The Health Service Executive (HSE) breached data protection laws nearly 200 times last year as a result of errors distributing digital Covid certificates, which provided proof of people’s vaccination status during the pandemic.
Another breach occurred at a Covid testing centre when an agency worker posted a photo on the messaging app Snapchat, in which personal information relating to service users could be seen.
The incidents were among 524 breaches of data protection regulations recorded by the HSE last year, according to records released under freedom of information laws.
READ MORE: Ireland updates Covid guidelines after new strain hits with changes to isolation, masks and tests
In June 2022, another beach was reported when security staff at Galway University Hospital (GUH) shared CCTV footage of an incident involving patients on WhatsApp.
At Mayo University Hospital (MUH), a data protection breach was reported in April when a doctor obtained a patient’s phone number from their file and “inappropriately” contacted them by text.
Patient files were found in a public car park at Sligo University Hospital last year, while a mental health service user in Cork breached data protection regulations in September when they photographed another patient and shared the images.
In August, correspondence intended for a patient of the CervicalCheck service was sent to her neighbour’s address by mistake. Meanwhile, a BreastCheck client reported in October that she had received correspondence intended for two other patients.
The Gay Men’s Health Service in Wicklow, Dún Laoghaire and Dublin South-East reported that a breach had occurred when patient files that had been left on top of a bin were thrown out by mistake.
In May, a patient at Limerick University Hospital “accidentally” took home an entire patient list, while a patient at Portiuncula Hospital was discovered alone in a triage room last November with records containing “personal and health data” relating to people who had attended the emergency department.
A member of the public took a photo of a computer screen featuring personal data relating to a number of patients at MUH last August, while an employee at GUH “inappropriately” accessed medical data relating to one of their colleagues in April 2022.
A spokesman for the HSE said all data protection breaches were managed in line with the appropriate legislation and the executive’s own policy.
“The HSE takes all breaches of data protection seriously and all such cases are investigated to find out how they occurred, and preventative measures are put in place to reduce the risk of such breaches happening again,” he said.
These measures have included additional staff training focusing on the “root cause” of the breaches, the revision of guidance documents based on “learning from incidents”, and raising awareness of the importance of data protection.
“GDPR/data protection training is delivered to HSE staff on an ongoing basis and all HSE staff are made aware of HSE policy in relation to data protection and the GDPR,” the spokesman added.
READ NEXT: