Everything regarding a person and their being can be described as data. The personal data of a person include, for example, their name, address, contact details, as well as information about their financial situation, etc. In addition, personal data include more sensitive data by nature, i.e. specific types of personal data (sensitive personal data), which are, among others, the person’s health data. Thus, personal data are all data which enable to identify a person, regardless of the form of such data.
Pursuant to Regulation No 56 of the Minister of Social Affairs “Conditions and procedure for maintaining records of the provision of health services and preservation of the documents thereof,” a dental record must be prepared for each patient, which must be maintained until 110 years after the patient’s birth. A number of special types of personal data are entered in the dental record, the obligation to comply with which arises from different legislation. The dental record includes data obtained from the patient themself and during general examination. In addition, treatment related data. The submission of data to a dental clinic is mandatory as it serves as basis for the provision of services. If data is not submitted, a dental clinic has the right to not provide services.
Processing of personal data is any act performed with personal data. AS Ode processes personal data, including health data, for the provision of specialized medical care or dental services. The dental clinic also performs other functions imposed by different legislation, which accompany provision of services.
We process your personal data, if:
- You booked an appointment with us – we process your personal data, including your name, personal identification number, address, telephone and email, and the reason of your appointment;
- You come to a dentist’s appointment – we process your personal data, including data related to the state of health, for the diagnosis and treatment of a (dental) disease or injury, in order to alleviate your ailments, prevent worsening of your health or exacerbation of your disease, and restore your health;
- You register your child or loved one under guardianship with us for an appointment – we process your personal data to verify your involvement with the patient;
- Your child or loved one under guardianship has come to a dentist’s appointment – we process your personal data to verify your involvement with the patient. We will forward to you as the parent or guardian of the patient data related to the patient’s state of health. This is only if the patient or an investigating body (e.g. the police) has not prohibited the transfer of data;
- The patient has identified you as their person of contact – we process your personal data for the transfer of patient-related information;
- You wish to issue your medical records – we use your personal data or the personal data of the person who submitted the application for documents with your consent for issuing the requested documents;
- You send us a request for clarification, a memo, a request for information or a complaint – we use your personal data to ascertain the facts and respond to a letter in the complaint. If you have sent us a letter that can only be answered by another authority, we will send the letter there and inform you about it;
- You submit a proposal or a letter of thanks to us – we will disclose your personal data (name) on our clinic’s website and intranet with your consent;
- You are applying to work for us – we rely on your own published information and data collected from public sources. We assume that we can communicate with the persons named as the candidate’s reference. Each candidate has the right to know what data we have collected about them and has the right to examine the data we have collected, to give explanations or to object. Data on other candidates shall not be published.
All letters sent to us are registered in the dental clinic’s document management system / stored in its email system. Correspondence with private persons is generally access restricted because the letters contain personal data. This means anyone who wants to access a private person’s correspondence or document must submit a request of information to the dental clinic. Upon receipt of a request for information, we will review whether the requested documents may be issued or partially issued. Upon partial release, we will redact your personal data for which the applicant does not have the right to process, in order to avoid issuing excess data.
Despite the access restriction, we issue documents related to you to institutions or persons who have the legal right to ask for such documents (e.g. police, health insurance fund, health board, insurer in case of an insured event, etc.).
We send documents containing special types of personal data to the recipients by registered mail or encrypted email. If possible, we forward documents to the authorities through a secure document exchange centre.
Correspondence with private persons is generally stored for five years after which the documents are destroyed.
Transfer of Documents Pertaining to You
As required by law or service contracts, we provide your personal data to the following institutions:
Dental care images are forwarded after recording the images (law), dental records are forwarded after an insured event (contract).
|Name of Institution||Composition of Data and its Transfer||Legal Basis|
|Health information system, i.e. eHealth||Dental record, forwarded after appointment||Law|
|Estonian Healthcare Image Bank||Dental care images, forwarded after recording the images||Law|
|Estonian Health Insurance Fund||Dental record, forwarded if a contract for the provision of corresponding services has been signed the Health Insurance Fund||Law, contract|
|Dental care insurance||Dental record, forwarded after an insured event||Contract|
|Dental care program service provider (Dentas/ Hammas/etc.)||Dental record||Contract|
Modern security measures are used for data transfer to ensure proper and secure protection of data.
Access to data pertaining to you
You have the right to access data we have collected about you. To do this, submit an application to us signed by hand or digitally.
