Search
Contact
19.07.2019 | KPMG Law Insights

Hague hospital fined up to 760,000 euros

Hague hospital fined up to 760,000 euros

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) has imposed a fine of 460,000 euros on a hospital for failing to protect patient records from unnecessary access in the hospital information system. According to the report, at least 85 hospital employees unnecessarily and unauthorizedly accessed the medical records of a known patient without being involved in the patient’s care.

The regulator made it clear in its press release that the relationship between a healthcare provider and a patient is completely confidential. This also applies within the walls of a hospital. A hospital must therefore take all technical and organizational measures to ensure the security of patient data. Each hospital would need to regularly review who consults which record. This is the only way to take timely action if an unauthorized employee accesses a file.

Patient files should also be technically secured with at least two-factor authentication. Each time a patient record is accessed, a user’s identity would have to be logged by a code or password in combination with a personnel card. Uniform passwords for entire departments or the use of a common user name to avoid having to log in again each time are not permissible.

In order to implement these requirements effectively and as quickly as possible, the supervisory authority is putting the hospital under further pressure: as long as the safety precautions have not been improved, the hospital must pay an additional fine of another 100,000 euros every two weeks, up to a maximum of 300,000 euros. As a result, the hospital faces a maximum fine of 760,000 euros.

Already in October last year, a fine of 400,000 euros was imposed on a hospital in Portugal for a similar violation. The reason for this was also the lack of security of the patient file against access by non-treating medical staff. Even if the national supervisory authorities are in principle free to determine the level of fines, a comparable level of fines must also be expected in Germany for the inadequate security of patient records due to inadequate authorization concepts in hospital information systems.

Explore #more

24.03.2025 | KPMG Law Insights

Product piracy in online retail: these are the latest tricks

Product piracy is also flourishing with the growth in online trade. A major problem for brand owners, but also a challenge for online marketplaces and…

24.03.2025 | Deal Notifications

KPMG Law advises Munich Airport on the sale of aerogate München Gesellschaft für Luftverkehrsabfertigungen mbH

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) provided legal advice to Flughafen München GmbH (FMG) on the sale of its subsidiary aerogate München Gesellschaft für Luftverkehrsabfertigungen…

21.03.2025 | KPMG Law Insights

Special infrastructure assets: how the administration manages to implement projects quickly

The special infrastructure fund creates the opportunity to catch up on years of investment backlog. There is a need for urgency. Defence capability, economic growth…

20.03.2025 | KPMG Law Insights

AI Act: This applies to AI in universities and research

Artificial intelligence (AI) offers numerous opportunities for research, teaching and administration, but also raises complex legal issues. The European Union’s AI Regulation(AI Act)…

19.03.2025 | In the media

BUJ/KPMG Law Summit Transformation

The Bundesverband der Unternehmensjuristinnen und Unternehmensjuristen e.V. (BUJ) and KPMG Law cordially invite you to the BUJ Summit Transformation on May 28, 2025 in Frankfurt…

18.03.2025 | In the media

KPMG Law Statement in the German transport magazine DVZ: Planning at a crawl; DIHK sees great potential for faster traffic route construction

The Chamber of Commerce in Arnsberg regularly awards prizes to the worst state roads in the Hellweg-Sauerland region of Westphalia. A funny idea, if it…

13.03.2025 | KPMG Law Insights

ECJ tightens antitrust liability for information exchange

The ECJ (C-298/22) has recently set strict standards for the permissible exchange of information between companies. As a result, companies are now even more faced…

11.03.2025 | In the media

KPMG Law Interview with HAUFE: LkSG after the elections – everything new?

Many companies have made considerable efforts to implement the Supply Chain Due Diligence Act. The political discussion about its abolition is now causing uncertainty. KPMG…

07.03.2025 | In the media

Guest article in unternehmensjurist: Implementing the requirements of the BFSG correctly

The Barrier-Free Accessibility Reinforcement Act requires companies to offer certain products and services without barriers. The obligations vary depending on the role in business transactions.…

05.03.2025 | In the media

KPMG Law Statement in TextilWirtschaft: What the changes from Brussels mean for the fashion industry

It’s now official: the EU Commission will massively simplify the planned sustainability reporting. The Supply Chain Law Initiative examines the announced changes to the CSDDD…

Contact

Sebastian Hoegl, LL.M. (Wellington)

Senior Manager
Lawyer
Specialist lawyer for IT law
LL.M. (Wellington)

Heinrich-von-Stephan-Straße 23
79100 Freiburg im Breisgau

Tel.: +49 761 769999-20
shoegl@kpmg-law.com

Maik Ringel

Senior Manager

Münzgasse 2
04107 Leipzig

Tel.: +49 341 22572563
mringel@kpmg-law.com

© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.

 KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.

Scroll