Processing of data
In connection with our examination, diagnosing and treatment of you - the patient, Private Hospital Molholm - the data controller - collects and processes a range of your personal data.
We require your personal data to ensure that you receive the best possible treatment.
Types of personal data
Private Hospital Molholm collects and processes the following types of personal data on you (to the extent that this is relevant to your specific case):
General categories of personal data:
- Name, address, possibly email address, telephone number, gender, family and social relations, authority of referral, work relations and education
Special categories of personal data (”sensitive personal data”):
- Health information (such as medical records, test results, X-rays, results of scans, etc.), sexual relations, race or ethnic origin and religious beliefs.
The purpose of processing your personal data is to provide you with the best possible treatment. Your personal data is processed in a secure manner, and health information is processed in accordance with "Executive Order on the patient records of authorised healthcare providers" and photo documentation in connection with cosmetic treatment/surgery is carried out in accordance with "Executive Order on cosmetic treatments".
The disclosure of health information is often a decisive factor in successful treatment as well as a cohesive course of treatment. Information is only collected / disclosed to the extent that it is required. For this reason, staff will always assess the relevance of disclosed information.
We process your personal data for the following purposes:
- Our examination, diagnosing and treatment of you
- Preparation of medical reports
- Preparation of certificates for authorities, insurance providers, etc.
- Communication with or referrals to other healthcare providers, medical practitioners, hospitals or hospital laboratories
- Prescription of medicine, including issuing prescriptions
- Reporting to clinical quality databases
- Reporting on laboratory samples to hospital laboratories
- Settling of accounts/invoicing
- Complying with our legal obligations, including the EU General Data Protection Regulation (GDPR), the Danish Data Protection Act and other relevant legislation pertaining to the provision of healthcare, e.g.
- Mandatory documentation
- Compliance with basic principles in the processing of personal data and legal authority for said processing
- Establishing and maintaining technical and organisational security measures, including but not limited to the prevention of unauthorised access to systems and data, the prevention of receipt or distribution of malware, stopping denial-of-service attacks and damage to IT systems and electronic communications systems
- Investigation of suspected or ascertained personal data breach and reporting to data subjects and the authorities
- Handling enquiries and complaints from data subjects and others
- Handling of inspections and enquiries from regulatory authorities
- Handling of disputes with data subjects and third parties
- Statistical surveys and scientific research
When we collect personal data from you, you consent to the provision of said personal data. You are not obliged to provide us with this personal data. The consequence of not providing the personal data would be that we would be unable to attend to the purposes set out above, in some instances, this would include being unable to examine, diagnose and treat you.
Disclosure of personal data
To the extent that this is required to facilitate the examination, diagnosing and treatment of you, your personal data will be disclosed and shared with the following recipients:
- Data is disclosed to other healthcare providers, if this is required to facilitate an actual course of treatment
- Information is disclosed to other authorities, clinical quality databases, the Danish Vaccination Register/Det Danske Vaccinationsregister, the Danish Patient Safety Authority, the Shared Medicine Card, the police, the social authorities, the Labour Market Insurance, to the extent that we may be obliged to do so pursuant to current legislation.
- On patient referral, information is disclosed to the healthcare providers to whom the referral is made.
- On reporting of laboratory samples, the samples are forwarded to the hospital laboratories
- On reporting information in connection with the settling of accounts for patient treatment, data is disclosed to the regional accounting departments or insurance providers
- On issuing prescriptions, data is disclosed to Denmark's chemist's and the Danish Medicines Agency via the prescription server
- On reporting to clinical quality databases
- On issuing discharge summaries, data is disclosed to the referring general medical practitioner and, in some instances, the referring hospital
- In other cases, data is disclosed to the next of kin
Legal authority for the processing and disclosure of personal data
- The legal authority for collecting, processing and disclosing your personal data is:
- For the purposes of general patient treatment, general personal data is collected, processed and disclosed pursuant to Article 6(1)(c) and (d) of the GDPR, whereas sensitive personal data is collected, processed and disclosed pursuant to Article 9(2)(c) and (h) of the GDPR.
- In addition, we are obliged to process a range of your personal data in the course of our general patient treatment pursuant to Chapter 6 of the Danish Act on the authorisation of healthcare providers and on the provision of healthcare, specifically Sections 5 to 10 of the Executive Order on the patient records of authorised healthcare providers (The Executive Order on medical records) and Chapter 9 of the Danish Health Act.
- Health information for the purpose of continued treatment on referral of patients is disclosed in accordance with the rules set out in Sections 20 to 23 of the Agreement on the assistance of specialist medical practitioners and the Danish Health Act.
- Reporting of laboratory samples to hospital laboratories is carried out in accordance with the rules set out in the guidance of the Danish Health Authority on the handling of para-clinical examinations pursuant to the Danish Act on the authorisation of healthcare providers and on the provision of healthcare.
- Information used for settling of accounts for patient treatment is sent to the accounting department of the region pursuant to the Danish Health Act.
- Prescriptions for medicine are sent through the IT service, the prescription server, pursuant to the provisions of Chapter 42 of the Danish Health Act and, in particular, Chapter 3 of the Executive Order on prescriptions and dosing of medicine.
- Clinical patient data is entered into clinical quality databases pursuant to the provisions of Sections 195 and 196 of the Danish Health Act and the Executive Order on the reporting of data to clinical quality databases, etc. Data may also be disclosed on the basis of your - the patient's - express consent.
- Discharge summaries are sent to the referring general medical practitioner and, in some instances, to the referring hospital pursuant to the provisions of Chapter 9 of the Danish Health Act.
- If you were referred by an insurance provider, your personal data is disclosed to the insurance provider with your express consent, cf. Articles 6(1)(a) and 9(2)(a) of the GDPR.
- Your personal data shall only be disclosed to your next of kin with your prior consent pursuant to the provisions of Section 43 of the Danish Health Act.
- In the case of deceased patients, certain personal data may be disclosed to the deceased's next of kin, the deceased's general medical practitioner and the medical practitioner who treated the deceased pursuant to Section 45 of the Danish Health Act.
Withdrawal of consent
If the processing of your personal data is based on your consent, you have the right to withdraw consent. If you withdraw consent, this will not affect the treatment provided prior to your consent being withdrawn, including any disclosures based on said consent.
Period of storage
We store your personal data for as long as we need to attend to the purposes described above. However, pursuant to the provisions of the Executive Order on medical records, we are obliged to store your data for at minimum period of 10 years from the last addition having been made to the records. There may also be instances, where we are obliged to store your personal data for longer periods of time, e.g. in connection with a complaint or a suit for compensation, in which case the data will be stored until the case has been completed.
Within the confines of the law, you have certain rights, including the right to access your personal data, the right to have inaccurate personal data rectified, the right to have personal data erased, the right to limit the processing of your personal data, the right to data portability, the right to object to the processing of your personal data, including in relation to automated, individual decision-making (”profiling”).
You also have the right to file a complaint with a competent regulatory body, including the Danish Data Protection Agency.
If you have questions relating to the processing of your personal data or exercising your rights, please feel free to contact our Data Protection Officer at:
Telephone: 87 20 30 40