As La Kartidenningen previously reported, several health care providers were charged penalty fees by the privacy protection authority, EMI (formerly the Data Examiner) after an audit in 2020. The body noted deficiencies in how personal data was handled in seven hospitals and districts. requested in the amount of millions.
Two of them paid without appeal, while the other five sued. These are the Sahlgrenska University Hospital, the Kapiu St. Goran Hospital, the Karolinska University Hospital, the Ostergotland region and the Vasterbotten region.
In the first place, the Administrative Court and the Privacy Protection Agency were right. Therefore, the fee requirements remain, albeit slightly modified.
However, this ruling was appealed. In the Court of Appeal, instead, the caregivers were right and would therefore avoid the fee.
This ruling was also appealed. But in order to bring the matter to court again, it was necessary to obtain permission to appeal. The Supreme Administrative Court did not grant this. This means that the five caregivers still do not have to pay.
In the case of Västerbotten, for example, it was a matter of license allocation in the NCS Cross record system. The Privacy Shield believes that the region did not perform a needs and risk analysis before assigning licenses into the system.
– Throughout the entire process since the start of the inspection in December 2019, we have indicated that this is not true and that needs and risk analyzes are performed before authorizations are set in the system for each individual employee, says Regional Director Tommy Svensson at a press conference. press release.
Districts and hospitals avoid paying millions in penalty fees
“Unapologetic writer. Bacon enthusiast. Introvert. Evil troublemaker. Friend of animals everywhere.”