PAMI keeps files with health and personal data of affiliates accessible on its website at least one week after the exposure of those files came to light. In that time, moreover, the system has added new documents with sensitive information, while the 40 files detected at the beginning remain available.
The main contradiction lies in the response of the social security provider itself. Last week, it described what happened as a serious anomaly and assured that it had immediately removed access linked to undue information, but no changes have been observed and the documents continue to be published.
The 40 files remain visible and the system added new files
An analysis of abbreviated compilations corresponding to the first two months of 2026 identified at least 40 cases of patient data exposure. The files include medical diagnoses, clinical histories, test results, disability certificates, and photocopies of national identity documents.
Among the exposed documents is a file from Jujuy in which the system published the address, personal data, and complete clinical history of an affiliate who had requested a thrombectomy.
During the last week, the repository not only failed to remove the already detected documentation but also incorporated new files with the same type of sensitive content. PAMI has not responded to new inquiries about the delay in removing these files.
Semino said the information should remain under internal control
Eugenio Semino, defender of the elderly of the Ombudsman's Office of the City, valued the seriousness of the publication due to the content exposed for each patient.
"That information should not be published. I find it really serious because of what is revealed about the patient. That should be for PAMI's internal control, but nothing is controlled at all" - Eugenio Semino, defender of the elderly, Ombudsman's Office of the City
The dissemination of these files infringes the Personal Data Protection Law and the Patient Rights Law. Both regulations protect the privacy of those affected and prohibit sharing health data without consent.
Affected individuals can request deletion and seek compensation
Beatriz Busaniche, president of the Fundación Vía Libre, explained that affiliates affected by the exposure can go to the Personal Data Protection Agency to demand the deletion of the information and request compensation for damages.
Alejandro Segarra, co-director of the Asociación por los Derechos Civiles, added that those affected can also file an administrative complaint with PAMI itself or with the Personal Data Protection Agency through the Trámites a Distancia platform. After that route, they can promote a habeas data action for a judge to order the deletion.
In one of the cases already identified, the exposed file showed the address, personal data, and complete medical history of an affiliate from Jujuy who had requested a thrombectomy.