Contact
Result of the resolution: Declaration of breach
The ICS, in its condition of person in charge of the treatment of the “Register” file “of sanitary Information of the Patients”, of which the Department of Health is titular and in the that the clinicoassistencials data of the patients (HC3) are included it did not adopt the necessary technical and organizational measures to guarantee the security of the particulars. In particular it did not have a mechanism that allowed the identification in an unambiguous and personalized way of all users established that they accessed the mentioned file, since the utilization of a code of generic user that they could use had allowed different persons, performance that means a breach of the principle of security of the data.
Applied articles: 9 and 44.3.h) LOPD; 93 RLOPD.