5 days ago
Data breach probe by watchdog after hundreds of children's patients records left in unlocked room at Dublin hospital
The inquiry is expected to conclude much faster than typical investigations
INFO ISSUE Data breach probe by watchdog after hundreds of children's patients records left in unlocked room at Dublin hospital
HUNDREDS of children's patient records were left in an unlocked room at a Dublin hospital.
Children's Health Ireland is now being probed by the Data Protection Commissioner after the suspected data breach at Tallaght Hospital.
The inquiry will look at the physical safety and security of health records at its CHI-run section.
A large quantity of kids' docs were kept in a room at the facility that was not locked and could be easily accessed by anyone, it is alleged.
Hundreds of patient records are understood to have been in this room at any one time.
The DPC said it 'became aware that there were potential issues at this site from a number of different sources, including through protected disclosures that the DPC received and a breach notification submitted to the DPC by CHI'.
A spokesperson today added: 'Having reviewed the information, the DPC conducted an unannounced site inspection on Wednesday.
'The inquiry will examine CHI's compliance with their GDPR obligations, in particular relating to the security of personal data and the processes that CHI have in place for managing physical records.'
Following the DPC's unannounced inspection, Dr Turlough Bolger, a consultant in emergency medicine, emailed staff highlighting concerns expressed by inspectors.
He wrote: 'They expressed concern regarding the number of charts in the room yesterday (about 320 charts) and the amount of loose pages with patient details. I expect that the recommendations will be wide-ranging and damaging.'
CHI confirmed the probe 'relating to the physical safety and security of children's health records within one specific CHI facility in Tallaght'.
They added: 'We are co-operating fully with the DPC.
'ONGOING PROCESS'
"As this is an ongoing regulatory process, it would be inappropriate to comment further at this time.
"Our priority remains the protection of patient information and ensuring all personal data is handled in line with our legal obligations.'
DPC investigations can take more than a year to complete. However, it is expected this inquiry could be concluded much quicker.
In June, Dublin's Education and Training Board was fined €125,000 by the DPC after personal details of 13,000 grant applicants were made available to unauthorised persons.
