Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
The Italian DPA asks for more security for patiences data: Healthcare, warned an ASL and a polyclinic.

The Italian DPA asks for more security for patiences data: Healthcare, warned an ASL and a polyclinic.

An ALS and a polyclinic has been warned for two limit security breaches which caused an illicit health data process. These episodes were brought to the attention of the DPA by the same structures which, required into the EU Regulation, regularly notified to the Italian DPA the personal data breaches which verified at the expenses of some of their patiences.

The warned is one of the new powers given by the European Regulation to the Data Protection Authorities which allow the same DPA – in case of a minor breach or anytime the financial penalty applicable will set up a disproportionate cost for a natural person – detect the breach and write it down in the register held by the Authority instead of adopting a fine. This allows this to be taken into account in the event of a recurrence in order to quantify the penalty.

The case highlighted by the ASL, to a patient that required the hard copy of its own health record was assigned, accidentally, someone’s else one, meanwhile in the communication of the polyclinic the patient found out in its own electronic health record (FSE) a medical report of another person.

In the first episode the Italian DPA, with the measure of the 2 July 2020, has noticed that has occured an indebit communication of health data of a patient to a third subject but, considered that the documentation, like it was declared by the same ASL, was given back to the hospital, has qualified the case like “minor breach” according to the European Regulation.

The Italian DPA has warned the ASL for the data protection legislation breach without adopted any other legal measures, by keeping in mind that this was the only episod and isolated, registered by an human error, and that the ASL, as soon as it found out what happened has adopted the correctives into the preparation and delivery procedure of clinical records in order to prevent, for the future, similar cases.

Talking about the second episode about the security breach reported to the Italian DPA by the polyclinic caused by the insertion into a FSE of a medical record of another patient. Also in this case data protection legislation has been breached by the communication to third person of health data of person. Anyway, by an exam of the circumstances, the Italian DPA with a measure of the 9 of July 2020, has qualified also in this case the breach as “minor”, by thinking that it was sufficient to warn the polyclinic. The episode, unique and isolated,has been caused by a human error which was unintentional and the health structure, in addition to inform the data subject has immediately adopted measures in order to sensibilize the staff on personal data protection legislation and on the procedure for the correct patients identification.

The two episodes, which are objectively limited, demonstrate how staff awareness and the provision of appropriate organisational measures are, like technical measures, essential elements of treatment safety.

SOURCE: FEDERPRIVACY

Recommended to you

Advanced Research