First the scandal about the unlawful retention of organs, and as if health authorities didn’t learn anything from that debacle now there are questions about possible unethical practices involving the unlawful retention of blood samples which have been equated to de-facto secret DNA databases.
The report in today’s Sunday Times highlights that the hospital and the Data Protection Commissioner, the Dept. of Health & Children and the HSE will be meeting next week to discuss reports of this latest retention where over 1.54 million blood samples have been retained from children’s heel prick tests. While the Times revealed the existence of this de-facto DNA database two weeks ago, the article states that the Data Protection Commissioner (DPC) was not aware that the hospital held such comprehensive records. According to the article, the blood samples were retained without the permission of parents and there is private information that allows for each sample to be readily identified.
While the purpose for which these samples have been retained is unclear reports also indicate that the samples were used by external researchers on four separate occasions. The article did not question the purpose of the research that was undertaken or identify who were the scientific researchers but I would feel that these are important questions that must be clarified from a research ethics perspective.
Interestingly, I’d also be questioning the exact processes that were employed for receiving Research Ethics Committee (REC) approval both internally and externally. Who were the consultants on the panel that approved the research in Temple Street? Clearly, Research Ethics Committee (REC) approval is a standard research requirement be that in Temple Street Hospital or any academic institution.
So, did any person on any of the committees hearings even raise any concern about the ethical nature of the research they were being asked to approve given how the samples were procured and the fact the samples were being retained and used for purposes other for which they were collected for. More importantly the parents of the children had not consented to this research.
Then we come to the theft of two computer servers in Temple Street. According to today’s Sunday Times the two servers were stolen in 2007 and are believed to have contained patient data like name, date of birth, reason for admission etc. The theft was reported and investigated by both the Data Protection Commissioner and An Garda Siochana.
What seems most disturbing is that the Data Protection Commissioner decided that there was no need to inform either the parents or the public of the theft, on the belief that there was little chance of the thief being able to access the data.
Clearly, “secure systems” were not in place with questions yet to be answered on whether the data was “encrypted” or not? On concluding his investigation the Data Protection Commissioner felt that it was not necessary to take any kind of action against the hospital for holding the information on unsecure systems and in unsecure locations. Evidently, the commissioner does not consider it necessary or prudent to inform data subjects when their personal and sensitive data is compromised.
The report in today’s Sunday Times highlights that the hospital and the Data Protection Commissioner, the Dept. of Health & Children and the HSE will be meeting next week to discuss reports of this latest retention where over 1.54 million blood samples have been retained from children’s heel prick tests. While the Times revealed the existence of this de-facto DNA database two weeks ago, the article states that the Data Protection Commissioner (DPC) was not aware that the hospital held such comprehensive records. According to the article, the blood samples were retained without the permission of parents and there is private information that allows for each sample to be readily identified.
While the purpose for which these samples have been retained is unclear reports also indicate that the samples were used by external researchers on four separate occasions. The article did not question the purpose of the research that was undertaken or identify who were the scientific researchers but I would feel that these are important questions that must be clarified from a research ethics perspective.
Interestingly, I’d also be questioning the exact processes that were employed for receiving Research Ethics Committee (REC) approval both internally and externally. Who were the consultants on the panel that approved the research in Temple Street? Clearly, Research Ethics Committee (REC) approval is a standard research requirement be that in Temple Street Hospital or any academic institution.
So, did any person on any of the committees hearings even raise any concern about the ethical nature of the research they were being asked to approve given how the samples were procured and the fact the samples were being retained and used for purposes other for which they were collected for. More importantly the parents of the children had not consented to this research.
Then we come to the theft of two computer servers in Temple Street. According to today’s Sunday Times the two servers were stolen in 2007 and are believed to have contained patient data like name, date of birth, reason for admission etc. The theft was reported and investigated by both the Data Protection Commissioner and An Garda Siochana.
What seems most disturbing is that the Data Protection Commissioner decided that there was no need to inform either the parents or the public of the theft, on the belief that there was little chance of the thief being able to access the data.
Clearly, “secure systems” were not in place with questions yet to be answered on whether the data was “encrypted” or not? On concluding his investigation the Data Protection Commissioner felt that it was not necessary to take any kind of action against the hospital for holding the information on unsecure systems and in unsecure locations. Evidently, the commissioner does not consider it necessary or prudent to inform data subjects when their personal and sensitive data is compromised.
Last edited: