|
|
(3 intermediate revisions by the same user not shown) |
Line 54: |
Line 54: |
| }} | | }} |
|
| |
|
| The DPA issued an opinion on justification of sharing medical records with the insurance company on the basis of a cooperation agreement in the field of specialist medical examinations. | | The Slovenian DPA (IP) issued an opinion on justification of sharing medical records with the insurance company on the basis of a cooperation agreement in the field of specialist medical examinations. |
|
| |
|
| ==English Summary== | | ==English Summary== |
Line 82: |
Line 82: |
|
| |
|
| <pre> | | <pre> |
| <!DOCTYPE html><html lang="si"><head><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><meta name="viewport" content="width=device-width"><meta charset="utf-8"><!--
| |
| This website is powered by TYPO3 - inspiring people to share!
| |
| TYPO3 is a free open source Content Management Framework initially created by Kasper Skaarhoj and licensed under GNU/GPL.
| |
| TYPO3 is copyright 1998-2019 of Kasper Skaarhoj. Extensions are copyright of their respective owners.
| |
| Information and contribution at https://typo3.org/
| |
| --><link rel="shortcut icon" href="https://www.ip-rs.si/fileadmin//user_upload/favicon.ico" type="image/x-icon"><title> IP-RS :: Search engine according to GDPR </title><meta name="generator" content="TYPO3 CMS"><meta name="revisit-after" content="7 days"><meta name="robots" content="index,follow"><link rel="stylesheet" type="text/css" href="https://www.ip-rs.si/typo3temp/assets/css/b5ece644a2.css?1597648248" media="all"><link rel="stylesheet" type="text/css" href="https://www.ip-rs.si/typo3conf/ext/t3colorbox/Resources/Public/Css/1.5.13/example1/colorbox.css?1501572977" media="all"><link rel="stylesheet" type="text/css" href="https://www.ip-rs.si/typo3conf/ext/pxa_survey/Resources/Public/Css/pxa_survey.css?1592208471" media="all"><link rel="stylesheet" type="text/css" href="https://www.ip-rs.si/fileadmin/templates/css/styles.min.css?1605612107" media="all"><link rel="stylesheet" type="text/css" href="https://www.ip-rs.si/fileadmin/templates/css/fontawesome/cssFA/fontawesome-all.css?1527501832" media="all"><link rel="stylesheet" type="text/css" href="https://www.ip-rs.si/fileadmin/templates/css/user.css?1563862582" media="all"><script src="https://www.ip-rs.si/fileadmin/templates/js/jquery_2.1.3.min.js?1501510497" type="text/javascript"></script><script src="https://www.ip-rs.si/fileadmin/templates/js/bx.slider.js?1548401353" type="text/javascript"></script><script src="https://www.ip-rs.si/typo3temp/assets/js/9d57a8584e.js?1597648248" type="text/javascript"></script><link rel="schema.DCTERMS" href="http://purl.org/dc/terms/"><meta name="DCTERMS.title" content="Iskalnik po mnenjih GDPR"><meta name="copyright" content="x 2021 INFORMACIJSKI POOBLAŠČENEC"><meta name="DCTERMS.rights" content="x 2021 INFORMACIJSKI POOBLAŠČENEC"><meta name="date" content="2020-12-04T10:12:21+00:00"><meta name="DCTERMS.date" content="2020-12-04T10:12:21+00:00"><meta name="robots" content="index,follow"><link rel="start" href="https://www.ip-rs.si/zakonodaja/"><link rel="canonical" href="https://www.ip-rs.si/vop/"><meta property="og:title" content="Search engine according to GDPR"><meta property="og:type" content="article"></head><body class="p57" id="scheme4"><div class="page-h sub pr" id="scheme1"><header role="banner"><div class="row p pr"><img id="printLogo" src="https://www.ip-rs.si/fileadmin/templates/images/printLogo.gif" width="174" height="66" alt="Information Commissioner logo" /> <a class="logoIPRS ti pa" href="https://www.ip-rs.si/">Information Commissioner</a> <span class="logoRS ti pa">Republic of Slovenia</span><nav role="navigation"><ul id="mainNav"><li> <a href="https://www.ip-rs.si/zakonodaja/">Legislation</a><ul><li> <a href="https://www.ip-rs.si/zakonodaja/ustava/">Constitution</a></li><li> <a href="https://www.ip-rs.si/zakonodaja/reforma-evropskega-zakonodajnega-okvira-za-varstvo-osebnih-podatkov/">Reform of the European legislative framework for the protection of personal data</a></li><li> <a href="https://www.ip-rs.si/zakonodaja/zakon-o-informacijskem-pooblascencu/">Information Commissioner Act</a></li><li> <a href="https://www.ip-rs.si/zakonodaja/zakon-o-varstvu-osebnih-podatkov/">Law on Protection of Personal Data</a></li><li> <a href="https://www.ip-rs.si/zakonodaja/zakon-o-dostopu-do-informacij-javnega-znacaja/">Access to Public Information Act</a></li><li> <a href="https://www.ip-rs.si/zakonodaja/zakon-o-inspekcijskem-nadzoru/">Inspection Act</a></li><li> <a href="https://www.ip-rs.si/zakonodaja/zakon-o-splosnem-upravnem-postopku/">The Law on General Administrative Procedure</a></li><li> <a href="https://www.ip-rs.si/zakonodaja/drugi-zakoni/">Other laws</a></li><li> <a href="https://www.ip-rs.si/nc/zakonodaja/mednarodni-predpisi/">International regulations</a></li><li> <a href="https://www.ip-rs.si/zakonodaja/pripombe-informacijskega-pooblascenca-na-predloge-predpisov/2020/">Comments of the Information Commissioner on draft regulations</a></li></ul></li><li> <a href="https://www.ip-rs.si/obrazci/varstvo-osebnih-podatkov/">Forms</a><ul><li> <a href="https://www.ip-rs.si/obrazci/varstvo-osebnih-podatkov/" title="Forms in the field of personal data protection">Protection of personal data</a></li><li> <a href="https://www.ip-rs.si/obrazci/pravice-pacientov/" title="Patients' rights forms">Patients' rights</a></li><li> <a href="https://www.ip-rs.si/obrazci/informacije-javnega-znacaja/" title="Forms in the field of access to public information">Public information</a></li><li> <a href="https://www.ip-rs.si/obrazci/informacije-za-medije/" title="Media forms">Information for the media</a></li></ul></li><li> <a href="https://www.ip-rs.si/publikacije/letna-porocila/">Publications</a><ul><li> <a href="https://www.ip-rs.si/publikacije/letna-porocila/">Annual reports</a></li><li> <a href="https://www.ip-rs.si/publikacije/prirocniki-in-smernice/">Manuals and guidelines</a></li><li> <a href="https://www.ip-rs.si/publikacije/porocila/">Reports</a></li><li> <a href="https://www.ip-rs.si/publikacije/multimedija/">Multimedia</a></li></ul></li><li> <a href="https://www.ip-rs.si/o-pooblascencu/osebna-izkaznica/">About the Commissioner</a><ul><li> <a href="https://www.ip-rs.si/o-pooblascencu/osebna-izkaznica/">ID card</a></li><li> <a href="https://www.ip-rs.si/o-pooblascencu/zgodovina/" title="History of the Information Commissioner">History</a></li><li> <a href="https://www.ip-rs.si/o-pooblascencu/pristojnosti/">Responsibilities</a></li><li> <a href="https://www.ip-rs.si/o-pooblascencu/informacijska-pooblascenka/">Information Commissioner</a></li><li> <a href="https://www.ip-rs.si/o-pooblascencu/vodstvo/">Leadership</a></li><li> <a href="https://www.ip-rs.si/o-pooblascencu/generalna-sekretarka/">Secretary General</a></li><li> <a href="https://www.ip-rs.si/o-pooblascencu/zaposleni/">Employees</a></li><li> <a href="https://www.ip-rs.si/o-pooblascencu/informacije-javnega-znacaja/">Public information</a></li><li> <a href="https://www.ip-rs.si/o-pooblascencu/uporabne-povezave/">Useful links</a></li><li> <a href="https://www.ip-rs.si/o-pooblascencu/mednarodno-delovanje-informacijskega-pooblascenca/">International operation of the Information Commissioner</a></li></ul></li></ul><select id="mobileNav"><option value="https://www.ip-rs.si/zakonodaja/"> Legislation</option><option value="https://www.ip-rs.si/zakonodaja/ustava/"> -Constitution </option><option value="https://www.ip-rs.si/zakonodaja/reforma-evropskega-zakonodajnega-okvira-za-varstvo-osebnih-podatkov/"> -Reform of the European legislative framework for the protection of personal data </option><option value="https://www.ip-rs.si/zakonodaja/reforma-evropskega-zakonodajnega-okvira-za-varstvo-osebnih-podatkov/aktualne-novice/"> --Uctual </option><option value="https://www.ip-rs.si/zakonodaja/reforma-evropskega-zakonodajnega-okvira-za-varstvo-osebnih-podatkov/kljucna-podrocja-uredbe/"> --Key areas of the Regulation </option><option value="https://www.ip-rs.si/zakonodaja/reforma-evropskega-zakonodajnega-okvira-za-varstvo-osebnih-podatkov/kljucna-podrocja-uredbe/pooblascena-oseba-za-varstvo-podatkov/"> --- Data protection officer </option><option value="https://www.ip-rs.si/zakonodaja/reforma-evropskega-zakonodajnega-okvira-za-varstvo-osebnih-podatkov/kljucna-podrocja-uredbe/ocena-ucinka-v-zvezi-z-varstvom-podatkov/"> --- Data protection impact assessment </option><option value="https://www.ip-rs.si/zakonodaja/reforma-evropskega-zakonodajnega-okvira-za-varstvo-osebnih-podatkov/kljucna-podrocja-uredbe/ocena-ucinka-v-zvezi-z-varstvom-podatkov/kriteriji-za-oceno-ustreznosti-izvedene-ocene-ucinkov/"> ---- Criteria for assessing the adequacy of the impact assessment carried out </option><option value="https://www.ip-rs.si/zakonodaja/reforma-evropskega-zakonodajnega-okvira-za-varstvo-osebnih-podatkov/kljucna-podrocja-uredbe/privolitev/"> --- Consent </option><option value="https://www.ip-rs.si/zakonodaja/reforma-evropskega-zakonodajnega-okvira-za-varstvo-osebnih-podatkov/kljucna-podrocja-uredbe/pogodbena-obdelava/"> --- Contract processing </option><option value="https://www.ip-rs.si/zakonodaja/reforma-evropskega-zakonodajnega-okvira-za-varstvo-osebnih-podatkov/kljucna-podrocja-uredbe/evidenca-dejavnosti-obdelave/"> --- Records of processing activities </option><option value="https://www.ip-rs.si/zakonodaja/reforma-evropskega-zakonodajnega-okvira-za-varstvo-osebnih-podatkov/kljucna-podrocja-uredbe/prijava-krsitev-varnosti/"> --- Reporting security breaches </option><option value="https://www.ip-rs.si/zakonodaja/reforma-evropskega-zakonodajnega-okvira-za-varstvo-osebnih-podatkov/najpogostejsa-vprasanja-in-odgovori/"> --Frequently asked questions and answers </option><option value="https://www.ip-rs.si/zakonodaja/reforma-evropskega-zakonodajnega-okvira-za-varstvo-osebnih-podatkov/uporabna-gradiva/"> --Useful materials </option><option value="https://www.ip-rs.si/zakonodaja/reforma-evropskega-zakonodajnega-okvira-za-varstvo-osebnih-podatkov/evropski-odbor-za-varstvo-podatkov/"> --European Data Protection Board </option><option value="https://www.ip-rs.si/zakonodaja/reforma-evropskega-zakonodajnega-okvira-za-varstvo-osebnih-podatkov/evropski-odbor-za-varstvo-podatkov/delovna-skupina-iz-clena-29-arhiv/"> --- Article 29 Working Party (archives) </option><option value="https://www.ip-rs.si/zakonodaja/reforma-evropskega-zakonodajnega-okvira-za-varstvo-osebnih-podatkov/mnenja-in-smernice-ip/"> - IP opinions and guidelines</option><option value="https://www.ip-rs.si/zakonodaja/zakon-o-informacijskem-pooblascencu/"> -Information Commissioner Act</option><option value="https://www.ip-rs.si/zakonodaja/zakon-o-varstvu-osebnih-podatkov/"> -Law on Protection of Personal Data </option><option value="https://www.ip-rs.si/zakonodaja/zakon-o-varstvu-osebnih-podatkov/pravilnik-o-zaracunavanju-stroskov-pri-izvrsevanju-pravice-posameznika-do-seznanitve-z-lastnimi-osebnimi-podatki/"> --Rules on charging costs in the exercise of the individual's right to be acquainted with his or her own personal data </option><option value="https://www.ip-rs.si/zakonodaja/zakon-o-varstvu-osebnih-podatkov/pravilnik-o-metodologiji-vodenja-registra-zbirk-osebnih-podatkov/"> --Rules on the methodology of keeping the register of personal data collections </option><option value="https://www.ip-rs.si/zakonodaja/zakon-o-varstvu-osebnih-podatkov/pravilnik-o-pridobivanju-potrebnih-informacij-za-odlocanje-o-iznosu-osebnih-podatkov-v-tretje-drzave/"> --Rules on obtaining the necessary information to decide on the export of personal data to third countries </option><option value="https://www.ip-rs.si/zakonodaja/zakon-o-dostopu-do-informacij-javnega-znacaja/"> - Law on Access to Public Information </option><option value="https://www.ip-rs.si/zakonodaja/zakon-o-dostopu-do-informacij-javnega-znacaja/pravilnik-o-vzpostavitvi-in-vodenju-registra-zavezancev-za-informacije-javnega-znacaja/"> --Rules on the establishment and maintenance of the Register of persons liable for public information </option><option value="https://www.ip-rs.si/zakonodaja/zakon-o-dostopu-do-informacij-javnega-znacaja/uredba-o-posredovanju-in-ponovni-uporabi-informacij-javnega-znacaja/"> --Regulation on the transmission and re-use of public information</option><option value="https://www.ip-rs.si/zakonodaja/zakon-o-inspekcijskem-nadzoru/"> - Inspection Act</option><option value="https://www.ip-rs.si/zakonodaja/zakon-o-splosnem-upravnem-postopku/"> -The Law on General Administrative Procedure</option><option value="https://www.ip-rs.si/zakonodaja/drugi-zakoni/"> -Other laws</option><option value="https://www.ip-rs.si/zakonodaja/drugi-zakoni/kazenski-zakonik/"> --Criminal Code</option><option value="https://www.ip-rs.si/zakonodaja/drugi-zakoni/zakon-o-prekrskih/"> --The Misdemeanors Act</option><option value="https://www.ip-rs.si/zakonodaja/drugi-zakoni/zakon-o-upravnem-sporu/"> --Administrative Dispute Act</option><option value="https://www.ip-rs.si/zakonodaja/drugi-zakoni/zakon-o-upravnih-taksah/"> --Law on Administrative Fees</option><option value="https://www.ip-rs.si/zakonodaja/drugi-zakoni/zakon-o-tajnih-podatkih/"> --Law on Classified Information </option><option value="https://www.ip-rs.si/zakonodaja/drugi-zakoni/zakon-o-elektronskih-komunikacijah/"> --Law on Electronic Communications</option><option value="https://www.ip-rs.si/zakonodaja/drugi-zakoni/zakon-o-pacientovih-pravicah/">--Patient Rights Act</option><option value="https://www.ip-rs.si/zakonodaja/drugi-zakoni/zakon-o-medijih/"> --Media law</option><option value="https://www.ip-rs.si/zakonodaja/drugi-zakoni/zakon-o-bancnistvu/"> --Banking law</option><option value="https://www.ip-rs.si/zakonodaja/drugi-zakoni/zakon-o-ustavnem-sodiscu/"> --The Constitutional Court Act</option><option value="https://www.ip-rs.si/zakonodaja/drugi-zakoni/zakon-o-javnem-narocanju/"> --Public Procurement Act</option><option value="https://www.ip-rs.si/nc/zakonodaja/mednarodni-predpisi/"> -International regulations </option><option value="https://www.ip-rs.si/zakonodaja/pripombe-informacijskega-pooblascenca-na-predloge-predpisov/"> -Comments of the Information Commissioner on draft regulations </option><option value="https://www.ip-rs.si/zakonodaja/pripombe-informacijskega-pooblascenca-na-predloge-predpisov/2020/"> --2020 </option><option value="https://www.ip-rs.si/zakonodaja/pripombe-informacijskega-pooblascenca-na-predloge-predpisov/2019/"> --2019 </option><option value="https://www.ip-rs.si/zakonodaja/pripombe-informacijskega-pooblascenca-na-predloge-predpisov/2018/"> --2018 </option><option value="https://www.ip-rs.si/zakonodaja/pripombe-informacijskega-pooblascenca-na-predloge-predpisov/2017/"> --2017 </option><option value="https://www.ip-rs.si/zakonodaja/pripombe-informacijskega-pooblascenca-na-predloge-predpisov/2016/"> --2016 </option><option value="https://www.ip-rs.si/zakonodaja/pripombe-informacijskega-pooblascenca-na-predloge-predpisov/2015/"> --2015 </option><option value="https://www.ip-rs.si/zakonodaja/pripombe-informacijskega-pooblascenca-na-predloge-predpisov/2014/"> --2014 </option><option value="https://www.ip-rs.si/zakonodaja/pripombe-informacijskega-pooblascenca-na-predloge-predpisov/2013/"> --2013 </option><option value="https://www.ip-rs.si/zakonodaja/pripombe-informacijskega-pooblascenca-na-predloge-predpisov/2012/"> --2012 </option><option value="https://www.ip-rs.si/zakonodaja/pripombe-informacijskega-pooblascenca-na-predloge-predpisov/2011/"> --2011 </option><option value="https://www.ip-rs.si/zakonodaja/pripombe-informacijskega-pooblascenca-na-predloge-predpisov/2010/"> --2010 </option><option value="https://www.ip-rs.si/zakonodaja/pripombe-informacijskega-pooblascenca-na-predloge-predpisov/2009/"> --2009 </option><option value="https://www.ip-rs.si/zakonodaja/pripombe-informacijskega-pooblascenca-na-predloge-predpisov/2008/"> --2008 </option><option value="https://www.ip-rs.si/zakonodaja/pripombe-informacijskega-pooblascenca-na-predloge-predpisov/2007/"> --2007</option><option value="https://www.ip-rs.si/obrazci/"> Forms</option><option value="https://www.ip-rs.si/obrazci/varstvo-osebnih-podatkov/"> -Forms in the field of personal data protection</option><option value="https://www.ip-rs.si/obrazci/varstvo-osebnih-podatkov/koliko-stane/"> --How much does it cost?</option><option value="https://www.ip-rs.si/obrazci/pravice-pacientov/"> -Patient rights forms</option><option value="https://www.ip-rs.si/obrazci/informacije-javnega-znacaja/"> -Forms in the field of access to public information</option><option value="https://www.ip-rs.si/obrazci/informacije-javnega-znacaja/koliko-stane/"> --How much does it cost?</option><option value="https://www.ip-rs.si/obrazci/informacije-za-medije/"> - Media forms</option><option value="https://www.ip-rs.si/publikacije/"> Publications</option><option value="https://www.ip-rs.si/publikacije/letna-porocila/"> -Annual reports</option><option value="https://www.ip-rs.si/publikacije/prirocniki-in-smernice/"> -Manuals and guidelines </option><option value="https://www.ip-rs.si/publikacije/prirocniki-in-smernice/drustva-in-varstvo-osebnih-podatkov/"> --Companies and personal data protection</option><option value="https://www.ip-rs.si/publikacije/porocila/"> -Reports</option><option value="https://www.ip-rs.si/publikacije/multimedija/"> -Multimedia</option><option value="https://www.ip-rs.si/publikacije/multimedija/samo-za-mlade/"> --Only for young people</option><option value="https://www.ip-rs.si/o-pooblascencu/"> About the Commissioner</option><option value="https://www.ip-rs.si/o-pooblascencu/osebna-izkaznica/"> -ID card</option><option value="https://www.ip-rs.si/o-pooblascencu/zgodovina/"> -History of the Information Commissioner</option><option value="https://www.ip-rs.si/o-pooblascencu/pristojnosti/"> - Politeness</option><option value="https://www.ip-rs.si/o-pooblascencu/pristojnosti/varstvo-osebnih-podatkov/">--Privacy protection </option><option value="https://www.ip-rs.si/o-pooblascencu/pristojnosti/varstvo-osebnih-podatkov/zakon-o-elektronskih-komunikacijah/"> --- Electronic Communications Act </option><option value="https://www.ip-rs.si/o-pooblascencu/pristojnosti/varstvo-osebnih-podatkov/zakon-o-pacientovih-pravicah/"> --- Patients' Rights Act </option><option value="https://www.ip-rs.si/o-pooblascencu/pristojnosti/varstvo-osebnih-podatkov/zakon-o-osebni-izkaznici-in-zakon-o-potnih-listinah/"> --- Identity Card Act and Travel Documents Act </option><option value="https://www.ip-rs.si/o-pooblascencu/pristojnosti/varstvo-osebnih-podatkov/zakon-o-bancnistvu/"> ---Banking law </option><option value="https://www.ip-rs.si/o-pooblascencu/pristojnosti/varstvo-osebnih-podatkov/zakon-o-potrosniskih-kreditih/"> --- Consumer Credit Act </option><option value="https://www.ip-rs.si/o-pooblascencu/pristojnosti/varstvo-osebnih-podatkov/uredba-o-sistemih-brezpilotnih-zrakoplovov/"> --- Regulation on unmanned aerial vehicle systems </option><option value="https://www.ip-rs.si/o-pooblascencu/pristojnosti/varstvo-osebnih-podatkov/uredba-o-izvajanju-uredbe-o-drzavljanski-pobudi/"> --- Regulation on the implementation of the Regulation on the citizens' initiative </option><option value="https://www.ip-rs.si/o-pooblascencu/pristojnosti/varstvo-osebnih-podatkov/konvencija-o-izvajanju-schengenskega-sporazuma/"> --- Convention Implementing the Schengen Agreement </option><option value="https://www.ip-rs.si/o-pooblascencu/pristojnosti/informacije-javnega-znacaja/"> --Public information</option><option value="https://www.ip-rs.si/o-pooblascencu/informacijska-pooblascenka/"> -Information Commissioner</option><option value="https://www.ip-rs.si/o-pooblascencu/vodstvo/"> -Leadership</option><option value="https://www.ip-rs.si/o-pooblascencu/generalna-sekretarka/"> - Secretary General</option><option value="https://www.ip-rs.si/o-pooblascencu/zaposleni/"> -Employees</option><option value="https://www.ip-rs.si/o-pooblascencu/zaposleni/svetovalci/"> --Consultants</option><option value="https://www.ip-rs.si/o-pooblascencu/zaposleni/drzavni-nadzorniki/"> --State Supervisors</option><option value="https://www.ip-rs.si/o-pooblascencu/zaposleni/raziskovalci/"> --Researchers</option><option value="https://www.ip-rs.si/o-pooblascencu/zaposleni/drugi-zaposleni/"> --Other employees</option><option value="https://www.ip-rs.si/o-pooblascencu/informacije-javnega-znacaja/"> -Public information </option><option value="https://www.ip-rs.si/o-pooblascencu/informacije-javnega-znacaja/javni-natecaji/"> --Public tenders </option><option value="https://www.ip-rs.si/o-pooblascencu/informacije-javnega-znacaja/javni-natecaji/arhiv-javnih-natecajev/"> --- Archive of public tenders </option><option value="https://www.ip-rs.si/o-pooblascencu/informacije-javnega-znacaja/javni-razpisi/"> --Public tenders </option><option value="https://www.ip-rs.si/o-pooblascencu/informacije-javnega-znacaja/javni-razpisi/arhiv-javih-razpisov/"> --- Archive of public tenders </option><option value="https://www.ip-rs.si/o-pooblascencu/informacije-javnega-znacaja/javna-narocila/"> --Public orders </option><option value="https://www.ip-rs.si/o-pooblascencu/informacije-javnega-znacaja/javna-narocila/arhiv-javnih-narocil/"> --- Public Procurement Archive </option><option value="https://www.ip-rs.si/o-pooblascencu/informacije-javnega-znacaja/katalog-informacij-javnega-znacaja/"> --Catalogue of public information </option><option value="https://www.ip-rs.si/o-pooblascencu/informacije-javnega-znacaja/interni-akti-informacijskega-pooblascenca/"> --Internal acts of the Information Commissioner </option><option value="https://www.ip-rs.si/o-pooblascencu/informacije-javnega-znacaja/letna-porocila/"> --Annual reports </option><option value="https://www.ip-rs.si/o-pooblascencu/informacije-javnega-znacaja/o-spletni-strani/"> --About the website </option><option value="https://www.ip-rs.si/o-pooblascencu/informacije-javnega-znacaja/informacije-o-obdelavi-osebnih-podatkov/"> --Information on the processing of personal data </option><option value="https://www.ip-rs.si/o-pooblascencu/informacije-javnega-znacaja/izjava-o-dostopnosti-spletne-strani/"> --Declaration of website accessibility</option><option value="https://www.ip-rs.si/o-pooblascencu/uporabne-povezave/"> -Useful links </option><option value="https://www.ip-rs.si/o-pooblascencu/mednarodno-delovanje-informacijskega-pooblascenca/"> -International operation of the Information Commissioner </option><option value="https://www.ip-rs.si/o-pooblascencu/mednarodno-delovanje-informacijskega-pooblascenca/initiative-20i7/"> --Initiative 20i7 </option><option value="https://www.ip-rs.si/o-pooblascencu/mednarodno-delovanje-informacijskega-pooblascenca/sodelovanje-v-mednarodnih-delovnih-telesih/"> --Participation in international working bodies </option><option value="https://www.ip-rs.si/o-pooblascencu/mednarodno-delovanje-informacijskega-pooblascenca/sodelovanje-v-mednarodnih-delovnih-telesih/vis/"> --- VIS </option><option value="https://www.ip-rs.si/o-pooblascencu/mednarodno-delovanje-informacijskega-pooblascenca/sodelovanje-v-mednarodnih-delovnih-telesih/wp-29/"> --- WP 29 </option><option value="https://www.ip-rs.si/o-pooblascencu/mednarodno-delovanje-informacijskega-pooblascenca/sodelovanje-v-mednarodnih-delovnih-telesih/iwgdpt/"> --- IWGDPT </option><option value="https://www.ip-rs.si/o-pooblascencu/mednarodno-delovanje-informacijskega-pooblascenca/sodelovanje-v-mednarodnih-delovnih-telesih/europol/"> --- Europol </option><option value="https://www.ip-rs.si/o-pooblascencu/mednarodno-delovanje-informacijskega-pooblascenca/sodelovanje-v-mednarodnih-delovnih-telesih/sis/"> --- SIS </option><option value="https://www.ip-rs.si/o-pooblascencu/mednarodno-delovanje-informacijskega-pooblascenca/sodelovanje-v-mednarodnih-delovnih-telesih/sis-pravni-okvir/"> --- SIS - Legal framework </option><option value="https://www.ip-rs.si/o-pooblascencu/mednarodno-delovanje-informacijskega-pooblascenca/sodelovanje-v-mednarodnih-delovnih-telesih/sis-kateri-osebni-podatki-se-obdelujejo-v-sis-ii/"> --- SIS - What personal data is processed in SIS II? </option><option value="https://www.ip-rs.si/o-pooblascencu/mednarodno-delovanje-informacijskega-pooblascenca/sodelovanje-v-mednarodnih-delovnih-telesih/sis-kdo-lahko-uporablja-podatke-iz-sis-ii/"> --- SIS - Who can use SIS II data? </option><option value="https://www.ip-rs.si/o-pooblascencu/mednarodno-delovanje-informacijskega-pooblascenca/sodelovanje-v-mednarodnih-delovnih-telesih/sis-kaj-je-urad-sirene/"> --- SIS - What is the SIRENE Bureau? </option><option value="https://www.ip-rs.si/o-pooblascencu/mednarodno-delovanje-informacijskega-pooblascenca/sodelovanje-v-mednarodnih-delovnih-telesih/sis-kdo-izvaja-nadzor-nad-obdelavo-osebnih-podatkov-v-okviru-sis-ii/"> --- SIS - Who controls the processing of personal data under SIS II? </option><option value="https://www.ip-rs.si/o-pooblascencu/mednarodno-delovanje-informacijskega-pooblascenca/sodelovanje-v-mednarodnih-delovnih-telesih/sis-kaksne-pravice-imam-v-zvezi-z-obdelavo-mojih-osebnih-podatkov-v-sis-ii/"> --- SIS - What rights do I have regarding the processing of my personal data in SIS II? </option><option value="https://www.ip-rs.si/o-pooblascencu/mednarodno-delovanje-informacijskega-pooblascenca/sodelovanje-v-mednarodnih-delovnih-telesih/cis/"> --- CIS </option><option value="https://www.ip-rs.si/o-pooblascencu/mednarodno-delovanje-informacijskega-pooblascenca/sodelovanje-v-mednarodnih-delovnih-telesih/eurodac/"> --- Eurodac </option><option value="https://www.ip-rs.si/o-pooblascencu/mednarodno-delovanje-informacijskega-pooblascenca/sodelovanje-v-mednarodnih-delovnih-telesih/t-pd/"> --- T-PD </option><option value="https://www.ip-rs.si/o-pooblascencu/mednarodno-delovanje-informacijskega-pooblascenca/evropski-odbor-za-varstvo-podatkov/"> --European Data Protection Board </option><option value="https://www.ip-rs.si/o-pooblascencu/mednarodno-delovanje-informacijskega-pooblascenca/mednarodna-konferenca-pooblascencev-za-varstvo-podatkov-in-zasebnost-icdpcc/"> --ICDPCC International Conference of Data Protection and Privacy Commissioners </option><option value="https://www.ip-rs.si/o-pooblascencu/mednarodno-delovanje-informacijskega-pooblascenca/pravice-posameznika-v-zvezi-z-mednarodnimi-zbirkami-osebnih-podatkov/"> --Individual rights in relation to international personal data files</option></select></nav><div class="pa lang"> <a href="https://www.ip-rs.si/index.php?id=883"><img src="https://www.ip-rs.si/fileadmin/user_upload/jpg/iskalnik.png" height="22" width="22"></a> <a href="https://www.ip-rs.si/index.php?id=884"><img src="https://www.ip-rs.si/fileadmin/user_upload/jpg/gluhi.png" height="22" width="22"></a> <a href="https://www.ip-rs.si/vop/">SLO</a> | <a href="https://www.ip-rs.si/en/vop/">ENG</a> </div><!--
| |
| <div class="pa search">
| |
|
| |
|
| <form action="/skupno/iskalnik/" method="GET"><input type="text" class="q" name="q" value="" placeholder="Iskalnik"><button class="submit"><i class="fa fa-search"></i></button></form>
| | Date: December 9th, 2020 |
|
| | Title: Transmission of medical reports to the insurance company |
| </div>
| | Number: 07121-1 / 2020/2187 |
| --></div></header><div class="slider"><div id="heroImage"><img src="https://www.ip-rs.si/fileadmin/_processed_/9/8/csm_vop_banner2.1_a99bc83b50.jpg" width="1160" height="200" alt="dekorativna slika" title="Protection of personal data" /><!-- | | Subject matter: Legal basis, Obtaining OPs from collections, Insurance, Medical personal data |
| | Legal act: Opinion |
|
| |
|
| <div class="slide-desc">
| | The Information Commissioner (hereinafter IP) has received your request for an opinion on the justification of providing sensitive personal data (medical records) of your subjects to the insurance company on the basis of a cooperation agreement in the field of specialist medical examinations. You state that the insurance company refers to Article 268 of the Insurance Act and Article 9 of the General Regulation on Data Protection. You point out that these are check-ups that you do because an individual has insured themselves for faster access to health services from the specialist doctors who belong to them if they receive a referral. In a medical institution, e.g. with you, this inspection is ordered and paid for by the insurance company, and for this purpose the said contract is concluded. |
|
| |
|
|
| | |
|
| |
|
| <h2>
| | You state that the eighth paragraph of the Insurance Act in point 6 really explicitly allows the insurance company to obtain medical documentation from the health care provider, but you believe that the third paragraph of Article 268 of the Insurance Act limits this to cases where the scope is appropriate and necessary to achieve the purposes of processing. You estimate that this is not necessary for your participation. In your opinion, the insurance company should obtain written permission from the insured in advance in order to be able to obtain his medical records directly from the medical institution for specific purposes, and that the insurance company should provide this permission to the medical institution when requesting medical records. In addition, you consider that it is necessary for the insurance company to justify in the contract in which cases this is absolutely necessary depending on the purpose of use. |
|
| |
|
| <a href="https://www.ip-rs.si/varstvo-osebnih-podatkov/">
| | |
|
| |
|
| Varstvo osebnih podatkov
| | You suggest that IP give opinions specifically for: |
|
| |
|
| </a>
| | insurance for faster access to a specialist, |
| | damage insurance - for the purpose of compensation, |
| | medical examination before taking out life insurance - for the purpose of proving that the insured does not take out insurance after having already received a poor diagnosis, |
|
| |
|
| </h2>
| | |
|
| |
|
|
| | On the basis of the information you have provided to us, in accordance with Article 58 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data Directive 95/46 / EC (General Regulation on Data Protection, hereinafter General Regulation), point 7 of the first paragraph of Article 49 of the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 94/07-UPB1, hereinafter ZVOP-1 ) and Article 2 of the Information Commissioner Act (Official Gazette of the Republic of Slovenia, No. 113/05, hereinafter ZInfP), we provide our non-binding opinion regarding your questions. |
|
| |
|
| </div>
| | |
