The Dutch Data Protection Authority has levied a fine of 460,000 euros on Haga Hospital for insufficient security following an investigation revealing that dozens of hospital staff had unnecessarily checked the medical records of a well-known Dutch person.

In addition, if the hospital has not improved security before October 2, 2019, it must pay 100,000 euros every two weeks, up to a maximum of 300,000 euros.

According to DutchNews.nl, the authority’s chairman Aleid Wolfsen said: “The relationship between a healthcare provider and a patient should be completely confidential. Also within the walls of a hospital. It doesn’t matter who you are.”

Key takeaways:
  • Have adequate logs in place: The hospital must regularly check who consults which file.
  • Good security requires authentication that involves at least two factors.

Details from the Dutch Data Protection Authority.