Privacy policy

1. Who is the data controller?

Eikholt National Resource Centre for Deafblindness, represented by the CEO, is the data controller for the organisation's processing of personal data. Day-to-day responsibility for patient data has been delegated to the Head of Department. The delegation only covers the tasks and not the responsibility. This statement contains information about how we process personal data (Section 18 of the Personal Data Act).

2. What is the purpose?

The purpose of storing patient data is to provide correct and effective healthcare and services to our users. We are legally obliged to retain some information, while you can provide us with other information voluntarily in order to communicate with us more efficiently.

3. What is the legal basis?

The Personal Data Act with regulations is the general law that contains rules for how personal data collected is processed, how it is secured, who has access to the information, whether it is disclosed to others and how the individual about whom information is registered can exercise their rights to, for example, access. The basis for processing personal data is regulated in section 6-1 of the Specialist Health Services Act, section 10-7 of the National Insurance Act, chapter 8 of the Health Personnel Act (sections 39-47), the Patient Records Act and the Health Registry Act. ECIT is our operating supplier for IT. Carasent is our supplier of electronic patient data systems. Our website supplier is Sail. Cooperation with these suppliers is regulated by data processing agreements. All personal data is stored on our own servers.

4. What personal data is processed?

Statutory information

• Personal data, including national identity number for secure identification
• Address, phone number
• Guardian or whoever consents on your behalf
• Recording of our investigations and assessments
• Relevant images and/or film
• Relevant diagnoses in relation to the services we will perform
• Information about the risk of infection
• Discharge summaries, referrals and other documents sent to us by other healthcare professionals
  
  Voluntary information
• Additional contact information such as mobile phone number, email address, etc.
• Relatives with contact information
  

5. Where does the data come from?

The information comes from you as a user directly or is obtained from referrals that are sent to us. We are not linked to the National Population Register, and only store the addresses you provide to us.

6. Is it voluntary to provide the information?

We are required by law to store the statutory data listed above. The voluntary data will make our communication with you easier and more efficient. But it is voluntary.

7. Is the information disclosed to third parties?

The following third parties may receive information:

• NAV receives information in the form of applications for assistive devices and courses. This must be signed by you before it is sent, and contains personal details, contact information, diagnosis and information about your needs and our assessment.
• The referring doctor or other healthcare professional will - upon request or when we see a need for it - receive an epicrisis, i.e. a summary of our medical records limited to the case in question. In some cases, it is also necessary to share information with others who are part of your treatment team. This could be a physiotherapist, occupational therapist or medical specialist.
• In some cases, we wish to use images or films in connection with training or courses for other healthcare professionals. This is voluntary, and in such cases we will always obtain written consent from you first, and anonymise the images.

Voluntary information

• Additional contact information such as mobile phone number, email address, etc.
• Relatives with contact information

8. How is the data deleted and archived?

The Medical Records Regulations state that information must be stored for a minimum of 10 years after the last addition to the medical record. Some assistive technology requisitions are valid for 10 years and can be renewed after that. Deafblindness is a progressive disorder. This means that we are responsible for following up users throughout their lives. We therefore practise deletion of the data in the event of notification of death or if the user requests deletion. All personal data is stored on our server in accordance with current regulations. Some of the oldest information is stored in a local database that is securely locked with very limited access. This database is not connected to a network or the internet.

9. What rights does the data subject have and which country's legislation applies?

You can request correction or deletion of the voluntary personal data. Among the statutory personal data, you can demand the correction or deletion of incomplete or incorrect information.
You have the right to access your own medical records as long as the information is not likely to be harmful to you. You can also demand that the information be disclosed.
This statement cannot limit rights or obligations arising from Norwegian law. Relevant laws and regulations are the Health Personnel Act, the Patient and User Rights Act, the Archive Regulations and the Journal Regulations.

10. How is the data secured?

Only employees of Eikholt National Resource Centre for Deafblindness and our data processors have access to the information. There are also procedures in place to ensure that only relevant staff have access to sensitive information. All employees have signed a confidentiality agreement.

11. Contact information.

E-mail: post@eikholt.no.
Phone: 45 61 44 04
Postal address: Helen Kellers vei 3, 3031 Drammen