour and Ethical Conduct, 2012).

Should we have a request or any enquiries from Social Services/Tusla due to possible child abuse/neglect relating to a child patient of ours, we have a duty to comply with them if we have any concerns about this child, their siblings or parents. Under child protection legislation- the safety and well-being of the child will take priority. However, a written request from Tusla/department of social Services which explains the basis for seeking information will be required.

You are legally entitled to a photocopy of your personal data upon written request. As well as a right of access you also have the right to have any inaccuracies in your data rectified and to have the data erased. You will be provided with a photocopy of an x-ray in response to an access request.

All written requests should be addressed to:

David McConville Orthodontics, Suite 5, Quayside Shopping Centre, Wine Street, Sligo

Post Code: F91 XK8Y, Tel: 07191 50820

Your request will be dealt with in a timely manner.

It is your right to have your name removed from all practice marketing information including ‘check-up’ recalls if you do not consider this information to be in your best interest. If you wish to be removed from our appointment texting service or our marketing/mailing lists, please advise the Clinic. If you do not wish to have your personal data collected, used or disclosed as described in this Statement please discuss this matter with a member of Dr. McConville’s dental team. It is important to know that the collection, use or possible disclosure of this data may be crucial to our ability to safely provide you with the care you require; without your agreement to this process it may not be possible to undertake treatment. If you have a complaint or concern with any aspect of how we process your personal information we would hope that you would notify a member of our team. You retain the right to make complaint to the Data Protection Commissioner at all times. If you have any questions in relation to this Statement or any issue that arises from it, please speak with a member of our team.