Sahlgrenska University Hospital

€341,300

Insufficient technical and organisational measures to ensure information security

Tanggal Keputusan

3 Desember 2020

Wewenang

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)

SE

Sektor

Health Care

Negara

SE

Hukum

GDPR

Status

FINAL

Deskripsi

The Swedish DPA (Integritetsskyddsmyndigheten) fined Sahlgrenska University Hospital SEK 3,500,000 (EUR 341,300) for failing to implement adequate technical and organizational measures to ensure information security. It was found that there was no risk analysis regarding the access to patient data. Authorizations for users of the hospital information systems Melior and Nationell patientöversikt were not assigned according to the principle of minimum access. This gave users full access to confidential patient data that they did not need for work purposes. In addition, the Melior hospital information system did not keep records of when and for what purpose patient data was accessed.

Kutipan Hukum

Art. 5 (1)Art. 5 (2)Art. 32 (1)Art. 32 (2)

Masalah & Pelanggaran

Insufficient technical and organisational measures to ensure information security
Lihat Dokumen Resmi
Kembali ke Basis Data Denda
Sebelumnya Denda
Data Protection Authority of Sweden (Integritetssk...
Berikutnya Baik
Data Protection Authority of Hamburg (HmbBfDI) - C...

Tetap Terupdate tentang Penegakan Privasi

Kami menghormati privasi Anda. Satu email per bulan, tidak ada spam, berhenti berlangganan kapan saja.