Data Protection Violations in Health Care

May 18, 2024By EMTACS

DPAs from 26 different nations have fined hospitals, pharmacies, doctors, and drug suppliers a total of 202 times (+48 compared to the 2023 ETR) for violating data privacy laws. This indicates a 20% drop in yearly fines in the health care industry when compared to the prior reporting period. Currently, the total fines are around EUR 16.5 million (+0.8 million compared to the 2023 ETR). This has put a temporary halt to the significant increase in both the quantity and total of fines from the previous year.

With 71 fines overall (up 16 from the 2023 ETR) and a total of 11.6 million euros in fines, the most common area of data protection infractions is still the absence of adequate organizational and technical data protection measures (TOMs). The majority of TOM fines in 2023 were quite modest, with an average of EUR 17,500, given that the average GDPR fine for the health care industry in 2023 was EUR 27,300. Unlike the previous year, no unusually high fine was imposed in this area. The maximum fine is merely 81,000 euros.

Italy leads the list of nations from where the fines came once more, with 23 fines imposed in 2023.

https://cms.law/en/int/publication