Interpellation Cassis (11.3622): Data and privacy protection in the Swiss DRG flat rate per case system
Done (30.09.2011)
Submitted text
In connection with the introduction of the Swiss DRG flat rate per case system as of January 1, 2012, the Federal Data Protection and Information Commissioner (Edöb) emphasized at a media orientation on May 31, 2011, that “the systematic transmission of diagnoses and the procedures performed in non-pseudonymized form, as provided for in the Swiss DRG rate structure agreement, can hardly be reconciled with the principle of proportionality.” The health insurers, on the other hand, systematically demand all medical data with the invoicing. The new legal opinion published on May 31, 2011, on behalf of the H plus hospital association and the Association of Swiss Physicians (FMH) concluded: “The systematic delivery of all medical data sets with the hospital invoice, as demanded by the health insurers, violates medical secrecy, infringes data and personality protection and the principle of proportionality.” The association of cantonal data protection officers Privatim demanded in a media release on February 25, 2011: “No disclosure of medical data in advance”.
I would ask the Federal Council to answer the following questions:
1. is it willing to consistently enforce data and privacy protection as well as the preservation of physician and patient confidentiality in the context of the introduction of Swiss DRG, if necessary with a corresponding strict ordinance?
2. will it ensure that the FDHA, as part of its oversight of health insurers, ensures that health insurers do not request, receive, and retain more data than is strictly necessary?
3. will it support the principles of the Edöb regarding data delivery and the clarified ideas on proportionality and implement these requirements?
4. does it see a need for action in the legal foundations in the KVG and UVG areas to strengthen data and personality protection and to protect medical secrecy?
5. is it prepared to coordinate Edöb’s efforts with the recommendations of the cantonal data protection commissioners and their association Privatim, which are aimed in the same direction?
Statement of the Federal Council
1 The Federal Council attaches great importance to the protection of insured persons’ data. As part of the ordinance amendments on hospital financing, the Federal Council has therefore already supplemented Article 59 of the Health Insurance Ordinance (KVV) and stipulated that, on the one hand, there must be a clear separation between the invoice for mandatory health care insurance and that for supplementary insurance, i.e. separate invoices must be issued, and that, on the other hand, the diagnosis-related data must be kept in pseudonymized form and the pseudonymization can only be cancelled by the insurer’s medical examiner. Since the agreement of July 5, 2011 between H plus, “Die Spitäler der Schweiz”, and Santésuisse, which should also have regulated data transmission, did not materialize, the Federal Council will examine the anchoring of the necessary principles by ordinance.
2 With regard to the transmission of data in the context of invoicing, the Federal Administrative Court, in a landmark ruling of 29 May 2009 (C‑6570/2007) on the interpretation of Articles 42 KVG and 59 KVV, stated that the applicable provisions allow for a regulation by collective agreement regarding the systematic transmission of certain medical information, whereby the principle of proportionality must of course be observed. The competent Federal Office of Public Health will, within the scope of its competences in the supervision of health insurers, ensure that the insurers process and store the data transmitted to them in accordance with the law.
3. the framework conditions for data transmission in connection with invoicing are known from the point of view of the Federal Council – in particular in view of the aforementioned judgment. The Federal Council will make the necessary decisions within the scope of its competences, taking data protection into account. The Federal Data Protection and Information Commissioner is regularly involved in such procedures.
4/5 Data and personality protection is regulated in the Federal Data Protection Act (FADP) and also applies in principle to social insurance. The Federal Council therefore sees no reason to propose additional statutory regulations in the KVG or UVG area.