Avenue Healthcare limited Patient Data Map

1. Data Collection
Sources of Data: M360 HMIS
  1. Patient registrations
  2. Electronic Health Records (EHR) for Outpatients
  3. Lab and Radiology Diagnostic reports
  4. Drug Prescriptions
  5. Admission Data
  6. Op Visit Data
Types of Personal Data Collected:
  1. Personal Information (Name, Address, DOB, Gender)
  2. Medical History
  3. Treatment Plans
  4. Area of Residence
  5. Billing Information
  6. Emergency Contacts
Data Processing:
Purpose of Processing:
  1. Providing medical services
  2. Billing and payment processing
  3. Appointment scheduling
  4. Medical research (if applicable, with patient consent)
3. Legal Basis for Processing
  1. Patient consent
  2. Legal obligation (providing medical care)
  3. Vital health interests (emergency medical situations)
4. Data Processing Activities:
  1. Data entry into M360 HMIS system
  2. Sharing information with healthcare professionals within the organization
  3. Billing and insurance claims processing
  4. Medical research data analysis (if applicable)
5. Data Storage:

On-site servers at our Parklands Hospital and Orbit Place

6. Data Retention Periods:

Define how long different types of data are retained (e.g., patient records might be retained for a specific number of years after the last treatment)

7. Data Sharing:
a) Internal Sharing:
  1. Healthcare professionals within the organization
  2. Administrative staff for scheduling and billing purposes
b) External Sharing:
  1. Insurance companies (for billing)
  2. Other healthcare providers as may be relevant (with patient consent)
  3. Public health authorities (as required by law)
8. Security Measures:
a) Encryption:
  1. Data transmission via a secure private MPLS network in a hub-spoke network architecture to our primary data center in Parklands
b) Access Controls:
  1. Role-based access control to patient records on M360 HMIS
  2. Periodic access audits
9. Training:

Regular staff training on data protection policies and procedures

10. Data Subject Rights (Patients' Rights):

Right to Access: Patients can request access to their record by completing a Data Access Request Form. These requests are fulfilled within 7-14 days.

Right to Rectification: Patients can request rectification to data by requesting a change to their data.

Right to Erasure: Patients can request rectification to data to be deleted within the boundaries of the law, i.e., not involved in a medico-legal case.

Right to Portability: Patients can currently get some of their medical data in a portable format such as their Diagnostic or medical reports either in printed or soft format. We do not currently have an end-to-end portable EMR at this time, however.

11. Incident Response:

For more on our Data Breach Procedure please refer here

Wellness Service Wellness Service Wellness Service Wellness Service Wellness Service Wellness Service Wellness Service
Delivering tomorrow’s health care for your family. Find a Medical Centre
9.0
Patient Satisfaction Rating , based on 344 reviews.
Make Appointment