The Data Protection Commissioner’s office has recently published a report entitled “Data Protection Investigation in the Hospitals Sector”. A full copy of the report is available to view here.
The report was was compiled following an investigation undertaken in 2017 by the office’s Special Investigation Unit (SIU). The investigation took place between January and December 2017 and involved physical inspections by Authorised Officers at 20 hospitals around Ireland spanning HSE facilities, private hospitals and voluntary hospitals.
The investigation was undertaken due to the substantial volume of sensitive personal data which is processed on an ongoing basis in the hospitals sector; significant data security breaches in the sector in the previous decade; and the findings of data protection audits conducted in a number of hospitals by the Commissioner’s Audit Team in recent years.
The key focus of the investigation was to examine the processing of the personal data and sensitive personal data of patients in departments and areas of hospitals in Ireland to which patients and the general public have access.
The report highlighted 14 areas of concern:
- Controls in Medical Records Libraries
- Storage of patient observation charts in hospital ward settings
- Storage of patient charts in Trolley bins in ward settings
- Storage of confidential waste paper within the hospital setting
- Disposal of handover lists and patients lists
- Use of fax machines
- Lack of speech privacy
- Absence of audit trails
- Raising awareness of data protection in hospitals and provision of data protection information to patients
- Consent for research
- Processing of private health insurance information in hospitals
- Maternity Service Users
- Data Retention
The ultimate aim of the investigation was to make recommendations for improvements with regard to the processing of patient data and the report sets out various ways in which it is hoped this will be achieved.