The applicant complained that the health authority had failed in its duties to establish a register from which her confidential patient information could not be disclosed to third parties, thus violating her right to private life.
The Court ruled that the right to private life of the applicant had been violated, as her medical data was not secured against unauthorized access and there were no sufficient safeguards for her.
The Court found that:
The need for sufficient guarantees against disclosure of private information is particularly important when processing highly intimate and sensitive data, as in the instant case, where the applicant was HIV-positive. Additionally, the applicant worked in the same hospital where she was treated.
The patient records system in the hospital was clearly not in accordance with the legal requirements contained in national law.
Although the applicant had an opportunity to claim compensation for the damages caused by an alleged unlawful disclosure of data, it was not a sufficient safeguard for protection of her private life against unauthorized access to her medical information.