Hospital staff 'free to snoop on confidential files'
Hospital staff are free to snoop on confidential patient records, a damning report has highlighted.
Visitors may also have sight of personal information left on open ward trays, according to an inspection report.
The exposure and lack of security around a patient's most intimate details were uncovered in an investigation of 20 hospitals by the office of the Data Protection Commissioner Helen Dixon.
The probe found only a small number of hospitals have a means to record staff access to its medical record libraries. In many cases there were no logs to track the details of who gained entry and removed files.
There was "little evidence" of any restriction on a staff member who had access to the library after hours from bringing an "unauthorised" staff member to the library with them.
The inspectors warned that open-top trolleys on four wheels were commonly used to transport patient charts from the medical records library. They said patient charts were transported on these trolleys via corridors, lifts and wards, leaving them particularly vulnerable.
"In a busy public area of the hospital, there is a high risk that the staff member in control of the trolley could become distracted or otherwise engaged," it warned.
In a number of instances, personal data on computer screens was viewable by passers-by due to the way the screen was positioned. Other risks include the ongoing use of fax machines to transfer information, which have the potential to be sent to a wrong location.
They found in one instance medical staff in a hospital were given access to patient files for their research and studies without informing the patients.
There is also concern about the processing of a patient's information for their private health insurance company which can go beyond the treatment that is being paid for.
Commenting on the report, assistant commissioner Tony Delaney said: "I strongly urge every hospital to embrace this investigation report as a useful tool that will enable them to spot the significant data processing security risks that may permeate their facilities on a daily basis. Several of the risks identified are ones that may not have been pointed out before to the hospitals."