The Asklepios clinic in Hamburg-Altona has apparently repeatedly sent patient data to a wrong recipient - despite clues to the glitch. According to research by the NDR, psychotherapist Daniela Rath received medical reports from patients she did not even know for a total period of six years.
According to the NDR, Rath was sent the first letter about six years ago. She informed the clinic that she had never heard of the patient. Nevertheless, an identical letter had been sent to her again, whereupon she again reported the error to the clinic. Three weeks later: the same letter again.
In spite of vehement phone calls, in the following weeks medical reports were repeatedly sent to the psychotherapist, who were not meant for her - especially discharge letters after treatments and surgeries - eleven in all. "You can actually do what you want, it does not interest you at all", Rath quotes, addressing the NDR and the Hamburg Data Protection Commissioner Johannes Caspar. He has the case checked now.
Human error while sending the letters
The concern Asklepios expressed its regret. At the request of DER SPIEGEL, the clinic described human error as the reason for sending the letters incorrectly: "Based on the information available so far, the wrong therapist was repeatedly selected from the hospital directory in error," Asklepios wrote in writing. It was probably for example, confusion due to name similarities and name similarities, it said. "This is a mix-up and human error." A law firm and the clinic's data protection officers are currently investigating the incident.
The description does not seem to be an isolated case. In the past year and a half, Asklepios in Hamburg reported 20 false shipments according to the report. According to the data protection authority, however, the group takes the obligation to report such errors very seriously, so other hospitals do not report anything.
Asklepios continued, "Protecting the data of our patients is a core concern for us." The therapist was locked in the clinic directory.
Since the entry into force of the General Data Protection Regulation in May 2018, authorities registered around 850 data breaches nationwide due to incorrectly sent patient records. Six federal states could therefore call no numbers. The breakdowns are reported to be mainly due to human error.