Østfold HF Hospital

€112,000

Insufficient technical and organisational measures to ensure information security

Beslissingsdatum

22 juni 2020

Autoriteit

Norwegian Supervisory Authority (Datatilsynet)

NO

Sector

Health Care

Land

NO

Wet

GDPR

Status

FINAL

Beschrijving

It was found that Østfold HF Hospital had stored patient data, including sensitive data such as the reason for hospitalisation, during the period 2013-2019 without controlling access to the folders where the data was stored. Datatilsynet therefore decided that the hospital had not taken sufficient technical and organisational measures to protect personal data and was therefore in breach of the GDPR and the Patient Records Act.

Juridische citaten

Art. 32

Problemen en overtredingen

Insufficient technical and organisational measures to ensure information security
Officieel document bekijken
Terug naar de database met boetes
Vorige boete
Spanish Data Protection Authority (aepd) - Comunid...
Volgende boete
Data Protection Authority of Hamburg (HmbBfDI) - C...

Blijf op de hoogte van privacybescherming

We respecteren je privacy. Eén e-mail per maand, geen spam, afmelden kan altijd.