Elizabete Pumpure is a gynecologist. That the patient's data can be seen in e-Health is well known to her as a doctor. But she would never have even imagined that her sensitive data would be used against her by her former employer, who, while Elizabete was ill, looked at what she was suffering from.
“When I came back to work, someone had already told the entire staff why I was ill. And they asked why I had been ill for so long, and discussed the treatment facts. It made me feel very unsafe. And then I thought about that data, too. One is that it should not be [viewed without necessity] at all. The second is that one does not even understand what one has done,“ said Elizabete Pumpure.
The doctor contacted the Data State Inspectorate and wrote a submission. She also decided to quit that workplace.
“My employment relationship was already coming to an end. And I guess that's why there was mobbing and emotional abuse there. Because health is one of the most fragile things a person has. And it can be very offensive used in this way,” said the doctor.
At least 30 people have noted that their data had been viewed with no reason in the past year. The fact that someone has viewed your personal data can be seen by any resident using e-Health on the Audit tracking (Audita pieraksti) section.
All medical workers have access to the system. However, the data should only be viewed by the treating physician.
“The doctor has the right to access data on their patients. The fact that they have access to all e-Health and data of all Latvian people does not mean that they can look at it,” explained Jekaterina Macuka, director of the Data State Inspectorate.
There are two types of penalties for such conduct: a warning or reprimand, or an administrative violation case is initiated and a fine imposed. It can range from one hundred to seven hundred euros.
So far, a warning has been issued in all cases, but this year, with a growing number of submissions, the DVI is planning to start imposing real fines.
“We are starting to bring cases rather than just reprimands. Because we're seeing [numbers] go up. And then maybe if you see colleagues paying the penalty, even those 100 euros, it will make you think,” Jekaterina Macuka said.
The National Health Service (NVD) is urging e-Health users to take this opportunity and see if their data has been accessed by someone who doesn't need to see it. If it is suspected that this has happened, the institution connected to the system should first be contacted, asking why. If a particular medical practitioner is not identifiable, the information will be provided to the National Health Service (NVD). A submission to the data State Inspectorate follows.
“There is sensitive information out there and under no circumstances should it be viewed for a purpose that is not intended,” Sintija Gulbe, deputy head of PR at the NVD, stressed.
The Data State Inspectorate will appeal to doctors' associations, asking members to remind them not to do so.