When we examine, diagnose and treat you at Aagaard Klinik, we need to collect and process some personal data about you.
TYPES OF PERSONAL DATA
At Aagaard Klinik, we collect and process the following types of personal data about you (to the extent it is relevant in your case):
General categories of personal data:
- Name, home address, e-mail address, telephone number, identification card number (Danish CPR number), gender, data on family, social or work-related matters and educational background.
Special categories of personal data (”sensitive personal data”):
- Data on health (e.g. notes in medical records, tests, test results, X-rays, scan results etc.), data on sexual orientation, race or ethnicity and religion.
We process personal data about you for the following purposes:
- To examine, diagnose and treat you
- To prescribe medication, including prescription drugs
- To communicate with or refer you to other healthcare professionals, doctors, hospitals or hospital laboratories
- To issue medical reports and statements
- To issue certificates and statements requested by public authorities, insurance companies etc.
- To report data to clinical quality databases
- To report test results to hospital laboratories
- For payment and settlement purposes
- To comply with our obligations under current legislation, including the EU General Data Protection Regulation, the Danish Data Protection Act, and other relevant healthcare rules and regulations, such as:
- Duty of documentation
- Compliance with basic principles of processing personal data and the legal framework for carrying out treatment
- Initiating and maintaining technical and organisational security measures, including but not limited to, prevention of unauthorised accessing of systems and data, prevention of receiving or spreading malicious software, stopping denial-of-service attacks and damage to computer systems and electronic communication systems
- Investigating in case of suspicion or knowledge of security breaches, and reporting any such breach to individuals and authorities
- Handling of inquiries and complaints from registered persons and others
- Handling of inspections and inquiries from data protection authorities
- Handling of disputes with registered persons and third parties
- Statistical surveys and scientific research
CONSENT TO DISCLOSE PERSONAL DATA
When we collect personal data directly from you, you disclose such information voluntarily. You are not obliged to give us such personal data. However, the consequences of not volunteering to give us personal data would be that we cannot live up to the purposes listed above, and that in some case we would be unable to examine, diagnose and treat you.
TRANSFER OF PERSONAL DATA
To the extent it is necessary in the specific case in order to examine, diagnose or treat you, your personal data will be transferred and shared with the following:
- Personal data will be transferred to other healthcare professionals if acute treatment makes it necessary
- Personal data will be transferred to other public authorities, clinical quality databases, the Danish Vaccination Register, The Danish Patient Safety Authority, the Shared Medication Record, the police, social services, the Labour Market Insurance etc. to the extent we have a duty to do so under current legislation
- As a patient, you have the right to access your own personal data
- When referring patients, personal data is transferred to the healthcare professionals that the referral is sent to
- When reporting laboratory test results, data is transferred to the hospital laboratories
- When reporting personal data in connection with payment for patient treatment, personal data is transferred to the regional budget and accounting departments
- When we issue prescriptions, personal data is transferred to all Danish pharmacies and to the Danish Medicines Agency via the central e-prescription server
- Personal data is transferred when reporting to clinical quality databases
- Discharge summaries are transferred to the referring doctor and in some cases to the referring hospital
- In some cases, personal data may be transferred to relatives or insurance companies
THE LEGAL FRAMEWORK FOR PROCESSING AND TRANSFERRING PERSONAL DATA
The legal framework for collecting, processing and transferring your personal data is made up of the following:
- For ordinary patient treatment, general personal data is collected, processed and transferred pursuant to article 6(1)(c) and (d) of the General Data Protection Regulation, and sensitive personal data is collected, processed and transferred pursuant to article 9(2)(c) and (h) of the Regulation.
- We are also obliged to process a range of personal data about you in connection with your treatment pursuant to Part 6 of the Danish Authorisation Act, the executive order on the duty of healthcare professionals to keep medical records, especially sections 5-10, and Part 9 of the Danish Health Act.
- Health status data to be used when referring patients for further treatment is transferred in accordance with the rules specified in sections 20-23 in the collective agreement for medical specialists, and the Danish Health Act.
- Reporting of laboratory tests results to hospital laboratories takes place in accordance with the rules specified by the Danish Health Authority in their guidance notes on the processing of para-clinical examinations pursuant to the Danish Authorisation Act.
- Data required for settlement of payment for treatment of patients is forwarded once a month to the regional budget and accounting departments in accordance with the rules specified in section 49 of the collective agreement on treatment by medical specialists, and the Danish Health Act.
- Prescription of prescription drugs takes place electronically via the central e-prescription server pursuant to part 42 of the Danish Health Act and the executive order on prescription and dose dispensing of drugs, especially Part 3.
- Patient data on clinical quality is transferred to clinical quality databases according to the rules laid down in sections 195-196 of the Danish Health Act and the executive order on reporting to clinical quality databases etc. Data can also be transferred on the basis of specific consent from you as a patient.
- Discharge summaries, which contain a short summary of the patient’s history of illness and treatment, are transferred to the referring doctor and in some cases to the referring hospital in accordance with part 9 of the Danish Health Act.
- Your personal data can only be transferred to insurance companies with your express consent, cf. articles 6(1)(a) and 9(2)(a) of the General Data Protection Regulation.
- Pursuant to section 43 of the Danish Health Act, your personal data can only be transferred to your relatives with your express consent.
- Pursuant to section 45 of the Danish Health Act, some personal data about deceased patients can be transferred to close relatives, the general practitioner of the deceased and the doctor treating the deceased.
REVOKING YOUR CONSENT
If the processing of your personal data is based on your consent, you have the right to revoke this consent. However, if you revoke your consent, this will not affect any processing of personal data that took place before your revocation, including any transfer of data requiring consent.
USE OF DATA PROCESSORS
Your data is processed and stored by our data processors. They store such data on behalf of Aagaard Klinik and in accordance with our instructions. Our data processors at the moment are:
- Dansk Medicinsk Datacenter
- Logiva A/S
We keep the personal data about you for as long as we need to in order to carry out the specific purpose. However, under the Danish executive order on the duty of healthcare professionals to keep medical records, we are obliged to keep personal data for a minimum of 10 years after the latest addition to the medical record. Sometimes we may have to keep your personal data for longer, e.g. in connection with complaint or compensation cases, when we have to retain the data until a case is closed.
Within the limits of the legislation, you have certain rights, including the right to access your personal data, the right to have incorrect personal data corrected, the right to have personal data erased, the right to restrict the processing of your personal data, the right to data portability, the right to object to the processing of your personal data, including objecting to automated processing, requiring decision-making by natural persons (”profiling”).
You also have the right to complain to the relevant supervisory authorities, including the Danish Data Protection Agency.
Please do not hesitate to contact us if you have any questions regarding our processing and protection of your personal data or if you wish to exercise your rights. You can call us at +45 8612 6121.