Hospital to keep outsourcing its paperwork despite security breach
Published 04/08/2011 | 05:00
A MAJOR hospital will continue to outsource the transcription of medical reports despite a breach of security involving possibly tens of thousands of patients.
Tallaght Hospital yesterday admitted it had called in the gardai to help find out how sensitive patient information "got into inappropriate hands" in the Philippines.
It has contracted out the transcription of medical reports and doctors' letters to private company U-Scribe since 2004.
However, the hospital terminated this contract last May when concerns emerged about security procedures.
Despite the security breach, the hospital -- which has since appointed a new service provider, Dictate IT -- resisted calls last night for it to keep transcription services in-house.
It refused to say how much it had paid U-Scribe over the past seven years, saying this was "commercially sensitive information".
The documents sent for transcription to the Philippines were notes of meetings between consultants and patients as well as letters from consultants to GPs.
According to the Office of the Data Protection Commissioner, which is investigating the breach, the documents contain "sensitive health data".
It is understood the documents do not include any financial or health insurance details.
However it is possible that, in some cases, patient contact information -- including names, addresses and phone numbers, may have been included. This information could be used for the purposes of identity theft.
Tallaght Hospital admitted that, despite having guidelines since last year that no "patient identifiers" should be included in the documents, this policy was not always followed.
Assistant Data Protection Commissioner Diarmuid Hallinan said there was no indication yet that Irish patients' information has been offered for sale by anyone in the Philippines.
"The hospital has said their guidelines to doctors were that patients should not be identified by name, but by their registration number," he told the Irish Independent.
"Unfortunately it is far from clear if that guideline was honoured in all cases."
He said the patient information could be valuable to insurance companies or for criminals seeking to blackmail either the hospital or the transcription company.
"We haven't seen much signs of criminal activity or active fraud but we are at the initial stages (of the investigation)," Mr Hallinan added.
Tallaght Hospital said it was working closely with the National Bureau of Investigations in the Philippines and its IT director has been in the country for the past week assisting the legal authorities there.
Acting chief executive of the hospital, John O'Connell, said he had ordered an evaluation of the transcription service on taking up his position in July of last year.
"This resulted in the hospital changing service provider and putting in place new policies and procedures. It has always been the case that all material for transcription be encrypted and this practice has always been followed," he added.