- The Federal Council and the FOPH do not currently see any systematic breaches of data protection by health insurers or medical consultants; await evaluation of the obligation to report psychotherapy from June 2007.
- The FOPH has already taken measures in individual cases; a general suspension of the reporting procedure is currently not considered necessary.
Motion Bruderer (07.3247): Data protection in health insurance companies
Transcript (03÷20÷2009).
Submitted text
The Federal Council is instructed to take appropriate measures to ensure data protection between the medical examiners and the administrative staff of the health insurance funds and, in particular, to ensure that, within the framework of the notification procedure for the remuneration of psychotherapy, medical data are only forwarded to the administration of the health insurance fund in the exceptional cases provided for by law.
Justification
According to a report in the “Tages-Anzeiger” of March 19, 2007, many health insurers are too lax in protecting highly sensitive patient data. At CSS in particular, there are apparently known cases of highly sensitive patient data being entered into an electronic system to which hundreds of employees have access. The disregard of the data protection provided for by law leads to a serious violation of the personal rights of the insured.
The neglected protection of sensitive patient data is particularly worrying in connection with the introduction of mandatory reporting for psychotherapy at the beginning of this year. As a result of the reporting procedure, medical examiners are informed of tens of thousands of cases of psychiatric diagnoses of insured persons every year. Insured persons can only be expected to make such a report if data protection between medical officers and the health insurance fund administration is strictly observed.
Personal rights must be safeguarded. The Federal Council is therefore called upon to take measures: either the reporting procedure should be generally suspended until the health insurers are in a position to guarantee data protection. Alternatively, the reporting procedure should only be used by those health insurers who can prove that they guarantee data protection. The Federal Office of Public Health publishes a list of health insurers that have not provided this proof.
<
h1>Statement of the Federal Council
<
h1>
06.3040 set out in detail. In addition, it also supports the Federal Data Protection and Information Commissioner in its supervisory activities.
The motion’s proposal to suspend the notification procedure for psychotherapy for data protection reasons assumes that insurers and medical examiners are generally not fulfilling their responsibility to safeguard the personal rights of insured persons. However, the reporting procedure has only been in place since the beginning of 2007. Starting in June 2007, an evaluation of the implementation and enforcement of the new provisions will take place, which will also examine, among other things, existing data protection issues among those affected. The result of the evaluation must be awaited before any measures can be taken.
In its supervisory activities, the Federal Office of Public Health (FOPH) has not yet received any indications or evidence that insurers and medical examiners would fundamentally and permanently fail to fulfill their legal data protection obligations. However, it must be conceded that in individual cases, unlawful actions have been suspected. In the event of such suspicions, the FOPH has taken the appropriate measures, including in particular with the insurer mentioned in the motion.
The supervisory means available to the FOPH also fulfill their purpose for the notification procedure for psychotherapy. The Federal Council does not consider further measures to be necessary at present.