– Jim Hurley, Managing Director of IT Policy Compliance GroupA failure to apply IT safeguards or data protection measures, which are subject to control under applicable regulations, is like disclosing a code to a bank vault
Information is the most valuable asset of the Greater Poland Cancer Centre, and the foundation on which it operates. Therefore, it is our top priority to protect that information by designing, implementing and maintaining an information security system, based on Information Security Policy of the GPCC.
The Policy is based on the national laws, quality standards and guidelines of the General Personal Data Protection Inspector.
In the face of the growing value of information being processed, particularly sensitive data on patient health condition, the Policy has been supplemented with the Centre Management Support Declaration to acknowledge the need for implementing an information security system.
The Policy encompasses many aspects which arise from the nature of the activity conducted and the size of an organisational unit. It defines the rules for the management and protection of information that constitutes a secret of of a unit concerned or is legally protected; providing access to information and processing systems for operational purposes, and critical procedures in case of safety incidents.
In particular, the following documents have been drawn up under GPCC’s Information Security Policy:
- Personal Data Security Policy
- Privacy Protection Policy
Personal Data Security Policy
Personal Data Security Policy (PDSP) developed in pursuance of the Personal Data Protection Act of 29 August 1997 and laws relevant to the medical sector, pertains to the overall system of protecting patient personal data, , i.e. protection of both data processed conventionally and those processed through IT systems.
PDSP takes priority over any other internal by-laws and instructions issued in this regard.
The Policy contains detailed guidelines for numerous obligations imposed on the Personal Data Administrator (PDA). One of the most important obligations – apart from the that to take particular care in protecting the interests of patients concerned (obligation to protect data), is the information requirement (Article 24 and 25 of the Act) and the obligation to respect patient’s right to control their data and obtain information on how their data are processed (Article 32-35).
To learn more about the information requirement and the right to control your data and obtain information on the rules of data processing click here.
Personal data set registry
Information Security Administrator shall enable any interested party to view the contents of the personal data set registry at the Personal Data Administrator’s office.
Privacy Protection Policy
Attaching particular importance to protecting the privacy of all persons, including patients visiting GPCC’s websites, we have put in place the Privacy Protection Policy , that provides a framework for the processing (in particular: collecting, modifying, removing, and sharing) of data about patients visiting GPCC web services.
This information is easily accessible on the GPCC home page and at the bottom of each GCC web page. GPCC strictly complies with rules specified in the Policy.
Please read carefully the Privacy Protection Policy before starting to use the service. If you do not accept the terms of Privacy Protection Policy, you must exit any GPCC service.
This notice relates to all websites and domains controlled by the GPCC, except for specific websites where other privacy protection rules have been published to be applicable instead of the above notice.
Contact for matters related to Personal Data Protection
in matters related to the protection of your data, please contact abi (at) wco.pl