A hospital in Rhineland-Palatinate, Germany has been fined €105,000 by the State Commissioner for Data Protection and Freedom of Information Rhineland-Palatine (LfDI).
The fine was based on several breaches of the GDPR (General Data Protection Regulation) concerning patient admittances, resulting in patients receiving incorrect invoices, and exposing issues with the hospital’s patient privacy management.
LfDI Commissioner Prof. Dr Dieter Kugelmann said: “The primary objective of the corrective measures and sanctions is to remedy existing shortcomings and improve data protection. Fines are one instrument among several ones.
“In addition to their sanctioning effect, they always contain a preventive element in that it becomes clear that grievances are consistently investigated. What matters to me is that substantial progress is made on health data protection in view of the particular sensitivity of the data. I therefore hope that the fine will also be seen as a signal so that the data protection supervisory authorities are particularly vigilant in the field of data handling in health care.”
What can we learn from this data breach?
A key component of GDPR compliance is ensuring all employees, from the executive boardroom to the reception desk, understand their responsibilities under the Regulation.
Our GDPR Staff Awareness E-learning Course is a quick and affordable way to deliver GDPR training to your entire workforce. It aims to provide employees with a complete foundation on the principles, roles, responsibilities and processes under the Regulation.