PURPOSE OF HANDLING PATIENTS INFORMATION (GDPR)
The IASO Medical Centre is required, in accordance with the Law on the Consolidation and the Protection of the Rights of Patients of 2004, Law No. 1(I)/2005, to keep patient medical records and maintain them updated according to the Law on the Processing of Personal Data (Protection of Individuals) Law of 2001 and 2003.
These data are kept in print or electronic form or both. This information is part of your medical record and shall be kept in case you visit the IASO Medical Centre in the future.
The way of keeping and processing the data, the persons who have access thereto, along with the time period for which they shall be stored is governed by the Law on the Processing of Personal Data (Protection of Individuals) Law of 2001 and 2003, as well as by the European Regulation (EU) 2016/6/679 on the protection of natural persons with regard to the processing of the personal data.
How do we use this information?
We use your records to help us offer you the right treatment or advice. The clinical team that handles this information are responsible persons who care for you to be served and may share information about your medical record with each other.
The IASO Medical Centre may share information about your medical record with third parties in case one of the following reasons applies:
- You have given your written consent .Sharing your information within the treatment team
- The data are given for treatment purposes or to a competent health service provider Referrals to other medical practitioners, hospitals or health providers.
- Referring specimens to external laboratories for analysis
- Accounts and billing, including Medicare and private health insurance claims
- The dare are provided to the personnel and/or partners of the IASO Medical Centre, who are bound by the duty of confidentiality for the purpose of processing or archiving or for the purpose of disclosing them under the law and/or contractual obligation.
- The information may be used for purposes of research or education and/or publication in medical journals, provided that the information provided cannot in any way whatsoever identify you.
- In case we are legally obliged to do so.
- In case we are ordered by the Court.
- Hiding information entails a serious risk of harm to the health or physical integrity or yours or other people or involves an impact on society.
COMPLIANCE WITH THE GDPR
Under the GDPR, we are primarily a <controller> of Personal Data as opposed to being a <processor>
As part of our GDPR compliance ,we ensure that :
Personal Data is processed fairly ,lawfully and in a transparent manner and collected and processed only for specified and lawful purpose.
Processed Personal Data is adequate ,relevant and not excessive, accurate and where necessary ,kept up to date ,kept secure and not longer necessary ,treated in accordance with individuals legal rights.
We want to make sure your expectations about private protection are the same as ours .If you have any concerns, please discuss them with your doctor or any member of our staff you can contact our Privacy Officer.
Pursuant to the provisions of Law 1(Ι)/ 2005 on the protection of the patients’ rights, you have the right to access your medical records as follows:
- The right to receive a copy of your files and to get explanations on what information your file contains.
- The right to update or correct, object, delete, lock information included in your medical files due to inconsistencies or incompleteness.
- The right to file an application for the restriction of the processing of the data pertaining to you.
- The right to withdraw your consent to the processing of personal data at any time without prejudice to the lawfulness of the processing that was based on the consent prior to its revocation. The IASO Medical Centre, to the extent permitted by current legislation, shall take all possible measures to satisfy your request.
DATA QUALITY AND SECURITY
We take all reasonable steps to ensure the personal information we collect , use hold or disclose is accurate , complete , up-to-date and relevant to the functions and services we provide. You can help us achieve this by providing correct and update information , as described in our Patient Rights and Responsibilities documents . When we exchange your personal information internally , we will do via encrypted emails where possible .If you ask us to exchange your personal information with an external party , we may send you personal information by email to ensure that the external recipient can access this information.
We store your personal information securely and protect it from unauthorized access ,modification or disclosure.