Health care & Hospitals

Hospitals, clinics and doctors’ surgeries collect, process and use the highest amount of Sensitive Personal Data of all branches. This mainly includes data regarding the health of patients, which are specifically protected not only by medical secrecy, but also by the European GDPR as so-called special categories of Personal Data. Moreover, increasing competitive pressure with high expectations dominates this sector.

Hospitals and clinics not only act as service providers within the meaning of social legal stipulations, for example, or as employers for their personnel but also as contractual partners of patients, health insurance funds and external service providers – often within the framework of Data Processing as laid down in Art. 28 GDPR. In this context, various binding Data Protection Regulations and documentation obligations must be considered besides the provisions of the GDPR.

Modern services, new obligations

In order to meet these obligations and the increased demands of patients towards a modern service company, the operators of hospitals, clinics or medical care centers are more than ever required to design and implement an efficient Data Protection Concept. Additionally, they should observe the limits set by the legislator and the courts for the handling of patient data. Sensitive Data of patients, but also of doctors, nurses and service providers require special protection.

From the doctor’s practice to the Medical Care Center (MCC, GER) or the clinic and hospital, we can advise as an External Data Protection Officer to ensure compliance with all Data Protection Regulations.

This includes among other things:

  • Drafting or revision of necessary guidelines, work instructions, declarations of commitment and declarations of consent
  • Monitoring the proper use of data processing programs that process personal data. In particular hospital information systems and their data protection-compliant allocation of roles and access rights
  • Staff training (e.g. for nursing staff, telephone exchange staff)
  • Contact for patients and other third parties regarding Data Protection
  • Data Protection support for employees (e.g. dealing with official enquiries, requests for inspection of medical records and other information claims by third parties, transfer of patient data within and outside the hospital/clinic)
  • Data Processing of patient data on behalf of another controller

We are also happy to advise on sub-projects and support internal Data Protection Officers or specialist departments in such projects. For example, in terms of preparation of certifications (e.g. KTQ certifications), employee training, the drafting of data protection manuals or the introduction and design of hospital information systems (HIS).

In order to comply with the extended information obligations (Art. 12-14 GDPR), we support in informing patients in a transparent, descriptive and easily accessible form as well as in understandable and clear language, e.g. with the help of precise information sheets.

Benefit from our experience in the field of Health care & Hospitals

We work efficiently and with the clear goal of protecting your processes best possible. Get in contact with us without obligation to benefit from our experience in the field of Health care & Hospitals.