Patient details leaked by hospital in faxing blunder
Published 16/08/2010 | 05:00
CONFIDENTIAL patient information was made public after hospital staff mistakenly sent the details to a private fax number.
The Health Service Executive (HSE) has admitted that staff at Sligo General Hospital faxed referral letters to a private Donegal fax number in 2008.
The error occurred after staff used an incorrect area code, or prefix, when they attempted to send the private information to a public health nurse.
More patient details were mistakenly leaked the following year when a piece of paper with a patient's name and hospital number was found outside the hospital.
The revelations come despite the fact that all hospitals are required to ensure a patient's details are not shared inappropriately under the Data Protection Acts of 1998 and 2003.
The Data Protection Commissioner Billy Hawkes recently urged the HSE to make improving the security of its systems for transferring patient data a priority.
Mr Hawkes said that breaches by the HSE had prompted him to make "extensive and demanding" recommendations.
All hospitals are required to notify the commissioner of any breaches of confidentiality that occur there.
New figures show that there have been 18 such cases over the past five years.
These related to the improper destruction, loss or theft of records and also where information was handed over to the wrong patient.
All cases were investigated and full co-operation was received from the hospitals with regard to the commission's recommendations.
A further 16 complaints relating to data breaches were made to the commissioner's office by members of the public over the five years.
In 15 cases, the hospital involved either offered an apology or vowed to comply with recommendations put forward by the commissioner.
The remaining complaint alleged that the Mid-Western Regional Hospital released a patient's hospital chart without the patient's consent and sent it to a consultant ophthalmic surgeon acting on behalf of the insurance company in his private practice.
The complaint resulted in a formal decision from the commissioner urging stronger measures to protect patients.
Last night, Labour TD Jan O'Sullivan insisted hospitals should abide by the procedures in place to safeguard patient records.
"Incidents like this should not happen. There should be proper procedures in place to ensure patient confidentiality is maintained," she said.
Stephen McMahon of the Irish Patients Association said such breaches could cause hardship for the patients involved.
"In some cases, patients may not have revealed all of their medical details to their family when it is disclosed mistakenly," he said.
Jim Reilly of Patient Focus also criticised the disclosure.
"Great care needs to be taken with patient records. We need to ensure there are checks and balances in place so they are maintained correctly," he said.
"Patients need to have confidence in the HSE and know their records are being protected."
Last night, a spokeswoman for the HSE said Sligo General Hospital trained staff in the importance of dialling the correct fax number following the breaches. It also undertook a full risk assessment following the incidents and recommendations were implemented.
"Sligo General Hospital regrets any distress this may have caused to the patients involved," she said.
"This was an isolated incident and there have been no other incidents since. The hospital policy is that no patient information should be removed.
"An information alert regarding patient confidentiality was drawn up and circulated to all staff."