Registered members are graduates from both accredited and non-accredited courses in Ireland who have entered the ISH Registration programme and successfully completed it. It is a simple next step ISH Registration Programme.

Non-accredited graduates have to undergo a separate Registration process – also set down by the ISH. Details of the process can be found on the Eligibility for membership 2023.

The Registration process is also open to candidates from outside the country who have the relevant graduate qualifications. These applicants have to undergo a separate Registration process – also set down by the ISH. Details of the process can be found on the Eligibility for membership 2023.

Only Registered ISH practitioners are listed on our website. They carry the letters IS Hom after their names.

You will find the specific ISH Registration Process documents below. Other documents relevant to practice for the new Registrant are available in the applicable part of the members area.

Supervisors And Mentors

Supervision, Mentoring and ISH List

Memorandum and Articles of Association

See Memorandum and Articles of Association

European and International Information

ECCH Social Media guidelines September 2017

General Information & Minutes

Here you will find General Documents & Information for download

General Information & Minutes

GDPR

Overview

GDPR ( General Data Protection Regulation) came in to force on the 25^th May 2018. GDPR is about the harmonisation of data privacy laws across Europe. This affects all of us as Homeopaths as we collect, process and store data on our patients in hardcopy or/and electronically. From that date we must be able to show we comply with the data protection standards and obligations set out in both GDPR and the Irish Data Protection Act 2018. This is regulated by the Data Protection Commissioner https://www.dataprotection.ie and we all individually need to be able to demonstrate compliance.

The eight principles of data protection

Article 5 of the GDPR identifies the following eight key requirements of data protection:

Personal data shall be processed lawfully, fairly, and in a transparent manner.
Personal data can only be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible for those purposes.
Personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is collected.
Personal data held should be accurate and current. Inaccurate data should be erased or corrected.
Data which allows for the identification of an individual, should be kept for no longer than is necessary.
The processing of personal data must safeguard the rights and freedom of individuals
Personal data must be processed in a manner which ensures appropriate security of the data. This includes protection against unauthorised or unlawful processing of the data, and accidental loss, destruction or damage of the data. This means having appropriate technological or managerial systems in place.
Personal data cannot be transferred outside of the EU unless the country to which it is being transferred provides an adequate level of protection for the rights and freedoms of individuals in relation to the processing of personal data.

To help you be compliant we have arranged a GDPR online course for our members at a special rate of €50. Upon successful completion, you will be awarded a certificate which will help form part of your proof of compliance. It is 35 minutes in length and you can replay individual modules as required. You might find it helpful to allow a couple of hours to complete the training as you can stop after each individual module which lasts between a minute and 3.5 minutes. You can take the course here: https://gdprcourse.com/tcm-academy/

Any further questions/help needed with the course should be sent to support@olivemedia.co

The information below should be regarded as a simple guide only and it is strongly recommended that you take the online course and/or refer to the Data Protection Commissioner documents as laid out by the Data Protection Commission on their website: https://www.dataprotection.ie/en/organisations You also can refer to their document issued in 2017 ahead of the updated act “A guide to help SME’s prepare for the GDPR” here Fines of 4% of annual turnover or €20 million are applicable for noncompliance.

Please note that your agreement to abide by the ISH’s Code of ethics on joining, also helps provide evidence of intended GDPR compliance in the event of a DPC investigation.

What do I have to do

Consent is very important under GDPR.
You must now be able to demonstrate that consent is given for the processing of a patient’s information, hence a form or a button that needs ticking and signing or clicking. You will have been doing this when browsing websites since GDPR’s implementation where you have to click on “I accept” etc. Consent under GDPR requires some form of clear affirmative action; silence, pre-ticked boxes or inactivity does not constitute consent. It must be clearly expressed and a record of how and when consent was gathered must be kept.

Prepare a Privacy Statement.

This is the equivalent to a contract between you and your patient, and it is your commitment to ensuring that the privacy rights of your patient will be upheld.
Your patient needs to sign an acceptance form to confirm that they have read and understood how you will be managing their personal data, and that they accept that their data will be used for the purposes you have identified in your privacy statement. Here is a privacy statement template that you can use in your clinic in order to get consent to process information “Privacy statement & Acceptance Form template” (with thanks to James Cadle ARH and added to by the ISH). You can include this information in to any pre-existing form you use or amend this template to include any other information you may wish to have from the patient in writing. This template can also be used to cover a pre-existing requirement by any insurance company such as OBF for written permission to treat under 18’s.

Prepare a Privacy Policy.

In your privacy policy, you set out clearly to your patients what personal information you propose to collect, how you collect it, how you use it, with whom you will share it, how you store it, how the information can be amended, and for how long you will keep that information.

Prepare a Data Protection Policy

The policy sets out the requirements that you have in order to gather personal information for professional purposes. The policy details how personal information will be gathered, stored and managed in line with data protection principles and the General Data Protection Regulation.

Here is a template for a Privacy Policy and a Data Protection Policy which you can use:
“Privacy Policy & Data Protection Policy 1.0 template”. These policies are the policies you are asking your patients to agree to when they sign your privacy statement and therefore need to be available for them to read/be displayed in your clinic or on your website.

