Information on the protection of personal data
Dear patients, please read the following information.
Medical Center WUM processes patient’s personal data based on regulations:
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation)
Act of 10 May 2018 on the protection of personal data
Act of 6 November 2008 on patient rights and the Commissioner of Patients’ Rights
Act of 15 April 2011 on medical activities
Act of 27 August 2004 on health care services financed from public funds
Ordinance of the Minister of Health of November 9, 2015 on the types, scope and specimens of medical documentation and how to process it.
The administrator of Personal Data is Centrum Medyczne Warszawskiego Uniwersytet Medyczny Sp. z o. o. (CM WUM), seated at ul. Nielubowicza 5, 02-097 Warsaw, KRS 0000162232, NIP 5262508021, REGON 016415800, which represents the President of the Management Board, Justyna Mieszalska. e-mail: firstname.lastname@example.org, tel. +48 22 599 18 00.
All persons processing our patients’ data have authorization to process data issued on the basis of applicable law and are obliged to maintain confidentiality.
Collected personal data of patients are processed only for the purpose of providing health services (health care) and other medical services related to concluded contracts with the National Health Fund, as well as contracts for the provision of medical services, health care, as well as individually purchased services by patients. Personal data is also used to issue invoices, as well as to keep necessary statistics on the settlement of medical services.
Providing patients’ personal data is voluntary, but also necessary to receicve our service. In the event of refusal to provide data, CM WUM will not be able to provide a medical service, because the obligation to complete the data in medical records are provisions on patient rights and medical records, as well as financing healthcare services from public funds.
The scope of data collected for the provision of benefits is: name, surname, gender, PESEL (date and place of birth), ID number, address as well as telephone number, e-mail address for contact purposes. During medical, pre-medical and nursing visits, special category data is collected regarding our patients’ health – meaning personal data about the physical or mental health of a natural person – including the use of health care services – revealing information about the patient’s health, as required by law.
Personal data, including health data contained in medical records, may be transferred in accordance with the law:
- entities providing health services, if this documentation is necessary to ensure the continuity of health services;
- public authorities, including the Commissioner of Patients’ Rights, the National Health Fund, medical self-government bodies and national and voivodeship consultants, to the extent necessary for these entities to perform their tasks, in particular supervision and control;
- entities referred to in art. 119 section 1 and 2 of the Act of 15 April 2011 on medical activities, to the extent necessary to carry out the inspection at the request of the minister competent for health;
- authorized by the entity referred to in art. 121 of the Act of 15 April 2011 on medical activities, persons practicing a medical profession, to the extent necessary to supervise a medicinal entity which is not an entrepreneur;
- the minister competent for health matters, courts, including disciplinary courts, prosecutors’ offices, court doctors and the regional screener for professional liability in connection with the proceedings;
- bodies and institutions authorized under separate laws, if the examination was carried out at their request;
- disability pension authorities and disability adjudication teams, in connection with the proceedings they conduct;
- entities maintaining records of medical services, to the extent necessary for keeping records
- insurance companies, with the patient’s consent;
- medical commissions subordinate to the minister competent for internal affairs, military medical commissions and medical commissions of the Internal Security Agency or Foreign Intelligence Agency, subordinate to the Heads of the relevant Agencies;
- persons performing the medical profession, in connection with conducting the assessment procedure of the entity providing health services on the basis of the provisions on accreditation in health care or the procedure for obtaining other quality certificates, to the extent necessary to carry them out;
- Voivodeship Commission for Evaluation of Medical Events, within the scope of the conducted proceedings;
- heirs in the scope of the proceedings conducted before the Voivodeship Commission for Evaluation of Medical Events;
- persons performing inspection activities pursuant to art. 39 sec. 1 of the Act of 28 April 2011 on the information system in healthcare, to the extent necessary to carry them out;
- members of hospital infection control teams referred to in art. 14 of the Act of 5 December 2008 on preventing and combating infections and infectious diseases in humans (to the extent necessary to perform their tasks).
The patient has the right to access their data, as well as rectify or delete (after the deadline specified in the law) and raise an objection, as well as transfer data (if the law indicates it). The patient has the right to receive information (in an understandable and common format) which personal data he has provided to the CM WUM.
CM WUM uses the subcontracting services of other entities performing therapeutic or auxiliary activities in the field of health care, as well as IT and accounting services, which involves the disclosure of patient data to these entities. Our subcontractors are obliged to comply with the provisions on the protection of personal data and confidentiality of entrusted data.
CM WUM stores patient data in accordance with the dates specified in the law, i.e.:
The entity providing health services keeps medical records for a period of 20 years from the end of the calendar year in which the last entry was made, except for:
- medical documentation in the event of the patient’s death as a result of bodily injury or poisoning, which is kept for 30 years from the end of the calendar year in which the death occurred.
- medical records containing the data necessary to monitor the fate of blood and its components, which are kept for 30 years from the end of the calendar year in which the last entry was made;
- X-ray photos stored outside the patient’s medical records, which are kept for a period of 10 years from the end of the calendar year in which the photo was taken;
- referrals for examinations or doctor’s orders, which are kept for the period of:
- 5 years, counting from the end of the calendar year in which the medical services that are the subject of the referral or doctor’s order were provided,
- 2 years from the end of the calendar year in which the referral was issued – if the health service was not provided due to the patient’s failure to report within the prescribed period, unless the patient received the referral;
- medical records for children under the age of 2, which are kept for 22 years.
Patients’ personal data may be subject to profiling. The administrator does not transfer patient data to a third country. The patient has the right to lodge a complaint with the President of the Office for Personal Data Protection.
The Medical Center of the Medical University of Warsaw takes the utmost care in terms of data security and patient privacy. Data confidentiality and personal data protection is our priority.