Practice Privacy Statement 

This Practice wants to ensure the highest standard of medical care for our patients. We understand that a medical practice is a trusted community governed by an ethic of privacy and confidentiality. Our approach is consistent with the Medical Council guidelines and the privacy principles of the Data Protection Regulations. It is not possible to undertake medical care without collecting and processing personal data and data concerning health. In fact, to do so would be in breach of the Medical Council’s ‘Guide to Professional Conduct and Ethics for Doctors’. This leaflet is about advising you of our policies and practices on dealing with your medical information. 

Why and when you consent

When you register as a patient of our practice, you provide consent for us to access and use your personal information to provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.

Your personal information is collected to provide healthcare services to you. It is collected to manage your health and for directly related business activities such as financial claims and payments and practice audits. 

Information you voluntarily provide

That information may include your name, address, email, phone number, next of kin, health insurance provider and number. By giving us this information, you consent to this information being collected, used, disclosed, transferred or stored by us or a third party provided as described in this privacy policy. In the interest of your privacy, we can only collect, use and retain information reasonably required.

Legal Basis for Processing Your Data 

The processing of personal data in a medical practice is necessary in order to protect the vital interests of the patient and for the provision of health care and public health. You can access more information on the Data Protection website, www.gdprandyou.ie

In most circumstances we hold your data until 8 years after your death or 8 years since your last contact with the practice. There are exceptions to this rule and these are described in the Guideline www.icgp.ie/data.

Managing Your Information 

In order to provide for your care here we need to collect and keep information about you and your health on our records. 

  • We retain your information securely. 


  • We will only ask for and keep information that is necessary. We will attempt to keep
it as accurate and up to-date as possible. We will explain the need for any information we ask for if you are not sure why it is needed.

  • Your information may be stored in various forms including paper record, electronic record and visual record.

  • We ask you to inform us about any relevant changes that we should know about. This would include such things as any new treatments or investigations being carried out that we are not aware of. Please also inform us of change of address and phone numbers. 

  • All persons in the practice (not already covered by a professional confidentiality code) sign a confidentiality agreement that explicitly makes clear their duties in relation to personal health information and the consequences of breaching that duty. 


Access to patient records is regulated to ensure that they are used only to the extent necessary to enable the secretary to perform their tasks for the proper functioning of the practice. In this regard, patients should understand that practice staff may have access to their records for: 

  • Identifying and printing repeat prescriptions for patients. These are then reviewed and signed by the Doctor.
Generating a sickness certificate for the patient. This is then checked and signed by the Doctor. 

  • Typing referral letters to GP’s, hospital consultants or allied health professionals (such as physiotherapists, occupational therapists, psychologists and dieticians), admissions departments in hospitals, other consultants, other hospital departments such as urodynamics, radiology, phlebotomy, laboratory, bed management and theatre admissions.


  • Opening letters from GPs, hospitals and consultants. The letters could be appended to a patient’s paper file or scanned into their electronic patient record. 

  • Scanning clinical letters, radiology reports and any other documents not available in electronic format.
Downloading laboratory results and other medical reports and performing integration of these results into the electronic patient record.

  • Photocopying or printing documents for referral to admissions departments in hospitals, other consultants, other hospital departments such as urodynamics, radiology, phlebotomy, laboratory, bed management and theatre admissions.

  • Completing Health insurance claim forms for urodynamics and sending them to Medserv (medical billing company for processing of payment.)

  • Checking for a patient if a hospital or consultant letter is back or if a laboratory or radiology result is back, in order to schedule a conversation with the Doctor.


  • When a patient makes contact with a practice, checking if they are due for any tests prior to review with the Doctor. 

  • Handling, printing, photocopying and postage of medico legal and life assurance reports, and of associated documents.


  • Sending and receiving information via Galway clinic or Bons Secours or HSE or Healthmail email, secure clinical email.


  • And other activities related to the support of medical care appropriate for practice support staff. 

Disclosure of Information to Other Health and Social Care Professionals 

We may need to pass some of this information to other health and social care professionals in order to provide you with the treatment and services you need. Only the relevant part of your record will be released. These other professionals are also legally bound to treat your information with the same duty of care and confidentiality that we do. 

Information we share with Third Party Providers

We may need to share your personally identifiable information with service providers including:

  • Any booking information to the Galway Clinic, Bons Secours Hospital, University Hospital Galway and Portiuncla Hospital Ballinasloe

  • Medical billing company

  • Third parties who work in our practice for business purposes, such as information technology providers – these third parties are required to comply with GDPR.

  • Payment Processors for secure credit card payment transactions

Only people who need to access your information will be able to do so.

Disclosures Required or Permitted Under Law 

The law provides that in certain instances personal information (including health information) can be disclosed, for example, in the case of infectious diseases. 

Disclosure of information to Employers, Insurance Companies and Solicitors: 

  • In general, work related Medical Certificates from your Doctor will only provide a confirmation that you are unfit for work with an indication of when you will be fit to resume work. Where it is considered necessary to provide additional information we will discuss that with you. 

  • In the case of disclosures to insurance companies or requests made by solicitors for your records we will only release the information with your signed consent. 


Use of Information for Training, Teaching and Quality Assurance 

It is usual for Doctors to discuss patient case histories as part of their continuing medical education or for the purpose of training Doctors and/or medical students. In these situations the identity of the patient concerned will not be revealed. 

In other situations, however, it may be beneficial for other doctors within the practice to be aware of patients with particular conditions and in such cases this practice would only communicate the information necessary to provide the highest level of care to the patient. 

Use of Information for Research and Audit 

It is usual for patient information to be used for research and audit in order to improve services and standards of practice. Doctors on the specialist register of the Medical Council are required to perform yearly clinical audits. Information used for such purposes is done in an anonymised or pseudoanonymised manner with all personal identifying information removed. 

If it were proposed to use your information in a way where it would not be anonymous or the Practice was involved in external research we would discuss this further with you before we proceeded and seek your written informed consent. Please remember that the quality of the patient service provided can only be maintained and improved by training, teaching, audit and research. 

How we protect your information

We take reasonable and appropriate measures to protect your Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Your Right of Access to Your Health Information 

You have the right of access to all the personal information held about you by this practice. If you wish to see your records, in most cases the quickest way is to discuss this with your doctor who will review the information in the record with you. You can make a formal written access request to the practice and receive a copy of your medical records. These will be provided to you within thirty days, without cost. 

Transferring to Another Practice 

If you decide at any time and for whatever reason to transfer to another practice we will facilitate that decision by making available to your new doctor a copy of your records on receipt of your signed consent from your new doctor. For medico-legal reasons we will also retain a copy of your records in this practice for an appropriate period of time which may exceed eight years. 

Changes to Practice Privacy Policy

We may make changes to this privacy policy which come into effect upon updating them. We recommend reviewing this privacy policy, so you are aware of any changes that affect what you consent to.

Other Rights 

You have other rights under data protection regulations in relation to transfer of data to a third country, the right to rectification or erasure, restriction of processing, objection to processing and data portability. Further information on these rights is available on www.gdprandyou.ie. You also have the right to lodge a complaint with the Data Protection Commissioner. 

Questions 

We hope this leaflet has explained any issues that may arise. If you have any questions, please speak to the practice secretary or your doctor.