CONTENTS 1. Introduction Âť Purpose of these Guidelines Âť Glossary 2. Records of Processing Activities a) Identifying the Data Controller b) Purpose of the Processing c) Categories of Personal Data d) Categories of Recipients to Whom Personal Data may be disclosed e) Transfers to a Third Country f) Time Limits g) Security Measures 3. Compliance with Data Protection Principles a) Lawfulness, Fairness and Transparency b) Purpose Limitation c) Data Minimisation d) Accuracy e) Integrity and Confidentiality f) Accountability 4. Compliance with Individual Rights a) Right to Access b) Right to Rectification c) Right to Erasure d) Right to Restriction of Processing e) Right to Data Portability f) Right to Object 5. Personal Data Breach Handling a) Notifying the Data Protection Commission b) Notifying the Data Subject c) Data Breach Flow Chart and Examples 6. Miscellaneous Provisions a) Data Protection Impact Assessment (DPIA) b) Data Protection Officers (DPO) c) Data Protection and Cyber Security Awareness and Training Details d) Employee / Office Workers Confidentiality Agreements 7. Bibliography 8. Frequently Asked Questions Retirement or Death Transfer of individual records Solicitor requests Email Communication Incidental access to information Data Access Request Personal Public Service number (PPS number) Research Projects Faxes SMS Texts Use of Healthmail Access to Clinical Records by Secretarial and Administrative Staff Freedom of Information Requests Appendices Appendix A: Data Protection Check List Appendix B: Sample Request for Transfer of patient records Appendix C: Request form for Access to Medical Records Appendix D: Waiting Room Notice Appendix E: Practice Privacy Statement Appendix F: Data Protection Accountability Log Appendix H: Staff Confidentiality Agreement Appendix I: Template for Records of Processing Activity
3 3 4 5 5 5 5 7 8 8 9 10 10 11 11 11 12 12 13 13 14 14 14 14 14 15 15 15 16 17 17 17 17 18 19 20 20 20 20 21 21 21 21 22 22 23 23 24 24 25 26 27 28 29 30 34 36 37