Violation of privacy, bribery and official forgery: a paramedic provided funeral agents with data on deceased patients and their families for small amounts of money. He also "moonlighted" by issuing sick leave certificates with false information. The culprit was sentenced to a fine of 200,000 rubles, according to the appellate ruling of the Omsk Regional Court in case No. 22-1780/2023.
To limit potential insider activity and minimize the risk of selling medical information, organizations should:
Use specialized information security tools that will allow you to control user actions and prevent illegal attempts to collect, change or transfer information. Particular attention should be paid to monitoring web versions of instant messengers.
Identify risk groups - employees who have psychological and personal motives for insider trading and data selling.
Conduct training for employees on information security issues and personal responsibility for violations.
Negligence in the use of medical confidentiality
Negligence in handling medical confidentiality is the failure to comply with the rules for storing, processing, transferring and destroying medical information, as prescribed in regulatory legal acts. Responsibility for negligent handling of medical confidentiality depends on the qualifying article:
A fine of up to 350 thousand rubles or arrest for up to 6 months, or imprisonment for up to 5 years;
Violation of legislation in the field of personal data. Various administrative fines for citizens, officials and legal entities from 2 to 800 thousand rubles. In the near future, it is expected that bosnia and herzegovina mobile database fines will be introduced for leaks of personal data. The exact amount is still unknown, but it can reach 3% of the company's turnover.
Disclosure of restricted information. Administrative fine for citizens - up to 10 thousand rubles, officials - up to 50 thousand rubles, for legal entities - up to 200 thousand rubles.
Let's look at examples of negligent treatment of medical confidentiality in several cases. Violation of privacy: a nurse, at the request of a friend, took a photo of the diagnosis of one of the patients and sent the photo in a messenger. The nurse was fined 15,000 rubles.
Violation of legislation in the field of personal data: the head doctor of the hospital did not properly organize the destruction of documents with patient data. As a result, the documents were found by a passerby in an unauthorized dump. The passerby posted information about this on the Internet. The head doctor was fined 8,000 rubles.
Disclosure of restricted information: a doctor posted COVID-19 test results with patients' personal data on his VK page. The medical worker was fined 40,000 rubles as an official, according to the ruling on administrative offence case No. 05-0307/264/2022 of the magistrate of judicial district No. 264 of Moscow.