Caterers 'had access to patient files'
CATERING staff were able to access confidential patient information held on a €60m HSE record system which is being rolled out across the country.
Workers in Kerry General Hospital were able to access information including the patient's name, address, admission, discharge date and doctor information, an internal audit of the system last year found.
And the audit warned of five "high-level" security risks in the Integrated Patient Management System (IPMS) which is used by 10 acute hospitals and 20 HSE centres.
While no clinical data had been uploaded on to the system at the time of the breach, it also found there was no national security policy on how to protect patient records and that some hospitals were just using the new system to replace older technology. Fine Gael health spokesman Dr James Reilly last night said that unless doctors and patients were confident that information would remain confidential, they would not co-operate.
"IT and the further development of it in the health service is critical, but patient confidentiality has to be of the utmost importance," he said.
"People give information to doctors to get the best treatment available to them, and they don't expect their personal details to be accessible to others.
The audit of the IPMS programme said that catering staff in Kerry had access codes.
The HSE said the internal audit was carried out in two hospitals in the south and west regions in the first half of last year to identify issues with the system.
Only "appropriate authorised personnel" could now use it, a spokeswoman said.