Five health service providers have appealed to the Stockholm Administrative Court against the decision of IMY. The Court rejects four of their appeals. For only one health service provider, the Court has reduced the sanction, but it has rejected the rest of the appeals.
In December 2020, IMY, as the ex-Data Inspectorate, ended an investigation on eight health service providers which manage and limit the access to the staff to main clinical record’s systems. The Auhtority found some deficiencies which have led to administrative sanctions in seven of the eight cases.
Five health service providers which have received sanctions have appealed against the IMY decision to the Administrative Court of Stockholm, that on Wednesday announced that four of those five appeals will be rejected in their entirety. On the fifth health service provider, the Court has reduced the sanction but has rejected the rest of the appeal.
In the proceedings, the Court has contested the lack of analysis of the need and risks by health service providers that was not only a national legislation breach, but also main principles of the personal data processing established by the General Data Protection Regulation. IMY has the right to intervene with sanctions and administrative injunctions.