The issue of so-called “privacy” it is becoming more and more complex, difficult to manage and sometimes even irrational. In recent days, we learned of the decision of the Guarantor concerning the case of a dentist who, before carrying out an operation, asked a patient for a series of information on his state of health, including the possible contraction of infections such as HIV, AIDS, etc. And after viewing them, he informs the patient that the surgery would not have taken place because “The diagnosis of HIV seropositivity (declared by the patient) did not allow to avoid a possible contagion of staff and other patients”.
Upon hearing the news, the patient gets angry, considers the request about his health unjust and turns to the Privacy Guarantor denouncing a violation of their personal data.
It would seem clear to everyone that that information should be considered useful for the doctor, in order to prepare the necessary treatments and appropriate preventive measures, but the Guarantor instead condemned him considering that “the request for information relating to the possible state of seropositivity of each patient who comes to the doctor’s office for the first time, regardless of the type of clinical intervention or the therapeutic plan that the same must perform, is contrary to the principles of protection of personal data “. The “precautions aimed at protecting against contagion, says the Guarantor, must be adopted towards the generality of the assisted persons”, therefore such an invasive request for information is not necessary.
The arguments of the doctor in his defense were useless, also referred to the patient’s spontaneous decision to make use of a medical portal that requested such information following explicit consent, as well as that the acquisition of that data was necessary and included in the “Treatment process”. The Guarantor stated that he has no competence to enter into the technical merits of the matter and that the However, the “treatment process” has not started, in fact the patient was not accepted as a result of the information provided.
So the violation has occurred and a fine of 20,000 euros must be applied. It is singular to note that the alleged violation does not concern the unjustified dissemination of data nor the failure of the information acquisition system, nor the failure to comply with specific requirements, but only the acquisition of a “particular” data that should not have been requested. , nor processed, even if provided with the consent of the interested party. Furthermore, the fact that the personal details of the patient are rightly obscured in the provision of the Guarantor, but those of the sanctioned doctor are clearly evident.