Multi-Million GDPR fines in Sweden for healthcare providers

Heavy fines are imposed on seven of eight healthcare providers examined by the Swedish Data Inspectorate. The authority has found breaches in their handling of record data, which violates the Data Protection Act - GDPR. The Capio chain was hit hardest with a fee of SEK 30 million. Source: Digital.se (read original article in Swedish here.)

Seven of the eight healthcare providers examined have not made the necessary risk analysis regarding the personal data in the medical record systems, according to the Swedish Data Inspectorate. Criticism is directed at private actors such as Aleris and Capio , but also to regionally controlled Karolinska University Hospital.

“Healthcare providers must make a careful analysis and assessment of what are the medical staff needs for information in the medical record systems and what risks there are if staff has access to patients personal data. Without such analysis, the healthcare providers cannot assign the staff with the right authority, which in turn means that the operations cannot guarantee the patients privacy protection they are entitled to” - says Magnus Bergstr?m, who is the coordinator for the case.

THE PENALTY FEES

1. Capio St G?rans - SEK 30 million (2.944.000 EUR)
2. Aleris sjukv?rd AB - SEK 15 million (1.471.000 EUR)
3. Aleris N?rsjukv?rd AB - SEK 12 million (1.177.000 EUR)
4. Karolinska University Hospital - SEK 4 million (392.000 EUR)
5. Sahlgrenska universitetssjukhuset - SEK 3.5 million (343.000 EUR)
6. H?lso- och sjukv?rdsn?mnden i region V?sterbotten region - SEK 2.5 million
7. ?sterg?tland Region - SEK 2.5 million

You can check all of those at webpage https://www.enforcementtracker.com/