HEALTH PROFESSIONALS have been warned that ignorance is no excuse for the law in relation to the handling of patients’ records.
More than 10,000 copies of a new handbook, which explains the law governing data protection and includes a self-assessment tool, will be distributed to people involved in keeping patients’ records.
What You Should Know about Information Governance: a Guide for Health and Social Care Staffis designed to ensure that health professionals are fully briefed on the law and good practice.
The publication of the handbook, compiled by the Health Information and Quality Authority (Hiqa), comes after a series of embarrassing data breaches which has undermined confidence in the health service.
Records belonging to patients at both Roscommon County Hospital and the Ballina District Hospital were found in bins recently, while Tallaght hospital admitted patient records sent for transcription to the Philippines were subject to “unauthorised access and disclosure”.
Hiqa director of health information, Prof Jane Grimson, said the data breaches were “unacceptable” and led to a “breakdown of people’s trust” in the health system.
“Good information governance is a core component of safer, better healthcare. It is not something that takes place in isolation, or separate from healthcare provision, but underlies safe effective care. This is what our new guide focuses on,” she said.
However, Prof Grimson stressed that the publication of the document was coincidental as they had been working on it for a long time.
She said the guidelines had been drawn up in response, in particular, to the digitalisation of health data which creates its own challenges.
Healthcare is information intensive, creating a huge amount of data, including patient records and test results, every day.
Internationally, it is estimated that almost 30 per cent of the total health budget is spent on handling information, collecting it, looking for it or storing it.
The handbook recommends that responsibility for information governance should be given to named staff.
It maintains that all staff should be made aware of their individual responsibilities and of any penalties for non-compliance.
It also recommends that only one set of medical records should be kept to avoid the risk posed by duplicates.
Near misses, for example, a filing cabinet containing patient records being left unlocked, should be regarded as a learning opportunity to enable employees to avoid similar problems in the future.
Prof Grimson said penalties for the misuse of information were not the responsibility of Hiqa but of the Data Protection Commissioner.
A new Health Information Bill, which is due to be discussed soon, is considering stiffer penalties for the misuse of information.