Protection against identification, data protection and data security
Each year, the HDL receives the pseudonymised billing data of the statutory health insurants from the German National Association of Statutory Health Insurance Funds.
According to GDPR, Article 4, paragraph 5, "pseudonymisation" means "the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person." Thus, uniquely personal identifying characteristics such as name, address or the insured person number are not included in the data. Pseudonymisation takes place before data transmission to the Health Data Lab. The Robert Koch Institute assumes the tasks of an independent trust centre within the framework of this pseudonymisation procedure.
Data protection and data security are ensured at the HDL by technical and organisational measures in accordance with the current state of the art. These measures are developed and reviewed in consultation with the Federal Commissioner for Data Protection and Freedom of Information (BfDI) and the Federal Office for Information Security (BSI).
The purpose of transmitting and collecting the data is to enable systematic research into healthcare services documented and billed in Germany. The available healthcare data includes data on both outpatient and inpatient care. In the coming years, this dataset will be expanded to include data from service providers from other fields as well. This encompasses other groups of persons who provide healthcare services to persons insured by statutory health insurances.