| --></div></div><div class="page pr"><div class="row"><nav class="c3 sideNav"><ul><li> <a href="https://www.ip-rs.si/varstvo-osebnih-podatkov/iskalnik-po-odlocbah-in-mnenjih/mnenja-gdpr/">Opinions - GDPR</a></li><li> <a href="https://www.ip-rs.si/varstvo-osebnih-podatkov/iskalnik-po-odlocbah-in-mnenjih/odlocbe-in-mnenja-vop/">Decisions and opinions - Protection of personal data</a></li><li> <a href="https://www.ip-rs.si/varstvo-osebnih-podatkov/iskalnik-po-odlocbah-in-mnenjih/sodbe-upravnega-sodisca/">Judgments of the Administrative Court</a></li><li> <a href="https://www.ip-rs.si/varstvo-osebnih-podatkov/iskalnik-po-odlocbah-in-mnenjih/zahteve-za-oceno-ustavnosti/">Requirements for constitutional review</a></li><li> <a href="https://www.ip-rs.si/zakonodaja/pripombe-informacijskega-pooblascenca-na-predloge-predpisov/2020/">Comments of the Information Commissioner on draft regulations</a></li><li> <a href="https://www.ip-rs.si/varstvo-osebnih-podatkov/iskalnik-po-odlocbah-in-mnenjih/sodbe-mednarodnih-sodisc/">Judgments of international courts</a> </li></ul></nav><article class="c9"><!--TYPO3SEARCH_begin--><header class="pr"><nav class="breadcrumbs"> <a href="https://www.ip-rs.si/">Home</a> > Search engine according to GDPR</nav><h1> Search engine according to GDPR</h1> <i class="fa fa-font" id="zoomIn">+</i> <i class="fa fa-font" id="zoomOut">-</i><a href="javascript:window.print()"><i class="fa fa-print" id="print"></i></a> </header><!-- CONTENT ELEMENT, uid:2320/list [begin] --><div id="c2320" class="csc-frame csc-frame-default"><!-- Plugin inserted: [begin] --><div><div> <b>Date:</b> 09.12.2020</div><div> <b>Title:</b> Transmission of medical reports to the insurance company</div><div> <b>Number:</b> 07121-1 / 2020/2187</div><div> <b>Subject matter:</b> Legal basis, Obtaining OPs from collections, Insurance, Medical personal data</div><div> <b>Legal act:</b> Opinion</div></div><br><div><p class="bodytext"> <em>The Information Commissioner (hereinafter IP) has received your request for an opinion on the justification of providing sensitive personal data (medical records) of your subjects to the insurance company on the basis of a cooperation agreement in the field of specialist medical examinations. You state that the insurance company refers to Article 268 of the Insurance Act and Article 9 of the General Regulation on Data Protection. You point out that these are check-ups that you do because an individual has insured himself for faster access to health services with the specialist doctors who belong to him if he gets a referral. In a medical institution, e.g. with you, this inspection is ordered and paid for by the insurance company, and for this purpose the said contract is concluded.</em></p><p class="bodytext"></p><p class="bodytext"> <em>You state that the eighth paragraph of the Insurance Act in point 6 really explicitly allows the insurance company to obtain medical documentation from the health care provider, but you believe that the third paragraph of Article 268 of the Insurance Act limits this to cases where the scope is appropriate and necessary to achieve the purposes of processing. You estimate that this is not necessary for your participation. In your opinion, the insurance company should obtain written permission from the policyholder in advance in order to obtain his medical records directly from the medical institution for specific purposes, and that the insurance company should provide this permission to the medical institution when requesting medical records. In addition, you consider that it is necessary for the insurance company to justify in the contract in which cases this is absolutely necessary depending on the purpose of use.</em></p><p class="bodytext"></p><p class="bodytext"> <em>You suggest that IP give opinions specifically for:</em></p><ul><li> <em>insurance for faster access to a specialist,</em></li><li> <em>damage insurance - for the purpose of compensation,</em></li><li> <em>medical examination before taking out life insurance - for the purpose of proving that the insured does not take out insurance after having already received a poor diagnosis,</em></li></ul><p class="bodytext"></p><p class="bodytext"> On the basis of the information you have provided to us, in accordance with Article 58 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data Directive 95/46 / EC (General Regulation on Data Protection, hereinafter General Regulation), point 7 of the first paragraph of Article 49 of the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 94/07-UPB1, hereinafter ZVOP-1 ) and Article 2 of the Information Commissioner Act (Official Gazette of the Republic of Slovenia, No. 113/05, hereinafter ZInfP), we provide our non-binding opinion regarding your questions.</p><p class="bodytext"></p><p class="bodytext"> We emphasize at the outset that the IP cannot assess specific processing of personal data outside the inspection procedure or other administrative procedure. This means that the IP cannot decide in the context of issuing an opinion whether the conditions for the transfer of personal data are met in a particular case, but can only point out the relevant legal basis and the conditions that must be met for a particular transfer to be lawful. However, a concrete assessment can or must be performed exclusively by the personal data controller.</p><p class="bodytext"></p><p class="bodytext"> IP clarifies that the controller must have a <strong>legal and appropriate legal basis</strong> for any processing of personal data, ie, inter alia, for their disclosure through the transmission, dissemination or other provision of access. These are set out in Article 6 (1) of the General Regulation, and in the case of the processing of specific types of personal data, including health data, another of the conditions set out in Article 9 (2) of the General Regulation must be met. In accordance with point (c) of Article 6 (1) of the General Regulation, processing is lawful if it is necessary to fulfill a legal obligation to which the controller is subject. However, under Article 9 (2) (h) of the General Regulation, the prohibition on the processing of specific types of personal data does not apply in principle if the processing is necessary for the purposes of preventive or occupational medicine, assessment of the employee's working capacity, medical diagnosis, provision of medical or social care or treatment. management of health or social care systems and services under Union law or the law of a Member State or under a contract with a healthcare professional and subject to the conditions and safeguards referred to in paragraph 3.</p><p class="bodytext"></p><p class="bodytext"> IP emphasizes that it is sufficient for the lawfulness of the processing that one of the separate legal bases set out in Article 6 (1) in conjunction with Article 9 (2) of the General Regulation is met. This means that if the controller processes personal data e.g. by law, he is not obliged to obtain consent for this information.</p><p class="bodytext"></p><p class="bodytext"> The legal basis for the transmission of personal data to an insurance company in terms of the above provisions of the General Decree is given in <strong>Article 286 of the Insurance Act</strong> (Official Gazette of the Republic of Slovenia, nos. 93/15, 9/19 and 102/20; hereinafter ZZavar-1).</p><p class="bodytext"></p><p class="bodytext"> The insurance company is entitled to obtain relevant medical documentation relating to the insured or the beneficiary from the insurance, if this documentation is necessary for concluding and implementing insurance contracts, recovery of unpaid liabilities from insurance contracts, settlement of claims, enforcement of claims and other rights and obligations, including the investigation of suspicious cases of unduly paid compensation or insurance benefits arising from insurance under this Act, and verification of political exposure of persons under the Act governing the prevention of money laundering and terrorist financing (third paragraph of Article 268 ZZavar-1).