Privacy Blog
NORWEGIAN DATA PROTECTION AUTHORITY IMPOSES ADMINISTRATIVE FINE ON A HOSPITAL
25.11.2020
European Data Protection Board (“EDPB”) announced that the Norwegian Data Protection Authority (“NDPA”) has decided on an administrative fee to Østfold HF Hospital.
NDPA has started to examine the stored patient records from 2013 to 2019. After the examination, NDPA stated that the hospital records of the patients who were discharged or ready to be discharged were not controlled, the access logs were not recorded and the reports were stored even though there was no necessity. It has been concluded that the uncontrolled storage of these records, included the health data of the patients, for a long period indicates deficiencies in the internal management of the hospital in terms of administrative measures.
Therefore, NDPA has stated that the hospital had failed to establish a proper system for the storage of personal data. Instead of this situation, the hospital should have created a control system that includes restrictions to areas where records were stored. Besides that, the employees who had access to these folders also must be registered and every employee must need a formal and justified reason to access the records.
You can find the text of the EDPB’s statement here.
Should you have any queries and/or remarks, please do not hesitate to contact us.
Kind regards,
Zumbul Attorneys-at-Law
info@zumbul.av.tr