Róisín Shortall (Dublin North West, Independent)
Link to this: Individually | In context | Oireachtas source

401. To ask the Minister for Health the reason the Health Service Executive has not provided a direct reply to Parliamentary Question No. 570 of 10 June 2014; and if he will ensure that the requested information is provided. [36853/14]

Kathleen Lynch (Cork North Central, Labour)
Link to this: Individually | In context | Oireachtas source

A response to the question raised by Deputy Shortall on 10 June 2014 was issued from Minister White's office on 8 July 2014. The content is copied as follows.

The Data Protection Act 1988 and (Amendment) Act 2003 was passed to deal with privacy issues arising from the increasing amounts of information being kept about individuals by organisations. The 1988 Act was only concerned about the protection of personal data in electronic format. Since the introduction of the (Amendment) Act on the 1 July 2003, Data Protection is now concerned with the protection of personal data of living individuals held in both electronic and manual form.

All information provided to the HSE in support of an application and/or a review of eligibility for a medical card or GP visit card is securely maintained in accordance with Data Protection legislation. Staff have been trained regarding Data Protection legislation and the HSE Data Protection policies, procedures and guidelines, in order to increase staff awareness of the importance of data protection and to provide clear standards for all staff to ensure that the personal information of clients is used appropriately. On each log on to the HSE computer system, a detailed personal declaration is presented to each user setting out the importance of data security. This declaration must be acknowledged and accepted, before the user can progress to use the medical card database.

Access to the all of the components which comprise the medical card system is strictly controlled and monitored at all times. These components include the premises, specific offices, data centre, computer systems and library systems. Processing of phone calls, application cases and other aspects are subject to quality assurance monitoring including data protection concerns. Access to systems are subject to periodic review and auditing procedures. This ensures there is high visibility of the controls which are in place. The systems involved are subject to security review from a data protection perspective on a periodic basis. The key measures outlined above are a part of the set of measures and controls which give assurance from a data protection point of view.