An employee of the Laurentius Hospital in Roermond accessed the medical records of 95 patients while he was not authorized to do so. Duped patients have been informed of this. The Limburg hospital has also taken measures to prevent recurrence in the future.
Laurentius Hospital reports this in a press release (1).
The incident came to light when a healthcare worker noticed a colleague browsing through hospital patient files. When he noticed this, he reported it to the hospital. According to Laurentius Hospital, the employee in question had looked through the medical records of 95 patients "in the past period." There is no reason to believe that the employee shared or misused personal data with another person.
As soon as the Roermond hospital learned of the employee's behavior, it reported the incident to the Autoriteit Persoonsgegevens and the Health Care & Youth Inspectorate (IGJ). Furthermore, the healthcare institution immediately took "appropriate measures" to ensure that it does not happen again in the future. What kind of measures to think of, the hospital is keeping to itself. Finally, Laurentius Hospital has commissioned a specialized forensic investigation agency with experience in healthcare to investigate the case.
Luc van den Akker, chairman of the Laurentius Hospital Board of Directors, said in a statement that we attach great importance to patient privacy and regret that this could have happened. "All patients affected by this have received a personal letter explaining what this means for them and where they can go with further questions. Patients who did not receive a letter need not worry."
Furthermore, the board chairman says the hospital has reviewed and tightened its internal procedures to further ensure the privacy of patient data.
The Laurentius Hospital is not the only healthcare facility where things went wrong recently. At the Bravis Hospital in Roosendaal, a former employee accessed the patient file of her partner's ex-wife 347 times. The former secretary processed the medical data in a book she wrote about her partner's fighting divorce.
When the patient laid eyes on the former employee's book, she alerted the Bravis Hospital. The latter found that the former secretary had reviewed hundreds of times in four years, even though she was not authorized to do so. Thereupon, the patient filed a lawsuit against the hospital. She demanded compensation of 15,000 euros for immaterial damages, moving expenses of 20,000 euros and compensation of 3,000 euros for the security of her home.
The court acknowledged that there was a violation of the right to privacy, but found damages of 2,000 euros more appropriate to the offense.
Another example where things went badly wrong with patient data is at Albert Schweitzer Hospital. The hospital had accidentally deleted 513,000 old records when it switched from physical records to the electronic patient record. Due to an incorrect setting in the system, newer documents were stored for nearly a year with file numbers that were also used for inactive documents. "The new files thus replaced the old ones," the hospital said in a press statement.
"This mistake should not have occurred and cannot occur again. We apologize for not acting as carefully as you would expect us to," hospital director Peter van der Meer said. He called the chances of the lost information affecting patient treatment "negligible."
https://www.laurentiusziekenhuisroermond.nl/over-laurentius/actueel/laurentius-informeert-patienten-over-ongeoorloofde-inzage-dossier
