Skip to main content

Warning notification:Warning

Unfortunately, you are using an outdated browser. Please, upgrade your browser to improve your experience with HSE. The list of supported browsers:

  1. Chrome
  2. Edge
  3. FireFox
  4. Opera
  5. Safari

HSE Health App privacy notice

The HSE have developed a mobile app (the HSE Health App) and a web-based app (the HSE Account) so you can access certain HSE services through a mobile app or through the HSE website.

The HSE own and manage the HSE Health App and HSE Account.

Your privacy and data security are very important to us. We aim to be clear and transparent about the information that we collect about you and how we use it.

On this page you will find information about:

  • the personal data we collect and what we use it for
  • how long we hold onto your personal data
  • who has access to your personal data
  • your rights to your data
  • how to make a complaint
  • the role of the data controller and the data protection officer (DPO)

Using the HSE Health App is your choice

It's your choice if you want to download, use, keep or delete the HSE Health App or HSE Account. You do not have to use it.

HSE Health App and HSE Account: terms of use

Deactivate your HSE Health App account or HSE Account

You can deactivate your HSE Health App account or HSE Account by following the instructions in the account section.

This will pause your account, including push notifications if you have allowed these. You can reactivate your account by logging back into the app or HSE Account. Deactivating your account does not delete your information.

How to securely use the HSE Health App or HSE Account

You can use the HSE Health App or HSE Account if you use health and social care services in Ireland.

To access your personal information in the HSE Health App or HSE Account you will need:

  • a verified MyGovID account
  • an individual health identifier (IHI) that is on the National Register of IHI’s

Once you are authenticated, you must be logged in to view your personal health information.

HSE Health App security

You can use the HSE Health App if you have an iOS or Android device. To access your personal information in the HSE Health App you will need a device that has the minimum level of security required of the HSE Health App.

Types of personal data we use

Your personal data is 'processed' when anything is done with it. For example, when it is collected or reviewed.

We process data about your:

  • demographics - this is so we can correctly identify you and match you to your health records
  • appointments - so we can communicate with you about them
  • medicines - this is so we can show you any medicines that are claimed for under the drug payment or medical card scheme and so you can add other medicines you are taking
  • self-declared information such as allergies – this is so that you can create your own record of your health information
  • health data – so that you have access to your health data
  • health data for care support programmes – this is so that you can receive care support communications
  • vaccination records
  • medical card, EHIC and other health cards - this is so you have a digital copy of your card. You'll still also get a physical one
  • location - used on HSE Health App, so we can use maps to provide you with directions to health services
  • use of the HSE Health App or HSE Account - this is to improve the HSE Health App or HSE Account and all data collected is anonymous

You must give permission for your location data to be used. We do not use location data for tracking, profiling or any other purpose.

How we process your personal data

We collect your personal data from multiple sources. These include both HSE services and other healthcare services. We then store your personal data online. We do this in compliance with the GDPR and other relevant laws.

When you log in the HSE Health App or HSE Account with a verified MyGovID account, we put your health and personal information in the HSE Health App or HSE Account for only you to see. We will not process your personal data until you are successfully logged in.

You can use the HSE Health App or HSE Account without logging in. But you will only be able to view general health information similar to the HSE website. We will not process your personal health data in the HSE Health App if you are not successfully logged in.

You may not see all your health data straight away. Not all appointments are available in the the HSE Health App or HSE Account. We are working on adding more hospital and community appointments. If your appointment is not visible, it may come in a future release of the the HSE Health App or HSE Account.

You will need to log in to the HSE Health App or HSE Account to sign up for care support communications. If you do not want to use the HSE Health App or HSE Account, you can find out about other ways to sign up for these programmes on the HSE website.

Appointments in calendar and sharing

The HSE Health App has features that allow you to add appointment information to your device's calendar. You can also share appointment information using messaging and communication channels.

These features do not share any personal data with the third party service providers you use to share messages. We advise that you read and make yourself aware of the privacy policies and practices of your messaging provider.

Why we use your personal data

We use your data:

  • so that the HSE Health App and HSE Account works correctly
  • to give you access to your health data through the HSE Health App and HSE Account
  • to communicate with you through the HSE Health App and HSE Account

Communicating with you

We use the HSE Health App and HSE Account to communicate with you about:

  • health-related information - this includes appointments, medicines, vaccinations and care support programmes
  • functional information in the HSE Health App or HSE Account - this includes confirmation you have successfully logged in or that your records have been added
  • general health campaigns
  • public health emergencies

If you do not log in to the HSE Health App or HSE Account, you can still access general information taken from our website.

Sharing information you add

We will share the information you add with the National Shared Care Record (NSCR).

This is the information you add about your:

  • medicines
  • allergies
  • emergency contact
  • GP details

This information can be seen by verified users of the NSCR. These users are health care professionals who only access the record for a valid reason.

There is a record of anyone who accesses your NSCR. Your information is shared with the NSCR to enable a more holistic view of your health.

If you do not want your information shared, you can remove it. This means that you won’t be able to see it in the HSE Health App or Account.

National Shared Care Record: Data Protection Impact Assessment (DPIA) summary

HSE Health App Data Protection Impact Assessment (DPIA) summary

HSE Live chat

You can use the HSE Health App to chat with a HSE Live agent for information and support with the HSE Health App or health services.

When you start a live chat, your IHI is sent to the Salesforce customer service platform. This allows the agent to identify you and create a case. When you start the chat, active session data is sent to the agent so that they can help you efficiently. This includes the device you're using, the HSE Health App version, and the name of the screen you're on in the HSE Health App. For example, home screen.

Any data submitted in the chat session is stored in the Salesforce platform. In future releases, you will also be able to download the transcript of the chat when it ends.

Who can access your personal data

Only people who directly work on the HSE Health App or HSE Account and who are authorised will have access to personal data in the HSE Health App or HSE Account.

This includes:

  • HSE staff who manage the operations and security of the the HSE Health App or HSE Account
  • agents - such as customer care agents who provide customer support to users
  • suppliers - such as Microsoft and Salesforce whose technology we use

Access to your personal data depends on the role a person has. This is monitored to make sure that there is no unauthorised access.

Anyone who has access to personal data is bound by confidentiality and data protection agreements. They must keep your personal data secure and use it only for the purposes agreed with us.

How long we store your data

You can stop using the HSE Health App or HSE Account at any time.

If you delete the HSE Health App, all of your personal data in the HSE Health App will be deleted from your phone.

We will still hold your personal and health information for other HSE services in line with the HSE retention policy.

Read the summary of our Data Protection Impact Assessment (DPIA). This contains information on how we have developed the app in compliance with our data protection responsibilities.

Making a complaint

If you are not happy with how we are processing your personal data, contact our Data Protection Officer (DPO). The DPO ensures that we are compliant with data protection.

You can also make a complaint directly to the Data Protection Commission.

If there's a problem with your personal data

Use the option 'Report a problem' to contact us through the HSE Health App or HSE Account if your information in the HSE Health App or HSE Account is wrong or inaccurate.

You can also phone HSE Live on 1800 700 700.

Data controllers

A data controller is an organisation or person that decides what data is processed. They also decide how and why this needs to be done. They are legally responsible for that data.

Data controllers involved in the HSE Health App or HSE Account are:

  • HSE
  • Department of Social Protection
  • non-HSE hospitals

HSE

We are the data controller for all personal data collected and used by the HSE Health App or HSE Account.

Department of Social Protection

The Department of Social Protection are the data controllers for MyGovID. We use MyGovID to prove your identity and you do this on the MyGovID website. The HSE Health App or HSE Account does not share your personal data with the Department.

Non-HSE hospitals

Hospitals that are not run by the HSE are data controllers for data from their hospital management systems (IPMS). There are data sharing agreements in place with these hospitals.

Data processors

Data processors are appointed by data controllers. A data processor is an organisation or person that processes data.

Data processors have contracts and agreements with us to process personal data in the HSE Health App or HSE Account. They can not process or transfer personal data in the HSE Health App or HSE Account outside the European Economic Area (EEA).

