Mr Y and Health Service Executive
From Office of the Information Commissioner (OIC)
Case number: OIC-61068-V7S6X1
Published on
From Office of the Information Commissioner (OIC)
Case number: OIC-61068-V7S6X1
Published on
Whether the HSE was justified in refusing access to a copy of a Clinical Incident Report under section 37 and section 32(1)(b) of the FOI Act
15 September 2020
The applicant submitted a request to the HSE on 23 September 2019 for a copy of a Clinical Incident Report prepared in response to his attendance at the Emergency Department (ED) of a hospital on 11 May 2019. As the HSE failed to issue a decision on the request, the applicant sought an internal review of the HSE's deemed refusal of the request on 30 October 2019.
On 6 January 2020, the HSE issued its internal review decision in which it refused the request under sections 37(1) and 37(7) of the FOI Act. The applicant sought a review by this Office of the HSE's decision on 17 January 2020.
During the course of the review, the HSE made submissions in support of its decision to refuse access to the report under section 37 of the FOI Act. It also stated that it wished to rely on section 32(1)(b) of the FOI Act in refusing access to the record sought. That section provides for the refusal of a request where release of the information sought could reasonably be expected to endanger the life or safety of any person.
I have now decided to conclude this review by way of a formal, binding decision. In conducting the review I have had regard to the full contents of the record at issue. I have also had regard to correspondence between the applicant and the HSE on the matter, and between this Office and both the HSE and the applicant in relation to this review.
This review is concerned solely with the question of whether the HSE was justified in its decision to refuse access to the record requested under section 37 and/or section 32(1)(b) of the FOI Act.
Section 37(1) of the FOI Act provides that, subject to the other provisions of the section, an FOI body shall refuse a request if access to the record concerned would involve the disclosure of personal information. This does not apply where the information involved relates to the requester (section 37(2)(a) refers). Furthermore, section 37(7) provides for the refusal of a request where access to the record concerned would, in addition to involving the disclosure of personal information relating to the requester, also involve the disclosure of personal information relating to an individual or individuals other than the requester, and where it is not feasible to separate the personal information relating to the requester from that relating to the other party. Such information is commonly referred to as joint personal information.
Section 2 of the Act defines "personal information" as information about an identifiable individual that either (a) would, in the ordinary course of events, be known only to the individual or members of the family, or friends, of the individual or (b) is held by an FOI body on the understanding that it would be treated by the body as confidential. Section 2 goes on to list fourteen categories of personal information including the name of the individual where it appears with other personal information relating to the individual or where the disclosure of the name would, or would be likely to, establish that any personal information held by the FOI body concerned relates to the individual.
Certain information is excluded from the definition of personal information. Where an individual is a member of staff of an FOI body, personal information does not include the name of the individual, or information relating to the position held or its functions, or the terms upon and subject to which the individual occupies or occupied that position, or anything written or recorded in any form by the individual in the course of and for the purpose of the performance of the functions of the position (Paragraph I refers).
The exclusion at Paragraph I does not exclude all information relating to staff members. The exclusion is intended, in essence, to ensure that section 37 cannot be used to exempt the identity of a public servant in the context of the particular position held or any records created by the staff member while carrying out his or her official functions, or information relating to the terms conditions and functions of positions. The exclusion does not deprive public servants of the right to privacy generally.
The record withheld comprises a Clinical Incident Report prepared in relation to the applicant’s attendance at the ED of a hospital. In its submissions to this Office, the HSE described the information in the record as a staff member’s account of an incident that occurred in her working environment and how the incident affected her. The record outlines that the staff member was subjected to verbal abuse and intimidating behaviour. The HSE said staff being exposed to such incidents is not the norm in the course of their duties in the health services. It argued that the information noted in the record is considered personal information of the staff member from the point of view that it describes her feelings and vulnerability in relation to the intimidation she received in her workplace while on duty. It said the purpose for which the report was raised
on its Incident Management System was for the staff member's own protection and the protection of her colleagues in respect of their health and safety in the workplace. It also said the report contains details of a staff member who as witness to the incident and argued that this is personal information relating to the staff member.