We refuse to comply with your request for access if it can:
- Damage the rights or freedoms of another person;
- Prevent combating of a criminal offence or apprehension of a criminal offender;
- Complicate the ascertainment of truth in criminal proceedings.
You have the right to request correction of incorrect personal data. If we no longer have a legal basis for the use of your personal data, you may request the termination or deletion of such data. We will comply with your request to correct, terminate or delete the data, if justified.
If you have any doubts about a decision made by a dentist of our dental clinic, you can contact another specialist for a second opinion for the purpose of giving an assessment on
- The accuracy of the diagnosis made;
- The need for a medication or health service prescribed to the patient;
- Explained alternatives and expected effects; and
- Risks related to the provision of health services.
Protection of Rights and Contact Details
You can contact our clinic’s data protection specialist Kalle Tammjärv with questions related to processing of personal data via phone +372 7 30 10 55 or email at email@example.com.
If you find that we have violated your rights in processing of personal data, you can contact the data protection specialist of the dental clinic or the Data Protection Inspectorate with a complaint (Väike-Ameerika 19, Tallinn 10129, email firstname.lastname@example.org).
AS Ode does everything in its power to protect all your personal data and to comply with data protection and privacy laws.
- General Provisions
1.1 The purpose of this procedure for handling proposals/complaints is to collect information on the quality of services at Ode Dental Clinic, to ensure patient satisfaction and to review and resolve complaints and proposals as soon as possible.
1.2 In dealing with complaints, staff shall monitor confidentiality requirements.
1.3 Complaints shall be recorded in the “Register of Complaints” and shall be dealt with on an ongoing basis.
- Filing complaints
2.1. A complaint can be filed in paper form with the reception office or by email at email@example.com
2.2. An oral complaint can be filed provided that no written response is expected and the issue is immediately resolved and no further handling is required. Oral complaints are not registered.
2.3. The clinic’s staff have the right to resolve complaints within their competence.
2.4. The complaint shall include the patient’s name and personal identification code, phone, email, date, content of the complaint and the desired solution.
- Handling of Complaints
3.1. Upon receipt of a complaint, a reception employee or the head of the clinic shall provide the patient with initial feedback within 48 hours on working days, where it is confirmed that the request has been received and more detailed feedback shall be sent within 7 working days.
3.2. The complaint shall be recorded in the “Register of Complaints”.
3.3. The head of the clinic shall forward the complaint to various parties concerned and collect information concerning the case. If necessary, written explanations shall be taken from staff concerned.
3.4. If the complaint concerns medical issues, the attending physician who performed the work shall provide a written explanation. If necessary, the case shall also be given to another specialist and/or head of treatment of the clinic for a second opinion.
3.5. The head of the clinic shall prepare a response to the complaint.
- Responding to Complaints
4.1. Complaints will be answered within 21 days. In exceptional cases, the response time may be extended, which shall also be notified to the complainant. The basis for the resolution and response to complaints is the Law of the Republic of Estonia “Response to Memoranda and Requests for Explanation Act,” which provides that a complaint shall be answered immediately, but not later than within 30 calendar days as of its registration. In very complex situations, the time limit may be extended up to two months.
4.2. The complainant shall be informed of the outcome of the resolution of the complaint by email or, at the complainant’s request, a reply shall be sent to the address submitted by them.
4.3. Complaints shall not be answered if:
4.3.1. It is not possible to identify the person who submitted the request;
4.3.2. Contact details of the person who submitted the request are missing;
4.3.3. The person who submitted the request is of restricted active legal capacity and a guardian has been appointed by the court and the proposal or complaint has been submitted without the prior consent of the representative;
4.3.4. The person who submitted the letter has made clear that they do not wish a response to the letter;
4.3.5. The content of the proposal or complaint is not legible or understandable;
4.3.6. Responding requires a change in the organization of the institution due to the large volume of information, hinders the performance of the public functions assigned to it or requires unduly high costs.
5.1. Documents collected upon processing complaints shall be preserved pursuant to applicable laws and preservation thereof shall be organized by the director.
If the complainant is not satisfied with the solution, they have the opportunity and right to contact the regional structural unit of the Health Insurance Fund or the supervisory department of the Health Board.
ESTONIAN HEALTH INSURANCE FUND TARTU DEPARTMENT
Põllu 1a, 50303
Tartu Phone: 6 696 630
Põllu 1a, 50303
Tartu Phone: 7 447 401