Østfold HF Hospital

€112,000

Insufficient technical and organisational measures to ensure information security

Dato for beslutning

22. juni 2020

Myndighet

Norwegian Supervisory Authority (Datatilsynet)

NO

Sektor

Health Care

Land

NO

Lov og rett

GDPR

Status

FINAL

Beskrivelse

It was found that Østfold HF Hospital had stored patient data, including sensitive data such as the reason for hospitalisation, during the period 2013-2019 without controlling access to the folders where the data was stored. Datatilsynet therefore decided that the hospital had not taken sufficient technical and organisational measures to protect personal data and was therefore in breach of the GDPR and the Patient Records Act.

Juridiske henvisninger

Art. 32

Problemer og overtredelser

Insufficient technical and organisational measures to ensure information security
Se offisielt dokument
Tilbake til bøtedatabasen
Tidligere Fine
Spanish Data Protection Authority (aepd) - Comunid...
Neste bot
Data Protection Authority of Hamburg (HmbBfDI) - C...

Hold deg oppdatert om håndheving av personvern

Vi respekterer personvernet ditt. Én e-post per måned, ingen spam, avmelding når som helst.