An x-ray report found in a department store, a cancer patient’s chart left on the roof of a car before driving away, and a child’s mental-health records accidentally faxed to Bank of Ireland.
These were among 113 data-protection breaches involving sensitive personal information held by the Health Service Executive (HSE) in 2015, according to internal documents.
In April, a patient’s x-ray report with a sticker from another patient was discovered by staff in Penneys, Mullingar.
The clothing store posted the report to one of the patients, who contacted the Citizens Information Centre for advice.
They subsequently sent the records back to Midlands Regional Hospital in Mullingar, and an investigation was instigated to establish how the x-ray report came to be found in the fashion-chain outlet.
Following the investigation, the relevant staff were “reminded of their responsibilities under data protection legislation”, a HSE spokesperson said.
Later that month, an incident report containing an allegation of abuse concerning an adult with an intellectual disability was “inadvertently posted” to a financial services company in Dublin, according to the HSE documents.
A spokesperson said the incident was reported to the Data Protection Commissioner and a meeting was held with the affected client. Staff were again reminded of their responsibilities.
In June, a healthcare assistant from St Luke’s Hospital was accompanying a patient on a transfer to another hospital when he left their chart on the roof of the car before setting off.
He realised the mistake only when he arrived at their destination. The chart was later retrieved from a member of the public who had picked it up.
The HSE responded by notifying the patient of the incident and reported the matter to the Data Commissioner.
The staff member was reminded of their responsibilities under data-protection legislation.
In August, a HSE employee attempted to send a fax to Temple Street Hospital containing sensitive information relating to a minor in the care of Child and Adolescent Mental Health Services at Dara Linn Cherry Orchard Hospital.
They entered the wrong number, however, and the details were instead faxed to Bank of Ireland.
In a similar case in October, a staff member at Midland Regional Hospital in Tullamore tried to call a palliative care nurse and left a voicemail that included sensitive clinical information about a patient.
They subsequently received a call back from a third party, asking why they had been left this information — it had been the wrong number.
In March 2015, a diary containing sensitive information about clients was misplaced by a community services worker in Sligo but was later found on the roof of her car.
However, a sealed envelope containing an assessment report that had been placed in the diary was not recovered.
In April, a nursing report book from Dublin North Mental Health Services was found by a gardener on the grounds of a hospital.
Similarly, last November, nine doctor’s letters were found on the grounds of Our Lady’s Hospital in Navan.
Healthcare records relating to 102 children were lost from the Public Health Nursing section of Cherry Orchard Hospital last year, which required all affected individuals to be rescreened.
© Irish Examiner Ltd. All rights reserved