From the European Data Protection Board:
The Commissioner for Data Protection and the Freedom of Information Rhineland-Palatinate imposed a fine of 105,000 euros on a hospital in Rhineland-Palatinate.
The fine is based on several breaches of the General Data Protection Regulation in the framework of a patient mix-up when admitting the patient. This resulted in incorrect invoicing and revealed structural technical and organisational deficits in the hospital’s patient and privacy management.The Commissioner Prof. Dr. Kugelmann emphasises: “The primary objective of the corrective measures and sanctions is to remedy existing shortcomings and improve data protection. Fines are one instrument among several ones. In addition to their sanctioning effect, they always contain a preventive element in that it becomes clear that grievances are consistently investigated. What matters to me is that substantial progress is made on health data protection in view of the particular sensitivity of the data. I therefore hope that the fine will also be seen as a signal so that the data protection supervisory authorities are particularly vigilant in the field of data handling in health care.”
To read the press release in German, click here
For further information, please contact the Rhineland-Palatinate DPA: poststelle@datenschutz.rlp.de
From the releases I looked at, they do not seem to have named the hospital that was fined.