The Karolinska University Hospital was criticized on Sunday by the head Swedish Data Inspection Board, following allegations in the media that it lacked control over who accesses patients’ records.
The board said the hospital still has no log of access to its databases, contrary to Swedish laws stipulating that hospitals provide full details on who accesses patient records.
These criticisms came as a result of a full information security check carried out in October. It found out that the hospital had not responded to earlier warnings and concluded the hospital could have breached doctor-patient trust.
The earlier inspection done by specialist medical magazine, Dagens Medicin, revealed that the hospital had not carried out a security upgrade for several years. In 2003, the hospital was accused of allowing unauthorized people to access information related to the assassination of former Foreign Minister Anna Lindh.
According to official records, more than 200,000 medical records are accessed everyday in the hospital’s database. Doctors, nurses and hospital managers are among those who access the information, but also others could be gaining access illegally.
According to Göran Gräslund, Director General of the Swedish Data Inspection Board, the lax routines might dissuade people from going to the hospital.
“If some known personality had an alcohol problem, they might not go to public health institutions out of fear that information would be spread,” he told TT, adding that the hospital must step up database security right away.