Helsinki Hospital Employee Convicted for Illicit Access to Patient Data

The Helsinki District Court has handed an eight-month suspended prison sentence to a former billing employee at the HUS Hospital for extensive data protection offenses.

Between 2019 and 2023, the worker illegally accessed the information of 142 individuals.

The HUS (known in Finnish as the Helsingin ja Uudenmaan sairaanhoitopiiri) is the largest provider of specialized healthcare in Finland and manages medical facilities across the Uusimaa region.

The court found that the employee mainly viewed information through the national population information system. This centralized database contains demographic details such as names, addresses, and family relationships of residents in Finland.

In eleven cases, the worker also accessed internal hospital patient systems. For nine of those patients, the employee could see which specific hospital units had provided treatment.

However, the court confirmed the worker did not access detailed medical histories or doctors’ notes.

Alongside the suspended sentence, the court ordered the defendant to pay financial compensation to the victims who requested damages.

The hospital terminated the employee’s contract immediately after the suspicions surfaced in the spring of 2023.

The court decision is not yet legally binding and can still be appealed.

Finland operates under strict national and European Union privacy laws, which mandate severe penalties for the unauthorized viewing of official registries.

This incident is part of a broader pattern of data breaches within the hospital district. In 2023, HUS uncovered several similar privacy violations involving unauthorized personnel.

According to Yle, a year ago, a practical nurse working for the same healthcare provider was also convicted for unauthorized access to patient records.