Dáil Éireann Debate, Thursday - 3 July 2014
224. Deputy Stephen S. Donnelly asked the Minister for Health further to reports that hospital records of public patients have been released to third parties, the number of patients per acute hospital, whose personal records have been released. [28960/14]
View answer225. Deputy Stephen S. Donnelly asked the Minister for Health further to reports that hospital records of public patients have been released to third parties, if he will reveal all of the third parties to whom data has been released; and the number of requests each third party has made. [28961/14]
View answer226. Deputy Stephen S. Donnelly asked the Minister for Health further to reports that hospital records of public patients have been released to third parties, and claims from the Healthcare Pricing Office that the data was scrubbed of personal identifiers, the process used to ensure anonymity; if the Data Protection Commissioner was consulted regarding the process; and if he will make a statement on the matter. [28962/14]
View answer227. Deputy Stephen S. Donnelly asked the Minister for Health further to reports that hospital records of public patients have been released to third parties, if the Health Service Executive had any correspondence with the Data Protection Commissioner regarding the practice of releasing patients’ data to third parties; and if he will make a statement on the matter. [28963/14]
View answerI propose to take Questions Nos. 224 to 227, inclusive, together.
The HSE has confirmed that the Healthcare Pricing Office (HPO) to which the reports at the weekend referred, does not make hospital patients’ personal records available to pharmaceutical companies, insurers or any other companies.
The HPO may provide statistics on hospital activity to third parties. Such information is of an aggregate statistical nature which means that patients cannot be identified. More detailed information is provided to bodies including the National Cancer Registry, the Health Research Board as well as researchers in universities. However, I have been assured by the HPO that in providing any such data, patients’ identities are removed from the information given.
It is important to note that the HPO has implemented measures to ensure the confidentiality of hospital patient data. The full range of information about patients and their care is only available in the individual hospitals. In order to safeguard patient privacy and ensure that no patients can be personally identified, the HPO collects only a reduced range of information about patients at the national level. This means that the HPO does not collect patient names, addresses or full dates of birth. The HPO has advised me that the relevant section of the ESRI (which has since been subsumed into the HPO) met with the Data Protection Commissioner in 2010. Following on from that engagement the ESRI changed their data collection methodology to improve their data protection procedures.
My Department does not hold the list of third parties that information has been released to. For this reason, I have requested that the HSE respond directly to the Deputy on this matter.
In conclusion, I have been advised by the HPO that it is acutely aware of its responsibilities in relation to patient privacy and is fully respectful of the rights of patients in this regard. I have also been advised by the Office that it is compliant with the advice given to it by the Office of the Data Commissioner regarding its procedures governing data.
