Fine against hospital due to data protection deficits in patient management

3 December 2019

The Commissioner for Data Protection and the Freedom of Information Rhineland-Palatinate imposed a fine of 105,000 euros on a hospital in Rhineland-Palatinate.
The fine is based on several breaches of the General Data Protection Regulation in the framework of a patient mix-up when admitting the patient. This resulted in incorrect invoicing and revealed structural technical and organisational deficits in the hospital's patient and privacy management.

The Commissioner Prof. Dr. Kugelmann emphasises: "The primary objective of the corrective measures and sanctions is to remedy existing shortcomings and improve data protection. Fines are one instrument among several ones. In addition to their sanctioning effect, they always contain a preventive element in that it becomes clear that grievances are consistently investigated. What matters to me is that substantial progress is made on health data protection in view of the particular sensitivity of the data. I therefore hope that the fine will also be seen as a signal so that the data protection supervisory authorities are particularly vigilant in the field of data handling in health care."

To read the press release in German, click here

For further information, please contact the Rhineland-Palatinate DPA:

The press release published here does not constitute official EDPB communication, nor an EDPB endorsement. This press release was originally published by the national supervisory authority and was published here at the request of the SA for information purposes. As the press release is represented here as it appeared on the SA's website or other channels of communication, the news item is only available in English or in the Member State's official language with a short introduction in English. Any questions regarding this press release should be directed to the supervisory authority concerned.