Data Protection Academy » Data Protection News » Data breach patient data sent to wrong recipient
Data breach patient data sent to wrong recipient
Date: 03.12.2019
Responsible body: Nationwide misdirected shipments
Type of data protection violation: Error in sending patient data
An NDR survey showed that nationwide very often patient data are sent to wrong recipients. Since the entry into force of the Basic Data Protection Regulation (DSGVO) in May 2018, there were 850 mis-dispatches, according to NDR data.
The way in which data breaches are handled varies greatly among the responsible bodies. In some cases, data breaches are not reported at all to the responsible data protection supervisory authority, while others report every breach of the data protection law. Data protection. Clinics, doctors' practices, laboratories and billing offices are responsible for the incorrect shipment.
The serious conditions became known because the Asklepios Clinic Altona sent a total of eleven doctor's letters with patient data to a Hamburg psychotherapist Daniela Rath. The problem was that the patients were not being treated by the psychotherapist. Although Ms Rath repeatedly wrote to the Asklepios Clinic to report the incorrectly sent letters, she continued to receive incorrectly sent doctor's letters. Finally, she turned to the NDR.
Der Hamburgische Datenschutzbeauftragte Caspar rät zu Bußgeldern, um den “Vermeidungsdruck” bei verantwortlichen Stellen zu erhöhen.
Country: Germany
Source: NDR
- Internal control system - 10 September 2024
- TISAX requirements: Prepare certification step by step - 8 January 2024
- Audit management: Implementing audits more efficiently - 26 October 2023