Data breach patient data sent to wrong recipient

Date: 03.12.2019

Responsible body: Nationwide misdirected shipments

Type of data protection violation: Error in sending patient data

An NDR survey showed that nationwide very often patient data are sent to wrong recipients. Since the entry into force of the Basic Data Protection Regulation (DSGVO) in May 2018, there were 850 mis-dispatches, according to NDR data.

The way in which data breaches are handled varies greatly among the responsible bodies. In some cases, data breaches are not reported at all to the responsible data protection supervisory authority, while others report every breach of the data protection law. Data protection. Clinics, doctors' practices, laboratories and billing offices are responsible for the incorrect shipment.

The serious conditions became known because the Asklepios Clinic Altona sent a total of eleven doctor's letters with patient data to a Hamburg psychotherapist Daniela Rath. The problem was that the patients were not being treated by the psychotherapist. Although Ms Rath repeatedly wrote to the Asklepios Clinic to report the incorrectly sent letters, she continued to receive incorrectly sent doctor's letters. Finally, she turned to the NDR.

Hamburg's data protection commissioner Caspar advises fines to increase the "avoidance pressure" on responsible bodies.

Country: Germany

Source: NDR

Back to the overview of the data breaches