LFDI - Hospital in Rhineland-Palatinate: Difference between revisions

From GDPRhub
No edit summary
(added original DPA decision)
Line 16: Line 16:
[[Category:Article 32 GDPR]]
[[Category:Article 32 GDPR]]
|-
|-
|Type:||n/a
|Type:||Complaint
|-
|-
|Outcome:||n/a
|Outcome:||Upheld
|-
|-
|Decided:||n/a
|Decided:||30. 9. 2019
|-
|-
|Published:||3. 12. 2019
|Published:||3. 12. 2019
Line 28: Line 28:
|Fine:||105,000 EUR
|Fine:||105,000 EUR
|-
|-
|Parties:||Hospital (unknown)
|Parties:||Universitätsmedizin der Johannes-Gutenberg-Universität Mainz
|-
|-
|National Case Number:||n/a
|National Case Number:||8.03.66
|-
|-
|European Case Law Identifier:||n/a
|European Case Law Identifier:||n/a
Line 39: Line 39:
[[Category:German]]
[[Category:German]]
|-
|-
|Original Source:||[https://www.datenschutz.rlp.de/de/aktuelles/detail/news/detail/News/geldbusse-gegen-krankenhaus-aufgrund-von-datenschutz-defiziten-beim-patientenmanagement/ LfDI (in DE)]
|Original Source:||[https://gdprhub.eu/images/c/c4/LFDI_RLP_Bussgeldbescheid_8.03.66.pdf Decision (in DE)]
|-
|Press release:||[https://www.datenschutz.rlp.de/de/aktuelles/detail/news/detail/News/geldbusse-gegen-krankenhaus-aufgrund-von-datenschutz-defiziten-beim-patientenmanagement/ LfDI (in DE)]
|}
|}
The Rhineland-Palatinate DPA (LfDI) fined a local hospital € 105.000 due to its deficient organisational and structural personal data processing system.   
The Rhineland-Palatinate DPA (LfDI) fined a local hospital € 105.000 due to its deficient organisational and structural personal data processing system.   

Revision as of 10:56, 18 November 2020

LFDI - Hospital in Rhineland-Palatinate
LogoDE-RP.png
Authority: LFDI (Rhineland-Palatinate)
Jurisdiction: Germany
Relevant Law: Article 5 GDPR

Article 32 GDPR

Type: Complaint
Outcome: Upheld
Decided: 30. 9. 2019
Published: 3. 12. 2019
Fine: 105,000 EUR
Parties: Universitätsmedizin der Johannes-Gutenberg-Universität Mainz
National Case Number: 8.03.66
European Case Law Identifier: n/a
Appeal: n/a
Original Language: German
Original Source: Decision (in DE)
Press release: LfDI (in DE)

The Rhineland-Palatinate DPA (LfDI) fined a local hospital € 105.000 due to its deficient organisational and structural personal data processing system.

English Summary

The LfDI announced that a hospital had mix-ups during patient admission, which lead to incorrect invoicing practices. An investigation revealed structural technical and organisational deficits in the management of patients’ personal data and severe violations of the GDPR. The DPA recognised the efforts that the hospital is planning to put to improve its data protection management.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Press release

The decision below is a machine translation of the original. Please refer to the German original for more details.


03.12.2019
Fines against hospital due to data protection deficits in patient management


The state commissioner for data protection and freedom of information of Rhineland-Palatinate (LfDI) has imposed a fine of 105,000 euros on a hospital in Rhineland-Palatinate. At the same time, the LfDI welcomes the hospital's resilient efforts to sustainably promote further developments and improvements in data protection management.

The final fine is based on several violations of the basic data protection ordinance in connection with patient mix-ups during patient admission. This resulted in incorrect invoicing and revealed structural technical and organizational deficits of the hospital in patient management.  

The State Commissioner, Prof. Dr. Kugelmann, emphasizes: "The primary goal of the remedial and sanctioning measures is to eliminate existing deficits and improve data protection. Fines are one instrument among several. In addition to their sanctioning effect, they always also contain a preventive element by making it clear that grievances are consistently followed up. It is important to me that substantial progress be made in health data protection in view of the particular sensitivity of data. I therefore hope that the fine will also be seen as a signal that data protection authorities are being particularly vigilant in the field of the handling of health data.