On April 18, 2024, the Privacy Protection Authority (PPA) published the report of findings of a broad inspection conducted in the digital medical sector. In particular, the PPA stated that the broad inspection includes an examination of the implementation of the Protection of Privacy Law, 5741-198 (PPL) and its regulations. 

What are the key findings of the PPA?

As part of the inspection, the PPA examined three main criteria including organizational control and corporate governance, database management, and information security. Broadly, the PPA found that some entities demonstrated high levels of compliance in various examined areas while approximately 30% showed partial to moderate compliance. On average, the compliance score for the sector was 64%.

More specifically, the PPA found: 

• 100% compliance with requirements under the law for organizational control and corporate governance;
• for database management, half of the entities met the requirements of the law at a partial compliance level while the other half were at a high compliance level; and
• for information security, 40% of the organizations showed moderate compliance. Importantly, the PPA highlighted that the main deficiency was that 45% of the organizations did not have physical security measures to identify access authorizations to the servers and infrastructure of the databases.

You can read the press release here and the broad inspection here, both only available in Hebrew.