Public Hospital

€400,000

Insufficient technical and organisational measures to ensure information security

Decision Date

July 17, 2018

Authority

Portuguese Data Protection Authority (CNPD)

PT

Sector

Health Care

Country

PT

Law

GDPR

Status

FINAL

Description

Investigation revealed that the hospital’s staff, psychologists, dietitians and other professionals had access to patient data through false profiles. The profile management system appeared deficient – the hospital had 985 registered doctor profiles while only having 296 doctors. Moreover, doctors had unrestricted access to all patient files, regardless of the doctor’s specialty.

Legal Citations

Art. 5 (1)Art. 32

Issues & Violations

Insufficient technical and organisational measures to ensure information security
View Official Document
Back to Fines Database
Previous Fine
Data Protection Authority of Hamburg - Unknown...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.