LFDI - Hospital in Rhineland-Palatinate

From GDPRhub
LFDI (Rhineland-Palatinate) - 8.03.66
Authority: LFDI (Rhineland-Palatinate)
Jurisdiction: Germany
Relevant Law: Article 5 GDPR
Article 32 GDPR
Type: Complaint
Outcome: Upheld
Decided: 30.09.2019
Published: 03.12.2019
Fine: 105,000 EUR
Parties: Universitätsmedizin der Johannes-Gutenberg-Universität Mainz
National Case Number/Name: 8.03.66
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): German
Original Source: Decision (in DE)
Initial Contributor: n/a

The Rhineland-Palatinate DPA (LfDI) fined a local hospital € 105.000 due to its deficient organisational and structural personal data processing system.

English Summary

The LfDI announced that a hospital had mix-ups during patient admission, which lead to incorrect invoicing practices. An investigation revealed structural technical and organisational deficits in the management of patients’ personal data and severe violations of the GDPR. The DPA recognised the efforts that the hospital is planning to put to improve its data protection management.


Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Press release

The decision below is a machine translation of the original. Please refer to the German original for more details.

Fines against hospital due to data protection deficits in patient management

The state commissioner for data protection and freedom of information of Rhineland-Palatinate (LfDI) has imposed a fine of 105,000 euros on a hospital in Rhineland-Palatinate. At the same time, the LfDI welcomes the hospital's resilient efforts to sustainably promote further developments and improvements in data protection management.

The final fine is based on several violations of the basic data protection ordinance in connection with patient mix-ups during patient admission. This resulted in incorrect invoicing and revealed structural technical and organizational deficits of the hospital in patient management.  

The State Commissioner, Prof. Dr. Kugelmann, emphasizes: "The primary goal of the remedial and sanctioning measures is to eliminate existing deficits and improve data protection. Fines are one instrument among several. In addition to their sanctioning effect, they always also contain a preventive element by making it clear that grievances are consistently followed up. It is important to me that substantial progress be made in health data protection in view of the particular sensitivity of data. I therefore hope that the fine will also be seen as a signal that data protection authorities are being particularly vigilant in the field of the handling of health data.