One in six staff at a Dublin hospital saved sensitive patient information or staff financial information on their office computer drives in contravention of the HSE’s encryption policy, an internal HSE audit has found.
The audit of IT controls at Connolly Hospital Blanchardstown found 16.6 per cent of staff interviewed had "either a limited or significant amount of sensitive patient or staff financial information saved on their local network drives".
"Such practices are not in line with either the HSE encryption policy or the guidelines published by the Data Protection Commissioner, " the auditors wrote.
They indicated a “weak level” of staff awareness of data protection principles and said some 79 per cent had received no data protection training in the past two years.
Overall, general IT controls at the hospital were considered “inadequate” due to two “high level” findings at a national level. The full extent of the findings were heavily redacted.
The hospital said it would look into external training sessions and would try to look at making training available on site but it noted resources were “tight”.
Separately, it emerged in another audit that gardaí were notified after €702 of the proceeds of a cake sale at Midland Regional Hospital in Mullingar went missing from a safe.
The cake sale, held on May 2nd and 3rd, 2013, was held to raise funds to redecorate the staff canteen.
Gardaí interviewed cashier staff but “none of the staff members had any information to impart” and gardaí closed the case.