On 3 December 2019, the State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate (LfDI) issued the fine for violations of the GDPR (General Data Protection Regulation) to the hospital in Rhineland-Palatinate.
What was the GDPR violation?
Several GDPR breaches occurred during the admittance of the patients that resulted in issuing the wrong invoices and revealed more serious privacy issues the hospital was struggling with.
Commissioner Prof. Dr. Kugelmann stated that the primary objective of the corrective measures is to remedy existing shortcomings and improve data protection:
“In addition to their sanction effect, they always contain a preventive element, by making it clear that maladministration is pursued consistently. It is important for me that substantial progress be made in the area of data privacy sensitivity. Therefore, I hope that the fine will also be seen as a signal that data protection supervisory authorities are particularly vigilant in the field of handling data in the healthcare sector. “
This is the 14th GDPR fine in Germany so far, and while it is not the highest, it definitely sends the message that violation of the GDPR related to the most sensitive personal data- data subject’s medical and hospital records, will not be taken lightly.