Privacy (GDPR)
This statement explains how OCH Orthopedics collects, stores and processes personal data.
- Who is the controller? managing director, is responsible for the company's processing of personal data. The day-to-day responsibility is delegated to the data controller who is also the company's system administrator. The delegation applies only to tasks and not responsibilities. The day-to-day responsibility for patient information is delegated to the clinic manager in each department.
- What is the purpose? The purpose of storing information is to provide proper and effective health care to our users. Some information we are legally required to take care of, others you can give us voluntarily in order for us to have a more efficient communication.
- What is the legal basis? Our orthopedic engineers are authorized healthcare professionals, and thereby subject to the Health Personnel Act chapter 8(§§39 – 47) with the corresponding regulations – which regulates the treatment basis for patient information.
Telecomputing is our it operating provider. All personal data is processed by Telecomputing. This is governed by the data processing agreement. Similar agreements are in place with Hove Medical (System X), Medilink, and Columbus Norway.
- What personal data is processed?
Statutory information:
- Personal data including social security number, for secure identification
- Address, telephone number, marital status and occupation
- Information on infection risk, to ensure HSE
- Relevant diagnoses in relation to the services we will perform
- Guardian or who consents on your behalf
- Journaling our surveys and assessments
- Relevant images and/or movies
- Epicrisies, referrals, decisions and other documents that other healthcare professionals send us in connection with the treatment
Voluntary information:
- Supplementary contact information
- for repayment of prepayment
- Where is the information collected from? The information is collected from referrals, applications and decisions submitted to us in connection with the processing. Or directly from you as a customer. We are not connected to the Population Register.
- Is it voluntary to give up the information? The statutory information listed in section 4. The voluntary information can make it easier for us to communicate with you.
- Is the information disclosed to third parties? In order to ensure that proper and effective health care is provided, it may be appropriate to share relevant information with other partners. The following third parties may be provided with information:
- Referring physician or other healthcare professional is given an assembly of our journal (epicrisy). This applies to information relevant to the processing in question.
- NAV receives information in connection with the processing of the application, as well as confirmation of the completion of the aid. This information contains personal information, contact information, current diagnosis and orthopedic engineer's assessment.
In some cases, we would like to use images or films in connection with training, courses and the like for other healthcare professionals. If you are identifiable in a photo or film, this may not be used without your prior written consent.
- How is the information deleted and archived? According to the Journal Regulations, information shall be kept for a minimum of 10 years after the last addition to the journal.
All information is stored on server Telecomputing in Norway according to applicable regulations. Some of the oldest information is stored in a local database that is securely locked and with limited access. This database is not connected to networks or the internet.
- What rights does the data subject and the laws of the registered apply? You have the right to access your own record as long as the information is not assumed to be to you. You may also require the information to be disclosed.
You may require rectitation or deletion of the voluntary information. As regards the statutory information, you may only require the correction or deletion of incorrect information.
This statement may not limit the rights or obligations arising from Norwegian law. Applicable laws and regulations are the Health Personnel Act, the Patient Rights Act, the Archival Regulations and the Journal Regulations.
- How is the information secured? Only employees of OCH and our data processors have access to the information. There are procedures that ensure that only relevant personnel have access to sensitive information. All employees have signed a non-disclosure agreement.
Email post@och.no
Phone. 23 288200
Postal address: Innspurten 9, 0663 Oslo