HealthFOX Oy (HealthFOX Oy also operates under the parallel business name HealthFOX Ltd) Business ID: 2634025-7. Hämeenkyläntie 124, 24130 Salo, Finland. email@example.com, www.healthfox.fi
Jarmo Lähteenmäki, Hämeenkyläntie 124, 24130 Salo, Finland. Mobile +358 400 759 870. E-mail: firstname.lastname@example.org
HealthFOX Oy patient registry
Planning, conducting and archival of patients’ and clients’ research and treatment. Planning and statistics of data controller’s activity.
Data subject and the legal guardian of an under-aged patient.
Staff, information gained during research and treatment, and answers and statements given as consultation.
Documents which are available in other care or rehabilitation units with the consent of the patient or the legal guardian of an under-aged patient.
Client companies of occupational health care, employment information.
Data subject unless there is a legal impediment.
Based on specific legal provisions, data may be disclosed to public authorities, research facilities and insurance institutions.
Data recorded in the registry will not be disclosed to any parties outside Finland without a separate agreement.
Paper archives are stored in locked filing cabinets under surveillance.
Patient information is stored in the HealthFOX Oy centralized patient registry on the basis of written consent or a digital signature of the client.
If the data has been stored in the HealthFOX centralized patient registry, only the attending physician has the right to view and access patient information, with the exception of data used for making an appointment and billing or marking of examination responses.
Data stored in the IT systems can only be viewed/accessed by logging in to the patient registry management system. User credentials are private. The top management of the data controller decides on the organisational solutions and grants the users access rights based on the requirements of their duties.
The use of patient data is monitored with access logs.
Patient has the right to inspect their personal data once per year free of charge. A written request for inspection must be delivered to the chief medical officer of the institution. The right to inspection may only be denied in exceptional cases where providing access to the data could pose serious danger to the patient’s health or treatment or another person’s rights. The data will be disclosed to the patient in written format. The patient’s identity will be verified from a photo ID before disclosing personal data.
Patient has the right to demand immediate rectification of inaccurate information in the patient registry. The demand must be presented in written format and delivered either to the institution in question while addressed to the practitioner in charge of the unit, or to the contact person of the data controller.