</p><p class="bodytext"></p><p class="bodytext"> The sixth paragraph of Article 268 of ZZavar-1 states that the insurance company may collect the following personal data, taking into account the purpose of data processing:</p><p class="bodytext"></p><ul><li> personal name, sex, date and place of birth, permanent and temporary residence or permanent and temporary address abroad, address for service, date of death, tax number, type and number of personal document of the insured and injured party for whom insurance coverage and compensation is established or insurance;</li><li> on previous insurance cases to the extent referred to in the previous paragraph and <strong>information on the relevant health condition of the insured and the injured party, including the provision of medical services, previous injuries and medical condition, type of bodily injuries, duration of treatment and consequences for the injured party and policyholder</strong> ;</li><li> income of the insured and the injured party and employment;</li><li> retirement (regular and disability), retraining and disability rates of the insured and the injured party;</li><li> costs for medical care, medicines and medical devices of the insured and the injured party;</li><li> entitlement to cover the difference to the full value of health services under the law governing health insurance from the budget of the Republic of Slovenia;</li><li> driving license data;</li><li> historical data on the history of the subject of insurance.</li></ul><p class="bodytext"></p><p class="bodytext"> As a rule, the documentation is provided in the form of a copy by the insured or the beneficiary, but the insurance company can also obtain it directly from the healthcare provider (point 6 of the eighth paragraph of Article 268 of ZZavar-1).</p><p class="bodytext"></p><p class="bodytext"> The insurance company is therefore entitled, inter alia, to the documentation required for:</p><ul><li> taking out insurance, e.g. in the case of a medical examination before taking out life insurance,</li><li> deciding on an insurance claim, e.g. in the case of a claim for damages based on damage insurance,</li><li> to perform an insurance contract, e.g. in certain circumstances, perhaps also to conclude an insurance case under insurance for faster access to a specialist.</li></ul><p class="bodytext"></p><p class="bodytext"> As you correctly pointed out in the request, the third paragraph of Article 268 of ZZavar-1 is limited to cases when the scope of the submitted data is appropriate and necessary for the realization of the purposes of processing. This is in line with the general principle of <strong>minimum data</strong> , according to which personal data must be relevant, relevant and limited to what is necessary for the purposes for which they are processed (Article 5 (1) (c) of the General Regulation). However, IP cannot comment on the question of whether it is necessary and appropriate in a specific case for the insurance company to require you, as a co-contractor, to submit the medical records of the examinees on the basis of a cooperation agreement in the field of performing specialist medical examinations.</p><p class="bodytext"></p><p class="bodytext"> Given that the statutory provision of Article 268 of ZZavar-1, which provides the insurance company with a basis for obtaining data, is relatively open, we suggest that you seek additional clarification regarding the legal basis and purpose of processing and a more detailed justification of the required medical reports. to the insurance company.</p><p class="bodytext"></p><p class="bodytext"></p><p class="bodytext"> Greetings,</p><p class="bodytext"></p><p class="bodytext"> Mojca Prelesnik, B.Sc. dipl. right,</p><p class="bodytext"> Information Commissioner</p><p class="bodytext"></p><p class="bodytext"></p><p class="bodytext"> Prepared by:</p><p class="bodytext"> Tina Ivanc, B.Sc. dipl. right,<br /> IP data protection consultant</p><p class="bodytext"></p><p class="bodytext"></p></div><div> <a href="javascript:history.back();">Back</a> </div><!-- Plugin inserted: [end] --></div><!-- CONTENT ELEMENT, uid:2320/list [end] --><!--TYPO3SEARCH_end--></article></div></div><footer><div class="row"><address class="c3"> <strong class="title">ABOUT US</strong><p class="bodytext"> <strong>Information Commissioner</strong></p><p class="bodytext"> <strong>Dunajska cesta 22</strong></p><p class="bodytext"> <strong>1000 Ljubljana, Slovenia</strong></p><p class="bodytext"></p><p class="bodytext"> <a href="https://www.ip-rs.si/fileadmin/user_upload/png/zemljevid_IPRS.PNG" title="Initiates file download">Map</a> (source: najdi.si)</p><p class="bodytext"> T: 01 230 97 30<br /> F: 01 230 97 78</p><p class="bodytext"> E-mail: <a href="javascript:linkTo_UnCryptMailto('iwehpk6cl:elWel9no:oe');">gp.ip (at) ip-rs.si</a><br /> Reporting violations: <a href="https://www.ip-rs.si/zakonodaja/reforma-evropskega-zakonodajnega-okvira-za-varstvo-osebnih-podatkov/kljucna-podrocja-uredbe/prijava-krsitev/" target="_blank">instructions and form</a></p></address><div class="c3"> <strong class="title">OFFICE HOURS</strong><p class="bodytext"> <strong>MON - FRI</strong></p><p class="bodytext"> 10.00 - 12.00 and 14.00 - 15.00</p><p class="bodytext"></p><p class="bodytext"> A personal visit is only possible with prior notice to the above e-mail address or telephone number.</p></div><div class="c3 h1"> <strong class="title">LINKS</strong><!-- CONTENT ELEMENT, uid:1350/html [begin] --><div id="c1350" class="csc-frame csc-frame-default"><!-- Raw HTML content: [begin] --><p> <a href="https://www.ip-rs.si/o-pooblascencu/informacije-javnega-znacaja/">Public information</a></p><p> <a href="https://www.ip-rs.si/publikacije/prirocniki-in-smernice/" title="In the guidelines, personal file managers can find answers to the most frequently asked questions in each area of personal data protection. The guidelines also provide quick guides, checklists, and examples of good and bad practice.">Manuals and guidelines</a></p><p> <a href="https://www.ip-rs.si/obrazci/varstvo-osebnih-podatkov/" title="Forms">Forms</a></p><p> <a href="https://www.ip-rs.si/o-pooblascencu/informacije-javnega-znacaja/o-spletni-strani/" title="About the website">Privacy policy</a></p><p> <a href="https://www.ip-rs.si/o-pooblascencu/informacije-javnega-znacaja/informacije-o-obdelavi-osebnih-podatkov/" title="About the website">Information on the processing of personal data</a></p><p> <a href="https://www.ip-rs.si/o-pooblascencu/informacije-javnega-znacaja/izjava-o-dostopnosti-spletne-strani/" target="_blank">Website Accessibility Statement</a></p><p> <a href="https://www.upravljavec.si" target="_blank">Support for small businesses</a></p><p> <a href="https://www.tiodlocas.si" target="_blank">Rights of individuals</a> </p><!-- Raw HTML content: [end] --></div><!-- CONTENT ELEMENT, uid:1350/html [end] --></div><div class="c3 pr"><div class="h1"><strong class="title"></strong><div class="cb-textpic" id="cb1351"><a name="c1351"></a><div class="cb-center cb-ic2 layout0"></div><p class="bodytext"> Telephone counseling in the field of personal data protection takes place within the project "Justice, Equality and Citizenship Program 2014-2020", funded by the European Union. </p><p class="bodytext"><img height="44" src="https://www.ip-rs.si/fileadmin/_processed_/d/7/csm_iDecide_Logo_breznapisa_nogastrani_e14a48342f.png" width="220" alt="IDecide project logo" /></p></div></div></div></div></footer></div><script src="https://www.ip-rs.si/typo3conf/ext/t3colorbox/Resources/Public/JavaScript/jquery.colorbox-1.5.13.min.js?1501572991" type="text/javascript"></script><script src="https://www.ip-rs.si/typo3conf/ext/pxa_survey/Resources/Public/JavaScript/Survey.js?1573637584" type="text/javascript"></script><script src="https://www.ip-rs.si/fileadmin/templates/js/scripts.min.js?1501510497" type="text/javascript"></script><script src="https://www.ip-rs.si/typo3conf/ext/pxa_survey/Resources/Public/JavaScript/pxa_survey.js?1573637584" type="text/javascript"></script><script src="https://www.ip-rs.si/typo3temp/assets/js/2619955b93.js?1597648248" type="text/javascript"></script></body></html>
