Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

File. Shutterstock/Air Images

Two cases of patient records left on car roofs among 212 HSE data breaches

A medical device containing patients’ personal information was sent for repair to a company in the UK by Saolta University Hospital Group.

THE NUMBER OF data-protection breaches involving sensitive personal information held by the Health Service Executive (HSE) almost doubled to 212 last year, internal documents have revealed.

The incidents included two cases in which staff members left patients’ records on the roof of their cars before driving away, and one case in which Tusla files were found in an empty building during renovations.

In another data breach, a doctor attached to Mental Health Services in Wexford left confidential records relating to patients in an apartment that he had vacated. They were discovered by a new tenant and later returned to the HSE.

Medical device

Last April, the Data Protection Commissioner was actually a party to a breach that occurred at Midlands Regional Hospital Tullamore, when a patient’s data was accidentally faxed to the Commissioner’s office instead of the individual’s GP.

Later that month, a medical device containing patients’ personal information was sent for repair to a company in the UK by Saolta University Hospital Group.

Instead of the company returning the device, it was reconditioned and provided to an NHS hospital in Hull. The hospital’s IT department discovered that the device still contained the data and contacted the HSE.

In May 2016, a nursing report sheet and x-ray order sheet containing details relating to 27 patients was found misplaced in a building adjacent to University Hospital Limerick.

A month later, a large quantity of files relating to 27 more individuals including patient diagnoses was found on the ground across the road from the hospital. No explanation was offered by the HSE but the importance of data protection awareness was raised at a subsequent team meeting for staff of the relevant department.

Lost

90132981_90132981 Sasko Lazarov / Photocall Ireland Sasko Lazarov / Photocall Ireland / Photocall Ireland

Three separate incidents in which sensitive patient documents were lost or found in the vicinity of hospital grounds occurred during February and March 2016 at Our Lady of Lourdes Hospital in Drogheda.

In February, wind scattered documents being carried by a staff member between buildings at the hospital. Two pages of a completed service application form were never recovered.

Later that month, a handwritten note containing a patient’s personal details was found in a waiting room; and in March, a document containing information relating to 13 patients was found “in the vicinity of the hospital grounds”.

In October, files belonging to Tusla, the Child and Family Agency, were found by HIQA in an empty building that was in the process of being renovated for use by the charity, Rehab.

The HSE said that the records could not have been accessed by members of the public, and a review of the incident was undertaken with the aim of ensuring that the same mistake does not happen again.

Two incidents occurred last year in which patient records were left on the roof of a car by a HSE staff member before they drove away. The same scenario also occurred twice in 2015.

The first of these incidents happened in April 2016, when an employee at Abbeyfeale Health Centre in Limerick left files on top of their car and drove away. The files were returned by a member of the public the next day.

In October, a HSE staff member working in pensions management placed a file on the roof of their vehicle before leaving a carpark. They later returned and recovered the file but two pages relating to one individual was missing.

Other data-protection breaches occurred when a health worker left a client’s records in another client’s house; when a PC was stolen during a break-in at an addiction services clinic; and when documents relating to patients of Sligo University Hospital were discovered in a bin in Dublin.

The details of 212 data-protection incidents were contained in records released by the HSE under the Freedom of Information Act. In 2015, the number of data-protection incidents reported by the HSE was 113.

Read: Ed Sheeran settles $20 million plagiarism suit over his song Photograph

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Author
Darragh McDonagh
View 19 comments
Close
19 Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.
    JournalTv
    News in 60 seconds