We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Data Protection

X-ray report left in Penneys, patient's mental health data faxed to a bank - 113 HSE data breach calamities revealed

The HSE says that it takes its responsibility under data protection legislation “very seriously”.

File Pics The Health Service Executive has announced cuts of Û130m to be implemented by the end of the year. Eamonn Farrell / Eamonn Farrell / /

AN X-RAY REPORT found in Penneys, a cancer patient’s chart left on the roof of a car before driving away, and a child’s mental-health records accidentally faxed to Bank of Ireland.

These were among 113 calamitous data-protection breaches involving sensitive personal information held by the Health Service Executive (HSE) in 2015, according to internal documents.

In April, a patient’s x-ray report with a sticker from another patient was discovered by staff in Penneys, Mullingar. The clothing store posted the report to one of the patients, who contacted the Citizens Information Centre for advice.

They subsequently sent the records back to Midland Regional Hospital in Mullingar, and an investigation was instigated to establish how the x-ray report came to be found in the fashion-chain outlet.

Following the investigation, the relevant staff were ‘reminded of their responsibilities under data protection legislation’, a HSE spokesperson said.

Later that month, an incident report containing an allegation of abuse concerning an adult with an intellectual disability was “inadvertently posted” to a financial services company in Dublin, according to the HSE documents.

A spokesperson said that the incident was reported to the Data Protection Commissioner and a meeting was held with the affected client. Staff were again reminded of their responsibilities.

Chart on car roof

In June, a healthcare assistant from St Luke’s Hospital was accompanying a patient on a transfer to another hospital when he left their chart on the roof of the car before setting off.

He realised the mistake only when he arrived at their destination. The chart was later retrieved from a member of the public who had picked it up.

The HSE responded by notifying the patient of the incident and reported the matter to the Data Commissioner. The staff member was reminded of their responsibilities under data-protection legislation.

In August, a HSE employee attempted to send a fax to Temple Street Hospital containing sensitive information relating to a minor in the care of Child and Adolescent Mental Health Services (CAMHS) at Dara Linn Cherry Orchard Hospital.

They entered the wrong number, however, and the details were instead faxed to Bank of Ireland.

In a similar case in October, a staff member at Midland Regional Hospital in Tullamore tried to call a palliative care nurse and left a voicemail that included sensitive clinical information about a patient.

They subsequently received a call back from a third party, asking why they had been left this information – it had been the wrong number.

Data protection within the health service has become the subject of focus following the recent revelation that an ‘administrative error’ had resulted in false allegations of child abuse being kept on file in respect of Garda whistleblower Maurice McCabe.

In March 2015, a diary containing sensitive information about clients was misplaced by a community services worker in Sligo but was later found on the roof of her car. However, a sealed envelope containing an assessment report that had been placed in the diary was not recovered.

In April, a nursing report book from Dublin North Mental Health Services was found by a gardener on the grounds of a hospital. Similarly, last November, nine doctor’s letters were found scattered on the grounds of Our Lady’s Hospital in Navan.

Healthcare records relating to 102 children were lost from the Public Health Nursing section of Cherry Orchard Hospital last year, which required all affected individuals to be re-screened.

A spokesperson for the HSE said that it takes its responsibility under data protection legislation very seriously. She added that the outcomes in certain individual breaches reported were not found to constitute a data-protection breach following investigation.

Read: Ming Flanagan: ‘Our Minister for Health is like the God of the Old Testament – mean’

Read: Gardaí launch ‘Operation Enable’ to catch drivers using fake disabled parking permits

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Darragh McDonagh
Your Voice
Readers Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.