Release of Information

The Release of Information Department is responsible for managing and processing all requests for information within the Hospital, ensuring compliance with a wide range of legal obligations.

We handle requests for both personal and non-personal information in accordance with the Freedom of Information (FOI) Act 2014, the General Data Protection Regulation (GDPR), the Data Protection Acts 1988-2018, Access to Information on the Environment Regulations and other applicable Legislation.

Our team processes the requests efficiently and professionally, balancing the Hospital’s obligations to protect confidentiality while providing access to records. Our team is here to assist you throughout the process.

How to request information from TUH?

You have the right to access information TUH holds about you. The Data Protection Act 1988-2018, GDPR and the Freedom of Information Act 2014 allow for you to access the records we hold about you.

All requests must be submitted in writing either by email or post and must be accompanied by proof of Photo identification (for example, passport, driver’s licence, etc.) and address (for example, the top of a utility bill bearing both your name and address); this must be less than six months old. This is requested to ensure that information is released to the appropriate person and postal address.

You can submit your request by emailing the Release of Information Department at ROI@tuh.ie  or write to the Release of Information Department at TUH.

By post:  Release of Information Department, Tallaght University Hospital, Tallaght, Dublin D24 NR0A

Contact number: (01) 414 2995, (01) 414 4458,  (01) 414 3086, (01) 414 2382.

Data Protection & GDPR

GDPR Image

Tallaght University Hospital (TUH) in its role as an academic teaching hospital, holds a great deal of information about the people who attend and work here. The Hospital’s commitment to maanaging personal data in accordance with legislation is underpinned by the Hospital’s data protection policy.

The way in which we manage this personal information is governed by the Data Protection Acts 1988 to 2018 and the European General Data Protection Regulation,  2016 (GDPR). We are committed to the principles of transparency, accountability and security set out in the legislation.

Data Protection A4 Leaflet

The Data Protection Acts 1988-2018 and the GDPR allow for you to access the information we hold about you.  You can request a copy of any personal data that relates to you. This is called a Data Subject Access Request (DSAR). All requests must be submitted in writing.

You must provide the following information:

  • Provide as much information as possible about the records being sought including the time period.
  • Photograph ID, proof of address.

What is GDPR?

The General Data Protection Regulation (GDPR) came in across the European Union on the 25th May 2018. It standardises and strengthens the right of all European citizens to data privacy. GDPR emphasises transparency, security and accountability for organisations that collect, use, share and store personal data. GDPR has a requirement for organisations to be transparent about how they are using and safeguarding personal data and to demonstrate accountability for their data processing.

GDPR applies to the processing of personal data. Personal data is defined as “any information relating to an identified or identifiable natural personal (data subject), an identifiable natural personal is one who can be identified directly or indirectly”. This includes a name, an ID number, a postal address, online browsing history, images or anything relating to the physical, physiological, genetic, mental, economic, cultural or social identity of a person.

Why is GDPR important?

Why is GDPR Important
TUH processes significant amounts of personal data and special category data relating to patients, staff, students, volunteers, and other individuals. GDPR is based on the core principles of data protection. These principles require organisations and businesses to:
  

  • collect no more data than is necessary from an individual for the purpose for which it will be used
  • obtain personal data fairly from the individual by giving them notice of the collection and its specific purpose
  • retain the data for no longer than is necessary for that specified purpose
  • to keep data safe and secure
  • provide an individual with a copy of his or her personal data if they request it

What are special categories of data?

Data categories
Under GDPR stronger safeguards and requirements are required for sensitive personal data (referred to as “special categories of data”. Data that falls under these categories can be processed only under specific circumstances which are described in Article 9(2) of the GDPR Act. This refers to data falling under the following categories:


  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Data concerning health
  • Data concerning a person’s sex life or sexual orientation
  • Genetic Data
  • Biometric data.

What is the rights of individuals set out in GDPR?

GDPR Individual Rights


GDPR provides the following rights for individuals:


  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure/ right to be forgotten (excluding medical records)
  • Right to restrict processing in certain circumstances
  • Right to data portability
  • Right to object
  • Rights in relation to automated decision making and profiling

Further guidance on Data Protection

he Data Protection Commission (DPC) is the supervisory body for the GDPR in Ireland. Its website provides general information on the Data Protection Act 2018, the GDPR and other relevant information on the protection of the rights and freedoms of individuals in relation to the processing of their personal data. The contact details for the DPC are as follows:

By post: Data Protection Commission, 21 Fitzwilliam Square South, Dublin, D02 RD28

By telephone: 01 765 0100 / 1800 437 737

If I have a query about the privacy notice or how my data is
processed who do I contact
?

Should you have questions about how TUH uses your information, or if you are concerned about any issue related to your personal data, you are welcome to contact our DPO. The contact details are as follows:

By post:  Data Protection Officer, Tallaght University Hospital, Tallaght, Dublin D24 NROA

By email: DPO@tuh.ie

Freedom of Information

The Freedom of Information Act 2014 gives you the right to access records held by Tallaght University Hospital (TUH). Such requests may be for personal or non-personal (i.e. corporate) records. The Act requires public bodies to respond to requests from the public for information they hold. In most cases public bodies must give their decisions on a request within four weeks upon receiving the request. Requests may be refused if they are deemed too large or unclear, however TUH is obliged to assist in trying to overcome this.

The FOI Act 2014 provides that every person has the following legal rights:

  • Any records held by TUH relating to you personally, irrespective of when they were created.
  • All other records created after 21 April 1998 (which is the commencement date of Freedom of Information legislation in Ireland).
  • Any additional information which may be required to assist in the understanding of a current record.
  • You have the right to have your personal records amended or deleted where the information is found to be incorrect or misleading.
  • You also have the right to seek reasons for decisions that affect or have affected you.

Your FOI request should include the following:

  • A statement that the request is being made under the Freedom of Information Act 2014
  • Provide as much information as possible about the records being sought including the time period.
  • Photograph ID, proof of address (only required if requesting your own records).

If you are seeking records of a child / minor under the age of 16 years old you must provide your photo ID, proof of address, the child’s/minors birth certificate

If you are requesting medical records of a deceased relative the next of kin or other family members may request access to the patient’s medical records. These requests are always dealt with by the Freedom of Information Officer (FOI). The FOI Officer will balance the patient’s right to confidentiality with the right of another person to be given that information in the public interest.

You must provide the following information:

  • The completed FOI RIP Form available here
  • Copy of the deceased’s Death Certificate
  • Proof of your relationship to the deceased person
  • Proof of your own identify (see above)
  • Proof of address to which the information is to be sent (see above)

Receipt of your request will be acknowledged within ten working days (where a week is defined as five working days, excluding weekends and bank holidays). At this time, you will be advised as to when you may expect to receive a decision on your request. A decision on your request will usually be made within four weeks. This is where a week is defined as five working days, excluding weekends and bank holidays

If you are not satisfied with the decision on your FOI request

You may seek an internal review of the initial decision. This review will involve a complete reconsideration of the matter by a more senior member of staff at TUH to the person who made the initial decision. Reasons for seeking an internal review include where you

  • Are dissatisfied with the initial response (for example, refusal of information, form of access, charges, etc.) or
  • Did not receive a reply within the specified four weeks dated from your initial request (this is known as a ‘deemed refusal’ and, where this occurs, you are allowed to proceed to an internal review)

A request for an internal review must be submitted within four weeks from the date of the initial decision to your request (although late appeals may be permitted in certain circumstances).

The FOI Appeals Officer reviewing the appeal must complete the review within three weeks (where a week is defined as five working days, excluding weekends and bank holidays). An internal review must normally be completed before an appeal may be made to the Office of the Information Commissioner (OIC). The outcome of the internal review will be communicated to you within three weeks of receipt of your request to appeal.

If you are not satisfied with the decision on your internal review

You may appeal the decision within six months by writing to the Office of the Information Commissioner. If you make an appeal the Information Commissioner will fully investigate and consider the matter and issue a fresh decision. All appeals should be addressed to:

Appeals Office of the Information Commissioner, 6 Earlsfort Terrace, Saint Kevin’s, Dublin 2, D02W773.   Website www.oic.ie

Fees

There is no fee to submit a request, however fees may be charged for the search, retrieval and copying of records requested. This process involves the following stages:

Rates

€0.04 per sheet for photocopy and Internal Review fee €30 (€10 for medical card holders)

Details of charges relating to your request will be notified to you in writing. In cases where search, retrieval and copying fees apply, TUH is obliged to charge the requester a deposit of at least 20% of the estimated cost.

Allowing somebody to access your records (personal information only)

When making an FOI request, you may request that your records be send to a third party who you appoint (for example, a solicitor, health professional, family member, etc.). TUH will only give your records to someone else when it has your consent to do so. Requests should be made as outlined above but we must also receive a letter signed by you, stating that you give your consent to the release of the records to the named individual. We may contact you about the request to release your records to a third party if further information or clarification is required.

Requesting non-personal information

As an FOI body, TUH welcomes requests for non-personal records. In general, these requests focus on corporate information. Where non-personal requests are made, the timeframe for acknowledgement and delivery is the same as requests for personal records.