Inter­pel­la­ti­on Stahl (15.3850): Data reque­sted by the FOPH from health insu­rers
Not yet dis­cus­sed in the Council

Sub­mit­ted text

The bodies ent­ru­sted with the imple­men­ta­ti­on, con­trol or super­vi­si­on of the imple­men­ta­ti­on of the Health Insuran­ce Act (HIA) are aut­ho­ri­zed under Arti­cle 84 HIA to pro­cess or have pro­ces­sed per­so­nal data, inclu­ding data requi­ring spe­cial pro­tec­tion and per­so­na­li­ty pro­files, for the pur­po­ses pro­vi­ded for in liters a to i of the same pro­vi­si­on, which they requi­re in order to be able to per­form the tasks assi­gned to them under the Act.

The level of detail and the scope of the data to be pro­vi­ded have recent­ly been con­ti­nuous­ly expan­ded by the Federal Office of Public Health (FOPH). Sin­ce 2014, for examp­le, insu­rers have been requi­red to pro­vi­de the FOPH with indi­vi­du­al data in addi­ti­on to finan­cial data (e.g. cer­tain indi­vi­du­al tariff items for cer­tain tariffs).

In this con­text, I would ask the Federal Coun­cil to ans­wer the fol­lo­wing questions:

1. what data is pro­ces­sed and for what purposes?

2. are the­se data necessa­ry and appro­pria­te for the exer­cise of the super­vi­so­ry acti­vi­ty over health insurers?

3. are the legal bases for the collec­tion of this data sufficient?

4. to what extent is com­pli­an­ce with the con­sti­tu­tio­nal princi­ples of pro­por­tio­na­li­ty and public inte­rest recon­ci­led with the pro­ces­sing of par­ti­cu­lar­ly sen­si­ti­ve data and per­so­na­li­ty profiles?

5) How does the FOPH ensu­re com­pli­an­ce with data pro­tec­tion regu­la­ti­ons in detail?

(6) Are the admi­ni­stra­ti­ve costs incur­red by insu­rers in collec­ting this data pro­por­tio­na­te to the objec­ti­ve pursued?

7 Accord­ing to Arti­cle 82 (2) of the Health Insuran­ce Super­vi­si­on Ordi­nan­ce (E‑KVAV), the super­vi­so­ry aut­ho­ri­ty shall ensu­re that the insu­rer incurs as litt­le expen­se as pos­si­ble in pro­vi­ding the data. How is this cir­cum­stance taken into account?

8. based on Arti­cle 82 E‑KVAV, the scope of the data to be pro­vi­ded is to be expan­ded even fur­ther. How is this even more far-rea­ching intru­si­on into the pri­va­cy of each indi­vi­du­al justified?

9. in its acti­vi­ty report published on June 29, 2015, the Federal Data Pro­tec­tion and Infor­ma­ti­on Com­mis­sio­ner deman­ds that the data requi­red by health insu­rers for invoice con­trol be limi­ted. On the other hand, the super­vi­so­ry aut­ho­ri­ty is deman­ding more and more data from health insu­rers. How does the Federal Coun­cil view this contradiction?

State­ment of the Federal Coun­cil of 4.12.2015

Health insu­rers are obli­ged to pro­vi­de the Federal Office of Public Health (FOPH) annu­al­ly with infor­ma­ti­on on the data gene­ra­ted in the cour­se of bil­ling for ser­vices and insuran­ce acti­vi­ties as part of the super­vi­si­on of the imple­men­ta­ti­on of the KVG (Art. 21 Para. 4 KVG; SR 832.10). They are aut­ho­ri­zed by law to dis­c­lo­se data in par­ti­cu­lar to the bodies ent­ru­sted with the imple­men­ta­ti­on as well as the con­trol or super­vi­si­on of the imple­men­ta­ti­on of the KVG, if the data are necessa­ry for the ful­fill­ment of the tasks of the bodies (Art. 84a para. 1 let. a KVG). The pur­po­se and scope of data pro­vi­si­on are set out in Arti­cle 28 of the Health Insuran­ce Ordi­nan­ce (KVV; SR 832.102). In par­ti­cu­lar, this also obli­ges insu­rers to pro­vi­de data per insu­red per­son (Art. 28 Para. 3 KVV). In doing so, the deli­very must be made while pre­ser­ving the anony­mi­ty of the insu­red per­son (Art. 28 Para. 5 KVV). The data ser­ve not only to super­vi­se the acti­vi­ties of the insu­rers, but also to super­vi­se the enfor­ce­ment of the KVG, as sta­ted in the law. Among other things, the FOPH uses the data to moni­tor the effect and uni­form app­li­ca­ti­on of the law, and it ensu­res the equal tre­at­ment of insu­red per­sons. It also uses the data to moni­tor the effi­ci­en­cy of the ser­vices pro­vi­ded. A fur­ther pur­po­se results from Arti­cle 32 KVV (impact ana­ly­sis). The new­ly collec­ted indi­vi­du­al data are nee­ded for reviews that can­not be car­ri­ed out with aggre­ga­ted data. Only the­se data enab­le, for examp­le, the deter­mi­na­ti­on of pre­mi­um cor­rec­tions, the cal­cu­la­ti­on of pre­mi­ums paid too much or too litt­le, or simu­la­ti­ons of the tariff structure.