Data processors include:

  • Amazon - offers compute, storage and networking and hosts app components
  • Microsoft - cloud provider hosting the app repository and all associated tools
  • Waystone - security testing team who ensure the app is secure
  • Mandient - security testing team
  • DEPT - provide development and support
  • Nearform - support for delivery and the backend tools
  • Deloitte - support with customer management

Some of these data processors use sub-processors. Sub-processors can not process or transfer personal data outside the EEA.

Sub-processors include:

  • Piwik Pro - used by DEPT to gather anonymous analytics
  • Datadog - used by Nearform to gather anonymous strictly necessary analytics
  • Edgescan - used by Waystone as part of security testing
  • Salesforce - used by Deloitte to provide a customer management system

Your rights under GDPR

Under the GDPR, you have the right to:

  • request a copy of the personal data we hold about you and to check that we are lawfully processing it
  • have any incomplete or inaccurate information we hold about you corrected
  • object to the processing of your personal data
  • ask us to delete or remove personal data where there is no good reason for us to process it or where you have made an objection
  • object to us making any automated decisions about you based on your personal data or profiling of you
  • request to restrict or suspend the processing of your personal data
  • request the transfer of your personal data in an electronic and structured way to you or someone else

How to exercise your rights

You can exercise your rights in a number of ways. These include:

Analytics data we process

We collect data about how you use the HSE Health App or HSE Account. This is strictly necessary data. We do it so that we can check the security and essential operations of the HSE Health App and HSE Account. The tools are set automatically.

We also use optional analytics. This is to help us understand more about how you use the HSE Health App or HSE Account and to plan for future updates. You can opt in or out of these analytics in the HSE Health App or HSE Account settings.

We use Software Development Kits (SDKs) and cookies to collect this data. Cookies are small text files stored on your device when you use the HSE Health App or HSE Account.

More information about the cookies on the HSE Account - Cookie Statement HSE.ie.

Strictly necessary SDKs and cookies we use

The strictly necessary SDKs and cookies we need to put on your device are:

@credo-ts/askar

This is to store verifiable credentials that usually contain personal data. They are stored on your device and are encrypted.

@datadog/mobile-react-native

This is for error handling and reporting. No personal data is processed. This data is accessed remotely by Datadog.

@datadog/mobile-react-navigation

This is for error handling and reporting. No personal data is processed. This data is accessed remotely by Datadog.

react-native-keychain

We create an encryption key and save it using react-native-keychain. This key is then used to encrypt user data stored with react-native-mmkv. This data is stored on your device.

react-native-mmkv

This helps save application settings and preferences. We use it to store navigation data or tokens needed to keep you logged in, so this information is available even when you close and reopen the app. This data is stored on your device.

ppms_privacy_xxxxxx

This is a Piwik Pro cookie. It stores user consent to data collection and usage. This data is anonymous. This expires after 6 months.

analytics_consent

This cookie is used to register the consent for Piwik Pro analytics on the app. This expires after a session.

Other SDKs

react-native-marketingcloudsdk

This is to enable Salesforce to provide a customer management system to the HSE. A unique Salesforce Device ID is stored in Salesforce Marketing Cloud, allowing the HSE to track whether users have opted in or out of push notifications.

Optional analytics SDKs and cookies we use

@piwikpro/react-native-piwik-pro-sdk

This is to collect analytics about your use. The data is anonymous. This is stored on your device

_pk_id.{id}

This is a Piwik Pro cookie. It's used to recognise you and keep your information in the app. This expires after 6 months

_pk_ses.{id}

This is a Piwik Pro cookie. It shows your active session on the app. If the cookie doesn’t exist, it means that the session ended more than 30 minutes ago and was counted in the _pk_id cookie. This expires after a few seconds.

stg_debug

This is a Piwik Pro cookie. It is used to facilitate debugging and development. It is a session cookie. This expires after a few seconds.

Stg_last_interaction

This is a Piwik Pro cookie. It’s used to tell if your session is still running, or a new session has started. This expires after 12 months.

Stg_returning_visitor

This is a Piwik Pro cookie. It’s used to tell if you have visited the app before. This expires after 12 months.

Stg_traffic_source_priority

This is a Piwik Pro cookie. It stores the type of traffic source you have came from. This expires after 30 minutes.

Page last reviewed: 10 July 2026