Published June 8, 2021 at 2:06 pm
Domestic. Medhelp is charged SEK 12 million in penalty fees for violations of the GDPR after calls to 1177 Vårdguiden were available on the internet for anyone to download. This has been decided by the Privacy Protection Authority (IMY).
Like the article p & aring; Facebook
It was Computer Sweden that in 2019 revealed that 2.7 million recorded calls to 1177 Vårdguiden were available online without password protection. Some files had the caller's phone number in the file name.
Medhelp had in turn hired the Thai company Medicall Co Ltd to handle calls to 1177 that took place on weekends and nights. Medhelp and Medicall had an agreement with the technology company Voice Integrate Nordic AB for, among other things, switching functionality and recording of calls. These are recordings of calls to 1177 connected to the company in Thailand that were available on the Internet on a storage server at Voice Integrate.
– It has been a complicated investigation to clarify the connection between the regions and health care advice via 1177 and the relationship of responsibility between the various actors, says Magnus Bergström who is an IT security specialist at IMY and who participated in the review, in a press release.
The leak led to a number of cases at the then Data Inspectorate and has now led to a decision. <./p>
The established shortcomings mean that IMY issues a penalty fee of SEK 12 million against Medhelp.
Voice Integrate also had an obligation as a personal data assistant to take appropriate and sufficient measures to protect the audio files handled on behalf of Medhelp.
– The Data Protection Regulation, GDPR, also imposes obligations on personal data assistants, ie companies or others who process personal data on behalf of someone else. One such obligation is that the assistant must take appropriate security measures to protect personal data, which is especially important when it comes to health information.
IMY therefore issues a penalty fee of SEK 650,000 against Voice Integrate.
< The authority also criticizes the three regions for shortcomings in the information to healthcare seekers who call 1177. IMY issues a sanction fee of SEK 500,000 against the Stockholm Region and SEK 250,000 for the other two regions, partly due to the lack of information in these regions were not as extensive.