GDPR

The new General Data Protection Regulation (GDPR) came into force in May 2018. The aim of the law is to increase control over how data about individuals is handled and to increase the security of how personal data is processed. Personal data is any information that can be directly or indirectly linked to an individual. It can include personal and contact details, payment information and data about your health. The GDPR is complemented by other laws that apply, for example, to the requirements for patient records (Patient Data Act) and the laws on confidentiality and professional secrecy.

Handling of personal data

Max Olsson AB is responsible for all personal data handled in our communication. All personal data is handled through a protected and encrypted digital system that handles medical records, contact information, appointment booking, invoicing, video links and messages. The staff working with the digital system do not have access to the content of medical records and other personal data. If you have any questions regarding personal data management, please contact us with your question.

Purpose and legal basis for processing personal data

Personal data is used to ensure that you receive safe and effective care. As a licensed healthcare professional, I am required by law to keep medical records. All healthcare activities are subject to the Inspectorate for Health and Social Care (IVO). During an inspection by the Inspectorate for Health and Social Care, we must be able to account for the correct handling of personal data.

Storage time

Data is stored in accordance with the Patient Data Act. According to the Patient Data Act, the data must be stored for at least 10 years after the last medical record entry. Accounting documents, such as invoices, are stored for 7 years.

Your rights

You have the right to receive information about the personal data processing that takes place. You also have the right, subject to the limitations of the Patient Data Act, to have your personal data rectified, to have data erased, to demand that the processing of data be restricted in certain cases, and to object to processing in certain cases.

External recipients of data

Data will only be disclosed to third parties if you agree to it. This may be the case, for example, when you are referred to another healthcare provider. In some specific cases, I may have a legal obligation as a healthcare provider to disclose personal data to authorities even without your consent. Such an obligation to disclose applies, for example, under the rules of the Social Services Act, if a child is suspected of being in danger, or the Social Insurance Code, when it comes to information needed for decisions in social insurance cases.

The right to lodge a complaint

As a patient, you have the right to lodge a complaint with the Data Protection Authority regarding the processing of your personal data.

Information required by law

The Patient Data Act and the National Board of Health and Welfare's regulations set requirements for certain content in the patient record. There are requirements that information about your identity, essential information about the background to the care, the assessments I make, the plans made, and the measures implemented are documented in the medical record. Furthermore, I am required to state what information I have provided to you as a patient, about the choice of treatment options, certificates and referrals issued, and incoming and outgoing documents.

Active consent to the processing of personal data

Your active consent is needed in order to process your personal data. You may give this consent when you confirm that you want to initiate contact with me for psychological treatment.

If you choose not to consent to the processing of your personal data, I will not be able to provide the processing.