Dutch Data Protection Authority Security

Hagaziekenhuis fined for insufficient internal security of patient files

An investigation by the Dutch Data Protection Authority (DDPA) showed that dozens of hospital employees had unnecessarily inspected the medical file of a well-known Dutch person. The AP imposes a fine of 460,000 euros on the Hagaziekenhuis for insufficient security. In terms of technical and organizational measures, the Hospital has taken insufficient security measures in two areas, namely the auditing of access and authentication. The hospital must regularly check who is consulting which file, so that it can identify in good time when someone is consulting a file without authorization and take measures against it.

Good security also requires strong authentication with at least two factors. If the Hospital has not improved security before October 2, 2019, the hospital must pay 100,000 euros every two weeks, with a maximum of 300,000 euros. The Hospital has meanwhile indicated that it will take measures.

Read more at: https://www.autoriteitpersoonsgegevens.nl/nl/nieuws/haga-beboet-voor-onvoldoende-interne-beveiliging-pati%C3%ABntendossiers