Amsterdam’s OLVG hospital group has been fined €440,000 for allowing unauthorised personnel unlimited access to patients’ medical files.

Privacy watchdog Autoriteit Persoonsgegevens (AP) said that between 2018 and 2020 the hospital did not have enough measures in place to prevent breaches of privacy. It was not clear who was accessing the files and the computer systems were not secure, it found.

Access to medical files is only granted to doctors, nurses and staff if it is necessary for the treatment of the patient. The AP told broadcaster NOS a tip off from a ‘worried citizen’ and  ‘signals from the media’ had prompted the investigation.

The hospital authorities were also warned by a student doing a part time job planning appointments. She found she had access to the medical files of friends and celebrities and files dating back as far as 15 years. Despite alerting the management the issue was not dealt with, the Volkskrant said.

‘You should be safe in the knowledge that what you tell your doctor remains confidential,’ AP chairwoman Monique Verdier told NOS. ‘It doesn’t bear thinking about that people who have no business there can browse in the notes your doctor has made about you. But it happened and  that it why the AP has fined the hospital.’

The OLVG will not appeal against the fine and has said the requisite safety measures are now in place.

In 2019 the AP fined the Haga hospital in The Hague €460,000 for similar breaches of privacy while data from health board coronavirus systems were stolen recently and offered for sale.