Data protection

CSS generally welcomes the process of revising the data protection act, which was launched in 2017 and completed in 2020. The focus here for CSS is on protecting individual personal data while at the same time maintaining the leeway for models such as Managed Care. The terms "profiling" and "automated individual decision-making" were introduced during the course of the revision. For insurers to continue to be able to carry out the tasks assigned to them by law, these terms would also have to be included in Article 84 of the Federal Act on Health Insurance (KVG). Unfortunately, this did not happen under the revision of the data protection act (DSG). The term 'profiling' (Art. 4 let. f, draft DSG) is broadly defined and takes in the automated processing of personal data. This goes beyond the performance of simple administrative tasks and the payment of more than 120 million bills a year to include the checking of medical services against the effectiveness, appropriateness and cost-effectiveness criteria. Combating insurance abuse and fraud is another important task that insurers would not be able to perform or perform efficiently without automated processes. This would drive costs up and lead to unnecessary premium increases.

Furthermore, it is not apparent why profiling and automated individual decision-making should be allowed in the field of accident insurance (UVG), as proposed by the revision, but not in that of health insurance. The KVG and UVG may be different, but both types of insurance rely on profiling and automated individual decision-making when it comes to processing data.

There must now be a detailed examination of how the new DSG impacts health insurers in carrying out their tasks and whether this means there is an additional need to amend the KVG.