Frequently asked Questions
What is an Individual Health Identifier or IHI?
An individual health identifier (IHI) is a number that identifies each person who has used, is using or may use a health or social care service in Ireland. Each individual has their own personal number. It is unique to them.
Why do I need an IHI?
An individual health identifier uniquely identifies every individual accessing health and social care services. The main benefit of having an individual health identifier is to ensure patient safety by accurately identifying each person.
How will the IHI promote safety?
Being able to uniquely identify each service user will improve patient safety by reducing the number of errors that might happen. It will ensure patients receive the correct medication, vaccinations and treatment.
What are the benefits of an IHI for me?
- Identifies you accurately: You and your medical records can be identified accurately which leads to a safer system of care. Your records in different healthcare organisations can be accurately associated with you.
- Reduces chances of errors: Your health information can be shared safely between public and private health service providers – for example, IHIs on referral letters sent from a public hospital to a private GP reduce the chances of mix-ups or errors.
- Transfer of information is faster: Your IHI enables your health information to be transferred electronically to your healthcare providers, which means a faster service for you.
Who will get an IHI?
Any person who has used, is using or may use a health and social care service in Ireland will be assigned an Individual Health Identifier (IHI).
Will each person have their own IHI?
Yes. Your IHI will be assigned to you and will not be re-used, even after your death.
Will I get a plastic card with a number on it?
No. Your IHI will be assigned to you, but you don’t even need to know it to receive health and social care services in Ireland.
I am pregnant at the moment. Will my baby get an IHI?
Yes. Your new baby will get an IHI of their own when the birth is registered. You will not need to know your baby’s IHI to receive health or social care services in Ireland.
I am separated, so who will hold my children’s IHIs? My ex-partner or me?
Neither. Your children will be assigned their own IHI. Parents or guardians do not need to know their child’s IHI to receive health or social care services in Ireland.
When will everyone in the country be allocated an IHI?
An IHI has been allocated to all known residents in Ireland. This is in line with the Health Identifiers Act 2014.
My parents are elderly. Will they have to sign anything or do anything differently?
If I go to a different doctor or healthcare provider, will my IHI work?
Yes. Your IHI is unique to you regardless of which doctor you attend. The IHI can be used in both public and private healthcare settings.
Do I have to do anything to get my IHI?
No – an IHI is automatically assigned to you. If you are accessing health and social care services for the first time, an IHI will be allocated to you when you first access a service. You don’t need to do anything and you don’t even need to know your IHI to receive health or social care services in Ireland.
Do I need to know my IHI to apply for care or services?
What data is stored in my IHI record?
Your IHI record is a combination of your IHI number and other personal information that is used to safely identify you. The Health Identifiers Act 2014 allows the following information to be collected and stored in your IHI record:
• Date of birth
• Place of birth
• All former surnames – for example, different names from different marriages
• Mother’s birth surname
• Personal public service number (if any)
• Date of death in the case of a deceased individual
Can I choose not to have an IHI?
No. Under the Health Identifiers Act 2014, you are automatically assigned an IHI.
Is the IHI supported by legislation?
Yes. A new law called the Health Identifiers Act 2014 was passed by Government to allow two new national information collection systems to be set up.
Is my IHI the same as my personal public service number (PPSN)?
No. Your IHI is not the same as your Personal Public Service Number (PPSN). Your IHI is a unique number for the healthcare system only.
Can my PPSN be used instead?
No. Your PPSN cannot be used instead. The Health Identifiers Act allows for a PPSN to be part of the information collected and stored within the IHI record, but the PPSN number itself cannot be used as an individual health identifier.
Why is the PPSN number stored as part of my IHI record?
The Health Identifiers Act allows a PPSN to be part of the data collected and stored within the IHI record. When designing the IHI system for Ireland, the Health Information and Quality Authority (HIQA) looked at how the system was organised in other countries. They found that most other countries used information from existing trusted sources, such as national databases maintained by government departments.
In Ireland, the Department of Social Protection maintains a Public Service Identity (PSI) database which includes PPSNs. Using this database means:
• the National IHI Register can be created and updated from an existing trusted source, and
• it saves time and money by making good use of existing resources.
Can a health service provider use my IHI to look up my PPSN?
No. It will not be possible for anyone to look up your PPSN using your IHI. You may choose, however, to give your PPSN to your health service provider to allow them to get your IHI from the IHI Register. Your PPSN will never be visible to your health service provider when they look up your IHI.
Will my GP use my IHI in their records?
Yes. Your GP’s practice management system will automatically be able to take your IHI and match it to your existing record. Your GP can then use your IHI when communicating with other health service providers in relation to your care.
How will my IHI be used?
Your IHI can be stored on your health services provider’s computer system or on paper if no electronic system exists. It will be used on your medical record at the health services provider that you attend.
Here are some examples of possible uses:
After you attend your GP, your IHI will be on your medical record (on paper or electronically) in your GP’s files. Then, any time your GP communicates with another health service provider on your behalf, your IHI will be included on that communication. For example, if you need a blood test, your GP will include your IHI with this request. The hospital will return the result of your blood test with your IHI on it to your GP. This allows your GP to safely confirm that the results relate to you.
Your IHI will be recorded on your medical record in a hospital’s computer system if you attend an emergency department. When the hospital sends a discharge letter to your GP, your IHI will be on it. The discharge letter may be paper or electronic. This allows your GP to safely confirm that the discharge letter relates to you.
Will using my IHI change the way my health information is shared?
No. Having an IHI on your medical record will not change how and when health services providers share information about you. Your health information is personal information and is protected by the Data Protection Act.
What is the IHI Register?
The IHI Register contains an IHI number for every individual who has used or is using a health or social care service in Ireland.
Who will access my IHI?
Your IHI will be accessed by your health service providers, both public and private, when they provide a health or social care service to you.
Under the Health Identifier Act 2014, other agencies can have access to the IHI Register, as follows:
- Chief Inspector of Social Services
- Child and Family Agency
- Health Research Board
- Irish Blood Transfusion Service
- Irish Medicines Board
- Mental Health Commission
- National Cancer Registry Board
- State Claims Agency.
Some organisations may use your IHI for a particular secondary purpose, such as health promotion, health service management or research. These organisations will only have access to anonymised clinical information. They will not be able to identify you or your personal clinical or medical information. These organisations or individuals are listed in the Health Identifiers Act 2014, as follows:
- Board na Radharcmhastóirí (The Optician’s Board)
- Central Statistics Office
- A coroner
- Dental Council
- Health Information and Quality Authority
- Health Insurance Authority
- Inspector of Mental Health Services
- Irish Medical Council
- National Treatment Purchase Fund Board
- Nursing and Midwifery Board of Ireland
- Pharmaceutical Society of Ireland
- Pre-hospital Emergency Care Council
- A registration board established by or under the Health and Social Care Professionals Act 2015
- An organisation authorised to operate a scheme of health or health-related insurance under the
- Health Insurance Act 1994.
Management of the IHI:
Is my IHI record the same as an electronic health record?
No – it is not the same as an electronic health record. An electronic health record is an electronic version of a patient’s health record. Your IHI does not contain medical information.
Is medical information stored on my IHI record?
No – medical or clinical information will never be stored on your IHI record. However, health service providers will use your IHI when communicating with other health service providers about your care – for example, when a consultant is writing to your GP, or your GP is writing to a hospital.
Who will look after or mind my IHI record?
An IHI business unit within the HSE will manage your IHI record.
How can I be sure that my information is being properly protected?
The HSE have examined how your information will be used and have undertaken a Privacy Impact Assessment to make sure that your information is protected and that it is used correctly. The result of this assessment is published online and includes all public consultation and feedback. For more information on Privacy Impact Assessments, see the final section of this document. Or visit the PIA Public Consultation page.
What is included in the Privacy Impact Assessment?
The first IHI Privacy Impact Assessment looked at the controls and practices that need to be in place for the IHI register to be created and to be managed by the new IHI Business Unit. The controls we put in place build upon the standards published by the Health Information and Quality Authority (HIQA) for the health identifiers operator.
We have also looked at the controls that will be needed so that the IHI can be used securely in:
- the Epilepsy Electronic Patient Record,
- selected GP systems,
- a Hospice Medical Record System, and
- schemes operated by the HSE’s Primary Care Reimbursement Service (PCRS).
Before any other systems use the IHI, further Privacy Impact Assessments will be considered.
Are there safeguards in place to stop the sharing of an IHI or using the number inappropriately?
Yes. There are safeguards built in to manage the use of your IHI. Your IHI is personal information under the meaning of the Data Protection Act. This means that the health identifiers operator must follow the eight rules of data protection:
- Obtain and process information fairly
- Keep it only for one or more specified, explicit and lawful purposes
- Use and disclose (share) it only in ways compatible with these purposes
- Keep it safe and secure
- Keep it accurate, complete and up to date
- Ensure that it is adequate, relevant and not excessive
- Keep it for no longer than is necessary for the purpose or purposes
- Give a copy of his or her personal data to an individual, on request.
Penalties will apply if your IHI record is used incorrectly as set out in the Health Identifiers Act 2014.
I am worried about identity theft as many of my personal details will be included in my IHI record. Are there safeguards in place to prevent this happening?
Yes, there are safeguards to protect your information. Your IHI record is protected by the Data Protection Act, and must be treated appropriately by the HSE as the health identifiers operator. Also, The HSE may conduct further Privacy Impact Assessments (PIAs) to make sure that measures are in place to protect your IHI.
What sort of access will service providers have to the IHI Register?
Health service providers will have access to the IHI Register to:
- Obtain your IHI
- Send requests to update your IHI record.
To get your IHI from the IHI Register, your health service provider will need to know your personal details – for example, your name, address and date of birth.
How can I be sure that service providers will use my information responsibly?
Before the IHI is used in any new system, the HSE, as the health identifiers operator, will consider the need to undertake additional PIAs to check that the system has the right measures in place to protect your information. These checks will also ensure that your information is used correctly, and that the health service provider has the right procedures in place to make sure that they look after your information. IHI records need to be kept safe and secure under legislation – both the Data Protection Act and the Health Identifiers Act 2014 apply. Penalties apply if it is discovered that your IHI is not adequately protected or used incorrectly, as set out in the 2014 Act.
Who will govern the agencies that have access to the IHI Register?
The Minister for Health has delegated the governance of the IHI Register to the HSE.
Who is the legal Data Controller?
As provided for in the Health Identifiers Act, the Minister for Health delegated the authority to establish and operate the IHI to the HSE. The Health Service Executive (HSE) is the legal Data Controller for the IHI register. The HSE Individual Health Identifiers (IHI) Service shall be responsible for the management and operation of the IHI register.
Why is personal data processed?
The Health Identifiers Act provides the legal basis for the assignment of a unique Individual Health Identifier (IHI) to every individual within the state to whom a health service is being, has been or may be provided and the establishment and maintenance of an IHI register. The IHI shall contain personal data and this shall be processed for the purposes of patient safety by ensuring the right information is associated with the right individual at the point of care within the health service.
What personal data is collected and stored in an IHI record?
The Health Identifiers Act 2014 allows the following data to be collected and stored in an individual’s IHI record:
- Date of birth
- Place of birth
- All former surnames
- Mother’s surname and all her former surnames
- Personal public service number (if any)
- Date of death in the case of a deceased individual
What is the retention period for data on the IHI?
In general the retention periods for data within Health are subject to the legislative provisions pertaining to the area involved. The HSE IHI Service will not retain personal data for longer than is necessary for the purpose(s) for which the data is processed. Information on the IHI register belonging to individuals who have been deceased for a period of time may be archived.
Can individuals request a copy of their IHI number and their personal data held on the IHI?
Yes, under the Data Protection Acts and the General Data Protection Regulation (GDPR) every individual has a right to request a copy of his/her IHI number and any information which is being processed by the HSE IHI Service about them. All requests from individuals for their IHI number and/or a copy of his/her information which is processed by the HSE IHI Service should be channelled through and managed by HSE Consumer Affairs
If an individual believes that some information about them on the register is incorrect, can they ask to have the information corrected?
