Azienda USL della Romagna

Description

The Italian DPA (Garante) imposed a fine of EUR 50,000 on Azienda USL della Romagna. Upon her arrival at the gynecology unit of a hospital operated by the controller (for the purpose of an abortion), a patient had explicitly asked the controller not to share her health data with third parties. She had separately left a telephone number for the purpose of being contacted. After the patient was discharged, a nurse tried to contact her in order to inform her about further therapy. However, the nurse did not use the telephone number provided by the patient specifically for this purpose, but instead used her home telephone number, which she was able to obtain from her patient file. When her husband took the call instead of the patient, the nurse informed him about her treatment, contrary to the patients request. Even though no further medical information was provided, it was clear from the conversation that the data subject had been admitted to this unit and was to receive further therapy.