| | |
| | We emphasize at the outset that the IP cannot assess specific processing of personal data outside the inspection procedure or other administrative procedure. This means that the IP cannot decide in the context of issuing an opinion whether the conditions for the transfer of personal data are met in a particular case, but can only point out the relevant legal basis and the conditions that must be met for a particular transfer to be lawful. However, a concrete assessment can or must be performed exclusively by the personal data controller. |
| | |
| | |
| | |
| | IP clarifies that the controller must have a for any processing of personal data, ie, inter alia, for their disclosure through the transmission, dissemination or other provision of access legal and appropriate legal basis . These are set out in Article 6 (1) of the General Regulation, and in the case of the processing of specific types of personal data, including health data, another of the conditions set out in Article 9 (2) of the General Regulation must be met. In accordance with point (c) of Article 6 (1) of the General Regulation, processing is lawful if it is necessary to fulfill a legal obligation to which the controller is subject. However, under Article 9 (2) (h) of the General Regulation, the prohibition on processing specific types of personal data does not apply in principle if the processing is necessary for the purposes of preventive or occupational medicine, assessment of the employee's working capacity, medical diagnosis, provision of medical or social care or treatment. management of health or social care systems and services under Union law or the law of a Member State or under a contract with a healthcare professional and subject to the conditions and safeguards referred to in paragraph 3. |
| | |
| | |
| | |
| | IP emphasizes that it is sufficient for the lawfulness of the processing that one of the separate legal bases set out in Article 6 (1) in conjunction with Article 9 (2) of the General Regulation is met. This means that if the controller processes personal data e.g. by law, he is not obliged to obtain consent for this information. |
| | |
| | |
| | |
| | The legal basis for the transmission of personal data to an insurance company in terms of the above provisions of the General Decree is given in Article 286 of the Insurance Act (Official Gazette of the Republic of Slovenia, nos. 93/15, 9/19 and 102/20; hereinafter ZZavar-1). |
| | |
| | |
| | |
| | The insurance company is entitled to obtain relevant medical documentation relating to the insured or the beneficiary from the insurance, if this documentation is necessary for concluding and implementing insurance contracts, recovery of unpaid liabilities from insurance contracts, settlement of claims, enforcement of claims and other rights and obligations, including the investigation of suspicious cases of unduly paid compensation or insurance benefits arising from insurance under this Act, and verification of political exposure of persons under the Act governing the prevention of money laundering and terrorist financing (third paragraph of Article 268 ZZavar-1). |
| | |
| | |
| | |
| | The sixth paragraph of Article 268 of ZZavar-1 states that the insurance company may collect the following personal data, taking into account the purpose of data processing: |
| | |
| | |
| | |
| | personal name, sex, date and place of birth, permanent and temporary residence or permanent and temporary address abroad, address for service, date of death, tax number, type and number of personal document of the insured and injured party for whom insurance coverage and compensation is established or insurance; |
| | on previous insurance cases to the extent referred to in the previous paragraph and information on the relevant health status of the insured and the injured party, including the provision of medical services, previous injuries and medical condition, type of bodily injuries, duration of treatment and consequences for the injured party and policyholder ; |
| | income of the insured and the injured party and employment; |
| | retirement (regular and disability), retraining and disability rates of the insured and the injured party; |
| | costs for medical care, medicines and medical devices of the insured and the injured party; |
| | entitlement to cover the difference to the full value of health services under the law governing health insurance from the budget of the Republic of Slovenia; |
| | driving license data; |
| | historical data on the history of the subject of insurance. |
| | |
| | |
| | |
| | As a rule, the documentation is provided in the form of a copy by the insured or the beneficiary, but the insurance company can also obtain it directly from the healthcare provider (point 6 of the eighth paragraph of Article 268 of ZZavar-1). |
| | |
| | |
| | |
| | The insurance company is therefore entitled, inter alia, to the documentation required for: |
| | |
| | taking out insurance, e.g. in the case of a medical examination before taking out life insurance, |
| | deciding on an insurance claim, e.g. in the case of a claim for damages based on damage insurance, |
| | to perform an insurance contract, e.g. in certain circumstances, perhaps also to conclude an insurance case under insurance for faster access to a specialist. |
| | |
| | |
| | |
| | As you correctly pointed out in the request, the third paragraph of Article 268 of ZZavar-1 is limited to cases when the scope of the submitted data is appropriate and necessary for the realization of the purposes of processing. This is in line with the general principle of minimum data , according to which personal data must be relevant, relevant and limited to what is necessary for the purposes for which they are processed (Article 5 (1) (c) of the General Regulation). However, IP cannot comment on the question of whether it is necessary and appropriate in a specific case for the insurance company to require you, as a co-contractor, to submit the medical records of the examinees on the basis of a cooperation agreement in the field of performing specialist medical examinations. |
| | |
| | |
| | |
| | Given that the statutory provision of Article 268 of ZZavar-1, which provides the insurance company with a basis for obtaining data, is relatively open, we suggest that you seek additional clarification regarding the legal basis and purpose of processing and a more detailed justification of the required medical reports. to the insurance company. |
| | |
| | |
| | |
| | |
| | |
| | Greetings, |
| | |
| | |
| | |
| | Mojca Prelesnik, B.Sc. dipl. right, |
| | |
| | Information Commissioner |
| | |
| | |
| | |
| | |
| | |
| | Prepared by: |
| | |
| | Tina Ivanc, B.Sc. dipl. prav., |
| | IP data protection consultant |
| </pre> | | </pre> |
The Slovenian DPA (IP) issued an opinion on justification of sharing medical records with the insurance company on the basis of a cooperation agreement in the field of specialist medical examinations.
English Summary
Facts
According to the complainant, the Slovenian Insurance Act allows an insurance company to obtain medical documentation from a healthcare provider but only to the scope where it is necessary and appropriate to achieve the purposes of processing. In all other cases, the company should obtain a written consent from an insured person.
Dispute
Does Article 268 of the Slovenian Insurance Act constitute appropriate legal basis of accessing to medical documentation by an insurance company?
