Safe and secure handling of personal data at Avestahälsan
Your healthcare provider is responsible for your care and thus also the processing of your personal data.
Within the Avestahälsan Group, Vårdcentral and Företagshälsa are run.
The person responsible for personal data for these activities is: Avestahälsan, Markusgatan 17, 77430 Avesta.
The Data Protection Officer for Avestahälsan’s operations can be reached via firstname.lastname@example.org or a letter to the Data Protection Officer, Avestahälsan, Markusgatan 17, 77430 Avesta.
The purpose of the processing of personal data
Every time you seek care from us, we register personal information about you in various care registers. We need to do this so that you as a patient will receive as good and safe care as possible.
We process your personal data in the health care system for
- the patient record and other documentation needed for your care
- administration in order to provide the right care
- other documentation that follows from law, regulation or other statute
- development and quality assurance of care
- planning, evaluation and business follow-up
- compilation of statistics on the results of health care, for example to quality registers
The processing of your personal data for the fulfillment of these purposes is regulated in Patient Data Act (2008: 355)
For certain personal data processing, we need your consent, for example to be able to make digital mailings to you via e-mail or text message. You always have the right to revoke your consent, after which the processing of personal data ceases. Please note that each care provider also handles these consents, ie if you want to withdraw your consent from more than one care provider, you must contact all of them. This also applies to medical services such as laboratories and X-rays.
Categories of personal data
We only collect personal data about you that is necessary to fulfill the purposes of the personal data processing that
- social security number
- contact information
- email address
- health-related tasks
We also process sensitive personal data where it is considered necessary to provide you with the right and secure healthcare. In some cases, personal information about close relatives that you or the close relative has provided is also processed.
Privacy and security regulations that apply to the data and processing
We may only disclose information about you if neither you nor anyone close to you suffers but from a disclosure. The starting point is that the disclosure of your information must take place with your consent. In certain situations, however, we have a legal obligation to provide information to county councils and authorities.
For journals, confidentiality and confidentiality apply. Unauthorized persons are prevented from gaining access to your personal data through various security measures, such as restriction of access to patient data.
Preservation and thinning
As a rule, patient records and the personal data that are there for at least 10 years from the last time of care are preserved. Data for patient and financial administration are preserved as long as we have a legal basis for our treatment and they are considered necessary to preserve. After that, they will be deleted or deidentified so that they can no longer be linked to a person.
If you have a complaint about how your personal data is processed and / or protected, we ask you to send it in writing to email@example.com or a letter to the Data Protection Officer, Avestahälsan, Markusgatan 17, 77430 Avesta.
You can also contact the Privacy Protection Agency (IMY) if you believe that your personal data has been handled incorrectly.
Coherent record keeping
Coherent record keeping, where care providers under certain conditions can have direct access to each other’s electronic record documents, is not fully applied to Avestahälsan as care providers may have different record systems that are not interconnected.
Through coherent record keeping, healthcare professionals can gain access to record information from other care providers that is important for diagnosis and care, such as previous test results, medicines, diagnoses and treatments. As a patient, you do not have to disclose your entire care history when you seek care from a new care provider.
Only the care provider who has an ongoing patient relationship with you may access information about you in a coherent medical record. When care staff at a new care provider that you meet want to read your information in a coherent journal, the right authorization from the care staff is required. You as a patient must consent to your medical record being read.
Contact the reception you visited for more information about unified record keeping.
You have the right to say no to coherent record keeping, in which case you must notify your doctor responsible for the patient.
Block of patient record
You have the right to block your medical record or parts of it from other care providers, but then you are responsible for informing yourself about what the care staff needs to know in order to provide you with good and safe care.
Requests for a block regarding the health center are made via the 1177 care guide’s e-services . Guardians can not block their child’s medical record.
Regarding occupational health care, please contact us via firstname.lastname@example.org .
