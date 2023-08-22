During the summer, three new data security breaches have been discovered, in which people who worked at Hus have viewed patient information without permission.

Helsinki and according to the Uusimaa hospital district’s press release, three new cases have come to light in connection with self-monitoring, where a person who worked at Hus has unauthorizedly viewed the information of persons receiving treatment. The cases came to light during the summer. They are not related to the case that came to light in the spring, in which the Husi employee who handled the invoicing looked at hundreds of patients’ information without permission.

Husi’s chief administrative physician reached by phone Teppo Heikkilä tells HS that the processing of new cases is still in progress.

“Cases are laborious to find out. We have to assess on a case-by-case basis for each employee what his activities are related to work and what is not.”

According to the release, each employee has had tens or hundreds of unauthorized data views. In addition to patient information, medical record information has also been extracted. The employees’ access rights to the Apotti patient information system used by Husi have been necessary for the job, but the rights have been misused.

Unauthorized The viewings took place in 2021–2023.

“Some of the employees were no longer employed by Hus when the incident came to light. Terminations are always evaluated on a case-by-case basis,” says Heikkilä.

According to the release, Husi’s operating models in data security breach situations are in accordance with the EU data protection regulation. Hus always reports to the data protection commissioner’s office, takes managerial measures depending on the seriousness and scope of the case, and informs those affected by a data security breach.

“We will contact the patients concerned by letter. Not all those involved have been contacted yet,” says Heikkilä.

In the letter, the interested parties are told about the possibility of submitting an investigation request to the police.

Hus can also make an investigation request as an organization. Heikkilä does not take a position on whether a request for an investigation into the new cases has been made or will be made.

“We always evaluate the matter on a case-by-case basis,” says Heikkilä.

According to the release, data security breaches of this magnitude are rare in Hus. Several cases have come to light this year.

Heikkilä does not comment on the possible increase in cases or their causes. According to him, the cases that have come to light show the good functioning of statutory self-monitoring.

“After the incident reported in the spring, the matter has clearly been more on the minds of the staff and patients, which in itself is a very positive thing.”

Self-monitoring procedures he does not want to open in public.

“The patient has the right to check the use of his own register data from us. If there is reason to suspect abuse in the system’s log data, we will provide an explanation.”

According to Heikkilä, patient data security breaches are very unfortunate.

“We are very sorry about them. Every incident is upsetting.”