Azienda Ospedaliera Universitaria Integrata di Verona – Violation Found (Italy, 2022)

Violation Found
Garante per la protezione dei dati personali30 June 2022Italy
final
ePrivacy
Violation Found

The Italian data protection authority allowed a hospital to collect and store patient data for research, but only if patients give specific consent or the authority approves for deceased or unreachable patients. This ensures that sensitive health data is handled carefully and ethically in research projects.

What happened

The hospital was authorized to collect and store patient data for research with specific conditions for consent.

Who was affected

Patients involved in studies on diseases affecting the thoracic area, including those who are deceased or unreachable.

What the authority found

The Garante approved the hospital's data processing plan, requiring 'stepwise' consent for ongoing and future research.

Why this matters

This decision highlights the importance of obtaining clear and specific consent for using patient data in research. It underscores the need for hospitals and research institutions to follow strict ethical guidelines when handling sensitive health information.

GDPR Articles Cited

Art. 35(GDPR)
Art. 36(GDPR)

National Law Articles

D.Lgs. 30 giugno 2003, n. 196, art. 110
Prescrizioni relative al trattamento dei dati personali effettuato per scopi di ricerca scientifica, allegato n. 5 al Provvedimento che individua le prescrizioni contenute nelle Autorizzazioni generali che risultano compatibili con il Regolamento e con il d.lgs. n. 101/2018 di adeguamento del Codice, del 5 giugno 2019
Regole deontologiche per trattamenti a fini statistici o di ricerca scientifica adottate dal Garante, ai sensi dell’art. 20, comma 4, del d.lgs. 10 agosto 2018, n. 101, con provvedimento n. 515, del 19 dicembre 2018
Italy enforcementGarante per la protezione dei dati personali actionsAll Azienda Ospedaliera Universitaria Integrata di Verona actions
Full Legal Summary
Detailed

The Garante authorised the collection and storage of data in the 'Torax' database on the basis of an initial consent, expressed by patients when they took part in the study, provided that the hospital subsequently acquires specific consents from patients or the opinion of the Garante for those who have died or can no longer be contacted, as the research projects are further defined and approved by the territorially competent ethics committees. Favourable opinion of the Italian Garante on the processing of data by the Azienda Ospedaliera Universitaria Integrata di Verona aimed at studying patients suffering from neoplastic, infectious, degenerative and traumatic diseases of the thoracic district. The project envisages the creation of a database and research activities in nine areas that will be the subject of further specific protocols and submitted to the relevant ethics committees. In order to give the go-ahead the Authority required researchers to base the collection - and subsequent processing of health data for medical research purposes - on 'stepwise' consent.

Outcome

Violation Found

The DPA found a violation but did not impose a fine.

Related Enforcement Actions (0)

No other enforcement actions found for Azienda Ospedaliera Universitaria Integrata di Verona in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Decision Date

30 June 2022

Authority

Garante per la protezione dei dati personali

GDPRhub ID

gdprhub-5126

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0

Cite as: Cookie Fines. Azienda Ospedaliera Universitaria Integrata di Verona - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: