More than 100 breaches of HSE patient data in past year

In one case, community services worker lost client report after leaving it on roof of car

More than 100 data protection breaches involving sensitive personal information held by the Health Service Executive (HSE) occurred over the past year, internal documents indicate.

Details of the incidents, which occurred between April 1st, 2014 and April 1st, 2015, have been released under the Freedom of Information Act.

They include a case in Cork, where patient files were discovered by a member of the public in the drawer of a filing cabinet they had purchased in a second-hand furniture shop in June 2014.

The incident was notified to the Data Protection Commissioner.


In Sligo, a diary containing sensitive client information was misplaced by a community services worker but was later found on the roof of her car.

However, a sealed envelope containing an assessment report that had been placed in the diary was not recovered.

Wrong documentation

Last November, data relating to 19 patients at

Wexford General Hospital

was found on the grounds of a housing estate.

Affected parties were contacted by telephone and a meeting was held with doctors who had generated the report.

A number of incidents were reported in which the wrong patients were issued with the wrong documentation.

This occurred at HSE South Community Addiction Services in Cork last February, where two clients received each other’s correspondence.

In Limerick, a letter confirming a hospital appointment was mistakenly issued to the twin of a patient on two occasions in 2014.

The incident resulted in staff being reminded of the importance of checking all patient details when creating appointments.

Autism assessment

Last September, an autism assessment report concerning a child was accidentally posted to the parents of another child.

An apology was issued but a similar incident occurred in March, when a report on a five-year-old with autism was put in the wrong envelope, along with another child’s report, and posted to the wrong family.

Both incidents were notified to the Data Protection Commissioner and the HSE noted that the affected family will not be taking the matter any further.

In Cavan/Monaghan Mental Health Services, a folder containing clinical letters went missing from a consultant's clinic last November.

The folder was found in a photocopying room but the letters were not recovered.

In total, 103 incidents involving data protection breaches occurred between April 1st, 2014, and April 1st, 2015.

As many as 16 laptops and phones containing confidential data were also reported lost or stolen by HSE staff.