Probe into breach of hospital records is widened
AN investigation into a data breach involving sensitive patient information has been broadened to include all doctors who have private contracts with the transcription firm.
It comes as U-Scribe, the company hired by Tallaght Hospital to transcribe doctors' notes, was found to have had contracts with two more Irish hospitals. Mercy University Hospital in Cork has had a contract with the firm for the past six years, while Galway University Hospital had a six-month involvement with it in 2004.
U-Scribe provided transcription services for Tallaght Hospital until May of this year.
Its contract was terminated after confidential patient information got into "inappropriate hands" in the Philippines.
It also had a number of private contracts with individual consultants in Ireland to transcribe their notes.
Assistant Data Protection Commissioner Diarmuid Hallinan said he had a meeting with the management of U-Scribe yesterday. He will now be contacting all of its Irish customers.
However, he was unable to say yet how many Irish clients the company has.
Speaking to the Irish Independent, Mr Hallinan said: "We met with U-Scribe earlier today and have their client list. It's fair to say they are co-operating fully with us. We will be following up with all of their clients.
"There is no evidence so far that we have received to suggest any other client organisations have suffered a security breach. The only proof in that regard is (in relation to) Tallaght.
"However, there are issues around the legal basis for the international transfer of personal data and this is one aspect of our investigation."
Mercy University Hospital in Cork yesterday sought to reassure patients that its information was still secure after confirming that it had been outsourcing the transcription of doctors' notes for the past six years. It refused to name the company involved but it is understood to be U-Scribe.
"The hospital has no evidence whatsoever that any of its patient data has been misused, destroyed or disclosed improperly," said a spokesman.
A HSE spokesperson said Galway University Hospital undertook a short, six-month pilot project with U-Scribe in 2004. She added that all material was encrypted and contained no "patient identifiers".
U-Scribe was contacted for comment; however, a spokesperson was not available.