The information on which the search is based has been translated by a computer system without human intervention. It may contain errors in vocabulary, syntax or grammar. The translation may also produce mistakes in the searches performed.
805 results were found
Violation of the principle of confidentiality due to 9 improper accesses to the medical record.
PS 67/2024
Title: Breach of the principle of confidentiality due to 9 improper accesses to the medical record.
Summary: The complainant complained about 9 improper accesses to her medical record that were not related to any healthcare or diagnostic action, since she had never been treated at the center or by the doctor who had made the disputed accesses. The complainant also complained that, within the framework of a meeting of a neighborhood association, the doctor had disseminated some of the complainant's health data. This alleged disclosure of data was filed in the initiation agreement, since the facts were not proven. With regard to the 9 improper accesses proven, the entity is sanctioned for the breach of the principle of confidentiality with a fine of €30,000, as responsible for an infringement provided for in article 83.5.a in relation to article 5.1.f, both of the GDPR. The entity has paid the penalty in advance (€24,000).
13/12/2024
Undue access to HC without explicit consent.
PS 49/2024
The complainant complains that his ex-partner has improperly accessed his HC, without his permission. On the other hand, the CSI states that the professional accessed it during the period of time in which the complainant and the professional were a couple, but does not provide the patient's explicit consent. It is resolved that the principle of confidentiality has been violated.
02/12/2024
Rectification of two medical reports.
PS 92/2024
The complainant complains that the medical center has issued two reports, which state a pathological history that is not based on any medical evidence. The entity has acknowledged the facts and corrected the reports. A final resolution is being prepared for violation of the principle of accuracy.
26/11/2024
Lack of technical and organizational measures appropriate to the risk and lack of a risk analysis, in relation to the personal data that was stored in the cyber-attacked HCB information systems.
PS 1/2024
It is resolved to declare that, prior to 05/03/2023, the HCB had not implemented the appropriate security measures -technical and organizational- to guarantee a level of security appropriate to the risk of the personal data processing it carried out. Nor had it carried out a risk analysis to define the required security measures, as required by sections 1 and 2 of article 32 RGPD. The computer platform that was the subject of the cyberattack stored information from the HCB and also from other related entities (Barnaclínic SA, CAPSBE and FRCB-IDIBAPS); therefore, the volume and sensitivity of the information required special diligence in its custody and security.
16/07/2024
Violation of the principle of legality derived from the failure to adopt appropriate measures.
PS 14/2024
The medical history of the reported foundation is configured in such a way that, by design and by default, the foundation's own and external doctors can access it, through the foundation's information systems. This fact caused an external doctor who treated the reporting person within the framework of private healthcare to access his medical history, without his explicit consent or any other legal basis that legitimized this treatment. In this case, the violation of the duty of data protection by design and by default is not imputed, since there is an ideal competition of infringements and only the most serious infringement is imputed; that is, the violation of the principle of legality (qualified as very serious). Nor is the violation of the principle of purpose limitation imputed, because it is subsumed in the infringement relating to the principle of legality.
05/07/2024
Right of information.
PS 17/2023
It is appropriate to warn the City Council, since it did not duly inform about the treatment of images captured by video surveillance cameras installed in the control points of access to restricted traffic areas, since, apart from the information contained in the information posters, in the complementary information that was available on the website of the consistory, the City Council did not inform about the right to file a claim provided to this Authority, and all extremes
27/07/2023
Violation of the principle of legality.
PS 12/2023
The City Council should be reprimanded for 1) capturing images of public roads through the video surveillance camera system located on container islands that were not closed or delimited; and 2) process the images captured by this video surveillance system located on public roads, to exercise the sanctioning power against residents of the municipality. There is a medial concurrence between both infractions, but only the main infraction should be sanctioned, which is the violation of the principle of legality regarding the installation of a video surveillance system on public roads.
27/07/2023
Referral of particular instances to another Administration.
PS 14/2023
A City Council is reprimanded as being responsible for an infraction due to violation of the principle of legality, for having sent to an inspector of the Generalitat-Mossos d'Esquadra police force two instances with personal data without legal basis, specifically, before the opening of confidential information against the reporting agent, and without there being a real danger to public safety or the investigation and prosecution of a crime.
27/07/2023
- SECTORIAL AREA
- Criminal court
- Police
- TRANSFER OR DISCLOSURE OF DATA
- Public administration
- Local administration
- Council
- Law enforcement authorities
- ENTITIES
- Public administration
- Autonomous community administration
- Local administration
- Council
- PRINCIPLES
- Lawfulness principle
- In the public interest or in the exercise of official authority
- Legal obligation
Deure of confidentiality. Sending email without a hidden copy to numerous people.
PS 22/2023
The City Council of Sant Boi de Llobregat is admonished as responsible for an infringement provided for in Article 83.5.a in relation to Article 5.1.f, both of the GDPR, for sending an email to numerous people without using the hidden copy tool.
27/07/2023
Sending SMS to your father's phone to report medical appointments.
PS 27/2023
Resolution with ammunation in the sanctioning procedure against the Garraf Health Consortium, Hospital Residencia Sant Camil, due to violation of the principle of accuracy. For having used a mobile phone that had in its database since 2011, instead of using the telephone provided with the derivation of the Sitges EAP, 2022.
27/07/2023
Total number of pages: 81