Healthcare: Massive GDPR violations through outsourcing
The outsourcing of healthcare services can result in various GDPR-related problems: 1. Data protection and data security: According to Art. 9 GDPR, health data are considered particularly sensitive data and are subject to increased protection requirements. When outsourcing to external service providers, there is a risk that they may not adhere to the same high security standards as the healthcare facilities themselves[2]. 2. Lawfulness of data processing: It must be ensured that the processing of health data by the service provider has a legal basis and complies with the requirements of the GDPR[4]. 3. Order processing agreements: Detailed order processing agreements must be concluded with external service providers in accordance with Art. 28 GDPR, which regulate all data protection requirements[4]. 4. Information obligations and data subject rights: It must be clarified how information obligations towards patients are to be fulfilled and how their rights (e.g., access, deletion) can be guaranteed even with outsourced processes[2]. 5. Data transfers to third countries: When outsourcing to countries outside the EU, additional requirements must be met ...

