HSE to check data release does not infringe privacy

The Health Service Executive has said it will examine whether any data protection issues arise from its release of information on public hospital patients to third parties. The Healthcare Pricing Office (HPO), which is part of the HSE, provides data in relation to public hospital patients on request to researchers. Although the data has been kept anonymous, the increasing sophistication of computer-driven data-mining techniques has led to fears patients could be identified.

A HSE spokesman confirmed yesterday that the office responded to requests for data from a variety of sources, including researchers, the universities, GPs, the media, health insurers and pharmaceutical companies. An average of about two requests a week was received.

He said insurers accessed the information to be better able to make pricing decisions for health procedures, while it was likely that pharmaceutical companies sought data for drug research purposes.

The information provided by the HPO has significant patient identifiers removed, such as name and date of birth. According to the HSE spokesman, individual patient information is not provided and, where information is sought for a small group of patients, this is not provided where the number involved is under five. “In such circumstances, it is highly unlikely that anyone could be identified. Nevertheless, we will have another look at data releases from the office,” he said.

The HSE’s national healthcare charter promises to maintain strict confidentiality of personal information. It says that patients can expect that “your personal health information will be stored securely and not disclosed to others without your consent. Your personal health information will only be accessed by those who need it for patient care.”

The Economic and Social Research Institute had for many years the job of collating hospital patient data, but this work was transferred to the HPO last January. The HSE spokesman said no issues had arisen since the organisation assumed responsibility for collating the data this year.

The information gathered forms the basis of a number of reports published by the HSE into hospital activity and perinatal statistics.

The Sunday Business Post yesterday quoted concerns about possible abuse of the system by a data protection lawyer, the Irish Council for Civil Liberties and the Irish Patients Association. The HSE refused to disclose which organisation and researchers were able to access the data.

Legislation before the Oireachtas provides for the creation of a unique health identifier for all patients. While data protection campaigners have expressed fears about the impact of the measure on personal privacy, the troika formerly overseeing Ireland’s debt pressed for its introduction as a way of improving the HSE’s control over spending.