Patient register privacy statement
Date of drafting: 23 February 2009, updated on 18 May 2018
1. Data controller and contact information
Docrates Cancer Center
Saukonpaadenranta 2, 00160 Helsinki, Finland
tel. +358 (0)10 773 2000
fax: +358 (0)10 773 2099
Health services produced by an independent external clinical expert operating in Docrates Cancer Center (or a company on whose behalf the external clinical expert works for): The independent external clinical expert treating the patient is the Data controller (or a company on whose behalf the external clinical expert works for). The external clinical expert has assigned the technical maintenance of the register to Docrates Cancer Center.
2. Contact information for register related matters
Data Protection Officer Harri Puurunen
Contact information: Saukonpaadenranta 2, 00160 Helsinki, Finland, tel. +358 (0)50 500 1830, harri.puurunen(a)docrates.com
3. Name of the register
Docrates Cancer Center patient register
4. Purpose and grounds for the processing of personal data
Docrates Cancer Center maintains a joint register of patients, doctors and independent external clinical experts who participate in the centralized patient register of the cancer centre based on the patients’ consents. Data processing is based on the legislation and regulations concerning the patient care and examinations.
The data in the patient register is used for
- Making entries during a doctor’s or health care personnel’s appointment
- Making referrals to treatment or examination at Docrates Cancer Center and other examination and care units and for the results of the examinations (e.g. imaging, laboratory and pathology examinations).
- Planning the patient’s treatment, execution (e.g. surgeries, pharmacotherapies, radiation treatment, prescriptions (including narcotics)) and follow-up
- Invoicing the treatment and examinations and for debt collection purposes
- Monitoring the actions of the health care professionals and clarifying possible claims for compensation
- Monitoring Docrates Cancer Center’s operations and for statistical purposes.
5. The data content of the register and the categories of the data subjects
The register includes the following personal data of patients that is necessary for the patient:
Basic information of the patient
- First name and surname
- Contact information (postal address, email address and phone number)
- Identification information (date of birth or social security number)
- Name and contact information of the guardian or legal representative of a minor patient
- Name of the next of kin of the patient
- Other basic information (such as gender, native language)
- Information on given consents and imposed bans or limitations
Medical information required for examinations and treatments:
- Preliminary information form (for example, initial information concerning the profession, health or diseases)
- Continuous medical record: information on treatments’ and examinations’ referrals and results such as laboratory and imaging examinations, prescriptions
- Information on patient’s consent concerning data recording, collection and disclosure
- Patient/customer history, for example, information related to appointments, invoicing and debt collection
- Fingerprint identification for radiotherapy to ensure patient safety
- Communication between the patient and care team through the Kaiku system.
6. Data sources
Basic information of the patient, including address, is collected from the patient and from the guardian or legal representative of a minor. Data can be updated from public sources, for example, from the population register.
Data concerning patient treatment and examinations is collected from Docrates Cancer Center’s data files related to examinations and treatment and, with a consent from the patient, from other care units and the National Archive of Health Information (Kanta).
7. Data disclosure and transferring data outside the EU or European Economic Area
Data is confidential. All data processors are bound by confidentiality and professional secrecy. Data can be disclosed with patient’s written consent or in accordance with the legislation. Patients can at any time withdraw or restrict their consents to disclose data.
Data is disclosed to national registers, for example, to the Finnish Cancer Registry and the National Archive of Health Information (Kanta). Data is disclosed to the Finnish Medicines Agency Fimea for research, planning, statistical and monitoring purposes as well as for reports on adverse reaction and special permission for compassionate use applications for medicine that requires a special permit. Disclosures will be conducted according to the Act on National Personal Records Kept under the Health Care System.
In principal, data concerning patients can only be disclosed on the basis of the patient’s consent. If it is not possible to get the patient’s consent, for example, due to their disease or condition, patient information can only be disclosed to the next of kin, unless there is a reason to suspect that the patient would prohibit it. Patient information may also be disclosed to patient’s guardian or legal representative. However, if a minor patient is able to decide on the treatment in accordance with the age and maturity, the patient has the right to prohibit the disclosing of his/her health and treatment data to his/her guardian or other legal representative.
Patient’s documented data is confidential also after the death of the patient. Then, the data may only be disclosed to the extent that is necessary to clarify or exercise the significant interests and rights of the requesting person. A disclosure request must always be justified.
Docrates Cencer Center uses the following external service providers in processing of personal data:
- Vitec Software Oy, management of the patient information system
- Kaiku Health Oy, management of the communication data
- Don&Branco Oy, management of the contact form, e-payments and booking to Stockholm Information on the Docrates website
Docrates Cancer Center uses the following information systems in processing of personal data:
- PACS system to save diagnostic images
- Radiotherapy planning and monitoring system to manage external radiotherapy
- HDR treatment planning system
- Imaging device workstations (CT, MRI, PET, SPET, Ultrasound)
- Radiotherapy fingerprint identification management
- Software for analyzing pseudonymised patients’ data.
Personal data shall not be transferred outside the EU or European Economic Area.
8. Principles of protecting personal data and the retention periods
A. Manual material
The data saved in the register are confidential and they are stored in locked and monitored facilities. Manual materials are digitalised to the patient information system and destroyed according to the data protection requirements.
B. Electronically saved data
The data saved in the register is confidential. Only designated persons have access to the data in the register and a login and password are required. Users can be identified afterwards, if necessary, from log files. The register is protected with firewalls. Devices and the server are located in protected and monitored facilities.
Docrates Cancer Center ensures the data protection compliance of its subcontractors with data processing agreements.
Patient data is retained as long as it is necessary or according to the retention periods described in the legislation and regulations, for example, in the Act on the Status and Rights of Patients and the Decree of the Ministry of Social Affairs and Health on Patient Documents.
9. Rights of the data subjects
The data subject has the right to access the data saved in the register concerning them and the right to request rectification and erasure of data. The requests must be submitted personally or in writing (provided with a handwritten signature or with otherwise verified documents) to the contact person mentioned in section 2.
The data subject has the right at any time to withdraw or restrict their consent.
Data subjects have the right to object at any time to processing of personal data concerning them, request for restricting the processing or transferring of their data and to lodge a complaint concerning the processing of patient information to the Data Protection Ombudsman.
Your safety is the most important to us
Many cancer patients have several concerns when it comes to the coronavirus pandemic, e.g. how does the situation impact my...Read more
Cancer and Coronavirus – FAQ
The coronavirus is a concern among cancer patients. We listed the most common concerns and the answers to them.Read more
Genuinely personalised cancer treatment – What does it mean?
Genuinely personalised cancer treatment is based on genetics and individual needs. At Docrates Cancer Center, treatment is supervised by Chief...Read more
Latest scientific information in oncology
The physicians of Docrates Cancer Center took part in a major event organised by the American Society of Clinical Oncology...Read more
Why come to Docrates Cancer Center?
- Top cancer experts and effective treatments without delay even during epidemic.
- Individual care. You have your own care team - your doctor and your nurse.
- Front line cancer treatment. Latest medical technology combined with proven expertise in cancer care.
- Experience in treating international patients from over 60 countries. Multilingual personnel.