A hospital in Dublin has admitted that sensitive patient medical records have been subject to "unauthorised access and disclosure", as a result of being sent to the Philippines for transcription.
Irish broadcaster RTÉ reported last month that Tallaght Hospital had contacted Ireland’s Data Protection Commissioner over "unsubstantiated claims" of a data breach. The allegations related to the hospital’s use of a transcription service based in the Philippines named Uscribe.
Today, the hospital’s acting chief executive confirmed that the breach had in fact taken place. "It is now evident that information has been subject to unauthorised access and disclosure," John O’Connell said in a statement.
"The IT director of the hospital has been in the Philippines over the last week to assist their legal authorities," he explained. Irish police and the UK’s Information Commissioner’s Office are also involved in the investigation.
O’Connell noted that, although it is hospital policy that no patient identifiers be used in reports or letters, and that information sheets be kept for each letter, neither of these policies had been followed in practice.
Tallaght Hospital terminated its contract with Uscribe earlier this year, though the company has not been direcrtly accused of wrongdoing. Ireland’s health minister James Reilly says he is investigating whether any other hospitals may have been affected.