Medhelp Sjukvårdsrådgivning AB – Court Ruling (Sweden, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Medhelp Sjukvårdsrådgivning AB faced a court ruling that reduced their fine for data breaches related to medical advice calls. They were initially fined for sharing personal data unlawfully and not protecting recorded calls. This case shows that even healthcare providers must handle personal data carefully.
What happened
Medhelp was fined for unlawfully disclosing personal data and for not securing recorded phone calls with sensitive information.
Who was affected
Patients who called the medical advice line and whose personal data was mishandled.
What the authority found
The court found that while Medhelp had breached data protection rules, it overturned part of the DPA's decision regarding data sharing with another healthcare provider.
Why this matters
This ruling underscores the importance of data security in healthcare. Companies in this sector must ensure they comply with data protection laws to safeguard patient information.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
Swedish DPA fined Medhelp (Controller) a total of € 1,200,000 (SEK 12 million) for several breaches of GDPR. The Controller was contracted to answer and give medical advice on the medical advice phone line '1177' by three Swedish regions. The DPA found that the Controller breached GDPR on the following points: a) Medhelp was fined for unlawfully disclosing personal data to MediCall, a Thai company, and for allowing MediCall to process personal data, violating Article_5_GDPR#1a, Article_6_GDPR, and Article_9_GDPR#1. b) Medhelp, for an unknown period, exposed personal data in from of audio files containing recorded phone calls to 1177 on the internet without protection against unauthorized disclosure and unauthorized access, breaching Article_5_GDPR#1f and Article_32_GDPR#1 . c) Medhelp, other than an automated message stating that the calls were being recorded for patient safety and quality purposes, did not properly inform callers about how their personal data would be processed in connection with the collection of personal data during phone calls to 1177, in violation of Article_5_GDPR#1a and Article_13_GDPR. Medhelp appealed the DPA's decision to the Administrative Court in Stockholm, which overturned point (a) of the decision and remanded the issue to IMY for further processing, amended the decision for points (b) to (d) to reduce the sanction fee to 8,800,000 SEK, and dismissed the appeal in other respects. The Administrative Court annulled point (a) of IMY's decision, because both MediCall and Medhelp were deemed healthcare providers with responsibility for the personal data under Swedish laws, and MediCall's personnel were also subject to confidentiality obligations specified in [https://www.riksdagen.se/sv/dokument-och-lagar/dokument/svensk-forfattningssamling/patientsakerhetslag-2010659_sfs-2010-659/#K6 Chapter 6 of Patient Safety Act.] That court ruled that Medhelp was legally permitted to disclose personal data to MediCall for processing in relation
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Medhelp Sjukvårdsrådgivning AB in SE
This is the only recorded case for this entity in this jurisdiction.
Details
Ruling Date
12 February 2024
Authority
DPA FiS
About this data
Cite as: Cookie Fines. Medhelp Sjukvårdsrådgivning AB - Sweden (2024). Retrieved from cookiefines.eu
Last updated: