Finder of patient details accused by HSE of data breach

Finder of patient details accused by HSE of data breach

A man who found sensitive patient data on a city centre street and who highlighted his concerns in the media has been accused by the HSE of a data breach.

Luke Field, who found data containing patient names and details of surgical procedures on the pavement of South Terrace, Cork City on Friday, April 26, attempted to report his find to the appropriate data protection officer in the HSE South the following day. However, the office was closed over the weekend.

He then contacted Cork University Hospital (CUH) as the data related to patients attending its plastic surgery department, and was advised by a staff member to return the data to reception in a sealed envelope, and that it would be processed after the weekend.

Mr Field, a Labour candidate for Cork City South Central in the upcoming local elections, said he held off on returning the data as he wanted to hand it back to someone “with direct data protection responsibility”. He decided to contact the media to highlight the delay he encountered when trying to report his find to the appropriate official, as there was no out-of-hours contact service.

However, the HSE said because Mr Field “voluntarily disclosed” the data to a third party — the Irish Examiner — this constituted “an unauthorised disclosure” of personal data and that Mr Field is now obliged to report his own disclosure “as a further data breach to the Data Protection Commissioner”.

The Irish Examiner contacted the Data Protection Commission (DPC) to inquire if a breach had occurred, as there is an exemption when processing personal data for the purpose of exercising the right to freedom of expression and information, including processing for journalistic purposes.

The commission said it “understands that there are data protection issues in relation to this, however we cannot comment further as we would need to examine the details in full”.

Mr Field said that as far as he is concerned, he doesn’t believe there is “any merit in the suggestion” that he has committed a data breach, but he is “happy to co-operate with the Data Protection Commission in their investigation of the HSE breach”.

Finder of patient details accused by HSE of data breach

He said he is “disappointed” with the HSE response “because the real story is that there have been two major HSE breaches in patient data in the space of a week [the other related to patients attending Our Lady of Lourdes Hospital, Drogheda] and this seems like an unfair attempt to divert attention away from that”.

The HSE said CUH is “taking the data breach very seriously and is currently investigating the incident”.

“The breach was reported to the Data Protection Commission and all data subjects will be contacted in line with HSE policy,” the statement said.

The statement also said the deputy data protection officer “was subsequently made aware that the data was shared with a third party (journalist), either prior to or after returning the data to the HSE”.

“The person who discovered the data and voluntarily disclosed it to the third party has been advised by the HSE that as this constitutes an unauthorised disclosure of the personal data, there is now an obligation on that person to report this as a further data breach to the Data Protection Commission”.


More in this Section

Varadkar, Martin and Ryan to try and overcome major obstacles encountered in talksVaradkar, Martin and Ryan to try and overcome major obstacles encountered in talks

Call for child poverty and education to be focus of new governmentCall for child poverty and education to be focus of new government

Gardaí appeal to parents not to leave children in cars while shoppingGardaí appeal to parents not to leave children in cars while shopping

Scally: Ryanair boss should 'leave public health' to the authoritiesScally: Ryanair boss should 'leave public health' to the authorities


Lifestyle

Even in the drug-filled, debauched annals of the rock and roll memoir, Mark Lanegan's Sing Backwards And Weep stands out.Mark Lanegan: Drugs, Liam Gallagher and me

Donal Dineen was the man who first brought David Gray and many other emerging artists to our ears. He’s had a lower profile in recent years, but has returned with a new podcast, writes Eoghan O’SullivanDonal Dineen: Pushing the buttons on a new podcast

Is there are science to back up some of the folklore we have grown up with?Appliance of Science: If a cow sits down does that mean it will rain?

This time last year Whiddy Island in West Cork was bustling with people who had caught the ferry for the short trip from Bantry to ramble the island’s boreens as part of the Bantry Walking Festival. Not so this year.Islands of Ireland: Whiddy in the same boat

More From The Irish Examiner