DE  |   -- EN  |   -- RU

Health Data Protection in Germany

We advise on data protection in healthcare

Health data are sensitive personal data that are covered by special legal protection in Germany and Europe. Health data include all data which relate to the health condition of a data subject and reveal information about the data subject’s former, present, or futurephysical or mental health condition.

Requirements for dealing with health data

When health data are concerned, it is irrelevant, which body processes said data. As a consequence, hospitals, doctors’ offices, care facilities, health insurances, pharmacies, research institutions, and even other organizations processing health data, like mutual aid fellowships or foundations aiming at promoting public health and public healthcare mandatorily have to address health data protection in Germany.

As, in addition, digitization is also playing an increasingly important role even in healthcare (electronic patient files, telemedicine, health apps), data protection in healthcare and data security requirements are very likely to continue to increase in the future.

Special protection of health data in Germany

Data concerning the health condition of a person, including data about a disease, treatment, or diagnosis, risks of disease, genetic data or visits to the doctor constitute highly sensitive information. If such data fall into the wrong hands, the consequences for the person concerned may be very unpleasant. Hence, the level of data protection must be very high when health data are concerned.

Due to their high sensitivity, the General Data Protection Regulation (GDPR) protects health data as “special categories of personal data”. In addition, sector-specific provisions need to be observed. These include

  • provisions of the social codes,
  • the German E-health Act,
  • federal state laws on hospitals, or
  • the professional codes of ethics for physicians and pharmacists.

Healthcare facilities run by churches are additionally subject to independent ecclesiastical data protection laws.

 

Privacy and Cyber Security in Germany 2021

(Chapter in the Law Review series)

Our privacy experts contributed a chapter to the handbook The Privacy, Data Protection and Cybersecurity Law Review. Read here for free

No health data without data protection concept

In addition to the requirements under data protection regulations, medical secrecy must also be protected.

In order to fulfill their responsibilities in terms of data privacy in healthcare, all entities processing health data are required to implement an efficient data protection concept. Given the high degree of complexity of health data protection, we offer you professional assistance based on our extensive practical expertise in the field of data protection law.

Our consulting services in health data protection

Your data protection in the hands of experts! We will be pleased to assist you in designing health data processing chains that comply with German legal requirements while being adapted to your practical needs.

Our consulting services concerning data privacy in healthcare include:

  • reviews for compliance with data protection provisions and development of data protection concepts
  • legal assessments of matters relating to health data protection, e.g. data protection in hospitals
  • conducting employee training programs, e.g. for physicians, nursing staff, receptionists
  • consulting in connection with the use of external service providers (so-called digital health providers) e.g. for patient data administration
  • designing all processes in compliance with European data protection regulations, e.g. patient admission, documentation of examination results, and patient discharge
  • consulting on health data transmissions to third parties, like other specialist departments, accounting centers, social security, medical service of the health insurances, in compliance with data protection regulations
  • consulting on introducing and designing data processing programs (like hospital information systems) and creating authorization concepts in compliance with data protection regulations
  • drafting the required documentation, like letters of commitment, declarations of approval, or confidentiality release forms
  • consulting on the documentation, archiving, and erasure of health data in compliance with data protection regulations
  • consulting on designing e-health offers, like e-health apps, online-assisted appointment scheduling etc. in compliance with data protection regulations
  • consulting with respect to the data protection impact assessment required by art. 35 of the GDPR
  • provision and tasks of an external data protection officer
  • introduction of processes ensuring and implementing the rights of data subjects, like information requests

Your attorney for health data protection

Your contacts for questions relating to any aspects of health data protection in Germany are

Please do not hesitate to contact us. The easiest way to reach us is via e-mail (info@winheller.com) or by phone (+49 69 76 75 77 80).

"Privacy Law":Recent blog posts

Privacy in Germany: What to Consider When Using Tracking Tools

- Olga Stepanova

Privacy in Germany: What to Consider When Using Tracking Tools

New Model For Fines For GDPR Violations

- Patricia Jechel

New Model For Fines For GDPR Violations

German Telecommunications Telemedia Data Protection Act Simplifies Consent to Cookies

- Olga Stepanova

German Telecommunications Telemedia Data Protection Act Simplifies Consent to Cookies

News

1665040410 > 1672441200

Exchange between the generations with lawyer and compliance expert Dr. Constantin Goette followed by a relaxed dinner in the Frankfurt Pizzeria Calma Caos

More

1665040410 > 1666908000

WINHELLER is represented in the 2022 Best Lawyers Ranking with four lawyers recommendations.

More

Contact

Contact

Awards

Juve AwardLegal 500 Germany 2019
azur100: Top Employer for Lawyers 2021

Newsletter

Stay up to date with our quarterly German Business Law newsletter!

Subscribe for free