Report on the protection of IT systems and health data in three Danish regions


Report no. 4/2017

This report concerns the measures taken by three of the five Danish regions – Region of Southern Denmark, the Central Denmark Region and the Capital Region of Denmark – to protect access to the citizens’ personal health data. The regions are required to secure not only the confidentiality of health data, but also their availability and reliability so that the patients can receive timely and appropriate treatment. 

The purpose of the study is to assess whether the three regions are protecting access to their IT systems and data in a manner that secures the confidentiality, availability and reliability of the citizens’ personal health data. 

It is Rigsrevisionen’s assessment that the three regions are not protecting the access to IT systems and health data in a satisfactory manner. As a consequence, unauthorised persons might gain access to sensitive and confidential personal data, which could affect the reliability and availability of important health data used in the treatment of hospital patients. 

Rigsrevisionen initiated the study based on IT audits conducted during the first six months of 2017.

Read the 1st chapter of the report (PDF)