Details revealed in today’s Irish Examiner show that, over the past four years, a shocking 69 health service laptops, USB sticks, and smartphones have been stolen or lost.

The records show 61 of these items were stolen, 51 contained unspecified “sensitive” information, and 20 had no encryption codes whatsoever.

The fact the HSE was warned about this exact problem five years ago, and gave assurances the issue was resolved when it wasn’t, is cause for concern.

But even more worrying is that this latest data security breach is just one in a long line of examples where supposedly sensitive information has been treated shoddily by the system — posing risks for both patient safety and staff security.

Last month, internal HSE audit files obtained by this newspaper confirmed that on a recent visit to Cork University Hospital auditors found highly sensitive files on top of a car park ticket machine.

The team, who ironically were sent to the facility to test its data security, wrote: “While this is an ‘out-of-scope’ finding, the auditors are obliged to note and notify that a folder containing sensitive employee information was found on the machine for paying the parking tickets.”

Another audit on the same hospital, also revealed by the Irish Examiner last month, found ex-hospital staff can still access sensitive patient data files because of serious IT security failures.

It added that encryption code failures, unauthorised access problems and medical history file errors linked to the issue risk putting patients needlessly in danger, and noted that one in four laptops examined had no encryption protection in place.

Further documents published by this newspaper in Jun 2011 mirrored the same data security problems, and highlighted how they are occurring across various sections of the system.

This time it was about vulnerable children in the care of the HSE. But the clear data breaches were the same:

* There was a failure to ensure private files with names, PPS numbers, medical and social data could only be accessed by authorised staff;

* Back-up tapes were stored beside a photocopier in the general office area without encryption codes;

* There was no formal process to report “electronic data protection incidents”, ensure data protection breaches are minimised and monitored, or to check if staff underwent data protection training.

Even within the confines of the latest data protection breach — the missing laptops, USB sticks and smart-phones — it is a case of that well-worn French phrase plus ça change, plus ça la meme chose (the more things change, the more they stay the same).

And the people potentially being put at risk are patients, who are meant to be protected by the system.

In 2008, after it emerged as many as 55 of the same items had been stolen from or lost by the HSE since 2004, then chief executive Prof Brendan Drumm assured the Data Protection Commissioner the issue would not arise again.

He gave an “explicit” instruction that all HSE laptops containing sensitive information would from now on be encrypted — after the 2008 issue highlighted how social worker notes on nine families, patient medical records, financial data and detailed staff information had been lost.

Half a decade on, the same issue is back on the agenda.

It is unclear what impact budget cuts, staff shortages and worker demoralisation have had on the problem.

But Irish Patients’ Association chairman, Stephen McMahon, is clear in his verdict.

“Somebody needs to be held accountable. Considering the previous assurances that were given in 2008, this is totally unacceptable.

“I think it’s just sloppy. And there’s an even bigger question in all of this; has the lost information been backed up, or do we have black holes involving patient files?”