At least three more hospitals have indicated today they have used the services of a company implicated in a data breach involving the records of patients of Tallaght hospital in Dublin.
Tallaght hospital admitted yesterday there had been “unauthorised access and disclosure” of material sent to the Philippines for transcription by the company Uscribe.
Mercy University Hospital in Cork confirmed today it had been using an online transcription company for the past six years. Galway University Hospital outsourced transcription to Uscribe for a six-month period several years ago.
While the Mercy University Hospital did not confirm it had also used the same company as that used by Tallaght, it is understood that Uscribe is the firm involved.
A spokesman for the Cork hospital said it had “no evidence whatsoever that any of its patient data has been misused, destroyed or disclosed improperly”.
He added: “The hospital has been assured that the company’s security system is intact and that there is no evidence of any systems failure."
The Galway hospital said in a statement it did not outsource administration work and that nor did the Mid Western Regional Hospital, Limerick.
It confirmed that in 2004, GUH undertook a "short six-month pilot project with Uscribe, involving the typing of encrypted material with no patient identifiers".
Peamount Hospital in Dublin confirmed to RTÉ News it had used the service since 2005. It said it continued to use it and that it had encountered no problems.
The Tallaght records were outsourced to the private firm Uscribe, which has offices in Dublin but which sent the records to its business in the Philippines for transcription. The records concerned are letters to GPs, and hospital referrals.
The Data Protection Commissioner’s office met the company Uscribe today to discuss the breach.
Mr O’Connell has admitted in a letter to consultants that the scope of the breach is “much larger” than Tallaght hospital.
The Dublin hospital’s arrangement with Uscribe has been terminated, and the hospital is now using another provider.
While the Health Service Executive has indicated it does not outsource such transcription services, it is understood that some consultants have entered private arrangements for such services.
The data in question comprises records of patient consultations with doctors and not full medical records. It appears, however, that at least in some cases information identifying patients was compromised.
Tallaght hospital confirmed it had asked the Garda to assist in determining how the sensitive patient data fell into “inappropriate hands”.
It has opened an information helpline for patients who may be concerned about the issue. The phone line is available on 1800 283059 from 9am to 5pm.
Some 173 calls were received by 4.30pm, the hospital said.
There is no bar on a hospital using a third party to process such data, but very stringent due-diligence procedures and contracts must be put in place to satisfy data protection requirements.