Wristband mix-up and records left in pub among 465 HSE data breaches
Hospital staff put the wrong wristband on a patient at Dublin's Connolly Hospital, and it was only discovered after both patients were discharged.
The incident last November was recorded as a data protection breach.
"A patient's right to privacy and confidentiality should not be violated by careless custody of their records," said Stephen McMahon of the Irish Patients Association.
Mr McMahon said that while "it's not a witch hunt", individuals responsible for data protection breaches should be identified, and there should be full disclosure to the patients or families affected.
Misplaced patient records from Letterkenny University Hospital were found in a pub last year, while lost medical files containing personal data turned up on a bus in Waterford.
These were among 465 data protection breaches involving sensitive personal information held by the HSE between January 2018 and May 2019, internal documents have revealed.
Elsewhere, a patient's medical file was found in a public toilet in Roscommon in July 2018; and records relating to patients of St Luke's General Hospital in Kilkenny were found in a bag donated to a charity shop last February.
The breaches have been described as "serious incidents" by the patient advocacy group, which criticised the "careless custody" of individuals' private medical records by the HSE.
Patient files from Our Lady of Lourdes Hospital in Drogheda were found outside the facility by members of the public on four occasions at locations including a garden and walkway.
In Roscommon, a breach was reported by the area's mental health services last year after personnel records covering a five-year period were lost and never recovered.
A number of breaches occurred when photos or videos of patients were uploaded on social media without their consent.
Last February, mental health services records containing personal data were found during the excavation of a site in Kilkenny; while a list of patients was discovered in a bag of rubbish that was illegally dumped in Letterkenny in March 2018.
At University Hospital Galway, a patient's CT scan was accidentally included in records released to a third party in response to a Freedom of Information (FOI) request, while University Hospital Waterford mistakenly attached a patient's prescription to unrelated records pertaining to another FOI request.
There were a total of 277 data protection breaches recorded by the HSE in 2017.
An HSE spokesperson said an increase in the number of such incidents may be attributable to the enactment of the new General Data Protection Regulation in May 2018.
"The HSE takes all breaches of data protection seriously," she said. "After we investigate breaches… we put preventative measures in place to reduce the risk of such breaches happening again."