Sunday 21 October 2018

Confidential HSE patient records found on the side of dual carriageway

There were 277 data protection breaches involving sensitive personal information held by the HSE during 2017. Stock image
There were 277 data protection breaches involving sensitive personal information held by the HSE during 2017. Stock image

Darragh McDonagh

A bagful of confidential patient records was found on the side of a dual carriageway in Galway last year, while another patient's file was discovered in a supermarket.

These were among 277 data protection breaches involving sensitive personal information held by the HSE during 2017, internal documents have revealed.

In another incident, a HSE employee in north Dublin "mixed up" a patient's personal records with other documents while photocopying handouts for a workshop last April.

The handouts were subsequently distributed to workshop participants, who discovered the patient's record in the middle of their reading material.

Last July, a social care worker accidentally uploaded a report containing patients' records to a public website.

In December 2017, a staff member at St Luke's Hospital in Kilkenny brought a file home to review, but dropped a discharge summary relating to a baby being treated at the hospital. This was later found on the roadside and returned.

Patient records were also discovered on the side of a road near University Hospital Waterford in March 2017, while a bagful of patient files was found on the side of the N6 by a hospital worker in Galway last April.

A spokesperson for the HSE said the bag had fallen from a waste company's vehicle. However, the records it contained should not have been disposed of by the company under University Hospital Galway's waste management policy.

In June, an X-ray image from RCSI Connolly Hospital was published in an article without the patient's permission.

A number of data protection breaches related to the HSE's recruitment services in Manorhamilton, Co Leitrim. In September, two job candidates' interview results were switched and sent to the other person.

In the same month, hundreds of candidates found their applications were unsuccessful when an email acknowledging the successful applicant's acceptance of the post was accidentally sent to all 389 of them.

A HSE spokesperson said: "The HSE creates, collects and processes a vast amount of personal data in multiple formats every day. All staff working in the HSE are legally required... to ensure the security and confidentiality of all personal data they collect and process on behalf of service users and employees."

Irish Independent

Editor's Choice

Also in Irish News