Hospital notes on patients who attended Our Lady of Lourdes Hospital in Drogheda, Co. Louth were discovered on a housing estate earlier this week.
The doctor handover notes, detailing the dates of birth, family situations, medical conditions and hospital wards attended of ten patients who visited the hospital’s emergency ward on 11 April 2019, were discovered approximately a kilometre away from the hospital in a front garden on a housing estate.
The homeowner who discovered the notes notified local Senator Ged Nash, who advised her to contact the hospital and arrange for their return.
Nash has called for an investigation by Ireland’s DPC (Data Protection Commission). Speaking to Morning Ireland on RTE Radio 1, he said that “This is completely unacceptable, and hospital management must report this egregious compromising of private and deeply sensitive personal information to the Data Protection Commissioner.
“Some very elderly and vulnerable patients have had the most personal and confidential information imaginable about their health situation strewn in a suburban housing estate for all to see.”
Nash noted that this data breach was the latest in a series at Our Lady of Lourdes, which included patient notes found in February 2018, three months before the GDPR (General Data Protection Regulation) took effect.
Our Lady of Lourdes Hospital has yet to comment on the breach and whether it has informed the DPC.
Under Article 33 of the GDPR, the data controller needs to notify the DPC of a breach of personal information within 72 hours of becoming aware of the breach.
Prevent data breaches and comply with the GDPR
By following the GDPR’s requirements, you can be sure you’re doing everything you can to protect yourself from data breaches. This not only helps you save money and protect your reputation but also ensures you avoid regulatory action.
Accelerate your GDPR compliance with our EU GDPR Documentation Toolkit. Designed and developed by expert practitioners, it contains all the templates, worksheets and policies you need to comply with the Regulation.