HSE refuses to explain why 'clerical error' wasn't reported as data breach

As revealed by the Irish Examiner and RTÉ’s Prime Time programme last Thursday, Sergeant McCabe was the subject of false sex abuse claims detailed in a Tusla file by a HSE counsellor at the height of the penalty points scandal in 2014.

Information included in the file that he acted inappropriately with a child was subsequently found to be false and after it was “copy-and-pasted” into the file by a HSE counsellor.

However, the case remained active for more than two years.

Under strict HSE protocols, any “administrative error” in a file must be registered as a data protection breach with its regional manager for data protection and consumer affairs in order to ensure a repeat offence does not occur.

Despite the fact the HSE has described the mistake as an “administrative error”, the ‘cut and paste’ fiasco failed to be registered.

Details released to The Journal website under the Freedom of Information Act show that between April 2014 and April 2015, a total of 103 data protection breaches were reported.

These breaches involved medical notes being sent to the wrong patients, a Tusla report being attached to an information booklet and posted by mistake, and a patient’s chart being left on a garden wall.

They also include patient files which were discovered by a member of the public in the drawer of a filing cabinet in a second-hand furniture shop, and a diary containing sensitive client information which was misplaced and found on the roof of her car.

However, despite the details involved, no reference whatsoever was made during the period to the false accusations of sexual abuse against Sgt McCabe.

Asked to comment on why the error was not registered, a spokesperson said the HSE will not comment on any aspect of the McCabe case other than to say it is “currently in the process of gathering all files and putting in place an internal review”.