Data Protection

At The National Maternity Hospital (NMH), we take your privacy seriously.  It is important that you know exactly what we do with personal information that you and others provide to us, why we gather it and what it means to you. Our Privacy Statement is being provided to you in line with our obligations under the General Data Protection Regulation (GDPR), which came into force on 25th May 2018. GDPR together with applicable Irish legislation amends existing data protection law and place enhanced accountability and transparency obligations on organisations when using your information.

The NMH is a quality oriented organisation and is determined to develop and improve the services it provides to women, babies and their families. The GDPR introduces changes which will give you greater control over your personal information.

Everyone working for NMH has a legal duty to keep personal information about you confidential. The NMH Privacy Statement explains why we ask for your personal information, how that information will be used and how you can access your information.  

If you would like to know more about how we use your information or for any reason you do not wish to have your information used in any of the ways described, please speak to the health professionals concerned with your care.

We reserve the right to change this Privacy Statement from time to time at our sole discretion. If we make any changes, we will post those changes here. However, if we make material changes to this Privacy Statement, we will notify you by means of a prominent notice on the website prior to the change becoming effective. Please review this Privacy Statement periodically for updates.

Further guidance about data protection can be obtained from the Data Protection Commissioners website at www.dataprotection.ie or www.gdprandyou.ie

Who Are We?

The National Maternity Hospital (NMH) specialises in the provision of obstetrics, gynaecology and neonatal services.

The National Maternity Hospital
Holles Street
Dublin 2
DO2 YH21

Data Protection Registration Number:  1148/A 

Information We Collect

"Personal data" means any information about an individual from which that person can be identified.  There are instances where we invite or request individuals to provide us with their personal data, including through our website (Privacy Policy & Cookies).  In addition, individuals may volunteer their personal data to us by various means of communication, e.g. by telephone, email or via our website.

Some of the ways we collect information from / about you are:-

  • Referral letter received by us
  • Telephone call from a GP or other third party
  • Registration form completed and sent in to our central booking office
  • Attendance at a clinic or emergency room
  • Admission to the hospital
  • Insurance form completed.

In providing our services, we may also receive personal data, including sensitive personal data, indirectly.  Categories of such personal data include names, addresses, contact information and other information that is relevant to the provision of our services.

How We Use Personal Information We Collect

We will only use your personal data for the purposes and legal bases set out in this table.  It is important that your health records are accurate and up-to-date as they will help make sure that any staff looking after you are able to provide you with the care that you require.

We will store your personal data only for as long as necessary for the purposes for which it was collected; as required by law or regulatory guidance to which we are subject, and for the exercise or defence of legal claims that may be brought by or against us.

In line with best practice the NMH references the HSE Retention Policy with regard to the recommended retention period for medical data to satisfy the requirements of the GDPR.

Disclosing Your Information

We may disclose your personal data to:

  • A third party who provides a service to us
  • A public authority in the event that we are required to do so by law
  • A prospective seller or buyer of any our business or assets
  •  A third party where we are under a duty to disclose or share your personal data in order to comply with any legal obligation
  • A third party where it is necessary to protect the vital interests of the data subject or another natural person
  • A third party where necessary for our legitimate business interests to protect the rights, property, or safety of NMH, our customers, or others
  • Your registered GP

Some of the ways we may share your information with your consent is as follows:  

  • With another Hospital
  • With a third party representative
  • With your next of kin
  • For non-anonymised research
  • With your insurance company

Research:   Anonymised data is used as a basis for clinical audit and for research purposes.   The NMH is a teaching hospital; we work closely with University College Dublin (UCD). Research projects are approved by the NMH Research Ethics Committee.

Anonymised data is shared with the National Treatment Purchase Fund (NTPF).

Some personal data is also shared as follows and may be applicable to you:

  • General Registrars Office – for the purposes of birth registration  
  • Cancer Research
  • Infectious Diseases
  • IBTS
  • HPO
  • PHN - Public Health Nurses
  • Child protection
  • Department of Social Welfare (where legislation permits)
  • Congenital Anomaly Register
  • An Garda Siochana (where legislation permits)

When other organisations are involved in your care we may need to share details about you to enable us to work together for your benefit.  Information will only be shared with them if they have genuine need for it and where possible we will ask for your consent on this.

Your Rights

You have the right to request access to, rectification, or erasure of your personal data, or restriction of processing or object to processing of your personal data, as well as the right to data portability. In each case, these rights are subject to restrictions as laid down by law. The following is a summary of your rights:

  • The right of access enables you to receive a copy of your personal data
  • The right to rectification enables you to correct any inaccurate or incomplete personal data we hold about you
  • The right to erasure enables you to ask us to delete your personal data in certain circumstances
  • The right to restrict processing enables you to ask us to halt the processing of your personal data in certain circumstances
  • The right to object enables you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party).
  • The right to data portability enables you to request us to transmit personal data that you have provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible.

You have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR.

If you wish to exercise any of these rights, please contact us.  We will respond to your request within one month. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request. We may request proof of identification to verify your request. We have the right to refuse your request where there is a basis to do so in law, or if it is manifestly unfounded or excessive, or to the extent necessary for important objectives of public interest.

Accessing Your Information

Under the Data Protection Act 2018 / GDPR you have a right to obtain a copy / access any electronic or manual information that the NMH holds about you.  The hospital will provide you with a copy of your personal data held by the hospital on request free of charge within 30 days from the date you make the access request.

In certain circumstances access to your records may be limited, e.g. if it is felt to be in your best interest or for the protection of others.

If you would like a copy of your personal data, please write in to the Data Protection Officer enclosing a copy of your photo ID (proof of identity) with your signed (Data Protection Subject Access Request Form) request to:

Gayle Reilly
Data Protection Officer,
The National Maternity Hospital,
Holles Street,
Dublin 2.
DO2 YH21

Or email dpo@nmh.ie

We are unable to accept access requests via telephone or text message.

FAQ

A list of GDPR Frequently Asked Questions can be reviewed on the HSE website.

Contact Us

Questions, comments, requests and complaints regarding this Privacy Statement and the personal data we hold are welcome and can be made by email or in writing using the contact details below. All requests will be dealt with promptly and efficiently.

E-mail: dpo@nmh.ie

Gayle Reilly
Data Protection Officer
The National Maternity Hospital,
Holles Street,
Dublin 2,
D02 YH21.