Società H San Raffaele Resnati s.r.l. – €6,000 Fine (Italy, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
An Italian healthcare provider was fined EUR 6,000 for accidentally sending a patient's medical records to the wrong person. This mistake highlights the importance of handling sensitive health data carefully to avoid privacy breaches.
What happened
A healthcare provider mistakenly sent medical records of two patients to another patient due to an employee error.
Who was affected
Patients whose medical records were incorrectly shared with another individual.
What the authority found
The Italian DPA found that the healthcare provider failed to protect sensitive health data, violating GDPR's requirements for data security and confidentiality.
Why this matters
This case underscores the need for healthcare providers to implement strict data handling procedures to prevent accidental data breaches. It serves as a reminder that even small errors can lead to significant privacy violations.
GDPR Articles Cited
The Italian DPA (Garante) has imposed a fine of EUR 6,000 on Società H San Raffaele Resnati s.r.l. The DPA initiated an investigation against the health care provider after it reported a data breach to the DPA. A patient had mistakenly received medical records and clinical documentation from two other patients due to an error of an employee.
Related Enforcement Actions (0)
No other enforcement actions found for Società H San Raffaele Resnati s.r.l. in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
25 November 2021
Authority
Garante per la protezione dei dati personali
Fine Amount
€6,000
Enforcement Tracker ID
ETid-993
About this data
Cite as: Cookie Fines. Società H San Raffaele Resnati s.r.l. - Italy (2021). Retrieved from cookiefines.eu
Last updated: