OFFICIAL GUIDELINES, REPORTS AND STATEMENTS
- (2019, Mar) Council of Europe Committee of Ministers: Recommendation CM/Rec(2019)2 to member States on the protection of health-related data.
- (2019, Mar) ICO (UK): information for medical practitioners with regard to patients’ access to medical data.
- (2019, Nov) Spanish DPA: Guide on the protection of personal data of patients.
- (2019, Nov) Finland regulates the secondary use of health data.
- (2020, Dec) Swedish Data Protection Authority: issues identified after audit of healthcare providers.
- (2021, Jan) EU Agency for Cybersecurity published a study about Cloud Security for Healthcare Services.
CASES, SANCTIONS AND CLAIMS
- (2019, Dec) Germany: A hospital was fined for deficits in the patient privacy management framework.
- (2019, Dec) A pharmacy in London was fined for careless storage of patient data. The pharmacy left thousands of documents in unlocked containers at the back of its premises.
- (2020, May) The Swedish Data Protection Authority has issued an administrative fine of 120 000 Swedish kronor (approx. 11 000 euro) against the Healthcare Committee in Region Örebro County. The Committee published on the region’s website sensitive personal data about a patient admitted to a forensic psychiatric clinic.
- (2019, Oct) The Netherlands Employee Insurance Agency has been ordered to pay EUR 250 damages to an employee whose personal health information was accidentally sent to her new employer.
REPORTS AND ARTICLES FROM OTHER ORGANISATIONS
- (2019, Mar) Article: Data sharing practices of medicines related apps and the mobile ecosystem: traffic, content, and network analysis (available here).
- (2019, Oct) Processing employee’s sickness data in Germany – an article by Dr. Carlo Piltz.
- (2019, Nov) Justin Banda on IAPP: Inherently identifiable: Is it possible to anonymize health and genetic data?
The Guardian: Patient data from GP surgeries sold to US companies.
- (2020, Sep) CEPR (Centre for Economic Policy Research): Google/Fitbit will monetise health data and harm consumers.
- (2020, Oct) PrivacyAnt: CNIL tells French court that Microsoft should stop hosting the French health data.
- (2020, Oct) Romain Dillet: France’s Health Data Hub to move to European cloud infrastructure to avoid EU-US data transfers.