A DUBLIN hospital has built a database containing the DNA of almost every person born in the country since 1984 without their knowledge in an apparent breach of data protection laws.Similar de facto databases have been created in this accidental manner in other jurisdictions - in Australia and New Zealand for example - where they have been extremely controversial and have had safeguards imposed. In Western Australia, police began to use these databases without consent in criminal investigations, causing hospitals to destroy existing databases and to change medical practice to store samples for a two year period only. In New Zealand, meanwhile, the practice is that parents are fully informed as to the purpose for which samples are taken and stored, and have the right to have the sample returned to them once the testing is completed, and the privacy implications of this database are currently under review.
The Children’s University hospital in Temple Street is under investigation by the Data Protection Commissioner (DPC) since The Sunday Times discovered it has a policy of indefinitely keeping blood samples taken to screen newborn babies for diseases.
Unknown to the DPC, the hospital has amassed 1,548,300 blood samples from “heel prick tests” on newborns which are sent to it for screening, creating, in effect, a secret national DNA database. The majority of hospitals act on implied or verbal consent and do not inform parents what happens to their child’s sample.
The blood samples are stored at room temperature on cards with information including the baby’s name, address, date of birth, hospital of birth and test result. The DPC said it was shocked at the discovery.
On four occasions the hospital has allowed scientists from a university and other hospitals to access the Newborn Screening Cards (NSCs) for research purposes. This was done on the basis of anonymity but without the consent of parents and followed approval by the hospital’s ethics committee.
The DPC is now engaged in urgent discussions with the hospital, the Health Service Executive (HSE) and the Department of Health to force the hospital to comply with data protection legislation by January. The DPC could order the destruction of the records if it is not satisfied the hospital is taking the necessary actions.
“Clearly it is a matter of significant concern to us that holding data of this nature containing sensitive health details of such a significant portion of the population appears to have operated without taking account of data protection requirements,” said Billy Hawkes, the DPC commissioner.
“The issue of the justification for the holding of the blood samples for any period beyond that which is necessary to perform the initial blood test will have to be considered as part of this office’s investigation of this matter. At present the position would appear to be that there is no consent from parents for the information to be held at all.”
In light of these controversies elsewhere, the lack of informed consent and the fact that there is no legal basis for the heel prick tests (a point confirmed in North Western Health Board v. HW and CW) it's hard to see how Temple Street could have believed that it was entitled to hold onto these samples indefinitely - and it is remarkable that this point appears to have been missed by the ethics committee on four separate occasions.