The Barreiro Hospital in Portugal was fined €400,000  by the Portuguese Data Protection Authority (CNPD) for the non-compliance with the General Data Protection Regulation (GDPR).

The public sector hospital had granted access to patients' clinical data. In addition, the CNPD discovered that 986 physicians were registered, while there are only 296 physicians working at the hospital. 

The fines were imposed after the authority had been taken out at the hospital after having been alerted by the medical association. The CNPS maintained that the principles of integrity and confidentiality, data minimization in order to limit access to patients 'clinical data, and the controllers' inability to secure the confidentiality and integrity of the data in their system (data security) was violated. The first two breaches were considered with €150,000 each, while the third led to an increase of €100,000.

The hospital is questioning the CNPD's authority for imposing such fines. It may request a judicial review of the CNPS's decision.

#Portugal #Hospitals #PatientData #Eu #GDPR #DataController #Fines #Privacy #HealthCare

Translated using Google.

Original piece on