We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

Journalist Uncovers Data Breaches at French Hospitals

05 February 2013
A February 4, 2013 article published by the specialized healthcare news site "Actusoins" revealed data breaches at several French hospitals and clinics, demonstrating that such incidents can occur even in a highly-regulated jurisdiction.
Journalist Uncovers Data Breaches at French Hospitals

The journalist was researching another article, and entered the name of a physician into Google. The journalist was astonished to find at the top of the results the scanned copy of the doctor's prescription for a PET scan of a cancer patient whose name was still on the prescription. Alarmed, the journalist continued her investigation and discovered numerous other data breaches, including the list of patients admitted to various services in a given hospital, a list of handicapped adults and children, and in some cases patients' test results. The breaches originated in different hospitals and clinics.

The Actusoins website de-identified the patient data before publishing its article, and states that the relevant hospitals and clinics were informed and have in each case corrected the bugs.

France has strict laws relating to the protection of health data, with high fines and criminal sanctions for breaches. France is one of the only countries in Europe requiring that health data be stored only with hosting providers approved by the French government. In spite of these precautions, as noted in the article, compliance appears to lag, particularly among smaller health care facilities. Some of the facilities cited in the article made very basic mistakes in how they store and protect health data, including failing to secure FTP servers. France does not yet impose a data breach notification requirement on health care providers, but such an obligation is likely to be introduced with the adoption of the proposed EU regulation on the protection of personal data.

The Actusoins article concluded by recommending that French individuals "Google" themselves to see whether their hospital records turn up!

Future-Proofing Privacy: New and Stronger Rights

The Regulation aims to strengthen the rights of individuals. It does so by retaining rights that already exist under the Data Protection Directive and introducing the new rights of data...

06 June 2016
Loading data