Medical offers highly specialized care to companies and private individuals, both at in-house care operations and at our accredited care providers.

Last updated: 2023-09-27

Safe handling of your personal data

As your care provider, we are responsible for your care and thus also the processing of your personal data.

Personal data controller:
Stockholm Medical Office LAB AB (hereinafter referred to as ‘Medical’)
Box 24237
104 37 Stockholm.

To contact the data protection officer, please write to:
Stockholm Medical Office LAB AB, Data Protection Officer, Box 24237, 104 37 Stockholm.

The purpose of the personal data processing

Every time you seek care with us, we register personal data about you in various care registers. We need to do this so that you as a patient will receive the best and safest care possible.

We process your personal data in healthcare for

the patient record and other documentation needed for your care
administration in order to provide the right care
other documentation that follows from law, regulation or other constitution
development and quality assurance of care
planning, evaluation and operational follow-up
preparation of statistics on health care results, for example for quality registers

The processing of your personal data for the fulfillment of these purposes is regulated in the Patient Data Act (2008:355).

Consent

For certain personal data processing, we need your consent, for example to be able to make digital mailings to you via e-mail or SMS. You always have the right to withdraw your consent, whereupon the processing of personal data ends. Please note that each care provider also handles these consents, i.e. if you want to withdraw your consent from more than one care provider, you must contact all of them. This also applies to medical services such as laboratories and X-rays.

Categories of personal data

We only collect personal data about you that is necessary to fulfill the purposes of the personal data processing which

name
social security number
address
contact details
email address
health-related information

We also process sensitive personal data where it is deemed necessary to provide you with the right and safe healthcare. In some cases, personal data about relatives that you yourself or the relative have provided is also processed.

Confidentiality and security provisions applicable to the data and processing

We may only disclose information about you if neither you nor anyone close to you suffers from disclosure. The starting point is that disclosure of your data must take place with your consent. In certain situations, however, according to legislation, we have an obligation to provide information to county councils and authorities.
Confidentiality and non-disclosure apply to medical records. Unauthorized persons are prevented from gaining access to your personal data through various security measures, for example authorization restriction for access to patient data.

Conservation and thinning

As a rule, patient records and the personal data contained therein are kept for at least 10 years from the last treatment occasion. Data for patient and financial administration are kept as long as we have a legal basis for our treatment and they are considered necessary to keep. After that, they will be deleted or de-identified so that they can no longer be linked to a person.

Complaints about how personal data is processed

If you have a complaint about how your personal data is processed and/or protected, please send it in writing to:

Stockholm Medical Office LAB AB, Data Protection Officer, Box 24237, 104 37 Stockholm. You can also contact the Swedish Data Protection Authority (IMY) if you believe that your personal data has been handled incorrectly.

Coherent record keeping

Coherent record keeping, where healthcare providers can, under certain conditions, have direct access to each other’s electronic medical records, is not fully applied to Medical as healthcare providers can have different medical record systems that are not connected to each other.

Through coherent record keeping, healthcare personnel can gain access to medical record information from other healthcare providers that is important for diagnosis and care, for example previous test results, medicines, diagnoses and treatments. As a patient, you therefore do not have to reproduce your entire care history when you seek care from a new care provider.

Only the healthcare provider who has an ongoing patient relationship with you may access information about you in a consolidated medical record. When the healthcare staff of a new healthcare provider that you meet want to read your information in a coherent medical record, the healthcare staff must have the right authorization. You as a patient must consent to your medical record being read.

Contact the reception you visited for more information about coherent record keeping.

You have the right to say no to coherent record keeping, and in that case you must inform your doctor responsible for the patient. If you want to block all or parts of your medical record, you must contact the respective healthcare provider/reception. This means that the information is blocked from other healthcare providers. Guardians cannot block their child’s medical record.

Block patient records

You have the right to withhold your medical record or parts of it from other healthcare providers, but then you yourself are responsible for informing the healthcare staff of what they need to know in order to provide you with good and safe care.
The request for blocking must be made via the care unit you have been in contact with either by phone or visit.

Cancellation of blocked patient records

If you have chosen to block your journal and want to lift the block, we will help you do this. You must request the cancellation of blocked patient records yourself, this cannot be done by an agent or a person with power of attorney. To lift the block, you must visit your healthcare provider.

Emergency opening can be used

If there is danger to life and health and you are unconscious, or too involved to give your permission to the medical staff to share information in a coherent record, there is an opportunity for the medical staff to do so anyway. Then the healthcare staff first sees which healthcare providers have medical record information about you in the consolidated medical record. The medical records that are deemed to be of importance to the current care situation can be accessed by the staff. Then the healthcare staff must contact the other healthcare provider who can temporarily lift the block and thus make it possible to read the medical records with an emergency opening.

Biobank

As a patient, you often need to provide samples, for example blood samples. Some samples are routinely saved in a biobank. A biobank is a collection of samples that are taken in healthcare and saved for longer than two months and that can be traced back to a specific person.

As a patient, you can decide how your samples can be used. The Biobank Act says that you must receive information and give your consent to your samples being saved and what they may be used for. Even if you have consented to your samples being saved, you always have the right to change your decision at any time. However, if you requested that samples be discarded, it is irreversible.

Your rights

Read your journal
As a patient, you have the right to read your own medical record and receive a medical copy. To get access to your medical record, you need to contact us by phone or e-mail to dataskyddsombud@medical.se. You choose for yourself whether you wish to have your journal copy sent by post to the address where you are registered, or get digital access to your journal via SMS with e-identification.

Log extract
If someone, who is not directly involved in your care, or has other tasks that are not connected to your record, opens your record, this is a criminal offence. You have the right to see what access has been made to your medical records in the medical records system.

You can send a written request from you by regular mail to Medical as recipient.

Address: Stockholm Medical Office LAB AB, Box 24237, 104 37 Stockholm.

The request must contain:

• name
• social security number
• phone number
• time period that the log extract should include

The log extract is sent to your civil registration address by registered letter.

Request correction of incorrect personal data
If information is incorrect, including in your patient record, you should contact us with a request for correction. If you do not agree with us on correction, you can request a note in the medical record that you, as a patient, believe that there is incorrect or misleading information in your medical record.

It is important that we have correct contact details for you. Your address is automatically updated via the civil registry, but if you change your phone number, we would like you to let us know.

Request journal entries to be deleted
In some cases, you can apply to have your journal deleted in whole or in part. You do that at the Swedish Care and Social Care Inspectorate, IVO.