Medical Practice Bofferdange – Privacy Notice
This privacy notice sets out how the Medical Practice Bofferdange (“Practice”) holds certain personal information (known as personal data) about our patients and sets out the Practice’s procedures for ensuring it complies with The General Data Protection Regulation (GDPR) which came into force in May 2018.
What personal data do we hold?
To provide our patients with a high standard of medical care, we need to hold personal information. This data can include
any contact the Practice has had with you, such as appointments, Practice visits, emergency appointments, email correspondence between patients and doctors;
clinical records made here in the Practice including details of your treatment and care;
results and reports received from hospitals, laboratories etc.;
copies of medical images such as x-rays, MRI scans etc.;
correspondence between third party medical specialists and our doctors;
correspondence with employers, insurance companies and the CNS, the Luxembourg health fund, concerning reimbursement of your health care expenses;
We also hold personal contact information such as address, telephone number, email address, insurance details and we link our records together by family. These records are used to help to provide you with the best possible healthcare.
We will retain your medical records here in the practice and non-active records will be archived and then destroyed securely once the retention period for medical record expires.
Healthcare records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure.
Personal data about you is held in the practice’s computer system which is only accessible to authorized team members, all of whom are bound by our strict code of confidentiality.
Paper copies of results are stored in our locked manual filing system.
Our computer system has secure audit trails and is backed up daily on an encrypted cloud-based service hosted in Luxembourg.
Disclosure of information.
Every member of staff at the Practice has a legal obligation to keep information about you confidential. However, to provide safe and proper medical care, we may need to disclose personal information about you to other health professionals caring for you, with your consent.
Sometimes we may be asked to share information with other parties such as social services or an employer and this would only occur when we have your specific consent.
In very limited circumstances, or when required by law or a court order, personal data may have to be disclosed to a third party. Where possible, you would be informed of these requests/needs for disclosure.
You have the right of access to the data that we hold about you and to receive a copy. Parents may access their child’s records if this is in the child’s best interests and not contrary to a competent child’s wishes. Requests for access or copies must be made in writing to a member of the Practice team.
It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.
Who is the Data Controller?
The Data Controller, responsible for keeping your information secure and confidential is:
Cabinet Médical Bofferdange
207 Route de Luxembourg
Who is the Data Protection Officer?
The Data Protection Officer of the controller is:
Dr. Ana-Maria Lapusneanu
207 Route de Luxembourg
If you do not wish personal data that we hold about you to be disclosed or used in the way that is described in this notice, please discuss the matter with your doctor. You have the right to object; however this may affect our ability to provide you with medical care.
You have the right to withdraw your consent at any time, however, this will not be retrospective.