Privacy Policy

Privacy Statement Centric Health 
What is a Privacy Policy?
A ‘privacy notice’ lets you know what happens to any personal data that you may give us or that we may collect 
from you or about you (as a patient, family member, carer or visitor). This notice is issued by Centric Health as 
a primary care healthcare provider, and covers the information we hold about our patients, their families and 
other individuals who may use our services.
An extended version of this privacy policy can be located at: www.centricgp.ie/privacy-statement 
Who are we and what do we do?
Centric Health is a high-quality Primary Care group with a growing network of family GP practices and patients 
across Ireland. The company was founded in 2004 by two doctors, Dr Maurice Cox (CEO) and Dr Ray Power 
(Medical Director). Centric Health was established with a goal to provide healthcare in a community setting, 
centered on the needs of our patients. 
Why have we issued this Privacy notice for our patients, families and others
We are committed to being open about the information we collect about you, how we use this information, 
with whom we share it, and how we store and secure it. We recognise the importance of protecting personal 
and confidential information in all that we do, and take care to meet our legal and other duties, including 
compliance with relevant law, regulations and guidance
Under the General Data Protection Regulation (GDPR) Centric Health has a legal duty to ensure patient data, 
supplied as part of the patient process within Centric Health, is kept secure and safe.
Personal data will be obtained in a lawful, fair and transparent manner for a specified purpose and will not be 
disclosed to any third party, except in a manner compatible with that purpose.
“Personal data” means data relating to a living individual who is or can be identified either from the data or 
from the data in conjunction with other information that is in, or is likely to come into, the possession of the 
data controller (“Centric Health”);
All medical information is seen as “sensitive personal information” and we will endeavor to ensure your 
information is treated with the utmost respect and confidentiality.
Our practices conform with the Medical Council guidelines and the privacy principles of the Data Protection 
Legislation. This Privacy Statement is about making your consent meaningful by advising you of our policies 
and practices on dealing with your medical information.
Who controls the use of your personal data?
Centric Health ,whose registered address is Centric Health , Floor 7, RSA House, Dundrum Town Centre, 
Sandyford Road, Dundrum, Dublin 16, D16 FC92 is the company that controls and is responsible for personal 
data that is collected in relation to your healthcare. If you have any queries in relation to the processing of your 
personal data, we have appointed a data protection officer that you can contact as follows: by post at
Data Protection Officer, Floor 7 , RSA House, Dundrum Town Centre, Sandyford Road, Dundrum, Dublin 16, 
D16 FC92 or by email at DPO@centrichealth.ie
Managing your Information
• To provide for your care we need to collect and keep information about you and your health on our 
records. The type of information we need to collect from you includes your name, address, personal phone 
number, date of birth, marital status, nationality, PPS number, medical card number, family history, ethnic 
background, current lifestyle, next of kin/emergency contact details and details regarding previous medical 
history.
• Upon receipt of a signed Registration Form we use this data to communicate with you in the interests of 
your own healthcare but will not forward it to anyone else without your expressed consent. 
• We may also contact you regarding relevant information or services to assist you in your healthcare needs 
such as ECG, 24hr Blood Pressure Monitoring, flu vaccines or medical assessments.
• We will only ask for and keep information that is necessary. We will attempt to keep it as accurate and up 
to- date as possible. We will explain the need for any information we ask for if you are not sure why it is 
needed.
• Please inform us about any relevant changes that we should know about, such as change of address, phone 
numbers, family circumstances, any new treatments or investigations being carried out that we are not 
aware of.
• All persons in the practice (not already covered by a professional confidentiality code) sign a confidentiality 
agreement that explicitly makes clear their duties in relation to personal health information and the 
consequences of breaching that duty.
• Access to patient records is regulated to ensure that they are used only to the extent necessary to enable 
the Clinicians and or Admin team to perform their tasks for the proper functioning of the practice. In this 
regard, patients should understand that practice staff may have access to their records for:
• Identifying and printing repeat prescriptions for patients. These are then reviewed and signed by the GP.
• Generating a social welfare certificate for the patient.
• Typing referral letters to hospital consultants or allied health professionals such as physiotherapists, 
occupational therapists, psychologists and dieticians.
• Opening letters from other GP Practices, Hospitals and consultants. The letters could be appended to a 
patient’s paper file or scanned into their electronic patient record.
• Scanning clinical letters, radiology reports and any other documents not available in electronic format.
• Dealing with patient complaints.
• Checking for a patient if a hospital or consultant letter is back or if a laboratory or radiology result is 
back, in order to schedule an appointment or conversation with the GP .
• Handling, printing, photocopying and postage of medico legal and life assurance reports, and of 
associated documents.
• The practice is committed to guarding against accidental disclosures of confidential patient information. 
Before disclosing identifiable information about patients, the practice will:
• Take into consideration Freedom of Information and Data Protection principles.
• Be clear about the purpose for disclosure.
• Be satisfied that we are disclosing the minimum information to the minimum amount of people 
necessary.
• Be satisfied that the intended recipient is aware the information is confidential and that they have their 
own duty of confidentiality.
How we use & Process your data
Centric Health needs to process clinical information about our patients to ensure that all clinical staff have 
complete information to ensure you get the best treatment while under our care.
Each patient will have a unique Medical Record and all your details are kept within your unique medical record.
We process your personal data to provide you with our services and to assist us in the operation of our 
business. Under data protection law we are required to ensure that there is an appropriate basis for the 
processing of your personal data, and we are required to let you know what that basis is.
There are various options under data protection law, but the primary bases that we use are (a) processing 
necessary for the performance of our contracts with you, (b) processing necessary in order for us to pursue our 
legitimate interests, (c) processing where we have your and/or your dependents’ consent, (d) processing that is 
required under applicable law (e ) Vital Interest.
