THE HSE RECORDED eleven breaches of patient data in the course of a six month period this year, TheJournal.ie revealed this morning.
Figures provided through a Freedom of Information request show that from 1 February to 31 July this year, eleven breach incidents occurred nationally.
While the specific nature of the breaches cannot be revealed by the HSE, in order to protect patient confidentiality, it said incidents could include:
The theft of a treating team member’s folder;
Clinic attendence letter to a GP posted in error to the patient;
Patient assessment report sent to another person with the same name.
In a statement the HSE confirmed that the breaches were reported to the Data Protection Commissioner and that any incident like this is reviewed locally with procedures revised and/or staff training provided so as to prevent it happening again.
The HSE’s National Service Plan last year introduced a stricter data protection policy after a number of serious breaches were identified, including disclosure of patient information resulting from Tallaght Hospital’s outsourcing of medical reports to an Irish firm which was sending them to the Philippines for transcription.
In 2011 there were also questions raised when patient records from Mullingar Hospital were discovered in a bin outside Roscommon Hospital. These documents included sensitive information including patient names, addresses dates of birth and medical details.
Following these high profile breaches, the 2012 National Service Plan said the HSE would devise a series of “binding standards and rules that govern the management and protection of all forms of HSE information”.
It said a key focus would be placed on developing a process whereby an individual staff member becomes responsible and accountable for breaches that they cause.
Commenting on the information released about recent breaches, the HSE said it “places a high level of responsibility on all staff to ensure that personal records are kept safe and secure.”
“All staff in the HSE are provided with up to date policy and guidance in relation to their responsibilities under Data Protection legislation when dealing with patient personal information.”
First published 7am