Hospital notes of patients who attended Craigavon Area Hospital, Co. Armagh were discovered scattered on a local roadside on 7 February.
The records contained the information of 18 patients who visited ward 2 South Medicine at the hospital, including their name, age, reason for admission, and medical and social history.
A man and a six-year-old child, who wish to remain anonymous, discovered the notes while walking. They swiftly contacted the Portadown Times and handed over the documents.
Speaking about his findings, the man said: “I would like to know how records, which are supposed to have been kept in a secure location, made their way to the Wood Lane in Lurgan and were found discarded on the roadside.
“These are very personal details and should never have left the hospital never mind end up at the side of a road.
“I hope these patients and their families or carers will be informed of this confidentiality breach.”
A Southern Health and Social Care Trust spokesperson said: “These confidential patient records should not have left Craigavon Area Hospital.
“We take patient confidentiality very seriously and this incident will be fully investigated, and we have reported this breach to the [ICO] Information Commissioner’s Office.
“We will be reviewing our procedures to ensure that information about patients is stored safely at all times and these breaches are avoided in future.”
A spokesperson for the UK’s ICO said: “People’s medical data is highly sensitive information, not only do people expect it to be handled carefully and securely, organisations also have a responsibility under the law.
“When a data incident occurs, we would expect an organisation to consider whether it is appropriate to contact the people affected, and to consider whether there are steps that can be taken to protect them from any potential adverse effects.
“Southern Health NHS Foundation Trust has made us aware of an incident and we will assess the information provided.”
Hospital data breaches – a common occurrence?
This is not the first data breach within a hospital environment.
Last year, Our Lady of Lourdes Hospital in Drogheda , Co. Louth suffered a similar data breach when doctor handover notes were discovered in a front garden on a housing estate. In another incident, patient medical records were found in bins and a park in Letterkenny, Co. Donegal after storage containers at St Conal’s medical facility were broken into.
What can we learn from these data breaches?
Maintaining full visibility of the flow of personal data throughout your organisation is key in keeping your data safe. It also ensures you meet the requirements of Article 30 of the GDPR (General Data Protection Regulation).
If you haven’t already done so, now is the time to map your data in order to assess your privacy risks.
Download our free guide, ‘Conducting a Data Flow Mapping Exercise Under the GDPR’, to discover the key elements of a data flow map and the steps in a data flow audit, as well as the challenges that may arise.