LFDI - Hospital in Rhineland-Palatinate
|LFDI - Hospital in Rhineland-Palatinate|
|Relevant Law:||Article 5 GDPR|
|Decided:||30. 9. 2019|
|Published:||3. 12. 2019|
|Parties:||Universitätsmedizin der Johannes-Gutenberg-Universität Mainz|
|National Case Number:||8.03.66|
|European Case Law Identifier:||n/a|
|Original Source:||Decision (in DE)|
|Press release:||LfDI (in DE)|
The Rhineland-Palatinate DPA (LfDI) fined a local hospital € 105.000 due to its deficient organisational and structural personal data processing system.
English Summary[edit | edit source]
The LfDI announced that a hospital had mix-ups during patient admission, which lead to incorrect invoicing practices. An investigation revealed structural technical and organisational deficits in the management of patients’ personal data and severe violations of the GDPR. The DPA recognised the efforts that the hospital is planning to put to improve its data protection management.
Comment[edit | edit source]
Share your comments here!
Further Resources[edit | edit source]
Share blogs or news articles here!
English Machine Translation of the Press release[edit | edit source]
The decision below is a machine translation of the original. Please refer to the German original for more details.
03.12.2019 Fines against hospital due to data protection deficits in patient management The state commissioner for data protection and freedom of information of Rhineland-Palatinate (LfDI) has imposed a fine of 105,000 euros on a hospital in Rhineland-Palatinate. At the same time, the LfDI welcomes the hospital's resilient efforts to sustainably promote further developments and improvements in data protection management. The final fine is based on several violations of the basic data protection ordinance in connection with patient mix-ups during patient admission. This resulted in incorrect invoicing and revealed structural technical and organizational deficits of the hospital in patient management. The State Commissioner, Prof. Dr. Kugelmann, emphasizes: "The primary goal of the remedial and sanctioning measures is to eliminate existing deficits and improve data protection. Fines are one instrument among several. In addition to their sanctioning effect, they always also contain a preventive element by making it clear that grievances are consistently followed up. It is important to me that substantial progress be made in health data protection in view of the particular sensitivity of data. I therefore hope that the fine will also be seen as a signal that data protection authorities are being particularly vigilant in the field of the handling of health data.