GDPR (General Data Protection Regulation) 2018 is the most important change in data privacy regulation in 20 years. After four years of preparation and debate, the European Union (EU) Parliament approved the regulation on 14 April 2016. By 25 May 2018, all organisations that process the data of EU residents must be in compliance with GDPR.
The regulation replaces Irish data protection legislation (Data Protections Acts 1988/2003) and harmonises data privacy laws across Europe. It is designed to protect and empower all EU citizens’ and residents’ data privacy. It also reshapes the way organisations across the region approach data privacy.
To carry out the survey, the National Care Experience Programme processes the contact details of patients, eligible to participate in patient experience surveys. This is necessary to ensure that all eligible participants receive the survey and have the opportunity to tell us about their experience.
We inform every patient on discharge that they will be asked to participate in a survey and provide five different ways for participants to opt out of a survey. We also conduct national media campaigns to make sure that everyone is aware when a survey is taking place.
The aim of the National Care Experience Programme is to collect patients’ feedback on their experience of hospital care in Ireland. This information will be used to inform quality improvements across the healthcare system. The National Care Experience Programme therefore complies with Article 6 1(e) of GDPR as it is carried out in the public interest.
To ensure that the privacy rights of potential participants are respected, we have put a Data Sharing Agreement in place with each participating hospital attained Ethical Approval conducted a Privacy Impact Assessment (PIA) to identify and mitigate any risks to participants’ privacy rights. This was completed in 2017 and revised in 2018.
For more information on how participants’ information is processed and how data citizens’ privacy rights are respected, see here.
For more information on GDPR, please go to here.