Yes, under the Data Protection Acts and the GDPR every individual has a right to have any inaccurate information about them on the IHI rectified or erased. If an individual believes that information about them on the IHI register is incomplete, they should contact HSE Consumer Affairs.
Who will have access to the IHI?
The IHI register will not be publically available and will only be accessible to certain people, including the Minister for Health, Health Service Providers and other specified persons as permitted for in the Health Indentifiers Act 2014.
The Health Identifiers Act permits the disclosure of an individual’s IHI information to a Health Services Provider who is providing, or has provided, or is proposing to provide, a health service to that individual. IHI information may also be disclosed to a number of named authorised disclosees who may use the information for a particular secondary purpose such as public health, health promotion, health service management or research.
Can health insurance companies access the IHI Register?
Health insurance companies will only have access to the IHI Register for secondary purposes such as health promotion, health service management or research. They will only have access to anonymised information. They will not be able to identify you or your personal, clinical or medical information.
Can health insurance companies use my IHI?
Yes. It may be that they are provided your IHI number in correspondence with your health service provider for administrative and billing purposes. They can not use this to access any clinical or medical information about you.
Will the health insurance company or other third party organisation systems be also secure?
Yes. Before any third-party organisation can use the IHI in their systems, they must prove to the IHI Business Unit that their system is secure, and that their organisation has appropriate policies and procedures in place to ensure they only use the IHI for the right purposes. They will have to sign a legal agreement. They can be prosecuted under the Data Protection Act or the Health Identifiers Act if they don’t abide by these terms.
Health and Social Care Providers:
What are the benefits of the IHI to service providers?
The IHI allows them to safely identify patients and provide services more securely and effectively. The benefits of the IHI for health care professionals include:
- Provides an accurate link between the service user and their record
- Helps create and maintain a complete record for each patient
- Identifies patients in all communications with other health and social care providers
- Enables safe transfer of patient records electronically
- Enables electronic referrals, discharge summaries and electronic prescriptions to be sent, resulting in a speedier exchange of important information
- Enables patient information to be shared safely within and across organisations
- Improves efficiency in administration tasks
What will the IHI mean for healthcare provider staff who register patients?
I work in a local clinic. How will the IHI affect my role?
If you register patients and handle their records and communications, you will see their IHIs on your patient management system as they become available. This will mostly be an automated process. However, if you need training it will be provided.
Privacy Impact Assessment (PIA):
What is a Privacy Impact Assessment?
A privacy impact assessment is where the HSE examines what measures are in place to protect your personal information.
The Data Protection Commissioner recommends that a Privacy Impact Assessment is used wherever personal information is processed. Privacy Impact Assessments are particularly important in the health and social care settings.
When is a PIA needed?
A Privacy Impact Assessment for a Health Service Provider needs to be carried out when:
- a change is made to the IHI Register and the way it provides the IHI to health service providers;
- a health service provider applies to use the IHI Service.
A PIA has already been completed. What did it cover?
The initial PIA for the IHI Register included the IHI Register itself and the first healthcare systems that will access the Register and use the IHI.
How long does the PIA process take?
The PIA for the IHI Register and the first healthcare systems that will access the Register took several months as it needed to include a public consultation process. Further PIAs will not require public consultation and could be concluded in a shorter timeframe.
What is the process for the PIA?
The process for the PIA can be summarised as follows:
- Identify the benefits of the proposed project (the ‘project’ could be a proposed change to the system or a new healthcare provider applying for access);
- Examine the scope, information flows and security arrangements of the proposed project to identify privacy risks;
- Identify ways to reduce and avoid these risks.
Can I see the findings of the public consultation on the IHI Privacy Impact Assessment?
Yes. A draft Privacy Impact Assessment was completed by the HSE in 2016. The document was published and the public, patients and healthcare professionals were encouraged to give feedback using an online form. The findings of the public consultation and the Privacy Impact Assessment itself has been published on www.ehealthireland.ie
For more information on the IHI, contact your IHI Business Service: Email: firstname.lastname@example.org | www.ehealthireland.ie/IHI
The IHI is part of a programme of investment in healthcare technology from eHealth Ireland and the HSE.
FAQ last updated May 2017