Holding
IP clarified that the controller must have a legal and appropriate legal basis for any processing of personal data, including their disclosure through transmission or dissemination. IP emphasized that it is sufficient for the lawfulness of the processing that one of the separate legal bases set out in Article 6 (1) in conjunction with Article 9 (2) of the General Regulation is met. This means that if the controller processes personal data e.g. by law, he is not obliged to obtain consent for this information.
The legal basis for the transmission of personal data to an insurance company is given in Article 286 of the Insurance Act. The insurance company is entitled to obtain relevant medical documentation relating to the insured or the beneficiary from the insurance if this documentation is necessary for concluding and implementing insurance contracts, recovery of unpaid liabilities from insurance contracts, settling claims, claiming claims and other rights and obligations, including the investigation of suspicious cases of unduly paid compensation or insurance benefits arising from insurance under this Act, and verification of political exposure of persons under the Act governing the prevention of money laundering and terrorist financing (third paragraph of Article 268 of ZZavar-1). The insurance company is therefore entitled, inter alia, to the documentation required for:
- taking out insurance, e.g. in the case of a medical examination before taking out life insurance,
- deciding on an insurance claim, e.g. in the case of a claim for damages based on damage insurance,
- performing an insurance contract.
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Slovenian original. Please refer to the Slovenian original for more details.
Date: December 9th, 2020
Title: Transmission of medical reports to the insurance company
Number: 07121-1 / 2020/2187
Subject matter: Legal basis, Obtaining OPs from collections, Insurance, Medical personal data
Legal act: Opinion
The Information Commissioner (hereinafter IP) has received your request for an opinion on the justification of providing sensitive personal data (medical records) of your subjects to the insurance company on the basis of a cooperation agreement in the field of specialist medical examinations. You state that the insurance company refers to Article 268 of the Insurance Act and Article 9 of the General Regulation on Data Protection. You point out that these are check-ups that you do because an individual has insured themselves for faster access to health services from the specialist doctors who belong to them if they receive a referral. In a medical institution, e.g. with you, this inspection is ordered and paid for by the insurance company, and for this purpose the said contract is concluded.
You state that the eighth paragraph of the Insurance Act in point 6 really explicitly allows the insurance company to obtain medical documentation from the health care provider, but you believe that the third paragraph of Article 268 of the Insurance Act limits this to cases where the scope is appropriate and necessary to achieve the purposes of processing. You estimate that this is not necessary for your participation. In your opinion, the insurance company should obtain written permission from the insured in advance in order to be able to obtain his medical records directly from the medical institution for specific purposes, and that the insurance company should provide this permission to the medical institution when requesting medical records. In addition, you consider that it is necessary for the insurance company to justify in the contract in which cases this is absolutely necessary depending on the purpose of use.
You suggest that IP give opinions specifically for:
insurance for faster access to a specialist,
damage insurance - for the purpose of compensation,
medical examination before taking out life insurance - for the purpose of proving that the insured does not take out insurance after having already received a poor diagnosis,
On the basis of the information you have provided to us, in accordance with Article 58 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data Directive 95/46 / EC (General Regulation on Data Protection, hereinafter General Regulation), point 7 of the first paragraph of Article 49 of the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 94/07-UPB1, hereinafter ZVOP-1 ) and Article 2 of the Information Commissioner Act (Official Gazette of the Republic of Slovenia, No. 113/05, hereinafter ZInfP), we provide our non-binding opinion regarding your questions.
We emphasize at the outset that the IP cannot assess specific processing of personal data outside the inspection procedure or other administrative procedure. This means that the IP cannot decide in the context of issuing an opinion whether the conditions for the transfer of personal data are met in a particular case, but can only point out the relevant legal basis and the conditions that must be met for a particular transfer to be lawful. However, a concrete assessment can or must be performed exclusively by the personal data controller.
IP clarifies that the controller must have a for any processing of personal data, ie, inter alia, for their disclosure through the transmission, dissemination or other provision of access legal and appropriate legal basis . These are set out in Article 6 (1) of the General Regulation, and in the case of the processing of specific types of personal data, including health data, another of the conditions set out in Article 9 (2) of the General Regulation must be met. In accordance with point (c) of Article 6 (1) of the General Regulation, processing is lawful if it is necessary to fulfill a legal obligation to which the controller is subject. However, under Article 9 (2) (h) of the General Regulation, the prohibition on processing specific types of personal data does not apply in principle if the processing is necessary for the purposes of preventive or occupational medicine, assessment of the employee's working capacity, medical diagnosis, provision of medical or social care or treatment. management of health or social care systems and services under Union law or the law of a Member State or under a contract with a healthcare professional and subject to the conditions and safeguards referred to in paragraph 3.
IP emphasizes that it is sufficient for the lawfulness of the processing that one of the separate legal bases set out in Article 6 (1) in conjunction with Article 9 (2) of the General Regulation is met. This means that if the controller processes personal data e.g. by law, he is not obliged to obtain consent for this information.
The legal basis for the transmission of personal data to an insurance company in terms of the above provisions of the General Decree is given in Article 286 of the Insurance Act (Official Gazette of the Republic of Slovenia, nos. 93/15, 9/19 and 102/20; hereinafter ZZavar-1).
The insurance company is entitled to obtain relevant medical documentation relating to the insured or the beneficiary from the insurance, if this documentation is necessary for concluding and implementing insurance contracts, recovery of unpaid liabilities from insurance contracts, settlement of claims, enforcement of claims and other rights and obligations, including the investigation of suspicious cases of unduly paid compensation or insurance benefits arising from insurance under this Act, and verification of political exposure of persons under the Act governing the prevention of money laundering and terrorist financing (third paragraph of Article 268 ZZavar-1).
The sixth paragraph of Article 268 of ZZavar-1 states that the insurance company may collect the following personal data, taking into account the purpose of data processing:
personal name, sex, date and place of birth, permanent and temporary residence or permanent and temporary address abroad, address for service, date of death, tax number, type and number of personal document of the insured and injured party for whom insurance coverage and compensation is established or insurance;
on previous insurance cases to the extent referred to in the previous paragraph and information on the relevant health status of the insured and the injured party, including the provision of medical services, previous injuries and medical condition, type of bodily injuries, duration of treatment and consequences for the injured party and policyholder ;
income of the insured and the injured party and employment;
retirement (regular and disability), retraining and disability rates of the insured and the injured party;
costs for medical care, medicines and medical devices of the insured and the injured party;
entitlement to cover the difference to the full value of health services under the law governing health insurance from the budget of the Republic of Slovenia;
driving license data;
historical data on the history of the subject of insurance.
As a rule, the documentation is provided in the form of a copy by the insured or the beneficiary, but the insurance company can also obtain it directly from the healthcare provider (point 6 of the eighth paragraph of Article 268 of ZZavar-1).
The insurance company is therefore entitled, inter alia, to the documentation required for:
taking out insurance, e.g. in the case of a medical examination before taking out life insurance,
deciding on an insurance claim, e.g. in the case of a claim for damages based on damage insurance,
to perform an insurance contract, e.g. in certain circumstances, perhaps also to conclude an insurance case under insurance for faster access to a specialist.
As you correctly pointed out in the request, the third paragraph of Article 268 of ZZavar-1 is limited to cases when the scope of the submitted data is appropriate and necessary for the realization of the purposes of processing. This is in line with the general principle of minimum data , according to which personal data must be relevant, relevant and limited to what is necessary for the purposes for which they are processed (Article 5 (1) (c) of the General Regulation). However, IP cannot comment on the question of whether it is necessary and appropriate in a specific case for the insurance company to require you, as a co-contractor, to submit the medical records of the examinees on the basis of a cooperation agreement in the field of performing specialist medical examinations.
Given that the statutory provision of Article 268 of ZZavar-1, which provides the insurance company with a basis for obtaining data, is relatively open, we suggest that you seek additional clarification regarding the legal basis and purpose of processing and a more detailed justification of the required medical reports. to the insurance company.
Greetings,
Mojca Prelesnik, B.Sc. dipl. right,
Information Commissioner
Prepared by:
Tina Ivanc, B.Sc. dipl. prav.,
IP data protection consultant