GDPR complaint over Army health records
Data Commissioner investigates Defence Forces over stashing sensitive documents in brown envelopes
THE Data Commissioner is investigating if the Defence Forces are in breach of GDPR and military rules by haphazardly stashing ‘hundreds of thousands’ of sensitive medical reports in brown envelopes instead of ensuring they are properly secured in individual files.
The claims have been made in an official written complaint recently submitted to Data Commissioner
Helen Dixon. A spokesman for her office told the Irish Mail on Sunday: ‘I can confirm that we’ve received the complaint and it is currently being assessed.’
Under General Data Protection Regulation, medical records are deemed to be so sensitive they are given special protection, so they remain confidential. But photographs obtained by the MoS show data, including consultants’ reports, are kept at military medical aid posts throughout the country in brown envelopes.
And instead of this sensitive information – which encompasses the records of all those who have ever served in the Defence Forces – being centrally archived in separate files, in some cases medical records are piled up alongside other people’s health reports.
A source told the MoS: ‘There is mass mishandling of medical data within the Defence Forces.
‘Up until 2017, every member of the Defence Forces had what was known as a pink file and this had all their medical reports.
‘Work started in 2016 digitalising these medical records and everyone working in the medical aid units, including administrators and people working in IT, have access to these personal and sensitive records.
‘There have been times when the digital system has gone down, and data has been lost and the data on the old physical files has then been uploaded onto the digital system.
‘As part of bringing in the new digitalised system, the physical medical files were to have been centrally archived. But what is happening is that every week when physical reports come into medical aid posts around the country, when these documents are scanned, they are all put into brown envelopes and mixed up with all the other reports for other people sent in that particular week.
‘These brown envelopes are then stamped, dated and signed and kept in back offices at medical aid posts. This is in breach of GDPR rules and the Defence Forces’ own regulations, and it was brought to the attention of the Independent Review Group that is looking at a toxic culture and wrongdoing within the Defence Forces.’
The revelation will come as another blow to Defence Forces chiefs as they await the findings of an Independent Review Group set up by Defence Minister Simon Coveney to investigate claims from former female soldiers that they were sexually assaulted and bullied.
In September the MoS revealed that at least two serving members of the Defence Forces have told the Independent Review Group inquiry they were sexually assaulted while on duty.
In response to queries from the MoS, the Defence Forces said it had not yet been notified about any complaint made against it regarding alleged mishandling of sensitive personal information.
A spokesman said: ‘The Defence Forces has not received a notification of a complaint from the Data Protection Commissioner in relation to the query outlined below. It is, therefore, inappropriate for us to comment further.’
‘There’s has been mass mishandling of reports’
‘They are mixed up with other people’s reports’