Privacy Statement for Patient Register (adverse events during blood transfusion)
The Patient Register is a personal data file maintained by the Finnish Red Cross Blood Service.
This is a Privacy Statement for Patient Register (adverse events during blood transfusion).
Why is my data collected?
The data file is maintained for the purposes of fulfilling the terms of the Blood Services Act (197/2005) and the Blood Safety Provision issued by the Ministry of Social Affairs and Health (258/2006). The data file is used for the registration of adverse reactions related to blood transfusion, blood transfusion errors and incidents (adverse event).
What data is collected concerning me?
Data is collected in the data file only to the extent necessary to investigating an adverse reaction, or blood transfusion errors.
The data being collected includes:
- Personal data (name, date of birth, personal identity code) needed to identify the patient and conduct investigations.
- Health and event data necessary for investigating the adverse event, and an assessment of the type and cause of the adverse reaction.
- Research results and statements produced during the analysis of laboratory tests and research findings.
How is my data obtained?
Patient data in the data file and some laboratory data is obtained from the notifying healthcare unit on the basis of a referral for laboratory tests and discussions with the treating physician. Data on laboratory findings and statements is produced in Blood Service or Blood Service contract laboratories.
Why is my data processed?
Such data is used for the investigation and registration of adverse events that occur during transfusion.
Is my data disclosed to parties outside the Blood Service? If so, why and where?
The Blood Service hands any laboratory findings and statements related to the investigation of an adverse event to the health care unit that requested such information, which is caring for the patient in question. Such information is not disclosed to third parties without the patient’s consent.
Data on serious adverse reactions and incidents is reported and notified to the supervising authorities in accordance with the applicable statutory obligations.
Is my data transferred outside the EU?
How is my data protected?
At the Blood Service, data is only processed by those persons who need to do so in pursuit of their duties. Persons processing data are bound by an obligation to maintain secrecy. Access to the electronic data file is restricted by usernames. Access to data in the filing system and the addition, editing and erasure of data is restricted by access rights. Data recorded on paper is kept locked in rooms subject to access control.
Is my data used for profiling or automated decision-making?
For how long is my data stored?
Data on the occurrence of adverse events related to blood products is retained for 15 years.
How can I review my data and rectify any inaccurate information?
Fill in, print and sign the information request form found on the Blood Service’s website and submit it to the Blood Service by mail or in person. The Blood Service will send an extract of the personal data concerning you contained in the filing system to you by mail.
You may request the rectification of inaccurate information in writing by using the rectification request form found on the Blood Service’s website.
Can I request the erasure, or object to the use, of my data?
The erasure of personal data in the investigation of adverse events related to blood products, or objecting to their processing, is not possible under the law, see section “For how long is my data stored?”
Can I lodge a complaint with the authority?
If you feel that the processing of your personal data is not lawful, you may lodge a complaint with the competent supervisory authority.
Finnish Red Cross, Blood Service
FI-01730 Vantaa, Finland
tel. +358 29 300 1010
Person in charge of the filing system
Jaana Mättö, email@example.com