Hospital in Italy Fined $100,000 for Privacy Breaches
Italian DPA Garante fined a Hospital-University Company 80,000 euros ($93,000) for failing to comply with privacy regulations, it announced Thursday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
The DPA's inspection found that the hospital used two applications through which all health care personnel could conduct searches on patients' medical histories even if they weren't involved in their care. The systems, for outpatient records and hospitalization, didn't provide adequate access profiling or security measures such as alerts when activities were carried out on applications in specific log files, the watchdog said.
Moreover, it said, patients weren't aware of the searches so were unable to give or deny consent to access their files or to decide whether to hide sensitive information.
Patients must be allowed to choose whether their clinical information is placed in a file to which only their healthcare providers can have access, Garante said.