Privacy policy for patients

In connection with examination, diagnosis, and treatment, we, as the data controller, collect and process a range of personal data about you. Our processing of your health information is always carried out in accordance with applicable law.

We need your personal data to ensure that you receive the best possible treatment, with the highest possible quality.

The privacy policy below describes how we process, use, and share your personal data.

Privathospitalet Mølholm collects and processes the following types of personal data:
 

General categories of personal data:

• Name, address, email address, phone number, civil registation number (CPR), gender, family, social and work relationships, referring authority, and education.

Special categories of personal data (sensitive personal data):

• Health information (e.g. medical records, test results, lab reports, X-rays, scans, etc.), as well as information regarding ethnicity, religious beliefs, or sexual orientation.

The purpose of handling your personal data is to provide you with the best possible care. Your personal data is processed securely, and health information is handled in accordance with the applicable regulations on patient records maintained by authorized healthcare professionals. Photographic documentation in connection with cosmetic treatments and surgery is carried out in accordance with the applicable regulations on cosmetic procedures.

The exchange of health information is often crucial for successful treatment and a coherent care pathway. Information may only be collected and shared to the extent necessary. Our staff will therefore always assess the relevance of the information being shared.

We process your personal data for the following purposes:

• Examination, diagnosis, and treatment
• Preparation of medical certificates
• Preparation of statements for use by public authorities, insurance companies, etc.
• Communication with or referral to other healthcare professionals, doctors, hospitals, or hospital laboratories
• Prescription of medication, including issuing prescriptions
• Reporting to clinical quality databases
• Submission of laboratory tests to hospital laboratories
• Billing and payment purposes
• Compliance with obligations under appplicable legislation, including the EU General Data Protection Regulation (GDPR), the Danish Data Protection Act, and other relevant health legislation, such as:
  • Documentation obligations
  • Compliance  with fundamental principles for processing personal data and legal basis for the processing
  • Implementation and maintenance of technical and organizational security measures, including but not limited to preventing unauthorized access to systems and information, preventing the receipt or distribution of malicious code, halting denial-of-service attacks, and preventing damage to computer systems and electronic communications systems
  • Investigation of suspected or known security breaches and notification to individuals and authorities
  • Handling requests and complaints from data subjects and others
  • Managing inspections and inquiries from supervisory authorities
  • Handling disputes with data subjects and third parties
  • Statistical analysis and scientific research

When we collect personal data directly from you, you provide the personal data voluntarily through your consent. You are not obligated to provide this personal data to us. In some cases, the consequence of not providing the personal data will be that we are unable to examine, diagnose, or treat you, including that we cannot fulfil the purposes mentioned above.

If the processing of your personal data is based on consent, you have the right to withdraw that consent. If you withdraw your consent, it does not affect the processing carried out prior to the withdrawal, including the disclosure of information based on the consent.

If you wish to withdraw your consent or refuse to give your consent for the exchange of your health information, this must be done in writing.

Your withdrawal of consent does not affect the processing that has already taken place before you withdrew your consent.

This means that medical record information already sent to, for example, your general practitioner or the Health Record on Sundhed.dk cannot be recalled.

As a Danish citizen, you have the option to mark your medical record information as private on Sundhed.dk. You can read more here.

In some cases, we collect personal data about you from other healthcare institutions, such as hospitals, the referring doctor, by accessing electronic medical record systems, or through your Health Record on Sundhed.dk. We naturally process this information in accordance with this privacy policy.

To the extent necessary for the specific examination, diagnosis, or treatment, your personal data will be disclosed and shared with the following recipients:

• Healthcare professionals where necessary for an ongoing course of treatment.
• Authorities, clinical quality databases, the Danish Vaccination Register, the Danish Patient Safety Authority, the Shared Medication Record, the Police, social authorities, and the Labour Market Insurance in cases where there is a legal obligation to do so under applicable legislation.
• Information is disclosed to your Health Record on Sundhed.dk when we are required to do so, or if you have consented to the exchange as part of your treatment.
• Healthcare professionals to whom the referral has been sent.
• When reporting laboratory tests, the samples are disclosed to hospital laboratories.
• When reporting information in connection with billing for patient treatment, information is disclosed to the regional billing offices or insurance companies.
• When issuing prescriptions, information is disclosed to the country’s pharmacies and the Danish Medicines Agency via the prescription server.
• When reporting to clinical quality databases.
• When discharging summaries are disclosed, information is shared with the referring doctor and, in some cases, the referring hospital.
• In some cases, information is disclosed to relatives.
• Our data processors (e.g., IT providers) may, under instruction and according to a data processing agreement, receive copies of necessary personal data when required for operation, maintenance, or support.

The legal basis for collecting, processing, and disclosing your personal data is as follows:

• For general patient treatment, ordinary personal data is collected, processed, and disclosed pursuant to Articles 6(1)(c) and (d) of the General Data Protection Regulation (GDPR), while sensitive personal data is collected, processed, and disclosed pursuant to Articles 9(2)(c) and (h) of the GDPR.
• In addition, we are required to process a number of personal data about you in connection with general patient treatment pursuant to Chapter 6 of the Danish Authorisation Act, the Executive Order on Health Professionals’ Medical Records (the Medical Record Executive Order), particularly §§ 5–10, as well as Chapter 9 of the Danish Health Act.
• Health information for continued treatment when referring patients is disclosed under the rules of the Agreement on Specialist Medical Care §§ 20–23 and the Danish Health Act.
  Reporting of laboratory tests to hospital laboratories is carried out under the rules of the Danish Health Authority’s guidelines on the handling of paraclinical examinations pursuant to the Authorisation Act.
• Information for billing patient treatment is submitted to the regional billing office in accordance with the Danish Health Act.
• Medication prescriptions are submitted via the IT service “the prescription server” under Chapter 42 of the Danish Health Act and the Executive Order on Prescriptions and Dose Dispensing of Medicines, particularly Chapter 3.
• Clinical patient data is disclosed to clinical quality databases according to §§ 195–196 of the Danish Health Act and the Executive Order on the Reporting of Information to Clinical Quality Databases, etc.
• Data may also be disclosed based on your explicit consent as a patient.
• Discharge summaries are sent to the referring doctor and, in some cases, the referring hospital under Chapter 9 of the Danish Health Act.
• If you are referred by an insurance company, your personal data is disclosed to the insurance company with your prior consent pursuant to GDPR Articles 6(1)(a) and 9(2)(a).
• Your personal data is disclosed to your relatives only with your prior consent under § 43 of the Danish Health Act.
• For deceased patients, certain personal data may be disclosed to the deceased’s next of kin, the deceased’s general practitioner, and the doctor who treated the deceased pursuant to § 45 of the Danish Health Act.

We store your personal data for as long as necessary to fulfil the purposes described above. However, under the Medical Record Executive Order, we are required to retain this information for at least 10 years after the most recent entry in the medical record. There may be situations where we are required to keep your personal data for a longer period, for example in connection with a complaint case or a compensation claim, in which case the information will be retained until the case has been finally concluded.

You have – subject to the limitations set out in law – certain rights, including the right of access to personal data, the right to have inaccurate data rectified, the right to have data erased, the right to restrict processing, the right to data portability, and the right to object to the processing of personal data, including with regard to automated, individual decision-making (“profiling”).

You also have the right to lodge a complaint with a competent supervisory authority, including the Danish Data Protection Agency.

If you have any questions regarding the processing of your personal data or the exercise of your rights, you are welcome to contact our Data Protection Officer at:

Email address:  ​dpo@molholm.dk

Telephone:  +45 87 20 30 40