Saltar al contingut principal

Search engine

Catalan Data Protection Authority

| Catalan Data Protection Authority

Home
Tools
Resolutions, opinions and reports
Resolutions, opinions and reports search tool
Patient data access using 4 URLS only entering the DNI, lacks security measures.

Patient data access using 4 URLS only entering the DNI, lacks security measures.

Back

PS 20/2022

21/06/2022

Disciplinary resolution

Result of the resolution: Warning

SECTORIAL AREA
Health
Clinical record
PERSONAL DATA
Sensitive data
SECURITY MEASURES

Resolution is issued, directly as they have not filed any allegations against the IIA. Security measures are imputed, an authentication mechanism due to access to patient data through several hospital URLs only by introducing the DNI without any other access control measures. They claimed that they had erroneously published a 'test environment' and that they have already unpublished these URLs.

Download

PS 20/2022 (Opens in new window)