Requesting a third party account and access to HSE network

HSE directorates/service areas must ensure that commercial service providers they contract, with direct or indirect access to patient or employee data, sign the HSE Service Provider Data Processing Agreement (DPA).

DPA list

The DPA form is only intended to be completed by commercial third party service providers or suppliers who are providing contracted services to the HSE, and who will be processing personal data on behalf of the HSE. That is, those that are acting as a ‘data processor’ for the HSE.

This list includes, but is not limited to, commercial service providers who are responsible for the:

  • supply, service and support of HSE clinical devices
  • supply, management and support of HSE information systems
  • provision of consultancy services
  • provision of data management services - data collection, processing, storage, hosting, transfer, conversion, copying, transcription, disposal/destruction, archiving


The DPA must be completed by commercial third party service providers to the HSE who will be processing personal data on behalf of the HSE

Each HSE directorate/service area should ensure the signed copy is stored with the original procurement contract provided by the commercial service provider.

The DPA does not apply to:

  • health service providers who are funded by the HSE. For example, voluntary hospitals and non-acute agencies, voluntary and community agencies funded under the Health Act 2004 and agencies funded under the Child Care Act 1991. These providers are covered by HSE service level arrangements.
  • where the HSE is under a legal obligation to share patient information with an organisation or agency. For example National Cancer Registry Ireland.

eHealth keeps a list of commercial service providers who have signed the DPA form.

To request access to HSE-funded agency staff see usernames and emails to access the relevant form.

Before requesting an account or access to be given to a third party, see HSE ICT Policies

To request third party access to the HSE network, you must ensure a DPA is in place.

You must complete one or more of the following forms depending on requirements:

Requesting remote access for third parties to the HSE network

External third parties can access the HSE network remotely over Citrix Cloud

  • to request access to Citrix Cloud, there must be an approved DPA in place for the external third party
  • requests for third party access must have a HSE sponsor
  • Healthirl domain account is required
  • To request access to Citrix Cloud, log a ticket when the DPA is completed and approved

Citrix Cloud account restrictions

Restrictions are applied within the HSE Citrix Cloud environment by default, for example, restrictions for printing, in/outbound clipboard.

Citrix Cloud remote access request form

The Citrix Cloud remote access request form is used to request off-premise Citrix Cloud remote access to the HSE domain and IT resources.

The request must be completed by a HSE information owner or their nominee. Send completed forms to the National Service Desk.