A DPIA is a Data Protection Impact Assessment. A DPIA is a process conducted by the HSE to help identify and mitigate data protection risks of a project or service, in this case the new HSE app.
The DPIA process commenced at the outset of the project to create the HSE Health App and will continue as the app is developed and released in phases. The HSE Health App DPIA has been developed with consultation by the HSE DPO’s office and the Data Protection Commission.
This is a summary document of the HSE Health App DPIA and will be updated as required with any new information.
Last updated: 26 February 2025
HSE Health App
The HSE Health App is a digital tool that has been developed by the HSE. The app is a key enabler to ensure that patients are able to easily access their own health data. It also will enhance the communication with data subjects on general healthcare information as well as their own personal health and wellbeing.
The HSE Health App is:
- a secure mobile application to give patients access to their own health information
- an opt-in, digitally enabled view of patients own health information
- an additional informational pathway for patients
- intended primarily for informational only purposes
- optional for patients to use
- an evolving tool, where more information and features will be added to over time
- an important component in enabling the principles of the Digital Health Strategy, ensuring the “Patient is an Empowered Partner” & “Digitally Enabled & Connected Care”
The HSE Health App is not:
- an electronic health record (EHR)
- a clinical decision-making tool
- a medications management system
- a platform that manages health care delivery across different care providers
- a bi-directional platform to manage clinical care communications or care delivery
Why the app was developed
The development of the HSE Health App is a tool that meets the objectives of several HSE and Government strategies including:
- Sláintecare
- Digital for Care – A Digital Health Framework for Ireland 2024-2030
- HSE Corporate and Service Plans
- European Health Data Space
The HSE Health App delivers numerous benefits, empowering individuals to access their health information securely while improving communication between patients and the health service.
It supports Ireland’s broader health strategies, enhancing patient independence, reducing missed appointments, and providing a reliable source of health updates and campaign information.
The development of the app has been informed by comprehensive user research and consultations with patient advisory groups and disability organisations, ensuring inclusivity and usability.
Rigorous pilot testing with maternity patients and HSE staff further validated the app’s functionality, highlighting its ease of use, value in consolidating health information, and the utility of features like appointment reminders.
Feedback from these engagements continues to shape the app, ensuring it evolves to meet user needs effectively.
The HSE Health App will be rolled out in several phases with a gradual onboarding of users over a period of months. It is expected that the app will be publicly available in Google and Apple App stores in February 2025.
How the app will be used
There are two main purposes of the HSE Health App:
- To enable patients to access their own health data.
- Communication.
To fulfil these purposes, personal data, including health data is processed.
Personal data processed and why
We process:
- demographic data as defined in the Health Identifiers Act
- appointment data
- health data: dispensed prescriptions from approved PCRS claim
- vaccination data
- health cards
Demographic data as defined in the Health Identifiers Act
We process this to:
- ensure correct identification of the data subject
- match the person to their health records
- enable customer support
Appointment data
We process this to communicate with patients about their appointments.
Health data: dispensed prescriptions from approved PCRS claim
We process this to enable data subjects to see what their dispensed medications are.
Vaccinations
We process this to enable data subjects to see their vaccination records.
Health cards
These include medical card, GP visit card, long-term illness card, drug payment card (primary holder only not family) and EHIC card.
We process this to enable data subjects to have a digital copy of their cards. A physical copy will still be provided to them.
Categories of health data
The categories of health data that will be available in the HSE Health App are:
- Appointment data such as appointment dates, times, locations, and reminders for upcoming appointments.
- Health campaigns such as raising awareness, educating, or encouraging individuals to adopt healthier behaviours. Health campaigns may include information on vaccinations, disease prevention, nutrition, mental health, or general wellness topics.
- Public health emergencies such as information shared with users in response to urgent public health situations such as pandemics, disease outbreaks, or natural disasters.
- Signposting information such as communications that direct users to additional healthcare services, resources, or organisations that may be relevant to their health needs.
- Optional care support where someone has signed up to a programme such as the QUIT programme and opted to receive communications from this programme.
How the HSE app will operate
All people age 16 or older who use health and social care services in Republic of Ireland can use the HSE Health App.
However, there are criteria that the HSE have set to ensure that the app is secure and that any personal data is available to the correct person.
For those reasons, there are several steps that a person will go through before they can download and have access to personal data.
When the user downloads the app, they will be brought through a series of screens that provide information and consent options such as links to the Data Protection Information Notice, permission to set optional analytics tools and permission to receive push notifications when they become available.
There are two modes of use:
General mode
This provides general health information without requiring login. There is no personal data processed in this mode except analytics to monitor the security of the app.
Personal mode
This offers secure access to personal health data after authentication via MyGovID.
