Azienda USL della Romagna – €50,000 Fine (Italy, 2021)

€50,000Garante per la protezione dei dati personali27 January 2021Italy
final
ePrivacy
Fine

Azienda USL della Romagna was fined EUR 50,000 for sharing a patient's health information without permission. This is significant because it emphasizes the need for healthcare providers to respect patient confidentiality.

What happened

A nurse shared a patient's treatment information with her husband instead of using the contact number the patient provided.

Who was affected

The patient and her husband were directly affected by this breach of confidentiality.

What the authority found

The Italian data protection authority found that the company violated GDPR rules by not protecting the patient's privacy as requested.

Why this matters

This ruling serves as a reminder for healthcare providers to strictly follow patient consent and confidentiality guidelines to avoid serious penalties.

GDPR Articles Cited

AI-verified

Art. 9(GDPR)
Art. 5(1)(a) GDPR
Art. 5(1)(d) GDPR
Art. 5(1)(f) GDPR
Art. 32(1)(b) GDPR
Art. 58(2)(i) GDPR
Art. 83(4) GDPR
Art. 83(5) GDPR
View original scraped data
Art. 5(1)(a) GDPR
Art. 5(1)(f) GDPR
Art. 5(1)(d) GDPR
Art. 9(GDPR)
Art. 32(1)(b) GDPR
Art. 58(2)(i) GDPR
Art. 83(4) GDPR
Art. 83(5) GDPR

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Codice in materia di protezione dei dati personali (Testo coordinato)
Legge 22 maggio 1978, n. 194
Source verified 12 March 2026
articles corrected
national law identified
scope corrected
Italy enforcementGarante per la protezione dei dati personali actionsAll Azienda USL della Romagna actions
Full Legal Summary
Detailed

The Italian DPA (Garante) imposed a fine of EUR 50,000 on Azienda USL della Romagna. Upon her arrival at the gynecology unit of a hospital operated by the controller (for the purpose of an abortion), a patient had explicitly asked the controller not to share her health data with third parties. She had separately left a telephone number for the purpose of being contacted. After the patient was discharged, a nurse tried to contact her in order to inform her about further therapy. However, the nurse did not use the telephone number provided by the patient specifically for this purpose, but instead used her home telephone number, which she was able to obtain from her patient file. When her husband took the call instead of the patient, the nurse informed him about her treatment, contrary to the patients request. Even though no further medical information was provided, it was clear from the conversation that the data subject had been admitted to this unit and was to receive further therapy.

Violations (1)

Third-Party Cookies Without Consent
critical

Third-party tracking cookies or scripts are loaded without obtaining prior user consent.

Art. 13, 14 GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Azienda USL della Romagna in IT

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

unknown (claimant)

2021 · DPA OLGLinz

Legal Person

2023 · Úřad pro ochranu osobních údajů

€4K

CNIL

2019 · Court of Justice of the European Union

Details

Fine Date

27 January 2021

Authority

Garante per la protezione dei dati personali

Fine Amount

€50,000

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Azienda USL della Romagna - Italy (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: