Health data protection

Hospitals and clinics collect, process and use highly sensitive personal data. This is largely information about patients’ health, which is specifically protected not only through medical confidentiality, but also through Art. 9 Para. 1 GDPR as “special types” of personal data.

Since hospitals and clinics are also service providers in the sense of SGB V [German Social Security Code], performing employer functions for the personnel employed there and acting as contractual partners not just for patients but for insurance companies and external service providers as well – often in the context of data sub processing – there are various binding special legal data-protection regulations and documentation obligations in addition to the provisions of the BDSG.

Now more than ever, in order to fulfill these requirements as well as the increased demands that patients place on modern service providers, hospitals and clinics must develop and implement an efficient data protection concept. They must also observe the limitations for handling patient data that are set by legislators and jurisprudence.

We act as an external data protection officer to advise hospitals and clinics; in this function, we support compliance with all statutory data protection regulations. Among other things, this includes:

  • Developing or revising the necessary guidelines, work instructions, formal obligations and declarations of consent
  • Monitoring the proper use of data processing programs used for processing personal data (particularly hospital information systems and the data-protection-compliant assignment of roles and access authorizations)
  • Employee training (including for health-care personnel and phone-center employees)
  • Acting as a contact for patients and other third parties in matters involving data protection
  • Providing data protection support to employees (e.g. handling official inquiries, requests to view patient files and other informational requests by third parties; transmitting patient data within and outside the hospital/clinic)
  • data sub processing for patient data

We are also happy to provide consultation for partial projects and to support internal data protection officers and specialized departments in these projects, for instance when preparing for certifications (e.g. KTQ certifications), employee training, writing data protection handbooks and introducing or designing hospital information systems.

You can benefit from our experiences in the area of health data protection. We work efficiently, with the clear goal of protecting your processes to the greatest extent possible. Contact us for a non-binding consultation.