I. vs. Soome
Euroopa Inimõiguste Kohus
The applicant was HIV-positive and worked in a hospital. She became aware that her colleagues had learned of her illness. Consequently the applicant requested the hospital to provide information on who had accessed her medical files, however, the hospital stated that it is technically impossible to provide such information. The applicant instituted civil proceedings against the Health Authority for the alleged failure to keep her patient records confidential but her claim was dismissed.
The applicant complained that the health authority had failed in its duties to establish a register from which her confidential patient information could not be disclosed to third parties, thus violating her right to private life.
The Court ruled that the right to private life of the applicant had been violated, as her medical data was not secured against unauthorized access and there were no sufficient safeguards for her.
The Court found that:
- The need for sufficient guarantees against disclosure of private information is particularly important when processing highly intimate and sensitive data, as in the instant case, where the applicant was HIV-positive. Additionally, the applicant worked in the same hospital where she was treated.
- The patient records system in the hospital was clearly not in accordance with the legal requirements contained in national law.
- Although the applicant had an opportunity to claim compensation for the damages caused by an alleged unlawful disclosure of data, it was not a sufficient safeguard for protection of her private life against unauthorized access to her medical information.