When the waiting area becomes a surveillance zone

Diagnoses made public, patients secretly filmed - what sounds like a bad movie has become reality in Hessian medical practices. In his latest annual report, Hessian Data Protection Commissioner Alexander Roßnagel sounds the alarm: never before have so many data protection violations been reported as in 2024. Over 2,100 data protection violations, 545,000 euros in fines - and right at the forefront: medical facilities.

This is not about banal IT glitches, but about blatant invasions of privacy: publishing patient names and diagnoses in response to bad Google reviews, video surveillance with a hidden camera in a wall clock, or a practice manager showing patient files around at a private party - and sharing them with his partner via WhatsApp photo.

This is no longer an oversight. It is grossly negligent - if not deliberate.

Violated data protection - violated trust

The fact that doctors' surgeries of all places, places of the highest trust, handle sensitive data so carelessly is not only a legal disaster, but also an ethical one. Patient data is among the most sensitive information of all. Anyone who acts carelessly here risks not only high fines, but also people's trust in medical care.

The data protection officer makes it clear that many breaches occur due to ignorance. But this is precisely why mandatory training and clear rules in everyday practice are urgently needed. Anyone who manages a practice should know that WhatsApp is not a suitable tool for medical communication - and that a wall clock with a camera has no place in the reception area.

What are politicians planning - and where is new trouble looming?

The German government is currently planning to centralize data protection supervision at the federal level - supposedly to simplify matters. However, the Hessian data protection commissioner warns that centralization brings disadvantages. Processing individual concerns is already time-consuming - in future, citizens may have to travel to Cologne instead of Wiesbaden to assert their rights.

In addition, the Federal Data Protection Commissioner is already understaffed - effective monitoring would hardly be possible. Instead of centralization, Roßnagel proposes: The federal government should coordinate, not take over. After all, data protection is always local - and affects individual people, not just centralized data flows.

Anyone who secretly films patients has no place in the healthcare sector

We say it clearly: Anyone who installs a hidden camera in the reception area should not be warned, but reported. Period. Such violations are not a trifle, but a breach of trust towards every single patient who relies on their most intimate data being protected.

The fact that some practices apparently think that data protection only applies to others is not only dangerous - it shows how urgently binding information and consistent sanctions are needed. Data protection is not a bureaucratic luxury, but a fundamental right - especially in the healthcare sector.