Denis Naughten (Roscommon-South Leitrim, Fine Gael)
Link to this: Individually | In context

Question 205: To ask the Minister for Health and Children the reason the Irish Blood Transfusion Service provided live personal data of donors to a third party; if other agencies under the authority of her Department have employed a similar practice; the steps being taken to protect these blood donors from fraud or other abuses of their personal data; if the IBTS or the third party authorised a staff member to remove the date from the secure facility; and if she will make a statement on the matter. [8053/08]

Mary Harney (Dublin Mid West, Progressive Democrats)
Link to this: Individually | In context

The Irish Blood Transfusion Service (IBTS) entered into an Agreement with the New York Blood Centre Inc (NYBC) for the provision of a data query tool on 23 October 2007. The purpose of the data warehousing and reporting tool is to improve the existing IBTS blood banking system computer system, Progesa, in order to provide a better service to its donors and clients. Under the terms of that agreement, the IBTS exported data on CD from its Progesa system. The data was encrypted using a 256 bit key encryption, prior to export on a CD.

The IBTS is very conscious of its obligations under the Data Protection Acts to take appropriate security measures against unauthorised access to, or unauthorised alteration, disclosure or destruction of data. In this instance, the IBTS is confident that it has complied with these obligations by virtue of the robust security measures which have been taken by the Service and NYBC and consider that the risk of any person being in a position to bypass password controls and decrypt the data is extremely remote. The IBTS informed the Data Protection Commissioner as quickly as possible of the details of the case and the Commissioner has been in regular contact with the IBTS on the matter. The Commissioner has noted publicly that the IBTS had a legitimate reason to send the data out of the country, that it had taken its responsibilities to donors and clients seriously and that the information had been securely encrypted.

The IBTS is writing to each donor affected to reassure them and to advise them of the possibility, however remote, that their personal data might be accessed. It is also writing to GPs and hospitals who will in turn contact the patients concerned. An information line has been set up for anyone with concerns. Under the Health Act 2004, the Health Service Executive has direct responsibility for the planning and management of health sector developments for both the HSE itself and the majority of other health agencies. Accordingly, my Department has requested the Parliamentary Affairs Division of the Executive to arrange to have the matter investigated and to have a reply issued directly to the Deputy in relation to the HSE and those agencies.

In relation to other health agencies which are directly funded through my Department, arrangements are being made to have the required details collated. The information will be forwarded to the Deputy as soon as this exercise is completed.