Punishment against doctor’s office
When visiting his doctor, a private individual found that he was officially assigned to different doctor, even though he had never been there before. As a result, a complaint was filed with the DPA.
In the course of the investigation, it was found that the person had previously another family doctor. After changing his docotr, the patient was set to “inactive” in the software of his former family doctor.
Later, however, the practice was sold, as part of the patient transfer, not only the active patients were mistakenly transferred but also all inactive patients. In the course of the change, the state health insurance company was informed about the alleged change.
The DPA saw a violation of the General Data Protection Regulation and imposed a fine of 1000 lev, which is approximately € 500, -.
Art des Verstoßes:
Illegal data processing
Waren sensible Daten betroffen?:
Violation of GDPR Paragraph:
5. Principles relating to personal data processing
9. Processing of special categories of personal data