Science&Tech Poor data protection will cost a hospital nearly half a million euros By WeeklyNews staff Posted on July 17, 2019 4 min read Share on Facebook Share on Twitter Share on Google+ The Haga Hospital in The Hague has to pay a fine of 460,000 euros because patient records are poorly secured. The hospital will appeal this. It is the first AVG fine in the Netherlands. That unauthorized looking at files was revealed by the fact that last year medical data from Samantha de Jong (Barbie) came out in the publicity. She was admitted there after a suicide attempt. Carla van de Wiel, chairman of the hospital, says that he finds it sour that the money cannot be spent on patient care. She says in a written statement that she will do everything in his power to avoid the penalty of another many thousands of euros that the Netherlands Data Protection Authority (AP) threatens if the 460,000 euro fine is not paid. The hospital will appeal the fine. The AP notes, through chairman Aleid Wolfsen, that research into the way the hospital works in The Hague shows that the security of medical data is still not in order. “What we found is a very worrying situation,” Wolfsen told EenVandaag. “The security is really below par. There is no proper control, people can easily access those medical records. “ The hospital now says it will further tighten the internal security of patient records. “Two of the total of six components are assessed as not being satisfactory by the Dutch Data Protection Authority.” The hospital cannot say what the patients will notice of the 460,000 euros less on the budget. “That cannot be made specific,” the spokesperson said in an email. The management also does not discuss why patients have to pay for something they are not to blame for. Namely, the inadequate protection of patients’ medical records. Among other things, what was missing from the own security rules was that in many cases it was already possible to log in using only username and password. In fact, you should only gain access to the files after entering the user name, password and checking staff pass and pin code. Those who logged in with their username and password also had access to certain data for four hours. The intention is to log in more often during that time and also to check on logging in more often. The Haga Hospital says it has tightened the currently missing extra check on logging in employees into files for October. That deadline is also necessary to prevent a penalty payment being made in addition to the fine, which can amount to many more thousands of euros.