Problems with how the hospital managed patients’ medical records were first uncovered in December 2009 by Sweden’s Data Inspection Board (Datainspektionen).
On a recent return visit, the agency found that Karolinska had yet to address the matter and that the illegal spreading of patient information continues.
“The law on patient data is clear that patients must be informed before their information is passed along to other care givers,” the agency’s Maria Bergdahl, who led the inspection, said in a statement on Monday.
“It’s important that patients are informed in a clear manner, not least because it’s important for them to continue to have confidence in their caregivers.”
Since coming into effect in July 2008, Sweden’s law on patient data makes it possible for caregivers to use common record keeping, allowing them to access information in one another’s files.
However, caregivers are required to inform patients about the significance of common medical records.
Among other things, patients are to be informed about which information will be made accessible to other caregivers, who the caregivers are, and under which conditions the information will be shared.
Karolinska now has until March 1st to inform all its patients about the system of common medical records and report back to the agency on how it carried out the demand.
Data Inspection Board head Göran Gräslund added that the agency has come across a number of “worrying” breaches of Swedish laws regarding the handling of patient records.
“If the hospital doesn’t improve the information it provides patients, there will be nothing left for the Data Inspection Board to do other than, under the threat of fines, prohibit the hospital from making its records available to other caregivers,” Gräslund said in a statement.