DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Norwegian DPA: Oslo University Hospital ordered to amend agreements

Posted on July 2, 2021 by Dissent

The Norwegian Data Protection Authority’s inspection of Oslo University Hospital (OUH) reveals that the hospital cannot document satisfactory control of patient data when the hospital needs laboratory services from other countries.

The Data Protection Authority understands that it is important to be able to use laboratories in other countries when the hospital or other Norwegian laboratories do not have the necessary expertise to perform analyses required to provide patients with the medical help they need. The hospital therefore sends out blood samples or other biological material and patient data for analysis at laboratories located in other countries, both within and outside the EEA. This affects approx. 8,000 patients a year.

Lacks satisfactory agreements

Nevertheless, this need for outside assistance does not exempt the hospital from its responsibility of ensuring safe and appropriate processing of biological samples and patient data.

The Data Protection Authority concluded that the hospital has failed to establish appropriate agreements to ensure correct handling of the hospital’s duties and protection of the patients’ rights, among other things because the hospital has failed to conclude data processing agreements with laboratories.

Will address issues

In its most recent response to the Data Protection Authority’s preliminary inspection report, the hospital says it will address the problems revealed in the report. The hospital plans to assign responsibility for all use of foreign labs to a dedicated hospital unit, and plans to conclude agreements with foreign labs to ensure that all patient data and the patients’ biological material are processed in accordance with relevant legislation.

“These are positive signals from Oslo University Hospital,” says Bjørn Erik Thon, Director of the Data Protection Authority. “Clear assignment of responsibility and clear agreements are important for personal data protection and information security.

For further information, please contact the Norwegian DPA: [email protected]

The original press release is available in Norwegian here

The press release published here does not constitute official EDPB communication, nor an EDPB endorsement. This press release was originally published by the national supervisory authority and was published here at the request of the SA for information purposes. As the press release is represented here as it appeared on the SA’s website or other channels of communication, the news item is only available in English or in the Member State’s official language with a short introduction in English. Any questions regarding this press release should be directed to the supervisory authority concerned.

Source: EDPB

No related posts.

Category: Commentaries and AnalysesHealth DataNon-U.S.

Post navigation

← Former Anonymous and Lulzsec hacker discusses his criminal past and gives his top tips for avoiding ransomware
South African insurance provider has been hit by a major data breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information
  • UK police arrest four in connection with M&S, Co-op and Harrods cyberattacks (1)
  • At U.S. request, France jails Russian basketball player Daniil Kasatkin on suspicion of ransomware conspiracy
  • Avantic Medical Lab hacked; patient data leaked by Everest Group
  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined
  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets
  • Franklin, Tennessee Resident Sentenced to 30 Months in Federal Prison on Multiple Cyber Stalking Charges
  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.