The Dutch Data Protection Authority has levied a fine of 460,000 euros on Haga Hospital for insufficient security following an investigation revealing that dozens of hospital staff had unnecessarily checked the medical records of a well-known Dutch person.
In addition, if the hospital has not improved security before October 2, 2019, it must pay 100,000
“The right to be forgotten does not apply in principle to medical records. However, as a patient, you may ask your health care provider to remove data from your medical record,” according to the Dutch Data Protection Authority, Autoriteit Persoonsgegevens (AG), which has issued a guidance on GDPR and medical records.
Key takeaways:
The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Whereas HIPAA applies to particular types or classes of data creators, recipients, maintainers or transmitters (U.S. covered entities and their business associates and subcontractors), GDPR applies much more generally – it applies to personal data itself. Granted, it doesn’t apply