Úsek pro vědu a výzkum

Information for Patients

Introductory information

Our main activity is the provision of health care, whether it is care consisting of prevention, diagnosis, dispensary care, treatment, assessment care, medical rehabilitation care, nursing care or palliative care.
All of these types of healthcare have one thing in common - in order to carry out the healthcare, we need to know a range of your personal data, especially what can be described as sensitive data. This data is mainly data about your health, in some cases also genetic data, data about your sex life and other data that are part of the most sensitive sphere of each of us.
As it is impossible to provide a sufficient level of healthcare without this data, we would like to thank you for your trust and assure you that no unauthorised person will gain access to your data. We carefully select all persons who may have access to your personal data in connection with the provision of healthcare, whether they are our employees or contractors.
All of our staff (from the doctor to the cleaner) are bound by strict confidentiality directly by law. We also negotiate confidentiality obligations with all our contractors if they may come into contact with personal data.
We consider trust and high data security to be one of our top priorities in our business.

What data do we process about you?

As each patient's care is always very individual, the list of personal data below is the broadest possible - it is the maximum amount of data we can process about you as a patient. We obtain your personal data either directly from you or from doctors who have cared for you before us.

  • Identification data: name, surname, gender, date of birth, birth number, public health insurance number (if this is not the patient's birth number), health insurance company code;
  • health data: In particular, information on the patient's health status, date and time of admission to care, date and time of termination of care, information on transfer of the patient to another provider, information on the course and outcome of the health services provided and other relevant circumstances related to the patient's health status and the process of providing health services, including anamnestic data necessary for the provision of health services; following the established information on the state of health, working conclusions and information on the final diagnosis, a proposal for further treatment, information on the course of treatment, the scope of health services provided or requested, data on the current development of the state of health according to the assessment communicated by the patient, and targeted objective findings are prepared for the patient, data on prescribed medicinal products, food for special medical purposes (including dosage and number of packages prescribed) and medical devices, data on the administration of medicinal products or food for special medical purposes (including the quantity administered), registration number of the transfusion product administered, data on the patient's equipment with medicinal products, special medical food (including quantity) or medical devices, data on the issue of a medical transport order, records of nursing care provided (including nutritional and medical rehabilitation care), record of vaccinations given, record of informed consent/disagreement to a specific health service, a record of the use of restraints, copies of medical reports, requests for health services, information on the recognition or termination of temporary disability, results of examinations, records of the receipt of emergency calls, and other relevant circumstances related to the patient's medical condition that are discovered in connection with the provision of health services;
  • the patient's contact details: residential address, correspondence address, telephone number, e-mail address, data box ID;
  • other personal data: photographs of the patient, CCTV footage.

In what form is my personal data processed?

All personal data we learn and process about you in the context of providing healthcare is part of your medical record. We keep medical records in a so-called mixed form. This is a situation where part of the documentation is kept electronically and part in paper form. As a health care provider, we are bound by the laws that impose a number of obligations on us in relation to the retention of medical records, in particular, we must always handle them in a conclusive manner and with extra care.
Please know that we do not take the handling of your medical records lightly, which is why we have taken other technical and organisational measures. Electronic documentation is secured by appropriate technical measures (access rights system, computer station security, encrypted database backups, etc.) and access to its contents by individual staff members is strictly limited. Your personal data is mapped across all processing software.
Paper documentation is kept in locked areas to prevent unauthorised access. Redundant copies are not made. All staff are trained to take extra care in this context.

Why do we process your data and what is the legal basis for doing so?

The purpose of processing your personal data is to ensure the provision of healthcare services and the maintenance of medical records. The legal basis for this processing is then principally the provision of healthcare, whether it is the provision of requested care under a healthcare contract or, in cases of urgent care, under a legal obligation. The scope and obligation to process personal data are governed by special laws by which we are bound.
In some cases, a patient's personal data may be processed for purposes other than the provision of health care. Such purposes may include, but are not limited to, the use of your data for clinical trials or for the purposes of our publicity. However, in this case, your personal data is processed on the basis of your voluntary consent to the processing of your personal data, which may not and will not be forced upon you in any case. You can then withdraw your consent at any time or exercise other rights associated with this, which we will thoroughly inform you about before you give your consent.
We are also entitled to process your personal data for scientific and research purposes. This authorisation is granted to us directly by law. However, we only ever process the necessary data for this purpose and, as a matter of principle, in such a form that you cannot be easily identified.

To whom can we disclose your personal data?

We manage your personal data within our organisation and we only pass it on to third parties with your consent. However, in some cases we may need to pass your personal data to other recipients without your consent.
In the first instance, in some cases we are required to pass on your personal data by law. In particular, we pass your data, including health data, to health insurance companies in order to bill for the healthcare we provide to you. We are further authorized to disclose your information under the law governing the provision of health care by permitting specified persons to inspect, extract, copy or make a copy of your medical records without your consent. In particular, this will include disclosure of your information to government authorities (e.g. social security authorities, the State Institute for Drug Control, etc.). On the basis of Act No. 48/1997 Coll., on public health insurance, we also pass your data to the Health Insurance Office z.s. for the purpose of monitoring patients who have been treated with highly innovative medicinal products.
In order to ensure that we provide you with quality care, we also use external suppliers in some cases, particularly for technical support of our information system or management of the medical devices we use in the provision of healthcare. These activities may involve the processing of some of your personal data. External suppliers are in the position of so-called processors and have a written contract with us which obliges them to follow strict principles when handling your data. In this case, your consent is not required for the purpose of carrying out the processing activity, as such processing is directly permitted by law. Please know that we choose our suppliers according to strict criteria, so you do not have to worry about your data. Currently, the following categories of processors process your personal data: archive service processor, processor for reporting to health insurance companies, processors of clinical studies and clinical trials.
We do not transfer your personal data abroad as a matter of principle. This can only happen exceptionally if you give your consent (e.g. if you are participating in a clinical trial) or if this is required by law.

