The data inspection reveals that the Örebro Health Medical Body committed a big fault during a data publication on the website about a patient who was hospitalized in a mental institution.
The data Inspectorate got a claim against the Örebro health committee and the doctor about the data publication on a website about a patient who was hospitalized in a mental forensic institution.
Elin HallStröm, the Data Inspectorate’s lawyer, underlines that their report shows that sensitive personal data were published in a wrong way in the Örebro Public website.
The Data Inspectorate review shows that there are no written procedures related to the publication of personal data and documents on web sites.
The procedures for the online publication are only in an oral form. In this case, the oral procedures were not observed and the document was published accidentally, this means that The Council does not adopt enough organizational measures to guarantee that personal data are protected from the online wrong publication.
We delegate the Council for the production of written procedures that will guarantee the compliance with the legislation when someone is posting something online.
The Data Inspectorate confirms that the Council does not have an aim, a legal base or any other exception of prohibition from the personal data processing Regulation.
The Data Inspectorate submits to the Board of Directors to remedy the deficiencies and also issues an administrative commission of 120,000 Swedish kronor to the Board of Directors.
The document was deleted from the web site.