The information on which the search is based has been translated by a computer system without human intervention. It may contain errors in vocabulary, syntax or grammar. The translation may also produce mistakes in the searches performed.
116 results were found for your search terms Healthcare facility
Violation of the principle of confidentiality due to 9 improper accesses to the medical record.
PS 67/2024
Title: Breach of the principle of confidentiality due to 9 improper accesses to the medical record.
Summary: The complainant complained about 9 improper accesses to her medical record that were not related to any healthcare or diagnostic action, since she had never been treated at the center or by the doctor who had made the disputed accesses. The complainant also complained that, within the framework of a meeting of a neighborhood association, the doctor had disseminated some of the complainant's health data. This alleged disclosure of data was filed in the initiation agreement, since the facts were not proven. With regard to the 9 improper accesses proven, the entity is sanctioned for the breach of the principle of confidentiality with a fine of €30,000, as responsible for an infringement provided for in article 83.5.a in relation to article 5.1.f, both of the GDPR. The entity has paid the penalty in advance (€24,000).
13/12/2024
Undue access to HC without explicit consent.
PS 49/2024
The complainant complains that his ex-partner has improperly accessed his HC, without his permission. On the other hand, the CSI states that the professional accessed it during the period of time in which the complainant and the professional were a couple, but does not provide the patient's explicit consent. It is resolved that the principle of confidentiality has been violated.
02/12/2024
Rectification of two medical reports.
PS 92/2024
The complainant complains that the medical center has issued two reports, which state a pathological history that is not based on any medical evidence. The entity has acknowledged the facts and corrected the reports. A final resolution is being prepared for violation of the principle of accuracy.
26/11/2024
Use of data by a data processor.
IP 74/2023
The complainant complains that the hospital where he is receiving medical treatment has provided his personal data to an external company, without his consent. It is established that the company that has processed the data is a data processor that uses his data to fulfill one of the purposes of the data controller, CatSalut. Specifically, for a medical treatment subscribed to by the complainant. For this reason, an archiving resolution is issued.
04/09/2024
Lack of technical and organizational measures appropriate to the risk and lack of a risk analysis, in relation to the personal data that was stored in the cyber-attacked HCB information systems.
PS 1/2024
It is resolved to declare that, prior to 05/03/2023, the HCB had not implemented the appropriate security measures -technical and organizational- to guarantee a level of security appropriate to the risk of the personal data processing it carried out. Nor had it carried out a risk analysis to define the required security measures, as required by sections 1 and 2 of article 32 RGPD. The computer platform that was the subject of the cyberattack stored information from the HCB and also from other related entities (Barnaclínic SA, CAPSBE and FRCB-IDIBAPS); therefore, the volume and sensitivity of the information required special diligence in its custody and security.
16/07/2024
Access to the record of access to the clinical history
IAI 37/2023
The data protection regulations do not prevent the complainant from communicating the information he requests, regarding access to his clinical history, including the identity of the professionals, rank and professional category, who have accessed it.
28/07/2023
Disrespect of the right of rectification.
PT 12/2023
The claiming entity has not accredited that it has responded to the request for rectification exercised by the claimant.
27/07/2023
Right of access.
PT 14/2023
It is appropriate to estimate the claim, since the ICS did not respond in time to the request of the claimant. Regarding the fund, it is not appropriate to make any pronouncement or require any action, since the ICS has accredited that it has delivered the documentation to the claimant in the requested terms, that is, it has made effective the right exercised by the claimant, although extemporaneously.
27/07/2023
Sending SMS to your father's phone to report medical appointments.
PS 27/2023
Resolution with ammunation in the sanctioning procedure against the Garraf Health Consortium, Hospital Residencia Sant Camil, due to violation of the principle of accuracy. For having used a mobile phone that had in its database since 2011, instead of using the telephone provided with the derivation of the Sitges EAP, 2022.
27/07/2023
Undue access to the clinical history and not attention to the right of access.
IP 206/2023
The filing of the complaint is necessary for the following reasons: 1) It is accredited that no improper access has been made to the clinical history of the complainant. 2) In this case, it is considered that giving an extemporaneous response and requesting to fill in a specific form are management irregularities that do not have enough entity to start a sanctioning procedure.
13/07/2023
Total number of pages: 12