Hospitals warned over leaking of patients' records
Published 19/08/2011 | 05:00
MORE than a dozen cases of confidential medical records being stolen or unlawfully disclosed or discarded have been reported in the past six weeks alone.
Data Protection Commissioner Billy Hawkes last night issued a stern warning to medical practitioners to abide by their legal responsibilities to protect the security of patient information.
The warning comes amid reports of yet another breach of patient information yesterday.
In the latest case, the medical records of a number of patients attending St Joseph's District Hospital in Ballina, Co Mayo, were found by a litter warden in a bin at a local housing estate.
The incident is among 14 cases of the unauthorised disclosure of medical records currently being investigated by the Data Protection Commission (DPC) since July 1.
The handwritten notes were from medical staff concerning patients attending the hospital in April. Some of the patients have since died.
The warden handed the notes back to the hospital and the HSE is now investigating the matter, stating that the "information contained in the notes was minimal".
The incident is among three cases of the "insecure disposal of medical records" that the commission is investigating, the DPC confirmed last night.
Other cases include the discovery last week of dozens of patients' medical records found dumped in a bin beside Roscommon County Hospital.
The records included the names and addresses of patients as well as their treatments and conditions. In another incident, patient records were improperly discarded by an undisclosed pharmacy.
The DPC is also investigating five cases of theft of sensitive medical information from laptop computers and other "equipment" from hospitals and other healthcare facilities.
It is also investigating six cases of "inadvertent disclosures" of patient information. This includes medical correspondence being sent to the wrong address.
But it also includes an investigation into a breach of patient information to a third party from the transcription service Uscribe, which was hired by Tallaght Hospital in Dublin, Mercy University Hospital in Cork, Galway University Hospital and numerous private doctors to transcribe doctors' notes.
A spokesman for the commissioner said: "There are clear requirements in the Data Protection Acts for this type of information to be guarded carefully and equally there is public expectation that sensitive medical information will be safeguarded."
The HSE said: "On the rare occasions where the HSE finds that patient records have been inappropriately disposed of or stolen, the HSE has a policy of treating such events as serious incidents."
Remedial measures include launching its own investigation into the breach, alerting the DPC where required and notifying any patients affected.