Here are further details of our processing of your personal data below, together with the basis for that 
processing:
Provide Care
• Your information is shared with other health professionals involved in your care; this can include but is not 
limited to GP practices, other hospitals, other hospital departments who are involved in providing you with 
your care and community services.
• Depending on your circumstances we may also need to share your information with external organisations 
to provide you with your treatment, drugs or equipment, this can include but is not limited to the voluntary 
sector, care homes, pharmaceutical companies, private health care providers and external companies who 
provide specialist equipment.
• Centric Health offer a referral service to Spectrum Mental Health. This will be done in conjunction with you 
and only relevant and appropriate medical information will be securely transferred.
Research
Your information will only be used with your explicit consent. We would invite you to enquire about our 
Heartcare at Home Research by contacting the heartcare at Home team on 01-2993546, email
us heartcare@centrichealth.ie or visit https://heartcareathome.ie/.
Research seeks to investigate new treatments, interventions, and management procedures so that patient care 
is continually improved.
Legal requirements
In certain circumstances, we are required by law to report information to the appropriate authorities. This 
information is often provided after authority has been given by a qualified health professional. For example:
• Where we encounter infectious diseases, which may endanger the safety of others e.g. COVID 19, 
meningitis or measles
• Where a formal court order has been issued
• Section 7(1)(a) of the Ombudsman Act 1980 provides the Ombudsman with powers to acquire information 
or documents for the purpose of a preliminary examination or investigation by him or her under the Act.
• Ombudsman for Children: Section 14 of the Ombudsman for Children Act 2002 provides the Ombudsman 
for Children with the power to acquire information.
The Data Protection Commissioner may, for the purposes of the investigation of a complaint under the 
Data Protection Acts, require the Centric Health to provide any documentation as is considered necessary 
information or documents for the purpose of a preliminary examination or investigation.
Your Rights
Under GDPR, you have rights regarding the use of your personal details and the Centric Health as controller of 
that data has a responsibility in how we handle this information.
You have the right to data protection when your details are:
• held on a computer.
• held on paper or other manual form as part of a filing system; and
• images of your data, e.g. XRAY
What Centric Health must do?
Centric Health will comply with the Principles of GDPR
• To obtain information lawfully, fairly and transparently.
• Collect only data necessary for a specific purpose(s) and only use this data for set purpose
• Ensure the information is accurate and up to date. We will need your help for this, so please inform us if you 
have changed any contact or next of kin details.
• Data is stored as long as necessary to provide excellent care
• We will endeavor to keep your data safe and secure.
Right to obtain a copy of your information
Under GDPR, you have a right to obtain a copy, clearly explained, of any information relating to you kept on 
computer or in a structured manual filing system or intended for such a system by any entity or organisation.
Please provide details of the last Doctor or practice you visited.
• Supply relevant information to locate records
• Include legal name, date of birth and date of service and Medical record number (if possible)
• Be accompanied by appropriate identification example Current Irish Driver’s License, Valid Passport and 
Proof of address example a current utility bill. This is to make sure that personal information is not given to 
the wrong person.
Once you have made your request, you must be given the information within 30 calendar days and free of 
charge. A charge will only apply if the request is deemed to be excessive or repetitive in nature. If there are to 
be any delays the GP practice in question will contact, you and keep you up to date.
Delivery
The recommended method of delivery of the request is by
• Registered post via An Post service.
• The copy may be collected by hand – but proof of identification may be required.
• Emailed using an agreed password and confirming receipt.
• Faxed following from confirmation of fax number and confirmation of receipt .
Retention of personal data
Centric Health will retain your personal data in accordance with our record retention policy. This policy operates 
on the principle that we keep personal data for no longer than is necessary for the purpose for which we 
collected it. It is also kept in accordance with any legal requirements that are imposed on us. This means that 
the retention period for your personal data will vary depending on the type of personal data. For further 
information about the criteria that we apply to determine retention periods please see below:
• Statutory and regulatory obligations - As we work in a highly regulated industry, we have certain statutory 
and regulatory obligations to retain personal data for set periods of time.
• Managing legal claims - When we assess how long we keep personal data we take into account whether 
that data may be required in order to defend any legal claims which may be made. If such data is required, 
we may keep it until the statute of limitations runs out in relation to the type of claim that can be made.
• Business requirements - As we only collect personal data for defined purposes, we assess how long we 
need to keep personal data for in order to meet our reasonable business purposes.
Transferring to another GP Practice
If you decide at any time and for whatever reason to transfer to another GP Practice, we will facilitate that 
decision by making available to your new doctor a copy of your records on receipt of your signed consent. For 
medico-legal reasons we will also retain a copy of your records in this practice for an appropriate period of
time which may exceed eight years. However, we mark your medical record ‘in-active’ and therefore it is 
‘archived’
CCTV
For security reasons, the General Practice may have CCTV cameras at the different access points in and outside 
the building in order to prevent intruders or individuals who could damage property of the General Practice or 
remove goods or information from the General Practice without authorisation. As a member of the public or 
staff of the General Practice your image will be captured on such CCTV cameras, however the General Practice 
will only disclose such CCTV footage to other parties where necessary to investigate a break in or other 
unauthorised access to the General Practice
Data protection Officer
If you have any questions about your data protection, you may contact Centric Health’s Data Protection Officer:
Greta Cronin
Email: DPO@centrichealth.ie Phone: 01 299 3500
Letter: Greta Cronin, Centric Health , Floor 7, RSA House, Dundrum Town Centre, Sandyford Road, Dundrum, 
Dublin 16, D16 FC92