To login and use the HSE Health App in personal mode you must:
- Make sure that your device has the minimum operating system and security levels.
- Use your verified MyGovID to be authenticated.
- Wait for your health records to be displayed in the HSE Health App. These will be populated where you have an Individual Health Identifier that matches to the records held by the HSE.
In personal mode, there are several processing operations:
- Movement of personal data from different ICT systems within HSE and voluntary hospitals to the Protected Health Information Repository (PHIR) via the HSE Integrated Information Service (IIS) to aggregate the health information for display in the app.
- Movement of personal data from PHIR to the app when a person registers and logs into the app
- Movement of personal data from app to Salesforce Service Cloud to create patient engagement profiles for customer support.
- Movement of non-personal data to Salesforce Marketing Cloud for logging opt-in/opt-out choice for push notifications.
Communications methods
The HSE Health App facilitates communication through 3 distinct methods:
- in-app notifications
- inbox messages
- push notifications
This multi-channel approach ensures that users receive timely and relevant information, whether they are actively engaging with the app or need to be alerted externally.
In-app notifications
These notifications appear directly within the app interface, offering real-time updates, reminders, and critical health information while users are actively using the app. This method ensures users stay informed during their interaction with the app.
Inbox messages
Each user has a secure inbox within the app, designed to store important communications such as appointment reminders, vaccination records, and programme updates.
The inbox acts as a repository for both general and personalised health messages, ensuring users can access their messages at any time without relying on external alerts.
Push notifications
Push notifications are optional alerts that appear on the user’s device, even when the app is not actively in use.
These notifications are designed for time-sensitive information, such as appointment reminders or urgent public health updates. Users must opt into push notifications and can customise their preferences to align with their needs.
Analytics
The HSE Health App uses analytics to ensure its functionality, enhance user experience, and support future development.
Users are informed of the use of analytics in the Data Protection Information Notice (DPIN). Compliance with the ePrivacy Directive is central to the app’s design, with all cookies and SDKs continuously assessed to determine whether they meet the "strictly necessary" exemption, such as monitoring the app’s security, performance and error handling to identify issues.
Where they do not meet this exemption threshold, and user consent is required such as for optional analytics, users are fully informed in the DPIN and can manage their preferences within the app.
All analytics data collected is anonymised and aggregated, ensuring privacy while providing necessary insights to maintain the app's efficiency and meet user expectations.
Assessment of necessity and proportionality
Conducting an assessment of necessity and proportionality is essential to ensure that data processing activities are legally compliant, ethically sound, and aligned with user expectations.
Assessing necessity ensures that only the minimum amount of data required for secure access, accurate health record matching, and effective communication is collected.
Proportionality ensures that the methods and scope of data processing are balanced and do not exceed what is needed.
For the HSE Health App, assessments of necessity and proportionality were assessed for the different types of personal data to ensure that data collection is purpose-specific, limited to the minimum required, and includes safeguards to protect user privacy.
The information below illustrates how each type of personal data processed by the app is essential for achieving its objectives while adhering to GDPR principles of necessity and proportionality.
Demographic data
Purpose: User authentication and matching with IHI.
Necessity: Ensures correct identification and secure access to health records.
Proportionality: Limited to essential fields (e.g., name, DOB, PPSN) as defined in the Health Identifiers Act 2014.
Appointment data
Purpose: Communicating upcoming appointments.
Necessity: Necessary for information and providing reminders.
Proportionality: Only relevant appointment details are processed (e.g., date, time, location).
Vaccination records
Purpose: Displaying vaccination history.
Necessity: Enables users to view vaccination details, supporting personal health management.
Proportionality: Limited to specific vaccinations (e.g., COVID-19, flu) and expanded incrementally.
Medication data
Purpose: Providing details of reimbursed medications.
Necessity: Supports users in managing their prescriptions.
Proportionality: Includes only reimbursed medications or user-input data for self-tracking.
Health cards
Purpose: Digital storage of health-related cards.
Necessity: Provides convenient, secure access to card details.
Proportionality: Only digital copies of existing physical cards are processed; no new data is generated.
Location data
Purpose: Finding nearby healthcare services.
Necessity: Necessary to identify and suggest nearby facilities (e.g., GPs, clinics, EDs).
Proportionality: Fully optional for proximity services; requires user consent.
Analytics data (strictly necessary)
Purpose: Monitoring app performance, security, and error handling.
Necessity: Critical for ensuring app stability, identifying bugs, and maintaining secure functionality.
Proportionality: Anonymised and limited to technical details (e.g., error logs, session performance). Assessed under ePrivacy Directive.
Analytics data: optional
Purpose: Improving user experience; Informing future app development.
