HelsaMi
This is HelsaMi`s privacy policy

Privacy Policy

This is HelsaMi`s privacy policy.

1 About this privacy policy and accountability

This privacy policy describes the processing of personal data when you use HelsaMi. The processing takes place in accordance with the national statutory requirements for processing of personal data. 

The data controller is the entity / entities that have the primary responsibilities and obligations under the Personal Data Act and the special legislation that applies to the health service providers. Helseplattformen AS and the health service providers that use Helseplattformen are independent data controllers that cooperate in complying with the privacy obligations related to Helseplattformen. The responsibilities for compliance with the privacy obligations are divided between Helseplattformen AS and the health service providers in an administrative decision concerning Helseplattformen and data responsibility, adopted by the Ministry of Health and Care Services on the basis of the Patient Records Act § 9 (2) ("the administrative decision"), see also section 4 below.

If you have questions about this privacy statement, you can contact Helseplattformen AS' Data Protection Officer at turid.rodsjosaether@helseplattformen.no. 

2 Personal data 

Personal data is information that can be related to an identified or identifiable individual. Processing of personal data is any use of personal data, such as the collection, recording, compilation, storage and disclosure, or a combination of such forms of use. As a main rule all processing of personal data is subject to the Personal Data Act, which is supervised by the Norwegian Data Protection Authority.

3 Purpose of processing

The purpose of the processing of personal data in HelsaMi is to facilitate digital and functional interaction between patients/users and establishments in the health care sector. This includes:

Digital communication, including video consultation, messaging features, and appointment bookings
Digital mailbox for receiving information from the health care sector
Overview and access to information that has been recorded and made available to you and others
Registration of tasks related to health care
Performing troubleshooting, support, and correction of information in HelsaMi

In addition, the purpose of the services in HelsaMi is to provide a secure place where you can store your own notes about your health that no health personnel can access.  


4 Legal basis for processing

The legal basis for the processing of your personal data in HelsaMi is GDPR Article 6 No. 1 c) and Article 9 No. 2 h) and i) with supplementary legal basis in the health legislation, including the Patient Records Act §§ 6 and 8, the Patient Record Regulations §§ 4- 8, the Health Personnel Act §26 and the administrative decision.

The administrative decision constitutes the legal basis for Helseplattformen AS's processing of personal data to facilitate the provision of health services concluded by the health service providers. This facilitation includes i, a. creation and management of your HelsaMi user.

Consent is not a legal basis for the processing of personal data in HelsaMi, but you must consent to the Terms of Use under "Terms and conditions ".

5 Categories of personal data processed

When using HelsaMi, Helseplattformen may process the following information based on the administrative decision:

Basic information about you, including your name, gender, age, national identification number, and contact information
Setting options that control the use of the services at HelsaMi  
Information about the location of your device (even when the app is not running) if you give permission for this in the settings on your phone
Technical information about your device and internet connection
Powers of attorney you have granted or received
Login information
Your vaccines
Your test results
Your referrals 
Your allergies
Your letters from the health establishments
Your health contacts
Your personal notes
Upcoming and previous appointments
Temporary logging of technical information and your name during video consultations
Other health information in your patient record that are made available to you
Incomplete applications for municipal health care services
Other documents or attachments you upload as part of your communication with the health care sector in HelsaMi
Questionnaires 
Relatives

6 Storage time and deletion of user account

You may in some cases correct and delete the information you have uploaded to HelsaMi. If such correction and deletion is not possible in HelsaMi, you can contact us for correction and deletion as mentioned in section 8. Backups are stored at Helseplattformen for up to 14 days. The backups are only used to restore the service in case deletion by error.
 
When deactivating a user profile, the personal data related to your user profile will be unavailable. 

Information obligated for recording in patient records, will be recorded, and stored in accordance with Norwegian health legislation. Your personal data stored in patient records will be stored until it is presumed that it is no longer of use for healthcare, pursuant to section 25 of the Patient Records Act. The information is then preserved in accordance with the Archives Act or other legislation. 

When the death of a user is recorded in the medical records system, the deceased's consent to the services will be deemed as withdrawn and the account will no longer be accessible. Any other person authorized to use will also lose access to the account. 

7 Access to personal data in HelsaMi

Only you have access to the personal notes that you have chosen to register at HelsaMi. You can grant access to next of kin or other private individuals by giving them authorization as described in the Terms of Use.  

Authorized technical personnel, who do regular operational work on the technical solution, will generally not have access to your personal data. In certain situations, in connection with error correction or operational disruptions, dedicated operational personnel may have access to your personal data. Such access will only take place within very strict security routines and the operating personnel are required to keep a separate log of when and why such access has taken place. Data processor agreements have been entered into with all relevant subcontractors and all personnel must sign a declaration of confidentiality to be authorized.

