Hospital catering staff were given access to confidential patient information held on a £54m health service record system which is being rolled out across Ireland, according to the Irish Independent.
The disclosure, under the Freedom of Information Act, has implications for the roll-out of Summary Care Records in England, as part of the NHS National Programme for IT (NPfIT).
Smartcards are issued to thousands of NHS staff to provide "role-based" access to systems delivered under the NPfIT. Only staff with a legitimate relationship can access patient records.
But under procedures which operate locally, secretaries and reception staff who collect information on patients may be issued with smartcards. It is also possible that some trusts could issue smartcards to caterers to look at health records to ensure that they serve special diets - diabetic or low-fat - to patients.
In Ireland, an audit found that hospital catering staff at Kerry General Hospital had access codes to the iSoft-based Integrated Patient Management System (IPMS), which is used by 10 acute hospitals and 20 health service centres.
They were able to access "patient activity history, including admission, discharge; name, address, GP, and a patient's clinical data". No clinical data had, at the time of the audit, been uploaded.