Requests for Information

Accessing Your Personal Data

Subject Access Requests (SAR)

Under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, individuals have the right to access personal data held about them by healthcare organisations.

A Subject Access Request (SAR) allows patients to obtain a copy of their personal data and information about how that data is processed.

The legislation provides the following key rights:

• The right to access personal data held about you.
• The right to receive information about how and why your data is processed.
• The right to request correction of inaccurate or incomplete personal data.
• The right to request restriction or erasure of personal data in certain circumstances (where applicable under law).

Patients may request access to their health records and other personal information held by the Hospital. This includes information held in electronic and paper records.

Subject Access Requests are generally processed within one month of receipt. In certain circumstances, this period may be extended in line with data protection legislation.

Access to information may be subject to certain legal limitations, including the protection of third-party information and considerations relating to patient safety.

To make a “Subject Access Request”, please contact:  QPSR Department, St. Luke’s Hospital, Highfield Road, Rathgar, Dublin 6.   Email: rfi@slh.ie

• Download the HSE SAR’s Information Sheet
• Download the HSE SAR Form

Proof of identity may be required to process your request.

Freedom of Information Requests

The Freedom of Information (FOI) Act 1997 came into effect for St. Luke’s Hospital on 21 October 1999. The 1997 Act and its 2003 Amendment were later replaced by the Freedom of Information Act 2014.

The FOI legislation provides three key statutory rights:

• The right to access official records and information held by Public Bodies.
• The right to have personal information corrected if it is incomplete, incorrect, or misleading.
• The right to receive reasons for decisions made by Public Bodies that affect an individual.

These rights allow members of the public to request access to personal information held about them—regardless of when the information was created—subject to availability, privacy considerations, and the public interest.

Requests may be made to:  QPSR Department, St. Luke’s Hospital, Highfield Road, Rathgar, Dublin 6.

Email: rfi@slh.ie

Requests must:

• Be made in writing
• State that the request is made under the F.O.I. Act.
• Indicate clearly the records/information requested. Specify the manner of access sought; i.e. arrangements to view/discuss the records at the Hospital or to receive a copy of the records.
• Produce proof of identity. This will be sought before access to personal information is granted.
• Officers of the Hospital must assist the Requester to put his/her request in such a way that it complies with the requirements of the Act. The requester must receive acknowledgment of his/her request within two weeks and generally a decision within four weeks from the date of receipt of the request.

Can I get access to any information that I seek?

Any official information held by Public Bodies can be sought under the Act. However, in certain defined circumstances, it will sometimes be necessary to exempt from release, certain types of information. These are set out in Sections 19-32 of the Act. Some key exemptions are records relating to:

• Personal information (other than information relating to the person making the request).
• Information supplied to the Hospital in confidence.
• Law enforcement and Public Safety.
• Commercially sensitive information.
• Deliberations of Public Bodies
• Functions and Negotiations of Public Bodies.

While the Hospital will seek to protect the privacy of individuals and information supplied in confidence, in certain circumstances it may be in the public interest to release such information.

Is there a charge for accessing information under the F.O.I. Act?

• Personal and other Information will normally be given free of charge.
• There are charges for Internal Review and Appeals to the Information Commissioner (see below)
• There is also a search and copying charge which may apply to non-personal information
• Requesters cannot be charged for time spent on deciding whether or not to grant their request.

Options available to Requester if not happy with decision by St. Luke’s Hospital.

Requesters who are not satisfied with the response they receive can appeal to St. Luke’s Hospital for an internal review of the decision. Someone more senior that the original decision-maker will undertake the internal review. The reviewer can change or agree with the original decision.

If unhappy with the result of the internal review, the requester has the right to apply to the Information Commissioner (18, Lower Leeson Street, Dublin, 2), for an independent review.

Charges may apply.

Is it always necessary to make a FOI request to get information from St. Luke’s Hospital?

No, You may be able to obtain the information you require by other means such as:

• By discussion with the relevant member of the Hospital’s staff.
• By information leaflets, annual reports, etc. which the Hospital publishes.
• Administrative access applications may be made by writing to: The Freedom of Information Officer, St. Luke’s Hospital, Highfield Road, Rathgar, Dublin, 6. Personal/Medical records may be requested/accessed through our Administrative Access procedure. Only information which cannot be released under our Routine Access or Administrative Access policies will be dealt with under Freedom of Information Act.

Downloads:

• Download the HSE FOI Form
• Download the FOI – Access to Deceased Patient Record Form

Data Governance

The General Data Protection Regulation (GDPR) came into effect on 25 May 2018 and applies to the processing of personal data.

St Luke’s Radiation Oncology Network is committed to meeting all of its legal responsibilities under this regulation. In the course of our work, we collect and process personal data about you to support our legitimate interests in managing our services and delivering high‑quality care.

We ask that you provide the personal information necessary for us to offer these services effectively.

SLRON Data Protection (Privacy Statement/ Fair Processing) Notice