Dordrecht hospital dismisses two workers for viewing 1,100 patient files illegally

The Albert Schweitzer Hospital has fired two employees for looking into patients’ files out of curiosity. During an internal check, it emerged that a total of 1,100 files had been opened without authorization, the Dordrecht-based hospital announced on Thursday.

One of the employees worked in healthcare and, without any valid reason, viewed the records of people who lived on the same street and had been treated at the hospital. The other did not work in a medical unit and had only limited access to certain patient details, including names, addresses, hometowns, and the wards where patients were admitted.

“This is a grave matter and is incompatible with the standards of good patient care,” board chair Nicole Stolk said in a statement. “Patients must be able to trust that their data is safe with us. Accessing a patient’s record without a treatment relationship breaches the trust at the heart of healthcare. It’s unacceptable, and the individuals involved were fully aware of that.”

The hospital has sent all affected patients a letter apologizing and explaining the situation. It has also notified the Dutch Data Protection Authority and the Health and Youth Care Inspectorate (IGJ). Oversight measures will be further strengthened, the hospital said.

This is not an isolated case. According to Z-CERT, the healthcare sector’s Computer Emergency Response Team, hospitals and other care institutions regularly discover instances of unauthorized access, usually out of curiosity rather than with malicious intent.

In previous rulings, courts have found that immediate dismissal may be justified when privacy rules are repeatedly or seriously violated, particularly if the organization has clear conduct policies and has informed employees about them.