top of page

Data Protection in the Hospital Sector

Back in January 2017, the Data Protection commissioner carried out an investigation into data protection in the hospital sector. The purpose of this special investigation was to examine the journey of sensitive personal data held on patient files and patient charts within the Hospital Sector and to determine if patient care is delivered in a manner that gives due respect to the legitimate data protection rights and expectations of patients.

In the report that was released on Monday, the inspectors found that there is scope for much greater security controls with regards to patient records in light of the fact that physical patient charts contain the most detailed clinical records in relation to the patient’s care, condition and treatment at the hospital. It is critical that hospital management does not underestimate the potential risks that can arise with regard to laxity in relation to security controls.

What the investigation also uncovered was that in ward settings of several, but not all, hospitals inspected staff carry physical paper lists in the pockets of their uniforms for the duration of their shift. These lists can contain personal and sensitive information such as dates of birth, medical conditions and dietary requirements. Where these paper lists are used, a risk exists that the information may not be securely disposed of, or may be taken off-site.

The reliance on paper and it’s documented challenges is further evident in hospital catering departments where menus and order forms are still a mainstay. Significant challenges exist in the ordering and tracking of patient diets and their meals. Paper-based menus can often be required to be completed a day in advance and then get physically passed around to different stakeholders. This process does not cater for changes in patients beds or diet and can even lead to patients getting fed the incorrect food or in some cases not getting fed at all. Following a HIQA report in 2017, and the 2008 Department of Health Guidelines on Nutritional Care, that highlighted issues with food choices and quality, an effort has been placed on improving the overall standard of hospital food. The focus must now shift to include improving the ordering and tracking process of patient diets.

In light of the Data Commissioners report and with the introduction of GDPR this Friday, May 25th, the hospital Sector and individual hospitals themselves need to re-evaluate their data protection procedures in relation to their use of paper for patient records and look to move towards a paperless environment. Dualtron’s ward ordering solution (Serval) can form part of this new paperless approach, enabling hospital’s to benefit from the latest secure digital technology and portable tablets.

The Serval Ward Ordering solution uses Android tablets and a secure ordering app to process patient data, including sensitive information such as dietary requirements. All of the data is stored in a secure cloud environment. The need for printing patient data is significantly reduced and the associated data protection risks are removed. Serval brings additional benefits such as easy tracking of and automating dietary requirements, and reduced orders during meal times which reduce food waste and the associated costs.

The report also recommends the use of audit trails to track who has accessed or edited a patient’s record. This detail can be tracked using Serval and reported on using its extensive reporting suite. Patient history reports can also be used to aid in the investigation of clinical or service quality complaints.

Adopting Serval will help your healthcare organisation comply with data protection laws; improve food service and the overall patient experience.

The Full HIQA report can be found here:


bottom of page