You may be trying to access this site from a secured browser on the server. Please enable scripts and reload this page.
Home
Internal
Global
Contatto
de
|
en
|
it
Cinque nuovi Associate Partner per Rödl & Partner Italia |
In tutto il mondo
It looks like your browser does not have JavaScript enabled. Please turn on JavaScript and try again.
✕
Mondiale
Algeria
Angola
Arabia Saudita
Argentina
Australia
Austria
Azerbaigian
Bahrain
Belgio
Bielorussia
Bosnia ed Erzegovina
Botswana
Brasile
Bulgaria
Cambogia
Canada
Cile
Cina
Cipro
Colombia
Corea del Sud
Costa Rica
Croazia
Danimarca
Ecuador
Egitto
Emirati Arabi Uniti
Estonia
Etiopia
Finlandia
Flippine
Francia
Georgia
Germania
Ghana
Giappone
Grecia
Hong Kong
India
Indonesia
Irlanda
Italia
Kazakistan
Kenya
Kuwait
Lettonia
Libia
Liechtenstein
Lituania
Lussemburgo
Macedonia del Nord
Malesia
Marocco
Mauritius
Messico
Moldavia
Mongolia
Mozambico
Myanmar
Namibia
Nigeria
Norvegia
Nuova Zelanda
Oman
Paesi Bassi
Pakistan
Perù
Polonia
Portogallo
Qatar
Regno Unito
Repubblica Ceca
Romania
Serbia
Singapore
Slovacchia
Slovenia
Spagna
Sudafrica
Svezia
Svizzera
Taiwan
Tanzania
Thailandia
Tunisia
Turchia
Ucraina
Uganda
Ungheria
Uruguay
USA
Uzbekistan
Vietnam
Zambia
I nostri uffici Rödl & Partner
German Professional Services Alliance -
GPSA
�������������������������������������������������������������
(I colori appaiono al passaggio del mouse)
Utilizziamo cookie tecnici per personalizzare il sito web e offrire all’utente un servizio di maggior valore. Chiudendo il banner e continuando con la navigazione verranno installati nel Suo dispositivo i cookie tecnici necessari ai fini della navigazione nel Sito. L’installazione dei cookie tecnici non richiede alcun consenso da parte Sua. Ulteriori informazioni sono contenute nella nostra
Cookie Policy
.
Servizi
Servizi legali
Compliance 231
Contenzioso societario e commerciale
Contrattualistica commerciale
Diritto alimentare
Diritto amministrativo
Diritto bancario
Diritto e consulenza del lavoro
Diritto farmaceutico e dei dispositivi medici
Diritto Penale
Diritto societario
Proprietà intellettuale
Servizi fiscali
Consulenza fiscale
Consulenza fiscale internazionale
Contenzioso fiscale
Transfer pricing
VAT & Indirect Taxes
Servizi interdisciplinari
Data Protection, Cyber Security & Innovation
E-commerce & Digital Law
Il percorso di quotazione per le PMI
Internazionalizzazione
M&A
Mobilità internazionale
Ristrutturazione e Procedure Concorsuali
Sostenibilità
Valuation
Whistleblowing
Revisione contabile
BPO & Tax Compliance
Formazione
Industry
Approfondimenti
Professionisti
Media
Rödl E-Book
RÖDL REPLAY - I NOSTRI WEBINAR
Newsletter
Legal Newsletter
Tax Newsletter
Data Protection Bites
Comunicati stampa
Comunicati operazioni
Rödl E-Book
Rödl & Partner sulla stampa online
Eventi
Su di noi
Currently selected
E-Book INTERNATIONAL VAT GUIDELINES
Uno studio internazionale
Le nostre sedi
Impegno sociale
Whistleblowing
Codice Etico
Modello 231
Sostenibilità
Carriera
Media
Pubblicazioni
Newsletter
Data Protection Bites
Data Protection Bites 2/2021
The Italian Data Protection Authority sanctions three hospitals for communicating data to unauthorized third parties
Recent
Italian (Italy)
Currently selected
Consulenza legale, Consulenza fiscale, Audit, Servizi in outsourcing
Approfondimenti
Carriera
Cookie Policy
Cookie Policy
Eventi
Home
Informativa Privacy
Media
Privacy Policy
Professionisti
Servizi
Uno studio internazionale
Profile
Error 404!
Error 401!
Privacy
Disclaimer
Copyright
The Italian Data Protection Authority sanctions three hospitals for communicating data to unauthorized third parties
Page Content
published on 23 February 2021 | reading time approx. 3 minutes
In consideration of the extremely sensitive data they process and in accordance with the data protection regulations, healthcare organizations are required to adopt appropriate technical and organizational measures to safeguard the protection of their patients' data.
At the end of January 2021, the Italian Data Protection Authority highlighted that such measures must also be taken to ensure that their patients' data are not accidentally disclosed to other people.
In this regard, the Italian Authority sanctioned two hospitals and one Local Health Agency for personal data breaches caused by inadequate procedures and simple error of its staff.
In specific terms, a hospital in Tuscany was fined EUR 10 000 for having sent by mail, to the wrong patient, a medical report containing information on the health and sex life of another couple.
Another example could be a hospital in Emilia-Romagna was also fined €10,000 for having given patients’ medical records containing data and reports referring to other people, including a minor.
In both cases, the Italian Data Protection Authority, punishing the two hospitals, calculated the fine taking into account that the healthcare organizations had:
immediately demonstrated a high degree of cooperation with the Authority and that the episodes were isolated and not voluntary;
also planned further technical and organizational measures to minimize human error.
A third case concerned a Local Health Agency in Emilia-Romagna, where a patient had explicitly requested - by signing a special form – that nobody, not even family members, should be informed of his medical conditions. The form had been included in the medical folder of the department. However, a nurse belonging of this department (where the woman was receiving treatment) was unaware of the request and, instead of contacting her on her private mobile phone, called her home number registered in the company registry, thus speaking to a family member.
In this case too, the Local Health Agency acknowledged the errors that caused the data breach and committed itself to implement a computerized system for managing the telephone numbers of in-patients, and to prepare a single form with which patients could express their wish to communicate information on their state of health to third parties, introducing a specific internal policy.
The Local Health Agency, which has also received a claim for damages from the patient, will have to pay a fine of EUR 50,000 for the violation.
In the light of these episodes, and of others still being investigated, the Italian Data Protection Authority:
reiterated that information on the medical conditions of the patient can only be disclosed to third parties on the basis of a legal prerequisite or on the instructions of the data dubject, with prior written authorisation;
called on all healthcare providers to fully comply with the principles of fairness and transparency, by adopting technical and organisational measures useful not only to protect themselves against cyber attacks, but also to avoid personal data breaches caused by inadequate management procedures.
CONTACT
Nadia Martini
Avvocato
Partner
+39 02 6328 841
Invia richiesta
Profilo
RÖDL & PARTNER ITALY
Discover more about our offices in Italy.
Read more »
DATA PROTECTION BITES
Our newsletter aims at collecting updates, news and insights on data protection matters worldwide, with a special focus on the GDPR.
Read all releases »
Turn on more accessible mode
Turn off more accessible mode
Skip Ribbon Commands
Skip to main content
Turn off Animations
Turn on Animations
Deutschland
Weltweit
Search
Menu