Arti­cle 28 KVV has exi­sted in essen­ti­al parts sin­ce the ordi­nan­ce came into for­ce on Janu­a­ry 1, 1996. With the amend­ment of Febru­a­ry 23, 2000, the arti­cle was sup­ple­men­ted and spe­ci­fied to the effect that data per insu­red per­son are expli­ci­tly collec­ted down to the level of the tariff item, invoice with details of the ser­vice pro­vi­der. Howe­ver, for tech­ni­cal rea­sons and fol­lo­wing the imple­men­ta­ti­on of a pilot pro­ject, the FOPH is only now requi­ring their deli­very; the first anony­mi­zed indi­vi­du­al data have been collec­ted by the FOPH sin­ce 2014.

4/5 The FOPH collects admi­ni­stra­ti­ve data that do not allow any con­clu­si­ons to be drawn about indi­vi­du­als and that are docu­men­ted in the con­text of the invoi­cing of ser­vices or insuran­ce acti­vi­ties. In the case of the new­ly collec­ted indi­vi­du­al data on bene­fits, no detail­ed infor­ma­ti­on on a tariff item was pre­vious­ly collec­ted, but only total costs per coverage peri­od. Fur­ther­mo­re, the data collec­tion is limi­ted to the KVG invoices that the insu­rers recei­ve and bill. They do not con­tain any addi­tio­nal health data such as diagnoses.

The indi­vi­du­al data are trans­mit­ted to the FOPH pseud­ony­mi­zed (i.e. sup­ple­men­ted with an encryp­ted con­nec­tion code per insu­red per­son to cal­cu­la­te the costs by tre­at­ment epi­so­de). After pro­ces­sing and in the eva­lua­tions, no con­clu­si­ons can be drawn about the indi­vi­du­al insu­red per­sons or ser­vice pro­vi­ders. The repro­ces­sing pro­cess is docu­men­ted, and refe­rence is made to it in the pro­ces­sing regu­la­ti­ons. The FOPH imple­ments the gui­de­li­nes of the gui­de on the mini­mum requi­re­ments for the data manage­ment system, which app­ly to data collec­tions. The princip­le of pro­por­tio­na­li­ty of the Data Pro­tec­tion Act (Art. 4 para. 2 FADP; SR 235.1) is also observed.

6/9 Becau­se the data for the per­for­mance of the insuran­ce acti­vi­ty or for other sur­veys are alrea­dy lar­ge­ly avail­ab­le in the systems of the insu­rers and the moda­li­ties of the data deli­very are also dis­cus­sed with the insu­rers, the deli­very of the first indi­vi­du­al data only leads to a minor addi­tio­nal effort for the insurers.

The workload for data sup­pliers is fur­ther redu­ced becau­se nume­rous eva­lua­tions no lon­ger have to be pre­pa­red accord­ing to a wide varie­ty of dimen­si­ons for the pro­ces­sing of indi­vi­du­al que­sti­ons, but can be pre­pa­red by the FOPH its­elf on the basis of the indi­vi­du­al data supplied.

Based on the results of the con­sul­ta­ti­on on the draft of the Health Insuran­ce Super­vi­si­on Ordi­nan­ce (KVAV), the arti­cles con­cer­ning data remain lar­ge­ly unch­an­ged in the KVV. Only the super­vi­so­ry aut­ho­ri­ty may now link the insu­rers’ data with other data sources in order to redu­ce the workload. An exten­si­on to other data is not planned.

For the 2013 sur­vey year, the details of the tech­ni­cal data pro­ces­sing of the indi­vi­du­al data were agreed joint­ly with the insu­rers. The FOPH con­ti­nues to grant them the oppor­tu­ni­ty to join an accom­pany­ing group and to par­ti­ci­pa­te in pilot sur­veys, so that opti­miz­a­ti­on pos­si­bi­li­ties can be iden­ti­fied and imple­men­ted from the insu­rers’ point of view with a view to impro­ving qua­li­ty and redu­cing the effort involved.