• EIRS is a state-of-the-art platform designed to simplify and enhance the process of photo/video uploads, diagnosis, management planning, and validation by certified ophthalmologists.
• With our seamless, integrated reporting system, users can effortlessly submit eye images - including fundus photos, OCT scans, visual fields, and more - for expert consultation and receive professional, detailed reports in no time.
• The collection, use, disclosure and access to data are all conducted in accordance with legal, ethical and national best practice guidelines.

1. General, Notice & Choice, Disclosure Principle

• Data submission to EIRS is on a pay per use subscription basis.
• All the relevant EIRS policies are available on the EIRS website by authorized users.
• Open and transparent management of personal information.
• Please obtain your patient's consent to the service if required.
• EIRS provides the platform for submission of eye images for expert consultation. The processing is necessary for the purposes of diagnosis, management planning and validation by certified ophthalmologist. Adequate level of protection of personal information is ensured.

2. Open and transparent management of personal information

• The EIRS website provides the EIRS Office contact details in the event of questions, concerns and complaints about the EIRS.
• States that the EIRS is not permitted to identify patients by law and that, to maintain absolute security and confidentiality.
• All site users have the responsibility for appropriately collecting and maintaining the EIRS data, including ensuring privacy and confidentiality of their own centre's data.
• All reviewers, ophthalmologist and administrators have the ultimate responsibility for appropriately collecting and maintaining the EIRS data, including ensuring privacy and confidentiality of all data.
• All personal information is kept strictly confidential: all data will be anonymised and aggregated in any presentations or publications (if any) and no patients or site names will be identified by name in reports.
• Users will need to read through and accept the Information Security Policy and Security Practice Guideline during their first time login in order to ensure their responsibility to safeguard patient data.

3. Anonymity and pseudonymity

• Anonymity is preserved in the way that the data are used e.g. reports, presentations.
• Users can withdraw or request to inactivate their access to EIRS at any time, with just an ID code remaining in the system.

4. Collection of solicited personal information

• The EIRS collects personal health information which is directly related to its functions and activities.
• Data collection does not occur without agreement between EYEGP and the subscriber company or organisation.

5. Dealing with unsolicited personal information

• Subscriber company or organisation can enter only required information on the EYEGP Image Reporting System (EIRS).

6. Use or disclosure of personal information

• The EIRS data are summarised to provide personalised report for each patient' eye condition to the subscriber company / organisation.
• The EIRS data are also aggregated and summarised to provide insight to the site users about the demographics and disease pool of their patients. All data reported are de-identified and aggregated.
• An Authorisation List which is signed by Site Doctor in charge / Head Of Department is submitted to the User Manager to setup login for the authorized personnel only.
• The Site Doctor in charge / Head Of Department need to inform the User Manager to deactivate a user's access once any user leaves the department.
• All EIRS users are required to read through, accept and e-sign the Information Security Policy and Security Policy Guideline during their first time login prior to given access to the system.

7. Cross-border disclosure of personal information

• The EIRS server and backups are maintained in a secured, state of the art data centre in Cyberjaya, Malaysia.

8. Quality of personal information

• The EIRS Quality Assurance and Data Management Processes outlines the data verification processes employed by the EIRS.
• EIRS conducts regular reviews of data completeness and discrepancies for determining case ascertainment. Data quality checks are also built into the EIRS Web application to ensure the quality of the data submitted.
• Training subscriber site staff in data entry and use of the EIRS Data Definition Dictionary takes place before any live data are entered. Centre users have been informed to ensure to enter only true and correct information, provide timely and accurate data and provide timely response to incomplete data / unclear image uploads.

9. Security of personal information

• The Personal Data Protection Notice and Privacy Policy provides guidelines for all security-related aspects for the EIRS.
• EIRS data are collected via a web application that requires password access with varying levels of authority. The web application itself is protected by Secure Sockets Layer and the certificate shows the encryption details used.
• The servers are maintained in a secured data centre with state-of-the-art facilities in Cyberjaya, Malaysia. Data centre security: Biometrics authentication for access to server storage area, CCTV, Pyrogen Fire Suppression System, Uninterrupted Power Supply. Besides that, the servers are also secured by server hardware and softwares such as firewall, Intrusion Detection System, Antivirus.
• Personal information are encrypted and deidentified in the database.
• All EIRS staff and IT vendor sign a Non-Disclosure Agreement whereby they undertake to maintain the confidentiality of any data that they access in the EIRS.
• Subscriber Site Users can only access data of their own site. Each authorized site user have their own user account and is accountable for their own logins. All activities in the web application are audited.
• It is important to update EIRS Team whenever there is a change in your personal information like mobile number and e-mail address and centre's information like centre address.
• If any staff who has access to EIRS web application has left your centre or should no longer access to your patient record, please inform User Manager to inactivate their access right accordingly or update EIRS whose access should be terminated.
• Data are backed up on a daily, weekly and monthly basis. Business continuity plan is in place in the event the web application is down.

10. Access to personal information

• Patients seeking diagnosis of their eye problem are reported by participating subscriber sites.
• Patients may contact the centre/site which they received treatment from (which act as data custodian) about their data.

11. Correction of personal information

• To ensure that any missing or discrepant data are corrected, the EIRS conducts regular data cleaning activities in consultation with the hospital staff.
• A systematic data quality audit process is also in place.
• All inaccurate information is amended by the site users when it is notified or becomes aware that particular information is incorrect.
• An audit trail of web tool edits is maintained within the database.
• Site Users can amend their personal details by updating their own User Profile page.

12. Data Retention

• Softcopy data since beginning will be retained until the end of the application conduct.