Data protection scandal in Tübingen: Letters with cancer diagnoses in the ditch

Data protection scandal in Tübingen: Letters with cancer diagnoses in the ditch

In a remarkable incident, letters from the University Hospital Tübingen (UKT) were discovered with sensitive information about cancer patients in a ditch between Metzingen-Glems and Eningen under Achalm. The question of how these confidential documents got there is both the police and the clinic itself. "We have not yet known it," said Bianca Hermle, spokeswoman for the UKT, in an interview with the Reutlinger General-Anzeiger. The clinic has already taken measures to examine this data breakdown and research how it could happen.

The letters that are addressed to several patients and contain sensitive medical data were brought to the police in Metzingen by a 78-year-old finder. This now finds that it is a serious matter that could possibly have criminal consequences. Ramona Döttling, spokeswoman for the Reutlingen police headquarters, confirmed that the letters are registered and that the investigation to clarify the background is in full swing.

Protection of sensitive data

Bianca Hermle clearly expresses the regret of the clinic about the incident. "It is highly sensitive data that have been disclosed. The addresses of the patients and special details on the cancer diagnoses have now become known," continued Hermle. The UKT has taken immediate steps to officially report the incident - both to the data protection officer and the state supervisory authority. The affected patients were also informed in writing about the data breakdown. So far, however, the clinic has not received any feedback from those written and cannot check whether the former cancer patients are still alive.

The letters date from 2007 and 2008, which makes the situation even more complicated because it is relatively old cases. The information about the incident and the causes that led to this data security problem is currently the focus of the efforts of the clinic.

Investigation in a way

The investigation by the police run in parallel to the internal examinations in the UKT. Although no abuse of the data has been found so far, the uncertainty about the whereabouts of the letters and how they came into the ditch. "We checked the entire path of the patient file from digital archiving to annihilation. No data loss could be found here," explains Hermle. This statement is unfortunate because it indicates that the origin of the letters may not be found in the digital process, but rather in physical use of documents.

The university clinic has assured that all patient data is digitally secured on their servers, which ensures some reassurance. Nevertheless, the question remains how it was possible that such sensitive information could be treated without the necessary care. To date, there are expert opinions that there must be special caution in medical institutions in dealing with patient data in order to avoid such incidents.

The affected clinic will continue to try to bring light into the dark, but the shadows of uncertainty and the violation of data protection regulations are hanging.

Background and legal aspects

Data protection in the healthcare system has become very important in recent years, especially in Germany, where the General Data Protection Regulation (GDPR) sets strict regulations for the processing of personal data. Hospitals and clinics are obliged to ensure the highest possible protection of patient information. According to Federal Representative for data protection , in the event of a data protection violation, not only legal consequences, but also a massive loss of trust among the patients. These regulations are particularly important in cases where sensitive medical data are affected.

The University Hospital Tübingen reacted immediately in this case by informing the patients concerned and reporting the data protection violation of the responsible state authority. However, it becomes critical if the internal processes are not sufficient to prevent such incidents. Legal framework conditions not only require the report of incidents, but also that clinics implement measures to reduce risk and continuously revise.

A look at similar cases

Comparable incidents have taken place in various health facilities in the past. For example, in 2019 there was a similar case in a hospital in Hamburg, where data from several patients were publicly open to the public due to a security incident. In this case, the clinic also reacted with immediate measures and an internal examination. Such incidents show the recurring challenges in data security in healthcare, which can be caused by human failure or technical defects.

Another remarkable incident occurred in a German nursing home, where sensitive patient data got into the wrong hands due to poor annihilation of files. Here the loss of confidence of the relatives was enormous and led to an intensive publicity -effective debate about data protection in the healthcare system. The commonality of these cases is the need to create both technical and organizational structures that ensure data protection in health care.

Kommentare (0)