Privacy Policy for Patients

1. DATA CONTROLLER

HealthFOX Oy (HealthFOX Oy also operates under the parallel business name HealthFOX Ltd) Business ID: 2634025-7. Hämeenkyläntie 124, 24130 Salo, Finland. info@healthfox.fi, www.healthfox.fi

2. CONTACT PERSON FOR THE DATA FILE

Jarmo Lähteenmäki, Hämeenkyläntie 124, 24130 Salo, Finland. Mobile +358 400 759 870. E-mail: jarmo.lahteenmaki@healthfox.fi

3. NAME OF REGISTRY

HealthFOX Oy patient registry

4. PURPOSE AND LEGAL GROUNDS FOR PROCESSING PERSONAL DATA

Planning, conducting and archival of patients’ and clients’ research and treatment. Planning and statistics of data controller’s activity.

5. THE REGISTRY’S DATA CONTENT

6. REGULAR INFORMATION SOURCES FOR PERSONAL DATA

Data subject and the legal guardian of an under-aged patient.

Staff, information gained during research and treatment, and answers and statements given as consultation.

Documents which are available in other care or rehabilitation units with the consent of the patient or the legal guardian of an under-aged patient.

Client companies of occupational health care, employment information.

7. REGULAR DISCLOSURE OF THE PERSONAL DATA

Data subject unless there is a legal impediment.

Based on specific legal provisions, data may be disclosed to public authorities, research facilities and insurance institutions.

8. DISCLOSURE AND TRANSFER OF DATA OUTSIDE FINLAND

Data recorded in the registry will not be disclosed to any parties outside Finland without a separate agreement.

9. DATA SECURITY

Paper archives are stored in locked filing cabinets under surveillance.

Patient information is stored in the HealthFOX Oy centralized patient registry on the basis of written consent or a digital signature of the client.

If the data has been stored in the HealthFOX centralized patient registry, only the attending physician has the right to view and access patient information, with the exception of data used for making an appointment and billing or marking of examination responses.

Data stored in the IT systems can only be viewed/accessed by logging in to the patient registry management system. User credentials are private. The top management of the data controller decides on the organisational solutions and grants the users access rights based on the requirements of their duties.

The use of patient data is monitored with access logs.

10. INSPECTION RIGHTS

Patient has the right to inspect their personal data once per year free of charge. A written request for inspection must be delivered to the chief medical officer of the institution. The right to inspection may only be denied in exceptional cases where providing access to the data could pose serious danger to the patient’s health or treatment or another person’s rights. The data will be disclosed to the patient in written format. The patient’s identity will be verified from a photo ID before disclosing personal data.

11. RIGHT TO DEMAND RECTIFICATION

Patient has the right to demand immediate rectification of inaccurate information in the patient registry. The demand must be presented in written format and delivered either to the institution in question while addressed to the practitioner in charge of the unit, or to the contact person of the data controller.