Patients' records found on footpath near one of country's busiest hospitals

SEPARATE investigations are underway after a print-out of 29 patients’ records were found by a member of the public on a footpath near one of the country's busiest hospitals.

The nine-page document, which was recovered by an individual earlier this month, contained patients’ details including addresses, date of births, chart numbers and other information.

While confirming the incident, University Hospital Limerick says ‘no detailed information was disclosed in relation to patients’ medical conditions, health status, medications etc’.

In a statement, a spokesperson said: “Personal information for 29 patients was included in a patient list found by a member of the public in a public place. These records were promptly recovered by HSE staff and we thank the individual in question for their responsible actions on the day.”

The member of the public who recovered the document said: “My son hates litter and we saw a piece of paper scrunched up on the footpath near the grounds of UHL. My son picked it up and handed it to me and I noticed what it was and was shocked, I could not believe it.”

The incident happened on the afternoon of November 10.

The member of the public considered all options before making a decision on what to do with the document, saying; “I thought about handing it back into the hospital but I did not want to give it into the wrong hands so I called the hospital and they directed me to the correct member of the HSE to hand it back to.

“I just imagined if it had my name on that document and how I would feel and I knew I would be angry and I knew what I had to do.”

The spokesperson confirmed that the incident has been reported to the Data Protection Commissioner saying; “This incident has been reported to the Data Protection Commissioner, has been raised as an incident under the hospital risk management system and is being managed under the HSE national policy on data protection.

“It has been categorised as low risk. Details of this incident have been shared with the relevant areas as has national guidance on the generation and disposal of hardcopy patient lists.

“This incident remains under active investigation and any learnings will be shared with our staff.”

The Data Protection Commission has confirmed it "received a breach notification from the HSE on this matter and are currently engaging" with the them in their investigation of the breach.

The UL Hospitals Group has stressed that the matter will be handled with care with the spokesperson saying:“We take our obligations to protect patient information very seriously.

“Our Information Governance Office is staffed by personnel trained in data protection and who offer regular advice and training to all staff.

“There is mandatory training for every staff member on the Fundamentals of GDPR, which is the relevant EU regulation around data protection.”