Østfold HF Hospital
€112,000
Insufficient technical and organisational measures to ensure information security
Ημερομηνία απόφασης
22 Ιουνίου 2020
Αρχή
Norwegian Supervisory Authority (Datatilsynet)
NO
Τομέας
Health Care
Χώρα
NO
Νόμος
GDPRΚατάσταση
FINALΠεριγραφή
It was found that Østfold HF Hospital had stored patient data, including sensitive data such as the reason for hospitalisation, during the period 2013-2019 without controlling access to the folders where the data was stored. Datatilsynet therefore decided that the hospital had not taken sufficient technical and organisational measures to protect personal data and was therefore in breach of the GDPR and the Patient Records Act.
Νομικές παραπομπές
Art. 32
Θέματα & Παραβάσεις
Insufficient technical and organisational measures to ensure information security