Health Data Protection in Germany

Name: WINHELLER Rechtsanwaltsgesellschaft mbH
Address: Friedrich-Ebert-Anlage 37, Frankfurt am Main, Hessen, 60327
Telephone: 069 76757780
Price range: $$
Rating: 4,5

We advise on data protection in healthcare

Health data are sensitive personal data that are covered by special legal protection in Germany and Europe. Health data include all data which relate to the health condition of a data subject and reveal information about the data subject’s former, present, or future physical or mental health condition.

When health data are concerned, it is irrelevant, which body processes said data. As a consequence, hospitals, doctors’ offices, care facilities, health insurances, pharmacies, research institutions, and even other organizations processing health data, like mutual aid fellowships or foundations aiming at promoting public health and public healthcare mandatorily have to address health data protection in Germany.

As, in addition, digitization is also playing an increasingly important role even in healthcare (electronic patient files, telemedicine, health apps), the data protection and data security requirements are very likely to continue to increase in the future.

Special protection of health data in Germany

Data concerning the health condition of a person, including data about a disease, treatment, or diagnosis, risks of disease, genetic data or visits to the doctor constitute highly sensitive information. If such data fall into the wrong hands, the consequences for the person concerned may be very unpleasant. Hence, the level of data protection must be very high when health data are concerned.

Due to their high sensitivity, the General Data Protection Regulation (GDPR) protects health data as “special categories of personal data”. In addition, sector-specific provisions need to be observed. These include

provisions of the social codes,
the German E-health Act,
federal state laws on hospitals, or
the professional codes of ethics for physicians and pharmacists.

Healthcare facilities run by churches are additionally subject to independent ecclesiastical data protection laws.

Featured article on German data protection law

Featured article on data protection law:

Data Protection and Cyber Security in Germany 2019
(Chapter and book are from the series Law Review)

The WINHELLER IP and data protection department contributed an entire chapter to the sixth issue of The Privacy, Data Protection and Cybersecurity Law Review. This chapter summarizes the German privacy policies, discusses current regulatory efforts regarding Social Media and presents the EU General Data Protection Regulation.

No health data without data protection concept

In addition to the requirements under data protection regulations, medical secrecy must also be protected.

In order to fulfill their responsibilities in terms of data protection, all entities processing health data are required to implement an efficient data protection concept. Given the high degree of complexity of health data protection, we offer you professional assistance based on our extensive practical expertise in the field of data protection law.

Our consulting services in health data protection

Your data protection in the hands of experts! We will be pleased to assist you in designing health data processing chains that comply with German legal requirements while being adapted to your practical needs.

Our consulting services in health data protection include:

Reviews for compliance with data protection provisions and development of data protection concepts
legal assessments of matters relating to health data protection
conducting employee training programs, e.g. for physicians, nursing staff, receptionists
consulting in connection with the use of external service providers (so-called “digital health providers) e.g. for patient data administration
designing all processes in compliance with European data protection regulations, e.g. patient admission, documentation of examination results, and patient discharge
consulting on health data transmissions to third parties, like other specialist departments, accounting centers, social security, medical service of the health insurances, in compliance with data protection regulations
consulting on introducing and designing data processing programs (like hospital information systems) and creating authorization concepts in compliance with data protection regulations
drafting the required documentation, like letters of commitment, declarations of approval, or confidentiality release forms
consulting on the documentation, archiving, and erasure of health data in compliance with data protection regulations
consulting on designing e-health offers, like e-health apps, online-assisted appointment scheduling etc. in compliance with data protection regulations
consulting with respect to the data protection impact assessment required by art. 35 of the GDPR
provision and tasks of an external data protection officer
introduction of processes ensuring and implementing the rights of data subjects, like information requests

Your attorney for health data protection

Your contact partner for questions relating to any aspects of health data protection is Attorney Olga Stepanova (external data protection officer). Please do not hesitate to approach us. The easiest way to reach us is via e-mail (info@winheller.com) or, if you prefer, by phone (+49 (0) 69 76 75 77 80).

News

27.11.2019 - Olga Stepanova co-author of Data Protection Law Review

Attorney Olga Stepanova contributed a chapter on German data protection regulations again.

Frankfurt

Karlsruhe

Berlin

Hamburg

Munich