IT infrastructure is among the issues that will impact implementation of the new HSE records and retention policy, an internal committee heard.
Last month, the Medical Independent reported that the HSE had “fully reviewed and updated” the policy.
The policy provides guidance on the retention periods for all types of records processed by the HSE and is fully compliant with General Data Protection Regulation (GDPR) legislation. A HSE internal audit in late 2020 recommended that the policy be reviewed for compliance with GDPR.
The HSE audit and risk committee focused on the reviewed policy at its December 2022 meeting. Committee members discussed “a number of issues that will impact on the implementation of this policy”. IT infrastructure, storage space, and capacity of the service, were raised during the meeting. The committee noted that a “transitory period” would be needed between the previous policy and adoption of the updated policy.
The committee welcomed the updated policy, “noting that it is imperative that a consistent and effective records policy is adopted, considering that a wide variety of records are held across the HSE including healthcare records, financial records, HR records, and general administrative records.”
The committee was briefed in relation to the new policy “highlighting in particular the work completed to implement the recommendations in respect of the Scally Report and the Irish Data Protection Commissioner’s Report in 2018”.
“This report highlighted gaps in the implementation of the records retention policy by hospitals and found that the patient charts were held indefinitely, in a potential breach of… GDPR and the Data Protection Acts.”