Updated 5.30 pm

Healthcare workers have been ordered to double-check patients' identities when offering services, in what appears to be a response to recent allegations of idenitity fraud.

A letter circulated among staff in all government healthcare institutions on Tuesday instructed them to confirm the patient's identity by asking for their ID number, full name and date of birth.

Demographic data, such as address, mobile number and telephone number should also be checked, the letter says, and patients should also be asked to present their ID card, residence permit, passport or driving licence.

Times of Malta saw a copy of the letter which the Ministry's Permanent Secretary sent to staff.

Rise in complaints

It was sent out just weeks after dozens of people claimed to have discovered that their medical files contained upcoming appointments for serious tests and surgeries they did not need, data about hospital admissions they never underwent and medication they were never prescribed for illnesses they never had.

One man who went for a check-up at a public healthcare clinic in June was even told his medical records listed him as having died in March.

The complaints surfaced after lawyer Jason Azzopardi claimed last month that Maltese ID card holders were “robbed” of their identities and that several ID numbers were allegedly assigned to other people through corrupt practices at Identità.

The anomalies largely remain a mystery and there is an ongoing data protection investigation and a magisterial inquiry into Azzopardi's claims.

'Cross-verify health records'

Although Tuesday's ministerial circular does not specify that the new orders were issued to deal with this matter, staff were instructed to make all the checks that would specifically avoid these conflicting medical records.

Staff were also told to cross-verify health records, for instance.

"Before accessing or updating any health records confirm that the identifiers in the patient's health records match the details provided by the patients or their authorised representative. This applies to every point of contact, including, but not limited to registration, consultation, test ordering, diagnostics and treatment," the letter said.

"When confirming identity engage the patient by asking them to state, not just confirm, their information (for example: 'Can you please tell me your date of birth?', instead of: 'Is your date of birth [x]'?). This practice reduces the risk of errors due to miscommunication or assumptions."

The instructions say that if at any point during the process, the system flags discrepancies the information must be verified again and any discrepancies must be documented and "escalated immediately to the Medical Records Department".

"Compliance with these guidelines is mandatory," the letter reads. "Failure to follow these guidelines may result in disciplinary action."

Identità welcomed the news that patients’ identities will now have to be confirmed before receiving a service. 

In a statement on Tuesday, the state agency said that such practices should be adopted by all organisations. 

It added that regulators should ensure that private entities that fall under their responsibility make themselves compliant with all regulations, including those related to data protection.

 

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.