How long will we keep your personal data?

Your personal data is kept for as long as is strictly necessary. As we overwhelmingly process your data in connection with the provision of healthcare, it must be kept for the period of time that the law requires medical records to be kept. This period is therefore set by regulation and is between 5 and 100 years, or 10 years from the death of the patient, depending on which part of the medical record is involved.
If we process your data for purposes other than the provision of health services, in particular if we process it on the basis of your consent, we undertake to process it only for the period specified in that consent.

What rights do you have in relation to your personal data?

As a data subject, the law gives you a number of rights. As healthcare cannot be provided without processing your personal data, some of your rights are limited by law. At the same time, as a patient, you are obliged to provide us with your data. Failure to provide your personal data may mean that we are unable to provide you with healthcare services, which may result in damage to your health or a direct threat to your life. However, as a patient you have the following rights in relation to your personal data.

Right to access your personal data

You obviously have the right to know what data is being processed about you, for what purpose, for how long, where we obtained the data, whether and to whom we are transferring it. You also have the right to be informed of other rights relating to this data. This document is mainly intended to inform you, however, we are ready to provide you with confirmation or clarification on any point of this information.
If you ask us to do so, we will also provide you with a copy of the personal data processed without undue delay. We are entitled to charge a reasonable fee for this copy, particularly if it is requested repeatedly, in relation to administrative costs. If you make this request in electronic form, we will automatically assume that you are also interested in receiving the information in electronic form. However, you have the option to request it in another way. Please note that the right to obtain a copy of the personal data processed cannot adversely affect the rights of other persons.
You may also exercise your right to access your personal data in accordance with the rules on consulting medical records and taking extracts and copies.

Right to rectification of personal data

If you discover that the personal data we process about you is inaccurate or incomplete, you have the right to request that we complete or correct it without undue delay.

Right to restriction of processing of personal data

This right allows you to request, in certain cases, that certain of your personal data be marked and not be further processed for a certain period of time. This is not the same as the right to erasure, as the restriction of processing is not permanent. You have the right to have us restrict the processing of your personal data if:

  • you contest the accuracy of the data we process about you for the time necessary to verify its accuracy,
  • the processing is without legal basis (e.g. beyond the data we are entitled to process) but you prefer to restrict the processing instead of erasing it, for example because you expect to provide us with the data in the future anyway,
  • we no longer need to process your personal data but you require it for the establishment, exercise or defence of legal claims,
  • you object to the processing (see the next point in the notice for this right).

If processing is restricted, the data may only be processed with your consent or for the establishment, exercise or defence of legal claims, for the protection of the rights of another person, whether natural or legal, or for reasons of important public interest.

Right to object to the processing of personal data

You may only exercise your right to object to the processing of your personal data where we would process some of your personal data in the public interest or on the basis of our legitimate interest. If this happens, we will only continue to process your personal data if we can demonstrate compelling legitimate grounds for doing so (in particular, if we need it to establish, exercise or defend legal claims).
With regard to the provision of healthcare services, as mentioned above, we process your personal data in the vast majority of cases on the basis of the law. This right is therefore not available to you as a patient in principle.

Right to complain to a supervisory authority

The exercise of the rights set out so far is without prejudice to your right to lodge a complaint with the Data Protection Authority using the contact details set out at the beginning of this document. You can file a complaint at any time when you have doubts about whether your personal data is being processed as it should be, i.e. unlawfully or in breach of the law.

Right to erasure

In some cases, as a data subject, you also have the right to have your personal data erased. We generally delete your personal data when we no longer need it and have no legal basis for processing it. We will also delete your data if it has been processed on the basis of consent and that consent has been withdrawn.
Please note that even if this is one of the grounds for erasure, it does not mean that we will immediately delete all your personal data. This right does not apply if the processing of the personal data is still necessary for compliance with our legal obligations, for archiving purposes, for scientific or historical research or statistical purposes, or for the establishment, exercise or defence of legal claims.

Right to withdraw consent

Where your personal data is processed on the basis of consent, you also have the right to withdraw consent at any time. However, the withdrawal of consent will not affect any previous processing that we have carried out prior to the withdrawal of consent.

How can I exercise individual rights?

For all matters relating to the processing of your personal data, whether it is an enquiry, exercising a right, making a complaint or otherwise, you can contact our Data Protection Officer in the following ways:

  • by post or in person at U Nemocnice 1, 128 00 Prague 2,
  • by e-mail at poverenec@uhkt.cz,

We will process your request without undue delay, but within a maximum of one month. In exceptional cases, in particular due to the complexity of your request, we are entitled to extend this period by a further two months. We will, of course, inform you of any such extension and the reasons for it.