More than 500 data protection breaches were recorded by the HSE last year – including patients’ files going missing or being sent to the wrong people.
The files show a medical document was found outside Midlands Regional Hospital in Portlaoise while a HSE employee inappropriately accessed the data of a colleague in Galway University Hospitals last April.
Details released to the Irish Mirror in a Freedom of Information request also showed a worker inadvertently discussed a patient’s health data with another patient in Letterkenny University Hospital last December.
In the same hospital last May, a list with personal and medical information of patients was found. A patient’s medical chart was wrongly given to another patient in Cork University Maternity Hospital last December.
There were data protection breaches relating to the Digital Covid Certificate with dozens posted to the wrong addresses.
Several breaches were recorded in the mental health sector, including missing files and appointments sent to the wrong patients.
Beaumont Hospital consultant Bill Tormey said: “Data breaches undermine patients and staff’s right to personal autonomy and confidentiality.
“They’re so common it suggests GDPR rules aren’t taken very seriously.
“A single national identifier number should be used for patients.
“Without one, it’s easy to make mistakes when writing to people of the same name.
“Staff should not remove paper records of patients from the hospital building because these are often found in dumps or the roadside.
“It should be possible to clearly trace all those who access electronic patient records.
“A protocol must be implemented to monitor appropriate use, especially in A&E and in mental health areas.”
Stephen McMahon, the director of the Irish Patients Association, added: “Data confidentiality breaches by health care staff are like their own goals in the world of cyber security.
“They can have severe implications, including potential harm to patients, legal consequences, and damage to the reputation of the HSE, government and professional individuals.
“Some breaches did result in the exposure of sensitive information, including medical histories, test results, and personal identifiable information.
“Some of this information could be used for identity theft or other malicious purposes. Patients may also lose trust in the system.”
The HSE says it manages all data breaches in line with legislation and HSE policy.
It added: “All such cases are investigated to find out how they occurred and preventative measures are put in place to reduce the risk of such breaches happening again.
“Ongoing GDPR/data protection training is delivered to HSE staffs.”
READ NEXT:
Hutch 'rift' as Monk hasn't crossed paths with brother Patsy since leaving jail
Graham Norton has blunt answer to RTE Late Late Show hosting gig
Fat Freddie Thompson smashed up cell in rage after getting news mother had died
Saoirse Ruane's mum asks for prayers as daughter takes on 'biggest battle'
Cold weather blast to hit Ireland as expert pinpoints return of 'warm' spell
Get news updates direct to your inbox by signing up to our daily newsletter here