HSE confirms five laptops stolen over the past year

FIVE LAPTOPS, at least three of them with patients' personal details, have been stolen from the Health Service Executive (HSE) over the past year, it was confirmed yesterday.

Details of the theft of one of the laptops from a staff member's home were reported last week, but yesterday the HSE confirmed that a further four had been stolen - two of them from HSE premises in Mullingar, Co Westmeath, in July. Both were taken on the same date.

However, at this time, the HSE cannot say how many patients are affected by the Mullingar theft.

It said: "The data on the laptops included some name and contact details for patients involved with a COPD (chronic obstructive pulmonary disease) outreach service and also the names, dates of birth and diagnosis and/or treatment details of a small number of surgical patients."

A HSE spokeswoman in the midlands said the organisation was in the process of trying to establish how many patients' personal details were on the two laptops.

When it has completed this task it will be writing to the patients concerned. It hopes to be in a position to begin issuing letters to patients advising them of the theft next week, said the spokeswoman.

"We will be making direct contact with these individuals over the coming days," she said.

"We will outline what has occurred, what information was contained on the laptops and apologise for the concern this will have caused [them]."

The spokeswoman added that a HSE representative will be available for those individuals to contact with any concerns they may have.

The HSE said it was satisfied the other two laptops that were stolen did not contain patient or client data. It added that the Data Protection Commissioner and gardaí have been notified.

Deputy Data Protection Commissioner Gary Davis said a meeting with senior management of the HSE was sought to discuss its broader data-handling practices, such was the level of concern over the thefts at his office. That meeting is scheduled to take place today.

In a statement, the HSE stressed it was committed to ensuring the protection of personal and sensitive data stored on its personally held technological devices. "We initiated the process of encrypting all devices last year. We have prioritised the encryption of all devices that contain personal and medically sensitive data," it said.

"The HSE has communicated with all staff members informing them of their individual responsibility to have the data on their devices encrypted. The HSE plans to have all devices encrypted by the end of September."

The laptop stolen from the home of a HSE public health official on September 3rd, and reported last week, contained personal information gathered for the purposes of a survey on the provision of the flu vaccine to 1,150 healthcare workers in autumn 2007.

That laptop was password protected, but was not encrypted. The healthcare workers whose data was on the device have now been notified. When data is not encrypted there is a danger it could be accessed more readily by a third party.

© 2008 The Irish Times

This article appears in the print edition of the Irish Times