Your arrangement with existing patientspre May 2018, or patients whom you have not seen for some time pre May 2018, should be covered by the Data Protection Act 1998. This means that you do not need to contact them specially, as long as you continue to secure their privacy in the same way as you did at their last appointmentYour patients should already be clear about what data you hold on them, why you need it, how you use it, and how you safeguard this information. Basically, you need the data so you can prescribe for your patients, and support them in defining and managing their healthcare needs. In other words, you gather this information for legitimate purposes. If you have not seen a patient for a number of years, their data should be protected under the old data protection act. However, if they re-contact you for a consultation, remember to ensure that they read, understand and accept (by signing an acceptance form) your new privacy policy, at the beginning of their appointment.

For new and returning patients, it is recommended that you ask them to read through your privacy statement, and sign to confirm that they understand how you manage their personal data, and accept that it will be used for the purposes outlined in your privacy statement

If you send your patients newsletters or marketing material via email, you should review if you need to ask them if they still wish to “opt in” to receiving them. These are not strictly “legitimate purposes” unless you had already had that covered in a privacy policy priory to 25 May 2018. All your email lists must have an “opt out” facility now.

If you have Historical Data which is not covered in these circumstances, you have 3 options.

Delete the Historical Data by May 25, 2018;
Make the Historical Data Unlinkable and devalue the data; or
Transform the Historical Data to make it legal and increase the ability to use, share, compare and compute the data while keeping it secure and private.

Processing of “Historical Data” is no longer lawful starting May 25, 2018. The GDPR has no “grandfather provision” or “exemptions” allowing use of data collected without GDPR-compliant consent.

Prepare a Data Handling Policy

As of 25 May, it will be a legal requirement for all data controllers to have a data handling policy in place. Basically, this means you should document how you manage personal data, including how you acquire the data, how you store it, how you safeguard it, how you keep it up to date, how you record patients’ consent, how you respond to data requests from patients, how long you retain patient records, and how you destroy out-of-date patient records. It is recommended that you write yourself a data handling checklist; this will help you to keep on track, and will also provide evidence of intended GDPR compliance in the event of a DPC investigation. Here is an example of a data handling policy & data handling checklist which you can use “Data Handling & Information Audit template” (with thanks to Balens).

Data Controller versus data processor

Basically, most practitioners will be a data controller, who also processes data.
A ‘controller’ determines what data is recorded (and how), how it is used, and how it is protected. A data controller is fully responsible for safeguarding the privacy of an individual’s data. The buck stops with the data controller

A ‘processor’ is simply responsible for processing data on behalf of a ‘controller’ – such as an administrator working for an organisation, who is tasked with typing in ‘customer’ data (or similar) on behalf of their employer. A ‘processor’ is answerable to the data controller of their particular organisation. They are not ultimately responsible for how the data is managed and safeguarded.

So, although most of us process our patients’ data ourselves, we are also fully responsible for managing and protecting that data, which means we are ‘data controllers’

Storing Data

Patient data should be stored in a designated location, such as your consulting room, and be adequately secured from external access. All data must be protected against unauthorised or unlawful processing, so restrict access to computers and paper-based files. You also need to ensure that you have back up systems in place in case of the accidental loss, damage or destruction of patient data.

When storing data electronically, please ensure computers/laptops and other mediums used to access patient data, are password protected, and that you use effective virus protection and firewall software.

The current recommendations relating to how long you should keep patient records suggests a minimum of seven years following the last occasion on which treatment was given. In the case of minors, the minimum recommendation is seven years following their eighteenth birthday.

For more information about patient record keeping, you can read the recommendations made by Balens Ltd. “Balens record keeping 2018” here (with thanks to Balens).

Our responsibilities under data protection

We need to take reasonable measures to:

Comply with data protection law, and follow good practice
Protect the rights of our patients
Be clear with our patients about how their data is processed, stored and used
Have a contingency plan in place in the event of a data breach

In conclusion

Please bear in mind that the above information is intended as a guide only, and should be read in conjunction with the official documentation relating to GDPR, published by the DPC/Online GDPR course. Most of the requirements outlined in the DPC documents simply describe best practice. As long as you are trying to follow the guidelines, you should be GDPR compliant. In the event of the DPC having a concern about how you are managing the personal data you keep, they will contact you and inform you of the steps necessary to become fully compliant.

Please check our Workshop/Events Calendar and book your Workshop online:

Members Area

Welcome to the members’ area of the Irish Society of Homeopaths website. Scroll down this page to find all the information and help you need to support you in practice.

Workshop Application Form

CPD Workshops

Workshop Application Form

Seminar Application Form

Members Area

Welcome to the members’ area of the Irish Society of Homeopaths website. Scroll down this page to find all the information and help you need to support you in practice.

Workshops & Seminars

Shop - Leaflets

Pay Membership by Standing Order

Sabbaticals

Professional Conduct Guidelines

Professional Insurance Information

Media Guidance for Homeopaths

Committee Information and Forms

Registration Process

Supervisors And Mentors

Memorandum and Articles of Association

European and International Information

General Information & Minutes

GDPR

Archive