Cancellation of blocked patient record
If you have chosen to block your journal and want to lift the block, we will help you do this. You must request cancellation of the blocked patient record yourself, this can not be done by a representative or person with a power of attorney. To lift the ban, you must visit your healthcare provider.
Emergency opening can be used
If there is a danger to life and health and you are unconscious, or too involved to give your permission to the healthcare staff to take part in information in a coherent medical record, there is the possibility for the healthcare staff to do so anyway. Then the care staff first sees which care providers have medical record information about you in the consolidated medical record. The medical records that are deemed to be relevant to the current care situation can be accessed by the staff. Then the care staff must contact the other care provider who can temporarily lift the lock and thus make it possible to read the medical records with an emergency opening.
National quality registers
To follow up and improve care, we report information to national quality registers. For each quality register, there is a central organization responsible for personal data that is responsible for the national register.
As a reporting care provider, we have direct access to the information we have reported to the quality registers. The organization responsible for the register can also take part in your information.
There is no requirement that you as a patient must consent to be registered, but as a patient you have the right to be informed about the registers. Then you can choose whether or not you want to participate.
You have the right to have information about yourself deleted from the registers at any time. In these cases, you should turn to the respective register.
As a patient, you often need to provide samples, such as blood samples. Some samples are routinely stored in a biobank. A biobank is a collection of samples that are taken in care and stored for longer than two months and that can be traced to a specific person.
As a patient, you get to decide how your samples can be used. The Biobanks Act states that you must receive information and give your consent for your samples to be saved and what they may be used for. Even if you have agreed to your samples being saved, you always have the right to change your decision at any time. However, if you request that samples be discarded, it is irrevocable.
Read your journal
As a patient at Vårdcentral Avestahälsan, you have the right to read your own medical record and receive a medical record copy. You who are 16 years or older can read information from your medical record via the 1177 care guide’s e-services. By logging in with your e-identification, you can see your journal. More information about reading your medical record can be found at 1177, the care guide’s e-services.
Printed Journal Copies
You can also contact us and place an order for journal copies. The easiest way for Vårdcentralen is via 1177 the care guide’s e-services. For Occupational Health, contact us by phone or place an order via regular mail.
If someone, who is not directly involved in your care, or has other tasks that are not linked to your medical record, opens your medical record, this is a criminal offense. You have the right to take note of the access made to your journal information in the journal system.
You can order log extracts via email@example.com . You can also send a written request from you by regular mail with the relevant care provider specified as the recipient.
The request must contain:
- social security number
- phone number
- time period that the log extract must include
The log extract is sent to your population registration address by registered letter.
Request correction of incorrect personal data
If information is incorrect, including in your patient record, you should contact the healthcare provider with a request for correction. If you do not agree with the care provider on correction, you can request a note in the medical record that you as a patient believe that there is incorrect or misleading information in your medical record.
It is important that we have correct contact information for you. Your address is automatically updated via the population register, but if you change your telephone number, we would like you to let us know.
Request that journal entries be deleted
In some cases, you can apply for your journal to be deleted in whole or in part. You do this at the Swedish Health and Care Inspectorate, IVO.
Rights of data subjects registered
According to the Data Protection Regulation (GDPR), you as a registrant have a number of rights.
Personal data that is processed at Avestahälsan in addition to medical records
- Email address
- Social security number
- Phone number
- Mobile number
- Social security number
The purpose of the treatment
In the processing of your case, the personal data that appears from the information above is registered and processed. The processing takes place in the case management system that the company uses to handle your case.
Legal basis for the treatment
- The person responsible for personal data must be able to fulfill a legal obligation
- The data is stored for as long as needed
Other about storage time
Read more about the processing of personal data under Personal data in the menu above.
Submit complaints about personal data management
Complaints regarding the processing of personal data can be submitted to the supervisory authority, the Privacy Protection Authority, IMY. Visit the authoritywebsite for more information on how to file a complaint.