Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Irish Mirror
Irish Mirror
National
Eoghan Murphy

Shock as hundreds of HSE data breaches uncovered including patients' files sent to wrong person

More than 500 data protection breaches were recorded by the HSE last year – including patients’ files going missing or being sent to the wrong people.

The files show a medical document was found outside Midlands Regional Hospital in Portlaoise while a HSE employee inappropriately accessed the data of a colleague in Galway University Hospitals last April.

Details released to the Irish Mirror in a Freedom of Information request also showed a worker inadvertently discussed a patient’s health data with another patient in Letterkenny University Hospital last December.

READ MORE: Hospitals under pressure as HSE urge public to 'consider all options' before emergency department visit

In the same hospital last May, a list with personal and medical information of patients was found. A patient’s medical chart was wrongly given to another patient in Cork University Maternity Hospital last December.

There were data protection breaches relating to the Digital Covid Certificate with dozens posted to the wrong addresses.

Several breaches were recorded in the mental health sector, including missing files and appointments sent to the wrong patients.

Beaumont Hospital consultant Bill Tormey said: “Data breaches undermine patients and staff’s right to personal autonomy and confidentiality.

“They’re so common it suggests GDPR rules aren’t taken very seriously.

“A single national identifier number should be used for patients.

“Without one, it’s easy to make mistakes when writing to people of the same name.

“Staff should not remove paper records of patients from the hospital building because these are often found in dumps or the roadside.

“It should be possible to clearly trace all those who access electronic patient records.

“A protocol must be implemented to monitor appropriate use, especially in A&E and in mental health areas.”

Stephen McMahon, the director of the Irish Patients Association, added: “Data confidentiality breaches by health care staff are like their own goals in the world of cyber security.

“They can have severe implications, including potential harm to patients, legal consequences, and damage to the reputation of the HSE, government and professional individuals.

“Some breaches did result in the exposure of sensitive information, including medical histories, test results, and personal identifiable information.

“Some of this information could be used for identity theft or other malicious purposes. Patients may also lose trust in the system.”

The HSE says it manages all data breaches in line with legislation and HSE policy.

It added: “All such cases are investigated to find out how they occurred and preventative measures are put in place to reduce the risk of such breaches happening again.

“Ongoing GDPR/data protection training is delivered to HSE staffs.”

READ NEXT:

Get news updates direct to your inbox by signing up to our daily newsletter here

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.