What exactly the processor must report to the supervisory authority is laid out in the minimum information comprises such basic data as the nature of the, categories and number of data subjects concerned, the identity and contact details of the processor’s data protection officer
The measures proposed or taken by the processor to extenuate the achievable harmful Hospital Data Breach property of the breach as well as a description of its possible consequences. It also requires the controller and processor to document any breach, its effects and the remedial action taken.
Part of the uneasiness that the obligation to report Healthcare Data Breaches to the supervisory authority has created among Hospital Data Breach stems from the assumption that reporting a breach will be tantamount to disclosing it to the public.
Such concerns, however, do not find any basis in the current wording of merely states that the supervisory authority shall keep a public register of the types of breaches notified, but not a comprehensive list of companies that filed a report. If the new reporting regime set forth in the Rule is to be successful, the supervisory authority must play its part too and ensure that all reports are treated confidentially.
The fact that data processors that have experienced a breach are not exposed as culprits by the supervisory authority does not mean, however, that the data subjects concerned by such Hospital Data Breach can be left out of the equation. the Standard does not introduce a general duty to communicate the information subjects approximately any and all break, but boundary such work to lawsuit where the Hospital Data Breach is likely to harmful affect the activity of the Healthcare Data Breach, the privacy, the rights or the legitimate interests of the data subject.
If these conditions are met, data subjects must be provided within the same time frame, i.e. without undue delay with the contact details of the data protection officer, the consequences of the Hospital Data Breach and a description of the measures taken to mitigate its effects. The obvious question will of course be under which circumstances it must be assumed that a breach will have an adverse effect on an individual’s privacy and his/her legitimate rights and interests. It is certainly safe to say that this is the case whenever the data leaked or destroyed contains information on the data subject’s physical or mental health.