AT LEAST three more hospitals have indicated they have used the services of a company at the centre of a suspected data breach involving the records of patients of Tallaght hospital in Dublin.
Tallaght hospital said on Wednesday there had been “unauthorised access and disclosure” of material sent to the Philippines for transcription by the company Uscribe.
Mercy University Hospital in Cork confirmed yesterday it had been using an online transcription company for the past six years.
Galway University Hospital outsourced transcription to Uscribe for a six-month period several years ago.
While the Mercy University Hospital did not confirm it had also used the same company as that used by Tallaght, it is understood that Uscribe is the firm involved.
A spokesman for the Cork hospital said it had “no evidence whatsoever that any of its patient data has been misused, destroyed or disclosed improperly”. He added: “The hospital has been assured that the company’s security system is intact and that there is no evidence of any systems failure.”
The Galway hospital said in a statement it did not outsource administration work nor did the Mid-Western Regional Hospital, Limerick. However the Galway hospital confirmed that in 2004 it undertook a short six-month pilot project with Uscribe, involving the typing of encrypted material with no patient identifiers.
Peamount Hospital in Dublin confirmed to RTÉ News it had used the service since 2005. It said it continued to use it and that it had encountered no problems.
The Tallaght records were outsourced to Uscribe, which has offices in Dublin but which sent the records to its business in the Philippines for transcription. The records concerned are letters to GPs, and hospital referrals but not full medical records.
The Data Protection Commissioner’s office met representatives of Uscribe yesterday.
Acting chief executive of Tallaght hospital John O’Connell has admitted in a letter to consultants that the scope of the breach is “much larger” than Tallaght hospital.
The Dublin hospital’s arrangement with Uscribe has been terminated and the hospital is now using another provider.
While the HSE has indicated it does not outsource such transcription services, it is understood some consultants have entered private arrangements for such services.
Tallaght hospital confirmed it had asked the Garda to assist in determining how the sensitive patient data fell into “inappropriate hands”. It appears that, at least in some cases, information identifying patients was compromised.
It has opened an information helpline for patients who may be concerned about the issue. The phone line is available on 1800 283059 from 9am to 5pm. Some 173 calls were received by 4.30pm yesterday, the hospital said.