UPMC Hillman Cancer Center San Pietro FBF Patient Privacy Disclosure (Short Text)
INFORMATION NOTE PURSUANT TO ART. 13 AND 14 OF EU REGULATION GDPR 2016/679
UPMC Italy and the hospital of the religious order of S. Giovanni di Dio – Fatebenefratelli (hereinafter, respectively, "UPMC" and "San Pietro"), jointly manage the UPMC Hillman Cancer Center San Pietro FBF Advanced Radiotherapy Center (hereinafter "Center") that offers oncology patients innovative radiotherapy treatments and advanced care protocols, such as image-guided radiation therapy and intensity-modulated radiation therapy (IGRT/IMRT), and stereotactic radiosurgery. The Center is accredited by Joint Commission International (JCI), an international body that certifies excellence of health care organizations, and their compliance with high standards of quality and safety recognized by the international scientific community. The Center's excellence is also guaranteed by a multidisciplinary approach to cancer treatment, by large investments in research and innovation, but above all by the daily interaction with the University of Pittsburgh, the University of Pittsburgh Medical Center (UPMC) and the network of UPMC's cancer centers (over 60 centers in the United States, Ireland and Italy - collectively referred to as the "UPMC Oncology Network"). In its day-to-day operations, the Center also utilizes data networks and information technology systems shared with the UPMC Group. As a consequence, patients referring to the Center are asked to authorize the transfer of their data, including sensitive data, to the UPMC Group in the United States of America. Due to the fact that legislation in the U.S.A. does not guarantee, according to EU regulations, an adequate level of personal data protection, by signing the Standard Contractual Clauses for Data Transfers Between EU and non-EU Countries, the UPMC Group commits to enforce safety measures for patient personal data protection. A copy of these contractual clauses can be obtained contacting the Data Protection Officer (DPO) at the addresses indicated below.
The information on your health status provided by you or by third parties (e.g. your family doctor) will be collected on paper forms or electronic means. This is required in order for you to receive the requested patient care and for communications and related administrative and accounting fulfillments. The legal basis for data processing is art. 6.1(b) of the Regulation ("processing is necessary for the performance of a contract to which the data subject is party") and, as regards the exemption from the prohibition on the processing of special categories of personal data, of art. 9.2(h) of the Regulation ("processing is necessary for the purposes of medical diagnosis, the provision of health or social care systems and services pursuant to contract with a health professional").
- For training purposes, medical care may be delivered in the presence of student observers. In this event, all necessary precautions shall be taken to limit any potential inconvenience, and your will to not abide by this procedure will be respected.
- Furthermore, if you consent, as the legal basis for the processing, art. 6.1(a) of the Regulation and, as regards the exemption from the prohibition on the processing of special categories of personal data, art. 9.2(a) of the Regulation (“explicit consent of the data subject to processing”) your personal data may be used:
- for scientific research that will not influence your medical care and will require no additional tests or therapies (CONSENT #1);
- to verify the quality of care and medical treatment received, and for planning care (CONSENT #2);
- request a consult from external professionals to evaluate your state of health during treatment, also electronically with facilities not part of the UPMC Oncology Network (CONSENT #3);
- to receive e-mails, texts or mail containing informational material on the Center's initiatives (CONSENT #4);
- With reference to the foregoing (CONSENTS #1, 2, and 4), you are free either to provide or to deny consent. Failure to provide informed consent shall in no way affect your medical care. Without prejudice to the fact that you are free to provide or to deny consent, please note however that failure to sign CONSENT #3, may negatively affect the medical care you will in any case receive at the Center, with a release of liability of the physicians and health care providers of the Center. Please note you may withdraw your consents at any time.
- Your data shall be processed by a member of the clinical and administrative staff of the Center, acting in compliance with specific instructions on the objects and purposes of the data processing, and notified to third parties, appointed data processors, and providing ancillary services to the Center (e.g. professionals asked to provide specific consults, etc.) or to independent data controllers, in fulfillment of governing law or for the protection of their rights (e.g., NHS, institutions, municipalities, social security institutions, insurance companies). An updated list of all appointed parties can be requested to the DPO or the data controller, at the addresses listed below.
- The information relating to your state of health will be stored according to the “Massimario di scarto” adopted by the Region of Lombardy for the health system. Data is stored for a period of at least seven years after the completion of the research project, or for a longer period in compliance with the applicable laws or agreements between the participating centers, and shall then anonymized. The data collected to send information materials is stored for 24 months.
- Information regarding your health status will only be provided to your relatives and friends listed at the end of this document, without prejudice to the provisions of law. You have the right to request authorization to access, delete, and limit or deny the processing of your personal data (art. 15 et seq.,and following of the Regulation). Requests must be filed to the DPO at the following address: UPMC Hillman Cancer Center San Pietro FBF - Responsabile della Protezione dei dati personali, Via Cassia 600, Roma, or e-mail DPO@upmcsanpietro.it.
- A form to exercise the rights is available on the Italian Data Protection Authority ("Garante") website at this link https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1089924.
Should you deem that your personal data has been processed in breach of the Regulation, you have the right to file a complaint to the Italian Data Protection Authority using this link https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524, pursuant to art. 77 of the Regulation, or to start judicial proceedings (art. 79 of the Regulation).
Joint controllers are UPMC Italy, headquartered in Discesa dei Giudici 4, and Provincia Religiosa dell’Ordine Ospedaliero di S. Giovanni di Dio – Fatebenefratelli, headquartered in Rome, Via Cassia 600.
Please take some time to review the additional information contained in the leaflet you received.
Last update: August 2022
We offer medical services and services on a private basis or in agreement with the main insurance companies. Some of our services are also affiliated with the National Health System.
For more information on active agreements, visit: