• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
easy GDPR - we make compliance with GDPR easy

easyGDPR

We make implementing General Data Protection Regulation Easy

  • Home
  • Services
    • Software
      • easyGDPR Quickcheck
      • (DEP) easyGDPR lite
      • (DEP) easyGDPR Standard
      • Data Subject Requests
      • Sophos
    • IT Security
    • network checkup
    • SME digitization funding
    • Data protection consulting
      • Data protection
      • Cybersecurity
    • Training
      • Data protection
      • Cybersecurity
  • Partner
    • Resellerprogramm
    • Affiliate programm
  • GDPR
    • GDPR News
    • FAQ
    • GDPR Decisions
    • GDPR penalties
    • GDPR legal text
  • Shop
  • Contact
    • Contact
    • Newsletter registration
  • Login
    • Shop / Affiliate Program
    • easyGDPR Software
  • German
  • English

2022-0,094,281 (D124,2499), Scope of information pursuant to Art. 15 of the GDPR by a successor to a cash plan pursuant to sec. 51 para. 4 ÄrzteG

28/10/2022 by Jakob Guggenberger

In the decision of February 7, 2022, GZ: DSB-D124.2499, 2022-0.094.281, the data protection authority had to deal with the scope of a right to information in the context of a so-called succession to a fund position. The respondent, a licensed pulmonary specialist, had obtained from his retired predecessor the complainant’s patient records pursuant to sec. 51, para. 4 ÄrzteG adopted. The complainant, who had been treated by the predecessor, requested information on his personal data from the successor in the health insurance plan.

The patient data of the “predecessor” were largely recorded in index cards, the complainant was not undergoing treatment with the successor in the health insurance plan, and he relevant the incompleteness of the information provided. In particular, there would have been a failure to explain the “illegible passages” on the index cards and the abbreviations. Furthermore, according to the complainant, the information was incomplete, as it did not contain any data on an inhalation device that he had taken over from his predecessor as an unsaleable medical sample.
The data protection authority dismissed the complaint because the request that the successor to the health insurance plan be allowed to “interpret” handwritten records of the medical history, findings and diagnosis of his predecessor, as it were, within the scope of the information provided under data protection law, was in any case excessive. In the case of such a subsequent “interpretation” of the handwritten index cards of the successor to the health insurance plan – especially if, in the absence of a treatment contract, there is no diagnosis by the successor to the health insurance plan himself – errors may also occur that are hazardous to the health of the complainant, so that – when viewed correctly – the transparency demanded by the complainant in the sense of a correct interpretation of handwritten notes of the predecessor by a successor to the health insurance plan is neither possible nor required. By transmitting the patient record cards – which were in principle technically readable and had been taken over from the predecessor – the respondent had fulfilled his obligations in terms of the Art. 12 par.1 GDPR and Art. 15 DSGVO fulfilled. Regarding the alleged incompleteness of a missing information section on the inhalation device, the data protection authority followed the credible presentation of the successor to the health insurance plan (respondent) and dismissed the complaint with reference to the case law of the BVwG on Zl. W101 2139434-1 of 27.09.2019, according to which the information must be based on the “available information” – in the sense of the information actually available at the time of the request for information from the controller – no subsequent obligation to collect information from the controller can be derived that goes beyond the information available to him.
The decision is not legally binding, as the complainant filed an appeal in due time.

Source: DSB Austria

Category iconGDPR Decisions

Primary Sidebar

IT-Security Whitepaper Downloaden
  • German
  • English
  • Data Protection Statement
  • Terms and Conditions
  • Imprint
  • Licence terms for easyGDPR
  • GDPR terms
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking "Accept", you consent to the use of ALL the cookies.
SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non Necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

functionality

Diese Art von Cookies erhöht die Benutzerfreundlichkeit unserer Website. Beispielsweise wird darin die von Ihnen ausgewählte Sprache gespeichert. Auch die Verfügbarkeit von Videostreams und sonstigem Inhalt kann von diesen Cookies abhängig sein. Wenn Sie diese Cookies ablehnen, ist die Benutzerfreundlichkeit eingeschränkt.

Save & Accept