HSE patient files emailed to wrong person for 6 months
The HSE apologised and said it was notifying the Data Protection Commissioner about the breach, which apparently occurred because the recipient of the emails, a Cork-based IT professional, has the same name as a consultant at Limerick University Hospital.
The recipient, who does not wish to be identified, said he made repeated attempts to highlight the fact that he was getting the emails to his personal email address, but continued to receive them from January to July.
He contacted a HSE IT email address on more than one occasion but never received a response, while calls to the telephone number repeatedly rang out.
He contacted the office of Leo Varadkar, the health minister, on July 24 to complain about the repeated data breaches and was told to make his complaint in writing, which he has now done.
The emails received to his personal Gmail account â which he says he typically checks just once or twice a week â began on January 5 and continued until July 24. They were sent by a number of different people, mostly health professionals attached to Limerick University Hospital, but instead of reaching a consultant, they were sent to him.
A sample of the correspondence, seen by the Irish Examiner, includes:
- Individual patient files containing details of medical care and personal data;
- A schedule for an operating theatre featuring named patients and their details;
- The minutes of a top-level meeting including discussion on the use of the new Eircode system;
- Details relating to a young boy who is battling a serious condition.
The IT professional said he replied to each email to inform the sender it had gone to the wrong address as he was concerned important information about patient care might not be getting to the consultant involved: âFirst of all I thought it might be one person with the wrong email details, but then I got them from multiple email addresses,â he said.
In one response issued to senders he wrote: âI would be grateful if someone within the HSE could investigate this and correct any records with incorrect contact information as soon as possible.â
However, despite acknowledgements and apologies from individual senders, all attempts to make contact with the relevant IT department failed: âNo one got back to me. The situation is ridiculous. It hasnât been for want of trying to resolve this. Obviously there are systematic errors and I canât blame any one individual.â
In a statement, the UL Hospitals Group admitted the breach had occurred and apologised: âAs with any data protection concern, the matter is being taken very seriously and will be investigated. We apologise to any individuals involved. The matter has been reported to the Data Protection Commissioner and it would be inappropriate for us to comment further at this time.â
Just last month it emerged that between April 2014 and the start of April this year, there had been more than 100 data protection breaches involving sensitive personal information held by the HSE.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
