Health Service Executive - Dublin North East (Register of Users)

Updated: October 2019*

Does your organisation use the PPS Number at present

Yes

If so, for what purpose(s)?

The purpose for which Dublin North East HSE use PPS Number at present are in the application of the following Schemes:-

• Blind Welfare Allowance
• Domiciliary Care Allowance
• Dental Schemes
• Drug Payment Scheme
• European Health Insurance Cards
• Medical Cards/GP Visit Cards
• Home Help Service/Home Support Service
• Immunisation Services
• Inpatient Services
• Institutional Assistances Services
• Long-Term Illness Scheme
• Maternity Cash Grant
• Mobility Allowance
• Motorised Transport Scheme
• Nursing Home Support Scheme Fair Deal
• Ophthalmic & Aural Services
• Outpatient Services
• Primary Medical Certificate
• In-patient Services Mental Health
• National Cancer Screening Programme
• Oncology Drugs Management
• Bowel Cancer Screening
• Diabetic Screening
• Cervical Smear Screening
• IHI Individual Health Identifier Register
• National Drugs Management Programme System
• Registration of Births Deaths and Marriages

Does your organisation exchange the PPS Number with any external body? If so please name the relevant bodies and the purpose(s) of the exchange.**

• Department of Social Protection for the purposes of administration of schemes
• Revenue Commissioner for the purposes of calculation of taxes and deductions
• General Registers Office for the purpose of registration of births, deaths and marriages
• Department of Public Expenditure and Reform.

What future plans has your organisation for the use of PPS Number?

• Out-patient Parental Antimicrobial Therapy
• Assessment of Need

There is a duty to ensure compliance with the principles of processing personal data which are set out in Article 5(1) and 5(2) of the GDPR. These principles are summarised as follows

• Process it lawfully, fairly, and in a transparent manner;
• Collect it only for one or more specified, explicit and legitimate purposes, and do not otherwise use it in a way that is incompatible with those purposes;
• Ensure it is adequate, relevant and limited to what is necessary for the purpose it is processed;
• Keep it accurate and up-to-date and erase or rectify any inaccurate data without delay;
• Where it is kept in a way that allows you to identify who the data is about, retain it for no longer than is necessary;
• Keep it secure by using appropriate technical and/or organisational security measures;
• Be able to demonstrate your compliance with the above principles; and
• Respond to requests by individuals seeking to exercise their data protection rights (for example the right of access

Have you measures in place to ensure that the Public Service Identity data you hold/collect whether in electronic or written format is in line with the GDPR Principles described above?

Public Service Identity data is only captured on a need to know basis.

Security within HSE re PPS Number Usage

Measures are in place throughout the HSE to ensure that the public services identity data we hold/collect in electronic or written format is safe and secure and that it is only assessable on a need to know basis and processed in connection for the purpose for which it has been provided.

• all staff are made aware of the Data Protection Acts 1988 and 2018and the General Data Protection Regulation 2016 and their obligation in this regard.*Data Protection Awareness training is provided on an on-going basis
• all staff are required to comply with the eight principles of Data Protection - HSE on-line Fundamentals of GDPR Training recently developed.
• Updates are provided throughout the HSE with regard to Data Protection Compliance
• All staff are required to comply the principles of Data Protection and the HSE Privacy Notice. In addition the HSE ensure that data subjects rights are protected as set out in GDPR
• Data Protection Inspections are undertaken by Consumer Affairs teams.
• All HSE staff are required to read GDPR It’s Everyone’s Responsibility and sign the Data Protection Confirmation Form and same is held on file by Line Managers.

All staff are required to comply with

• HSE Data Protection Policy
• HSE Record Retention Policy
• HSE Information Technology Policy/Electronic Communication Polices
• HSE Privacy Notice Employees
• Data Privacy Impact Assessment Guidance
• GDPR – Its Everyone’s Responsibility
• HSE Data Breach Guidance
• Data Protection Procedures for Handling Access Requests
• Data Protection and Freedom of Information Legislation - Guidance for Health Service Staff

Physical Safeguards re records which contain PPSN

Designation of roles of Data Protection Officer. Restricted access to manual records on a need to know basis, services users client, and staff files. Restricted access to password protected computer equipment, Computer rooms locked, locked safes and cabinets, access to reports and VDUs tightly controlled. CCTV, Firewalls. Encryption Policy.

Technical Safeguards

Access is confined to authorised personnel under password control. Laptops, Blackberry devices, IPhones and Smart Phones are protected by encryption. CCTV, Infectious disease surveillance and control, technical safeguard amendment, log in ID and password control, firewall intrusion detection, data encryption.

Updated Alert will issue to all service areas with regard to the usage of Personal Public Service Number.

The following documentation is made available to all staff:-

• Data Protection is Everyone’s responsibility - An Introductory Guide for Health Service Staff
• Data Protection and Freedom of Information Legislation - Guidance for Health Service Staff
• Records Retention Periods
• HSE Privacy Notice - Patient and Service Users *HSE Privacy Notice – Employees
• Summary Privacy Notice
• Frequently Asked Questions Documents
• General Data Protection Regulation (GDPR) Data Breach Incident Report Form
• Data Breach Process Guidance
• HSE Data Breach/Incident Process Flow
• HSE SARS Process
• HSE SARS Form