Search
Contact
19.07.2019 | KPMG Law Insights

Hague hospital fined up to 760,000 euros

Hague hospital fined up to 760,000 euros

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) has imposed a fine of 460,000 euros on a hospital for failing to protect patient records from unnecessary access in the hospital information system. According to the report, at least 85 hospital employees unnecessarily and unauthorizedly accessed the medical records of a known patient without being involved in the patient’s care.

The regulator made it clear in its press release that the relationship between a healthcare provider and a patient is completely confidential. This also applies within the walls of a hospital. A hospital must therefore take all technical and organizational measures to ensure the security of patient data. Each hospital would need to regularly review who consults which record. This is the only way to take timely action if an unauthorized employee accesses a file.

Patient files should also be technically secured with at least two-factor authentication. Each time a patient record is accessed, a user’s identity would have to be logged by a code or password in combination with a personnel card. Uniform passwords for entire departments or the use of a common user name to avoid having to log in again each time are not permissible.

In order to implement these requirements effectively and as quickly as possible, the supervisory authority is putting the hospital under further pressure: as long as the safety precautions have not been improved, the hospital must pay an additional fine of another 100,000 euros every two weeks, up to a maximum of 300,000 euros. As a result, the hospital faces a maximum fine of 760,000 euros.

Already in October last year, a fine of 400,000 euros was imposed on a hospital in Portugal for a similar violation. The reason for this was also the lack of security of the patient file against access by non-treating medical staff. Even if the national supervisory authorities are in principle free to determine the level of fines, a comparable level of fines must also be expected in Germany for the inadequate security of patient records due to inadequate authorization concepts in hospital information systems.

Explore #more

26.08.2024 | In the media

Interview with Moritz Püstow on sustainability and increasing efficiency in the construction industry

How is the construction industry equipping itself for the future, which is facing major challenges?
In an interview with Baublatt, KPMG Law expert Moritz

22.08.2024 | Press releases

Strategic alliance between KPMG Law and MHP – A Porsche Company

KPMG Law and MHP – A Porsche Company have entered into a strategic alliance.
MHP is a leading consulting firm in the field of Engineering…

21.08.2024 | In the media

Guest article in the dpn: Initial practical experience with the implementation of DORA

In times of crisis and increasing cybercrime, digital operational stability is extremely important for companies.
In future, financial companies and third-party service providers of information…

19.08.2024 | In the media

Guest article at Springer Professional: Giralgeldtoken wants to simplify financial processes in industry

The commercial banks’ cash token should be an alternative to the digital euro for industry and have the character of a deposit.
This could be…

16.08.2024 | Deal Notifications

KPMG Law advises Hagedorn on syndicated financing

KPMG Law advised the Hagedorn Group on the negotiation and closing of a financing transaction A team led by Frankfurt-based KPMG Law partner and head…

06.08.2024 | In the media

Interview with Daniel Kaut on Talent Rocket about working in M&A

Daniel Kaut is a partner at KPMG Law and has been advising on M&A transactions and corporate law for 20 years.
He also has strategic…

06.08.2024 | In the media

Guest article in Betrieb on the topic of data protection and co-determination

The introduction of artificial intelligence in companies offers numerous opportunities, but also brings with it considerable challenges.
Complex issues arise in particular at the interface…

06.08.2024 | In the media

Guest article in IT-Zoom: The path to safe and ethical AI

The June 25, 2024 issue of IT-Zoom contains a guest article by KPMG Law expert Francois Maartens Heynike and KPMG Law expert Kerstin Ohrem.…

02.08.2024 | KPMG Law Insights

AI and employment law: what the AI Act means for HR

On August 1, the EU AI Act in force.
It regulates the use of artificial intelligence within the European Union.
As a regulation, the AI…

24.07.2024 | In the media

KPMG Law recognized as a top employer in Central Germany in the magazine azur

The legal market in Hesse is clearly characterized by the legal metropolis of Frankfurt am Main.
For those seeking a career in banking and finance…

Contact

Sebastian Hoegl, LL.M. (Wellington)

Senior Manager
Lawyer
Specialist lawyer for IT law
LL.M. (Wellington)

Heinrich-von-Stephan-Straße 23
79100 Freiburg im Breisgau

tel: +49 761 769999-20
shoegl@kpmg-law.com

Maik Ringel

Senior Manager

Münzgasse 2
04107 Leipzig

tel: +49 341 22572563
mringel@kpmg-law.com

© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.

 KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.

Scroll