Having considered the contents of the record and the HSE’s submissions on the matter, I am satisfied that the disclosure of the record would involve the disclosure of personal information relating to the staff member in question. As I have outlined above, the exclusion to the definition of personal information provides that personal information does not include anything written or recorded in any form by a staff member in the course of and for the purpose of the performance of the functions of the position held. On this point, I note that the staff member reported the incident under the National Incident Management System (NIMS) classification of 'Behavioural Hazards'/'Violence and Aggression'. The HSE said the reporting of this incident was in compliance with both the HSE Incident Management Framework 2018 and Nursing Professional Standards/Code of Conduct, whereby staff are required to report all patient safety and staff safety incidents as part of a culture of patient safety and health and safety at work.
Notwithstanding the fact that the staff member recorded her account of the incident as required under the relevant policies and codes, I do not accept that the staff member’s account of such an incident and how it affected her can reasonably be described as a record created by a staff member in the course of and for the purpose of the performance of the functions of the position. It is not part of the functions of any staff member to be subjected to verbal abuse or intimidation. I am satisfied that the exclusion does not apply.
I my view, the information in the record can properly be described as joint personal information relating to the applicant and to the staff member. As such, section 37(1) applies.
There are some circumstances, provided for at section 37(2), in which section 37(1) does not apply. I am satisfied that none of the circumstances identified at section 37(2) arise in this case. Furthermore, section 37(5) provides that a request that would fall to be refused under section 37(1) may still be granted where, on balance, (a) the public interest that the request should be granted outweighs the right to privacy of the individual to whom the information relates, or (b) the grant of the information would be to the benefit of the person to whom the information relates.
I am satisfied that section 37(5)(b) does not apply in this case. On the matter of whether section 37(5)(a) applies, the question I must consider is whether the public interest in granting the request outweighs, on balance, the public interest in protecting the privacy rights of the staff member in question.
On the matter of where the public interest lies, I have had regard to the comments of the Supreme Court in The Governors and Guardians of the Hospital for the Relief of Poor Lying-In Women v The Information Commissioner,[2011] 1 I.R. 729, [2011] IESC 26) (the Rotunda case). It is noted that a public interest ("a true public interest recognised by means of a well known and established policy, adopted by the Oireachtas, or by law") should be distinguished from a private interest. Although these comments were made in relation to another provision of the FOI Act, I consider them to be relevant to consideration of public interest tests generally.
The FOI Act recognises a public interest in the promotion of openness and accountability in how public bodies perform their functions. However, the FOI Act also recognises the public interest in the protection of the right to privacy both in the language of section 37 and in the Long Title to the Act (which makes clear that the release of records under FOI must be consistent with "the right to privacy"). It is also worth noting that the right to privacy has a constitutional dimension, as one of the unenumerated personal rights under the Constitution. Privacy rights will therefore be set aside only where the public interest served by granting the request (and breaching those rights) is sufficiently strong to outweigh the public interest in protecting privacy.
In its submissions to this Office, the HSE explained that the applicant knows the identity and name of the staff member concerned and has since made a complaint to the Nursing Midwifery Board of Ireland (NMBI) in relation to her. It said the applicant has already received the information contained in the Incident Report in a complaint investigation report prepared by senior hospital management in reply to complaints raised by him against the hospital. As such, it seems to me that the public interest in the enhancement of transparency and accountability of the HSE has already been served to a large extent. The question I must consider is whether the public interest in further enhancing that transparency and accountability is sufficiently strong to outweigh, on balance, the privacy rights of the staff member concerned. I am satisfied that it is not. In forming this view, I have had regard to the fact that the release of records under FOI is regarded, in effect, as release to the world at large, given that the Act places no restrictions on how records released under the Act may be used. I find, therefore, that section 37(5)(a) does not apply.
In conclusion. Therefore, I find that the HSE was justified in refusing access to the record sought under section 37(1) of the FOI Act. Having found the record to be exempt under section 37, I do not need to consider the HSE’s arguments for the refusal of the records under section 32(1)(b).
Having carried out a review under section 22(2) of the Freedom of Information Act 2014, I hereby affirm the decision of the HSE to refuse access to a copy of a Clinical Incident Report prepared in response to the applicant’s attendance at the Emergency Department of a hospital on 11 May 2019.
Section 24 of the FOI Act sets out detailed provisions for an appeal to the High Court by a party to a review, or any other person affected by the decision. In summary, such an appeal, normally on a point of law, must be initiated not later than four weeks after notice of the decision was given to the person bringing the appeal.
Stephen Rafferty
Senior Investigator