Search
Contact
19.07.2019 | KPMG Law Insights

Hague hospital fined up to 760,000 euros

Hague hospital fined up to 760,000 euros

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) has imposed a fine of 460,000 euros on a hospital for failing to protect patient records from unnecessary access in the hospital information system. According to the report, at least 85 hospital employees unnecessarily and unauthorizedly accessed the medical records of a known patient without being involved in the patient’s care.

The regulator made it clear in its press release that the relationship between a healthcare provider and a patient is completely confidential. This also applies within the walls of a hospital. A hospital must therefore take all technical and organizational measures to ensure the security of patient data. Each hospital would need to regularly review who consults which record. This is the only way to take timely action if an unauthorized employee accesses a file.

Patient files should also be technically secured with at least two-factor authentication. Each time a patient record is accessed, a user’s identity would have to be logged by a code or password in combination with a personnel card. Uniform passwords for entire departments or the use of a common user name to avoid having to log in again each time are not permissible.

In order to implement these requirements effectively and as quickly as possible, the supervisory authority is putting the hospital under further pressure: as long as the safety precautions have not been improved, the hospital must pay an additional fine of another 100,000 euros every two weeks, up to a maximum of 300,000 euros. As a result, the hospital faces a maximum fine of 760,000 euros.

Already in October last year, a fine of 400,000 euros was imposed on a hospital in Portugal for a similar violation. The reason for this was also the lack of security of the patient file against access by non-treating medical staff. Even if the national supervisory authorities are in principle free to determine the level of fines, a comparable level of fines must also be expected in Germany for the inadequate security of patient records due to inadequate authorization concepts in hospital information systems.

Explore #more

27.05.2025 | KPMG Law Insights

Cell Phone Inspections at US Border and Beyond: What to Expect

Key facts: U.S. immigration officials monitor public social media data and travelers should be prepared to share details about their personal social media accounts. All…

23.05.2025 | KPMG Law Insights

Business Travel and Assignment in the USA: What you need to know about US immigration

The recent changes in US immigration rules are causing uncertainty worldwide. In particular, since the new US government took office, processes regarding entry into the…

14.05.2025 | KPMG Law Insights

BGH on customer installations: Decision orders application in line with the directive

In a ruling dated May 13, 2025, the BGH classified the supply infrastructure in the specific case of a residential complex in Zwickau as a…

13.05.2025 | In the media

KPMG Law expert in Spiegel article on energy policy

Dirk-Henning Meier, Senior Manager in the energy law department at KPMG Law, is quoted in a recent article on energy policy in Der Spiegel.…

13.05.2025 | Career, In the media

azur Karriere Magazin – All AI or what?

Artificial intelligence has long since arrived in law firms and legal departments. But dealing with it is a skill that needs to be learned. Many…

13.05.2025 | KPMG Law Insights

Initial experience with the Single-Use Plastics Fund Act: what manufacturers should bear in mind

Beverage cups, foil and plastic cigarette filters litter streets, parks and sidewalks. The cleaning costs are borne by the local authorities. The Disposable Plastics Fund…

07.05.2025 | KPMG Law Insights

Termination of fixed-term rental agreements in the case of pre-leasing

In the case of a pre-leasing, the tenancy only begins at a later date, usually the handover date. In such cases, the contracting parties usually…

06.05.2025 | In the media

Wirtschaftswoche honors KPMG Law

KPMG Law was named “TOP Law Firm 2025” in the field of M&A by WirtschaftsWoche. Ian Maywald, Partner at KPMG Law in Munich, was…

06.05.2025 | KPMG Law Insights

Social insurance obligation for teachers – transitional rule creates clarity

Teachers and lecturers are often hired on a self-employed basis. This practice makes the German pension insurance fund sit up and take notice. It is…

02.05.2025 | In the media

KPMG Law Statement in FINANCE Magazine: How CFOs can save up to 80 percent in the legal department

The cost pressure in companies is increasing – also in legal departments. Two strategies have now become established to save 50 to 80 percent of…

Contact

Sebastian Hoegl, LL.M. (Wellington)

Senior Manager
Lawyer
Specialist lawyer for IT law
LL.M. (Wellington)

Heinrich-von-Stephan-Straße 23
79100 Freiburg im Breisgau

Tel.: +49 761 769999-20
shoegl@kpmg-law.com

Maik Ringel

Senior Manager

Münzgasse 2
04107 Leipzig

Tel.: +49 341 22572563
mringel@kpmg-law.com

© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.

 KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.

Scroll