Necessity: Provides insights into user engagement, navigation patterns, and accessibility improvements.
Proportionality: Requires explicit user consent before activation. Fully anonymised and aggregated; users can change preferences anytime in the app.
Device ID:
Purpose: Ensuring secure communication and notifications.
Necessity: Used to verify device validity, prevent unauthorised access, and send notifications.
Proportionality: Collected during registration and securely linked to the user’s health record; not used for tracking.
IP address and GEOID
Purpose: Network security and fraud prevention; ensure regional restrictions.
Necessity: Necessary for detecting suspicious activities, protecting against unauthorised access, and ensuring app compliance with regional policies.
Proportionality: Used only for security purposes; not stored long-term or linked to personal profiles. GEOID is set to regional level.
Customer support data
Purpose: Providing assistance and resolving user issues.
Necessity: Necessary to verify user identity and address specific concerns or technical problems.
Proportionality: Limited to data provided by the user during support interactions; used solely for resolving the issue.
Keeping the app safe
The HSE Health App takes a proactive approach to managing risks and ensuring the security of personal data through a combination of comprehensive risk assessments and robust technical and organisational measures (TOMs).
Identified risks, such as unauthorised access, data breaches, or the misuse of personal information, are systematically evaluated to determine their likelihood and potential impact.
Mitigation strategies are then implemented to address these risks, aligning with GDPR principles of privacy by design and by default.
Technical measures include industry-standard encryption of data both in transit and at rest, ensuring that sensitive health information remains protected from interception or unauthorised access.
Secure login via MyGovID which employs multi-factor authentication, reinforces user authentication protocols, while role-based access controls restrict data visibility to only authorised personnel.
Advanced monitoring tools, such as Datadog, continuously track app performance and detect suspicious activities, allowing for real-time responses to potential threats.
Additionally, synthetic data is used during development and testing to safeguard live user data from exposure.
Organisationally, the HSE has established a governance framework that incorporates input from clinical, technical, and patient advisory groups to ensure processes meet best practices and legal standards.
Staff and data processors receive regular training on secure data handling, while detailed data sharing agreements with third parties enforce strict limits on data use.
Users are empowered with transparent information about data processing and accessible controls to manage their consent preferences.
This multi-layered approach underscores the HSE’s commitment to safeguarding user data while enabling the app to deliver its essential healthcare services securely and responsibly.
Data governance and the app
The HSE Health App operates under a robust data governance framework to ensure compliance with GDPR and other applicable laws while safeguarding personal data.
All data processing activities adhere to the core principles of GDPR, including lawfulness, fairness, and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability.
These principles are embedded in the app’s design, ensuring privacy by design and by default.
Lawful basis
The legal bases for processing are clearly defined.
Processing activities are grounded in clear legal bases, including Article 6(1)(e) and Article 9(2)(h) of the GDPR, which permit the processing of personal data necessary for public interest tasks and the provision of healthcare services.
Additionally, legislation, such as the Health Act 2004 and the Health Identifiers Act 2014, provides the legal foundation for securely managing and accessing health data and identifying and matching records to the correct individual.
Data controllers and processors
The HSE is the primary data controller, overseeing all personal data processing within the app.
The app uses information that is sourced from other data controllers such as health and social care services that are not part of the HSE. There are data sharing agreements in place for these data transfers.
It works with trusted data processors for specific functions, such as Salesforce for customer support and Datadog for security monitoring.
Each processor is bound by strict data processing agreements that define their responsibilities and prevent data misuse.
The app’s use of analytics tools, such as Datadog and PiwikPro, has been carefully assessed to ensure compliance with the ePrivacy Directive.
Essential analytics for app functionality, like error monitoring, are implemented without user consent, while optional analytics for user experience improvements require explicit consent and are fully anonymised.
Transparency
The governance framework ensures transparency about how data is collected, processed, and stored.
Users can manage consent preferences directly within the app, ensuring their data is processed only as authorised.
Rights of data subjects
The app respects and upholds the rights of data subjects, providing mechanisms for users to exercise their rights under GDPR.
These include the right to access their personal data, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, and the right to object to certain types of processing.
Users are informed about these rights and how they can exercise them through the Data Protection Information notice.
Retention of data
Users can delete the HSE Health App from their device at any time.
Users may also request that the information that is displayed in the HSE Health App be deleted from the secure online repository, however, as this repository is made up of multiple sources, the source file will not be deleted.
If a user wants to delete the source record, they need to contact the source directly. All information is retained in line with the HSE Retention Policy.
HSE DPO opinion
The HSE DPO has issued their opinion on the HSE Health App. The HSE DPO will continue to review additional updates to the app DPIA.