This Data Protection Statement is effective as and from 25 May 2018
This statement describes how we process your personal data. Please take the time to read it carefully. You have several rights in relation to your information including the right to request access to your data, request to rectification of your data and to object to the processing of your data. In this statement we use the terms “we” and “our” to refer to Health Express Pharmacy.
- Who we are and how to contact us?
Health Express Pharmacy is a community pharmacy providing pharmacy services to both the community and residential care facilities. We are registered and supervised by the Pharmaceutical Society of Ireland (PSI).
A Data Privacy Manager is responsible for overseeing questions in relation to this data protection statement and our approach to data. If you have any questions, please contact:
Data Privacy Manager,
Health Express Pharmacy,
- The purpose and legal basis for processing your information
We collect your information for several purposes and rely on several different legal bases to use your Personal data.
- a) To enter into and perform a contract with you
When we are engaged to carry out pharmacy services it is necessary to collect Personal data from you to carry out those pharmacy services.
- b) To comply with our professional obligations
We are required to process your Personal data to comply with certain professional obligations to which we are subject, including:
- Providing information to the Health Services Executive(HSE), PSI, and other enforcement agencies under various pieces of legislation which apply to us.
- c) Necessary for the performance of a task in the public interest
We collect personal data on you to conduct our pharmacy services. This includes but not limited to supply of medication, medication review and patient consultations.
- d) Explicit Consent
We will, in certain circumstances, rely on your explicit consent to process your personal data, including, health data. This consent can by withdrawn at any time by using the contact details of the Data Privacy Manager set out above and will be processed if it is not in contradiction to any of the other lawful basis as set out above.
- e) To protect the vital interests of the data subject or of another natural person
In certain circumstances where it is required for us to protect the vital interests of a patient (health and wellbeing) we may need to rely on using this basis to supply emergency medication.
- Consequences of failing to provide information
Where we need to collect personal data by law, or under the terms of a contract with you and you fail to provide that data when requested we may not be able to perform the contract we have or are trying to enter in to with you. For example we may require certain information from you in order to fulfil our requirements under the controlled drug act for the supply of controlled drugs.
- Categories of Data Subjects
We process data for all patients that we supply medication to in our Health Express Pharmacy community pharmacy and residential care facilities.
- Types of Information we collect and some examples of how we use it
We may collect, use and store different kinds of Personal data about you as follows and use it for a variety of different purposes and across various pharmacy services we provide to you.
|Business process||Information Type||How we use it.|
|Dispensing of medication||Patient name, Date of Birth, Age, Health, Diet, Medical history, Vital statistics||To ensure patients good health by supplying them with medication that is prescribed by the doctor and give them the same level of care as if they were going to the pharmacy.|
|Medication Management||Patient name, Date of Birth, Age, Health, Diet, Medical history, Vital statistics||To allow reporting, tracking and printing of information to ensure patient care is maintained. We use this information to help us prepare the medication so that we can deliver the medication correctly to the patient.|
|Clinical Audit||Patient name, Date of Birth, age, Health, Diet, Medical history, Vital statistics||To provide feedback on medication prescribed for patients in residential care facilities.|
|Stock Audit||Patient name, Date of Birth, GMS Number, Location, Health, Diet, Medical history, Vital statistics||To provide feedback on stock held for patients in residential care facilities.|
|Patient Review||Patient Name, Date of Birth, age, Health, Diet, Medical history, Vital statistics||To ensure that the medication prescribed is applicable and there are no health issues due to interactions between medications or the patients’ health.|
|Billing||Next of Kin Name and Address, Patient name, patient location, Death/Discharge date, Medicines supplied||To inform either the Next of Kin or the patient of how much their medication costs and for them to be able to pay their medication bill to us.|
|Bill payments||Patients name, Next of Kin details, address, Medicines supplied, payment details||Used so the patient or Next of Kin can pay for their medication that has been prescribed by their doctor and supplied by the pharmacy.|
|Internal Reporting||Patient name, Date of Birth, age, gender, Health, Diet, Medical history, Vital statistics, medical history, bank details||Used to analyse the data from a financial, clinical and operational perspective.|
|Return of medication||Patient name, location, Medication||It is our regulatory obligation to remove any unused medication from Residential care Facilities to safely destroy them.|
|Hardship applications||Name, Date of Birth, Address, contact details, GMS number, Medication prescribed, PPS Number||To help apply for a reduction in cost liable by the patients for specific medication.|
|HSE payment||Name, Date of Birth, GMS number, Location, Medical history, Prescriptions||To retrieve reimbursements owed to us from the HSE under the specific government approved schemes the resident is approved for.|
6. Your information and Third-Party Service Providers
Third Party Service Providers: We may share your Personal data with or provide access to your personal data to third party service providers that perform services and functions at our direction and on our behalf such as the HSE, billing software, dispensing software, IT service providers, printers, shredding companies, and providers of security and administrative services.
An Garda Síochána, government bodies, or other government officials: we may share your Personal data with an Gardaí, or other government bodies or agencies including but not limited to the Health Services Executive, where required to do so by law.
Regulatory Authorities: we may share your Personal data with our supervisory bodies the Pharmaceutical Society of Ireland(PSI) and other Regulatory Authorities, where required to do so by law.
Median Healthcare and Health Express Group: We may share your information to other Pharmacies in our group to ensure that we are able to perform any emergency supply of medications as required.
- Duration of Processing
We will process personal data on your behalf for so long as you instruct us to do so. At the cessation of our processing activities on your behalf it is your choice as to what happens to the personal data you have provided to us. We will work with you to carry out your reasonable instructions unless we are required to retain it to comply with legal obligations.
Personal data we collect for our own purposes will be managed in accordance with our Data Retention Policy which reflects current legal obligations.
- Use of sub-processors
As part of our service delivery it is necessary for us to use sub-processors.
We use some IT solutions that allow us to perform our legal obligation such as our dispensing software and report generating software.
All sub-processors are bound by Health Express Pharmacy to provide the same level of secure protection for your data as we do.
- Data Security
Health Express Pharmacy has put technological and organisational controls, including policies and procedures, in place to protect your personal data from loss, misuse, alteration or unintentional destruction. Our personnel who have access to the data have been trained to maintain the confidentiality of such information. Conditions to protect data to at least the same standard as we do are cascaded to all our contractors, sub processors and suppliers.
We carry out regular monitoring and testing of our security defences to ensure they continue to be effective against the latest threats.
Data transferred over the internet by us and through our website are protected using encryption technologies and IP restrictions to ensure they remain secure.
Once data reaches your location it is your responsibility to ensure it remains secure.
- Data Breaches
Please note that we will take all appropriate steps to keep your personal data safe. In the unlikely event that we have a security breach, we will notify you without undue delay about the circumstances of the incident in accordance with our legal obligations.
- Your Rights
You have several rights under data protection law in relation to how we use your Personal data. You have the right free of charge to;
- Request a copy of the Personal data we hold about you.
- Rectify any inaccurate personal data we hold about you.
- Erase Personal data we hold about you.
- Restrict processing of your Personal data.
- Receive your Personal data in a structured commonly used and machine-readable format.
- To have that data transmitted to another data controller.
If you wish to exercise any of these rights, please email us on firstname.lastname@example.org. We will respond to your request within 30 days.
You also have the right to lodge a complaint to the Office of the Data Protection Commission, Canal House, Station Road, Portarlington, co. Laois – email@example.com
- Changes & Updates to this Statement
We recommend you check this statement on a regular basis to ensure you remain in agreement with the activities we carry out in respect of processing personal data.
Should we make significant changes to the way we process data, we will draw your attention to the relevant part(s) of this statement through email and or other appropriate communications as part of our engagement activities with you.
For any enquiries, please contact: firstname.lastname@example.org