HelsaMi is structured according to current industry standards for information security in the healthcare sector (the "Norm"), which, among other things, sets strict requirements for access control and secure login. Routines and measures have been established at various levels to ensure that unauthorized persons do not gain access to your personal data, and that all processing of the data otherwise takes place in accordance with applicable law. All information about you will be stored on secured storage devices.

You will have access to a log of healthcare personnel who have opened your patient record in HelsaMi. The log includes the names of healthcare personnel or other personnel who have accessed your patient record. The time and date of access will be available to you, but there may be restrictions during active treatment at an institution or hospital. You will not be given detailed information about who has had access to specific health information, such as who has opened which journal notes. 

8 Your rights

The privacy regulations and health legislation give you several rights that you can exercise in various ways, including:
To request that the personal data registered about you is corrected or deleted
To request access to the personal data registered about you
To request that access to your patient record is restricted to specific health care professionals or personnel
To launch a compaint to the Norwegian Data Protection Authority

If you have an account on HelsaMi, you can exercise these rights by using the chat function there. You also have functionality in HelsaMi that allows you to correct or delete certain information yourself. You can also contact Helseplattformen AS during our opening hours on telephone number 72 88 37 97 or contact the health service provider that provides services to you.


9 Exchange of information and use of subcontractors

Helseplattformen exchanges information with Helsenorge.no. This is done to integrate the two portals for certain functionalities. Currently, this integration applies to an overview of appointments and letter exchanges. 

As part of the functionality in HelsaMi, you will be able to communicate with public entities. Personal information in HelsaMi may be shared with these entities to the extent necessary to provide health care to you, or if such disclosure is required by law. Helseplattformen also collects basic information about you from national and public registers that are made available to you in HelsaMi.

HelsaMi is a service provided by Epic Systems Inc. Epic will only process personal data in HelsaMi if it is necessary to provide technical support and error correction.

As part of Helseplattformen as a service, there is limited integration between HelsaMi and other programs in Helseplattformen. In connection with this, basic information about you may be transferred to these programs, including e.g. video service provided by Norsk Helsenett, which is used to conduct video consultations that can be initiated through an invitation in HelsaMi, by text message, or e-mail. The personal data is stored in the video service in short intervals and is only used in connection with support and error correction. 

HelsaMi may receive information from third-party applications, including health applications and sports applications on mobile. The relationship between you as a user and supplier of third-party applications will be regulated solely based on your consent to the terms of use and based on the privacy statement of these suppliers. No information is provided by HelsaMi for such third-party applications. Providers of such applications are not affiliated with Helseplattformen or HelsaMi, and neither Helseplattformen nor HelsaMi is responsible for the processing of personal data that takes place using such third-party applications. 

10 HealthKit and Google Fit

If you choose to use HealthKit and Google Fit, HelsaMi can receive health information from these applications on mobile so that it can be shared with healthcare professionals. No information is provided by HelsaMi to HealthKit and Google Fit, or other software activated by HealthKit or Google Fit.

Providers of such applications are not affiliated with Helseplattformen or HelsaMi, and neither Helseplattformen nor HelsaMi are responsible for the processing of personal data that takes place in such third-party applications separately. The relationship between you as a user and supplier of third-party applications will be regulated solely based on your consent to the terms of use and privacy statements of these suppliers.

11 Transfer of personal data out of the EEA

All your personal information is stored and processed within the EEA. In extremely rare cases, support staff from Epic may, through remote access, gain temporary access to personal data from countries outside the EEA to provide technical support and error correction. Such remote access is regulated by a transfer agreement (EU Standard Contractual Clauses), and sufficient guarantees have been established in line with the requirements of the GDPR. This ensures that the information is given the same protection as if it were handled by personnel in Norway.

12 Research projects

In HelsaMi, you as a user can choose whether you want to be contacted or not about participating in research projects. Helseplattformens computer system searches patients' medical records to see if residents meet established criteria for participating in research studies. If the resident has chosen to set his or her preference to "do not contact", he or she will not be contacted to participate in research projects. If the resident does not choose a preference, he or she may be contacted. Your preference in HelsaMi is not a consent to participate in research projects.

For more information on the use of citizens' personal data for research, see link to general privacy statement about the Health Platform for Citizens on the website.​

13 Cookies

HelsaMi uses only necessary cookies that provide basic functionality in the services, such as page navigation and user authentication. The services cannot function optimally without these cookies. See an overview of our necessary cookies.








Fant du det du lette etter?