Data Protection has taken a decision after an initiative review of the processing of personal data in the common health register system of the Primary Health Care of the Capital Area.

The Data Protection Authority has taken a decision regarding an initial examination of the processing of personal data in the Primary Health Care of the Capital Area. The examination was limited to the legality of the processing, i.e. whether the health care system had been authorized to merge the health care system of the institution with the health care system of other parties, including to give the parties concerned access to the health care system of the institution’s patients.

The decision concludes that the Primary Health Care of the Capital Area had not demonstrated that the processing of personal data, which included providing the Reykjavík Homecare Centre, the Höfði Health Centre, the Salahverfi Health Centre, the Urðarhverfi Health Centre, the Football Association of Iceland, the Medical Center for Air, the Transportation Office, Janus rehabilitation ehf., the Höfði Health Centre in Suðurnes, the Welfare Department of the City of Reykjavík and the Directorate of Labour, access to the institution’s common medical register system, had been authorized, as the conditions of the Medical Register Act had not been observed at the same time. A 5,000,000 ISK administrative fine was levied on the Primary Health Care of the Capital Area for these violations.

The Data Protection Authority’s decision (in Icelandic).

https://island.is/en/o/the-data-protection-authority/news/fine-against-the-primary-health-care-of-the-capital-area-for-the-processing