Directorate for Health Information and
Research
Purposes for Processing
The Directorate for Health
Information and Research, henceforth DHIR, is the Data Controller for a number
of processing operations within the health sector in Malta in the public
interest. DHIR implements the provisions of the General Data Protection Regulation
(EU) 2016/679 of the European Union, hence forth referred to as the GDPR in
conjunction with the local legislation implementing this regulation, Data Protection Act 2018 CAP586.
DHIR collects and processes
information on data subjects in the execution of its role of providing a
service to its clients and to fulfil its portfolio of responsibilities
entrusted to it within the ambit of the Health Act, Public Health Act,
Statistics Act and applicable EU Public Health Statistics regulations.
In this regard the DHIR is responsible
for secondary processing of personal data and is required to access personal
data from public and private health care entities as well as notifications by
health professionals. For this purpose, Subsidiary Legislation 528.10 issued
under the Health Act CAP 528, stipulates the regulatory framework through
which secondary processing of data in the health sector can take place.
All data processed is in accordance
with the aforementioned Acts and regulations.
Further information about our
activities, the registers we manage and the surveys we are responsible for can
be found on our homepage.
Recipients of Data
Personal data supplied to DHIR is
processed by DHIR employees in a confidential manner in the course of executing
their duties. Processing is carried out by warranted health professionals or
public services employees working under the direct supervision of warranted
health professionals. All DHIR employees are bound with a confidentiality
agreement.
Sharing your information
We do not, and will not, sell any of
your personal data to any third party. We do however share data for research
purposes as follows.
Wherever possible, access to health
records is given in anonymised, pseudonymised or aggregate format. In rare and
exceptional circumstances, we give access to personal data for the purpose of
research activities where these are manifestly in the public interest and the
research objectives cannot be achieved using anonymised or pseudonymised data.
In these very rare situations, access is conditional to approval by the Health
Ethics Committee when the research is carried out within the health entities
falling under the responsibility of the Ministry for Health and by the relevant
recognised academic research ethics committee where the research is carried out
under the supervision of an academic institution. In all other instances,
access to our data will only be given if you explicitly consent for this to be
given.
Your rights
You enjoy several rights relating to
your personal information:
You are entitled to know what
information is being kept by DHIR about you, the reason why, who has access to
it and how it is kept.
In this regard, requests to access
personal data must be made in writing and addressed to the Data Protection
Officer, Directorate for Health Information and Research, 95 G’Mangia Hill,
Pieta PTA 1313 or via email on dataprotection.dhir@gov.mt. To process your
request, we will ask you to send us proof of identity so that we can be sure we
are releasing your personal data to the right person. This identification
document will be returned to you by MFH when submitting the reply in writing.
Additionally, you have the right as
data subject to request that information be amended, erased or not used in the
event that the data held is incorrect. In this regard, MFH will take the
appropriate corrective action in the event that it is proved that the
information held is incorrect.
MFH aims to comply as quickly as
possible with requests for access to personal data and will ensure that it is
provided within 30 days.
Security of your Personal
Data
Your data is held within the Government
information management system. We take the following steps to ensure the
highest possible level of security for your data.
1. Use of secure
servers;
2. Use of firewalls;
3. Use of encryption;
4. Information access
controls;
5. Use of back-up
systems;
How to contact us
We are always happy to hear from you,
whether to make a suggestion but especially if you feel we can do better.
If you have any questions about this
Privacy Policy, or if you wish to make a complaint about how we have handled
your personal information, please contact us at:
Directorate for Health Information and
Research
95, G’Mangia Hill
Pieta PTA 1313
We have appointed a Data
Protection Officer who may be contacted here: dataprotection.dhir@gov.mt.