Firms pay for health data leak

Greece’s privacy watchdog has fined a private clinic for passing on data on one of its patients without her permission to the woman’s insurance company – which promptly canceled her health policy. In addition to the 30,000-euro fine on the clinic, the Authority for the Protection of Personal Data (APPD) fined the insurance company 20,000 euros in a decision made public yesterday. The names of the two companies involved were not released. The woman, whose identity was also kept secret, took her case to the APPD after finding the insurance firm had dropped her on the strength of medical examinations she had carried out at the clinic. The results of the tests had been conveyed to the insurers without her consent or prior notification. The APPD rejected the insurance firm’s argument that the woman was bound by contract to provide full disclosure of her medical record. The watchdog also ruled that a breach of privacy had occurred despite the insurers having acquired the data on the strength of a prosecutor’s order, as the patient’s consent was not requested.