Please rate our service in just five steps.
If you undergo treatment in Germany, personal data about you are regularly collected, processed and used by healthcare service-providers, and possibly by healthcare insurers. Great importance is attached to the protection of these personal data all over Europe, and hence also in Germany.
Personal data are individual pieces of information on an individual’s personal or technical circumstances. These data, and particularly the appropriate medical data, are particularly sensitive. For this reason, there are particular requirements for the handling of medical data. You as a patient should be able to be assured that no unauthorised individuals can gain access to your data. In addition to the data protection regulations, professional secrecy and the obligation of confidentiality that is incumbent on your doctor or dentist are also intended to ensure that your data are protected.
The collection, processing and use of the data (this includes collection and storage, alteration, transmission, blockage and deletion) is hence only permitted within the framework of the law – or if you as the person concerned have consented after being given detailed prior information.
You will find statutory regulations on data processing in the general provisions of the Federal Data Protection Act (Bundesdatenschutzgesetz) and in the data protection statutes of the Länder. Special provisions can be found in the Books of the Social Code (Books II to XII of the Social Code [SGB II to SGB XII]).
Data protection is orientated above all towards the following principles:
The German data protection provisions also meet the requirements under European law in accordance with EC Directive 95/46/EC. The Directive was transposed into German law in 2001.
As a matter of principle, you have a right to be notified by the responsible agency prior to the first storage or transmission of your data. A responsible agency is any individual or agency collecting, processing or using your data, such as a doctor or hospital. If however you have provided your data yourself, for instance in the doctor’s consultation room, you not longer have to be informed of the storage of the data. It is also not necessary if you have consented to your data being used.
You can require to be provided with information on what data are stored on you and where, where the data come from, for what purpose they are stored and to what individuals or agencies they were passed on. The information must be provided free of charge as a matter of principle. The right to information must be applied for from the appropriate responsible agency. This also includes the right to inspect your medical records.
The responsible agency must correct your data if they contain errors. If the storage of data is not lawful, your data must be deleted. Deletion may be ruled out if for instance storage periods (e.g. periods stipulated for examination and control purposes) pose an obstacle to deletion. In this case, your data are simply blocked. Such a blockage means that it is prohibited to use the data.
If a responsible agency causes you damage by unauthorised or incorrect collection or use of your data, that agency is obliged to compensate you. Compensation may be provided for both material and immaterial damage, such as for a violation of your right of personality. You must however prove that the data were processed without authorisation or wrongly and that you have suffered damage as a result. If you wish to claim damages, we recommend that you should first of all contact the agency which carried out the unauthorised or incorrect collection, processing or use of your data. Only if this attempt does not bring about clarification should you take legal steps and file an action with the civil courts.
If you feel that your rights have been violated in the collection, processing and use of your personal data, you can either turn to the Federal Commissioner for Data Protection, who is responsible for all agencies of the Federation, or to the competent Commissioner for Data Protection of the respective Land.
Even if you send an enquiry to EU-PATIENTEN.DE, the above principles and regulations for data processing naturally apply. Moreover, even more stringent requirements apply to information from you which we process and pass on. For instance, we may only pass on enquiries which we receive from you if you have explicitly agreed in writing to our doing so. Your data are hence particularly well protected. On the other hand, we ask for your understanding that it may take some time to process your enquiry in individual cases as a result.
If we are unable to answer your enquiry ourselves, we will first of all ask you to confirm in writing that the data can be passed on, using a form which we provide. It is only after receiving this confirmation that we are then able to pass on your enquiry.