Data Protection Commissioner
Data Protection Commissioner

01/05/08 - Statement on Hospital Records found in Co. Cork

The Office of the Data Protection Commissioner learned this morning, from a report in the Irish Examiner, of the discovery at a site in Glounthaune, Co Cork of medical files originating from hospitals in the Cork area. We were subsequently formally notified of the incident by the Health Service Executive.

We note that the Executive and Cork County Council have already launched investigations. We have requested an urgent report from the H S E.

There is a heavy duty on organisations to dispose of personal records in a secure manner. Medical records constitute "sensitive personal data" under the Data Protection Acts and are entitled to extra protection.

From our Office's perspective, the main priority is to safely recover the files in question and destroy them securely if they are no longer required. This would eliminate the immediate source of distress to the patients concerned and their families.

We are also concerned to ensure that this is an isolated incident and that proper procedures are in place to guard against any repetition. We worked closely with the HSE on the development of the National Hospitals Office Code of Practice on Healthcare Records. The HSE's work on the Code demonstrated its commitment to live up to its obligations under the Data Protection Acts and its more general duty of confidentiality towards patients. This incident highlights the importance of the Code being fully put into practice in the day-to-day work of hospitals.