Updated: Apr 13, 2020
The German Commissioner for data protection and the freedom of information Rhineland-Palatinate imposed a fine of 105,000 euros on a hospital in Rhineland-Palatinate.
To read the press release in German, click here
The Commissioner Prof. Dr Kugelmann emphasises: “The primary objective of the corrective measures and sanctions is to remedy existing shortcomings and improve data protection.
Fines are one instrument among several ones. In addition to their sanctioning effect, they always contain a preventive element in that it becomes clear that grievances are consistently investigated. What matters to me is that substantial progress is made on health data protection in view of the particular sensitivity of the data. I, therefore, hope that the fine will also be seen as a signal so that the data protection supervisory authorities are particularly vigilant in the field of data handling in health care.”
The fine is based on numerous breaches of the GDPR in the framework of a patient mix-up when admitting the affected person. This led to wrong invoicing and revealed structural technical and organisational deficits in the clinic’s patient and privacy management.