Thursday 4 August 2011

Tallaght and Roscommon Hospitals Data Breaches and Data Flow Diagrams

Updated: August 11th August to include Roscommon Hospital breach.

Tallaght Hospital* in Dublin, Ireland, recently suffered a data breach. Details are unclear but it involved outsourcing of transcribing services to Uscribe, a company based in the Phillipines. Something went astray.

In the Roscommon County Hospital incident, confidential paper medical records from patients treated in Midland Regional Hospital in Mullingar were discovered in a rubbish bin in the grounds of Roscommon County Hospital.

Would simple Data Flow Diagrams (DFD) have prevented these? Don't forget that Data Protection legislation also applies to paper records.


So here are some reminders. At the start of a project draw a simple DFD. This should show where data flows and where it is stored in the system. Don't forget to ask the following types of questions.
  • Does anybody export data to laptops, USB sticks etc.? (Danger Danger)
  • How are backups handled? Are they managed by third parties?
  • Is the same production data used by test systems, development companies etc.?
  • What about data used for trouble shooting, diagnositic purposes? Is that properly deleted when it is not longer needed?
  • Are processes in place to securely erase any hardware when it is being disposed of? 
The same types of questions can be asked about paper based records.
When you have indentified all the data flows and data storages, then you can ensure that you have adequate security measures in place for all of these points. In the case of Tallaght the DFD would have shown that data goes to the Phillipines. Since this is personal data, special measures for "Transfers Abroad" need to be in place. In the case of Roscommon, the DFD might show that paper records aren't destroyed securely.

When you are embarking on your next project, don't forget to use a simple DFD.

Some links:

(*) Full Name "Adelaide and Meath Hospital, inc National Childrens Hospital, Tallaght"

Social: del.icio.us DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot

No comments:

Post a Comment