Helsana processes health-related data, which is considered to be particularly sensitive personal data. The processing of such data must be governed by a policy document, pursuant to the Ordinance on the Swiss Federal Law on Data Protection (Datenschutzgesetz, DSG). This includes the internal organisation, data processing procedures and access authorisations.
Helsana processes insured persons' data using automated data collections in application of the Health Insurance Act (KVG). Benefit processing especially involves health data which are categorised as particularly sensitive personal data under the Data Protection Act (DSG). The Ordinance on the DSG stipulates that the processing of particularly sensitive personal data must be governed by a data processing policy. This policy includes the internal organisation in which automated data processing is embedded. It also governs data processing procedures and access authorisations as well as listing the data protection rights of the individuals concerned and the bodies responsible for data protection.
Commissioned data processing:
Helsana processes insured persons' data on behalf of the health insurance companies (subsidiaries) that form part of the Helsana Group. This data processing policy therefore applies to the health insurance companies Progrès Insurance Ltd and Indivo Insurance Ltd. It can be accessed via the same link.