Portuguese Data Protection Authority Imposes €400,000 Fine on Hospital
The Barreiro Hospital in Portugal was fined €400,000 by the Portuguese Data Protection Authority (CNPD) for the non-compliance with the General Data Protection Regulation (GDPR).
The public sector hospital had granted access to patients' clinical data. In addition, the CNPD discovered that 986 physicians were registered, while there are only 296 physicians working at the hospital.
The fines were imposed after the authority had been taken out at the hospital after having been alerted by the medical association. The CNPS maintained that the principles of integrity and confidentiality, data minimization in order to limit access to patients 'clinical data, and the controllers' inability to secure the confidentiality and integrity of the data in their system (data security) was violated. The first two breaches were considered with €150,000 each, while the third led to an increase of €100,000.
The hospital is questioning the CNPD's authority for imposing such fines. It may request a judicial review of the CNPS's decision.
Translated using Google.
Original piece on datenschutz-notizen.de
Former GP surgery secretary fined for reading medical records of 231 patients in two years
Irish DPC pilots data privacy lessons in Irish schools
Acxiom, a $3 billion ad data broker, comes out in favor of Apple CEO Tim Cook’s quest to bring GDPR-like regulation to the United States