Dagens Nyheter reports on Tuesday how the Academic Hospital sent unprotected data in the form of, among other things, patient records to other countries.

The reason is that there was no possibility of encrypting the information, which was discovered when the new Personal Data Act was introduced.

- It was when we started to look at GDPR and review our operations that we discovered this. And since May this year, we have the opportunity to encrypt files, says Anne Nilsson, chief lawyer at Uppsala Region, to SVT.

It is when the hospital performs highly specialized care of persons who are not registered in Sweden that the journals have been sent over open networks.

Each year, the Academic Hospital has patients from over 45 countries within the EU / ESS and beyond. The report estimates that some 10,000 to 100,000 data have been sent that affect between 1,000 and 10,000 patients.

What has this meant to patients?

- Nothing as far as we know, we have no indication that anyone unauthorized has taken part in the information. But theoretically, someone could come in and read about the patients, says Anne Nilsson.

The Data Inspectorate initiates review

The Data Inspectorate has now initiated an examination of the Uppsala Region.

- What we will look at is what support you have had for sending patient data unencrypted, says Alli Abdulla, lawyer at the Data Inspectorate, to DN.

According to Anne Nilsson at Uppsala Region, the review can lead to sanctions.

- I can't say for sure, but the Data Inspectorate can decide on penalty fees.