Practice Privacy and Confidentiality Statement



Dunmore Medical Practice,
High Street,
Co. Galway,
H54 NP80


Practice Name


Dunmore Medical Practice
Practice Address


Dunmore Medical Practice,
High Street,
Co. Galway,
H54 NP80
Practice Phone Number


Data Controller


Dr. Catherine Sweeney
Lead for Data Protection


Dr. Catherine Sweeney


Practice Privacy Statement

This Practice wants to ensure the highest standard of medical care for our patients. We understand that a General Practice is a trusted community governed by an ethic of privacy and confidentiality. Our approach is consistent with the Medical Council guidelines and the privacy principles of the Data Protection Regulations. It is not possible to undertake medical care without collecting and processing personal data and data concerning health. In fact, to do so would be in breach of the Medical Council’s ‘Guide to Professional Conduct and Ethics for Doctors’. This document is about advising you of our policies and practices on dealing with your medical information.


Legal Basis for Processing Your Data

This practice has voluntarily signed up for the ICGP Data Protection Guideline for GPs. The processing of personal data in general practice is necessary, in order to protect the vital interests of the patient and for the provision of health care and public health. You can access the Guideline at In most circumstances we hold your data until 8 years after your death or 8 years since your last contact with the practice. There are exceptions to this rule, and these are described in the Guideline referenced above.


Managing Your Information

you and your health on our records.

it as accurate and up to-date as possible. We will explain the need for any

information we ask for if you are not sure why it is needed.

This would include such things as any new treatments or investigations being carried

out that we are not aware of. Please also inform us of change of address and phone


code) sign a confidentiality agreement that explicitly makes clear their duties in

relation to personal health information and the consequences of breaching that


necessary to enable the secretary or manager to perform their tasks for the

proper functioning of the practice. In this regard, patients should understand that practice staff may have access to their records for:


Disclosure With Consent

If a patient is capable of making their own decisions about their healthcare, we will get their consent before giving confidential information that identifies them to the patient’s relatives close friends, or for research or to disease registers.


If the patient does not consent to disclosure of identifiable information we will respect that decision except where failure to make the disclosure would put the patient or others at risk of serious harm or the disclosure is required by law or in the public interest as outline below.


Patients should understand and accept that their healthcare information must be shared within the healthcare team and with support staff to provide effective and safe care.  If disclosure of a patient’s information within our practice or to other health care providers is necessary as part of a patient’s treatment and care, we will explain this to the patient and disclose the information to an appropriate person making sure they are aware of their duty of confidentiality. If a patient objects to the transfer of the information we deem necessary, we will explain to the patient that we cannot arrange referral or treatment without disclosing the information.


Disclosure Without Consent

In certain circumstances we will be required to disclose patient information by law or in the public interest. We will inform the patient in advance of such an intended disclosure, unless this would cause the patient serious harm or would undermine the purposes of the disclosure.


We will disclose patient information where required by law, for example, pursuant to a court order or infectious disease notification or if we hold a reasonable belief that a crime involving a sexual assault or other violence has been committed against a child or other vulnerable person. We may make a disclosure in the public interest to protect a patient, other identifiable people or the wider community. Before making such a disclosure the practice will be satisfied that the possible harm the disclosure may cause to the patient is outweighed by the benefits that are likely to arise for the patient or others. The disclosure will be limited to the minimum information and minimum number of people necessary.


If a patient lacks capacity to give consent and is unlikely to regain capacity we may consider making a disclosure only if it is in the best interests of the patient.


As a general rule where possible we will always tell the patient in advance that we are disclosing information without the patient’s consent and why the GP is doing so, unless to do so would put the patient or third party at risk of serious harm.


Clinical Audit, Quality Assurance, Education and Training

We recognise that clinical audit, quality assurance, education and training are essential for providing safe and effective healthcare. If we are providing patient information pursuant to of any of these activities, we understand the information must be anonymised or coded before it is disclosed outside the healthcare team. If that is not possible, we will make sure a patient is told about the disclosure in advance and given the opportunity to object.  We will respect a patient’s wishes in respect of the disclosure.


It is usual for GPs to discuss patient case histories as part of their continuing medical education or for the purpose of training GPs and/or medical students. In these situations the identity of the patient concerned will not be revealed.


Our practice is involved in the training of GPs and is attached to a General Practice Training Programme. As part of this programme GP Registrars will work in the practice and may be involved in your care.


Request for Records from a Patient or Third Party Before and After Death of a Patient

If the practice receives a request from a patient to release a copy of a patient’s records we will consider carefully the obligation to remove all references to third parties.


In the case of requests for disclosures to insurance companies or requests made by solicitors for a patient’s records we will only release the information once we have the request in writing and the patient’s has signed a consent form, having ensured that the patient understands in advance the extent of the intended disclosure.


We are aware that patient information remains confidential even after death. If it is not clear if a patient consented to the disclosure of information after death, we will consider how the disclosure might benefit or cause distress to the family or carers, the effect of disclosure on the reputation of the deceased and the purpose of disclosure.  We will require written consent to disclosure of a deceased’s patient’s records from the personal representative or executor of the deceased’s will. We are aware that a GP’s discretion may be limited if a disclosure of a patient’s records is required by law.


Medical Reports

We will only prepare a medical report on a patient with a patient’s consent. A report will be specific to the episode for which the report has been requested.  We understand that a medical report requested by a third party such as an employer, insurance company or legal representative must be factual, accurate and not misleading.  We will seek to ensure that the patient understands the scope and purpose of the report and that the GP cannot omit relevant information. We will also seek to ensure the patient is aware of our duty of care to them and to the person/company from whom the report was requested. We will take the patient through the report before we release it so the patient appreciates the extent of the information we are reporting upon.



We are committed to ensuring that any audio, visual or photographic recordings of a patient or relative of a patient, in which the person is identifiable, should only be made with express consent of that person. The recordings will be kept confidential as a part of the patient’s record of consent. We will do all we reasonably can to protect confidentiality of the recording. We will get consent before sharing such videos, photos or other images of a patient.


We will only take images of patients on a GP’s personal mobile device when necessary for the patient’s care. Such images will not identify a patient and shall only be kept for the minimum time necessary.


Medical Certificates

In general, work related Medical Certificates from a GP will only provide a confirmation that a patient is unfit for work with an indication of when the patient will be fit to resume work. Where it is considered necessary to provide additional information we will discuss that with the patient. However, Social Welfare Certificates of Incapacity for work must include the medical reason the patient is unfit to work.


Your Data Protection rights

Under Data Protection legislation, you have the right to:

[Note: If you withdraw consent, we may not be able to continue to provide treatment and services to you.  We will talk to you about the possible consequences of withdrawing consent, if and when you let us know that you are thinking of this. The withdrawal of consent will not undermine the lawfulness of processing carried out prior to the withdrawal.]


If you wish to see your records, in most cases the quickest way is to discuss this with your doctor who will review the information in the record with you. You can make a formal written access request to the practice and receive a copy of your medical records. These will be provided to you within thirty days, without cost.


Dunmore Medical Practice’s registered Data Protection Officer is Dr. Catherine Sweeney.  Any queries, concerns or requests to exercise your rights under Data Protection legislation may be addressed to Dr. Sweeney at


Transferring to Another Practice

If you decide at any time and for whatever reason to transfer to another practice we will facilitate that decision by making available to your new doctor a copy of your records on receipt of your signed consent from your new doctor. For medico-legal reasons we will also retain a copy of your records in this practice for an appropriate period of time which may exceed eight years.


Ballindine Primary Healthcare Hub

Both Sweeney Family Practice and Townley Medical Practice operate their services from Ballindine Primary Healthcare Hub, where service cover is provided for each other but also for Dunmore Medical Practice. In order to facilitate this arrangement with patient safety in mind, the practice staff of both Townley Medical Practice and Sweeney Family Practice have access to Dunmore Medical Practice’s medical records in line with Dunmore Medical Practice’s privacy policy.



We hope this leaflet has explained any issues that may arise. If you have any questions, please speak to the practice administrator or your doctor.


We hope this policy has explained any issues that might arise. If you have any questions please speak to the practice secretary or your doctor.