Azienda Usl Valle d'Aosta – €40,000 Fine (Italy, 2022)

€40,000Garante per la protezione dei dati personali10 November 2022Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Azienda Usl Valle d'Aosta was fined EUR 40,000 for allowing unauthorized access to patient medical records. This happened because the health department made records too accessible during the Covid-19 pandemic. The case highlights the importance of protecting sensitive health data even in emergencies.

What happened

Azienda Usl Valle d'Aosta allowed employees to access patient medical records without proper consent.

Who was affected

Patients whose medical records were accessed by employees without authorization.

What the authority found

The Italian DPA found that the health department failed to protect personal data by not implementing proper security measures.

Why this matters

This case underscores the need for healthcare providers to maintain strict data protection measures, even during crises like a pandemic. It serves as a reminder to review and secure access controls to sensitive information.

GDPR Articles Cited

Art. 9 GDPR
Art. 25 GDPR
Art. 32 GDPR
Art. 5(1)(a) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Azienda Usl Valle d'Aosta actions
Full Legal Summary
Detailed

The Italian DPA has fined Azienda Usl Valle d'Aosta EUR 40,000. An employee and patient of the health department had filed a complaint with the DPA because a colleague who had never treated them had repeatedly accessed their medical file, despite the fact that they had explicitly refused their consent to the data processing. During its investigation, the DPA found that, in order to simplify patient management during the Covid 19 pandemic, the health department had simplified the medical record system. As a result, patient medical records were accessible to any employee, whether or not the affected patient had consented to it. The DPA considered this a violation of the obligation to implement appropriate technical and organizational measures to protect personal data.

Related Enforcement Actions (0)

No other enforcement actions found for Azienda Usl Valle d'Aosta in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

10 November 2022

Authority

Garante per la protezione dei dati personali

Fine Amount

€40,000

Enforcement Tracker ID

ETid-1514

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Azienda Usl Valle d'Aosta - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: