Azienda Ospedaliera Universitaria Careggi – €6,000 Fine (Italy, 2021)

€6,000Garante per la protezione dei dati personali25 February 2021Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Azienda Ospedaliera Universitaria Careggi was fined EUR 6,000 for sending a patient's medical documents to the wrong person. This mistake happened because a doctor accidentally took another doctor's print job. This case highlights the importance of ensuring secure handling of sensitive health data.

What happened

Azienda Ospedaliera Universitaria Careggi sent a patient's medical documents to the wrong person due to a printing error.

Who was affected

Patients whose medical documents were mistakenly sent to another patient.

What the authority found

The Italian DPA found that Azienda Ospedaliera Universitaria Careggi violated GDPR rules by not properly protecting sensitive health data.

Why this matters

This case emphasizes the need for healthcare providers to have strict procedures for handling patient data, especially when using shared equipment like printers. It serves as a reminder to review and improve data protection practices to prevent similar breaches.

GDPR Articles Cited

Art. 5(GDPR)
Art. 9(GDPR)
Italy enforcementGarante per la protezione dei dati personali actionsAll Azienda Ospedaliera Universitaria Careggi actions
Full Legal Summary
Detailed

The Italian DPA (Garante) has imposed a fine of EUR 6,000 on Azienda Ospedaliera Universitaria Careggi for a breach of Art. 5 GDPR and Art. 9 GDPR. Azienda Ospedaliera Universitaria Careggi had notified the DPA of a data breach under Art. 33 GDPR regarding the transfer of health data to the wrong person. Medical documents of a patient had been sent by mail both to the affected patient and to another patient. The controller states that the incident occurred due to an error in the printing process. The ward where the affected patient was treated was only equipped with two printers, and one doctor had unknowingly also taken a colleague's print job (the affected patient's documents) when taking out his print job (the documents of the wrong recipient).

Related Enforcement Actions (1)

Other enforcement actions involving Azienda Ospedaliera Universitaria Careggi in IT

Current
Feb 2021

Fine

€6K

Violation Found
Jul 2023· Garante per la protezione dei dati personali

The case involves a hospital conducting a medical study with a focus on data processing of deceased patients, not related to cookies or consent mechan...

Details

Fine Date

25 February 2021

Authority

Garante per la protezione dei dati personali

Fine Amount

€6,000

Enforcement Tracker ID

ETid-629

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Azienda Ospedaliera Universitaria Careggi - Italy (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: