IHI Service Data Protection Policy

IHI Business Service Data Protection Policy

Information in the form of data is at the core of the Health Service Executive’s (HSE) activities. The security and privacy of this data, especially patient and client personal data, is of the upmost importance to the HSE. In order to maintain public confidence in the HSE and the delivery of our services to the public, the HSE and its staff, agents, representatives, contractors and data processors must ensure they process and protect this data in accordance with the relevant legislation and the HSE’s policies, procedures and guidelines.

In 2014, the Health Identifiers Act was enacted and this allowed for the creation and operation of a unique Individual Health Identifier (IHI) for any person using a health or social care service in Ireland and the establishment of a national IHI register. The Minister for Health delegated the authority to establish and operate the IHI to the HSE and the HSE IHI Business Service is responsible for this. As the IHI includes an individual’s personal data, the HSE is legally required to ensure that all personal data is processed in accordance with the Health Identifiers Act, the Data Protection Acts, the GDPR (when effective) and other statutory and legal obligations.

The purpose of this policy is to provide HSE staff, agents, representatives, contractors and data processors and others with clear guidance and instruction on the appropriate, safe and legal way in which they can make use of the information stored on the IHI register. This policy has been approved by the HSE Director General and the HSE leadership team