Information on data processing and your rights
Your data is in safe hands with AOK Hessen. AOK Hessen has an obligation to protect personal data (Section 35 of Book I of the German Social Code (Sozialgesetzbuch I – SGB I)). The EU General Data Protection Regulation (GDPR), which enters into force on 25 May 2018, further strengthens your rights as a customer. The following information provides an overview of the collection and processing of your data and the rights related thereto.
Why do we process your data, and on what legal basis?
AOK Hessen, as a provider of solidarity-based health and care insurance, has the task of preserving, restoring or improving the health of its policy holders, as well as providing assistance to those in need of care who rely on solidarity support owing to the level of their need for care.
The benefits and other expenditure are financed by collecting contributions from employers and members.
In order to fulfil these statutory tasks, AOK Hessen processes the data required for this purpose. This data is collected from you on the basis of statutory duties of cooperation (see, e.g. Section 60 et seq. SGB I) or on the basis of consent. AOK also receives data from third parties in accordance with the SGB (e.g. from your employer or care providers). Your failure to cooperate could adversely affect you when it comes to the provision of benefits (refusal or withdrawal of benefits).
For health insurance, the legal basis for data processing is Section 284 SGB V; for care insurance, it is Section 94 SGB XI. In addition, AOK Hessen is assigned tasks on the basis of other statutory provisions for which personal data needs to be processed.
In particular, this includes:
- setting up the insurance contract and membership, including the data required for initiating an insurance contract
- issuing the electronic health card
- establishing the obligation to contribute and the contributions, responsibility for the contributions and payment of the contributions
- assessment of the obligation to pay and provide benefits to the policy holder, including the requirements for benefit restrictions, determination of co-payment status and carrying out of cost reimbursements, reimbursements of contributions and determination of the limit
- assisting the policy holder in the event of malpractice
- assumption of treatment costs for individuals not required to have insurance in accordance with Section 264 of SGB V against reimbursement of costs
- involvement of the Health Insurance Medical Service (Medizinischer Dienst der Krankenversicherung (MDK))
- settlement with care providers, including checking the lawfulness and plausibility of the invoice
- monitoring of compliance with the contractual and statutory obligations of providers of aid
- monitoring of the cost-effectiveness of the provision of benefits
- settlement with other funding agencies
- settlement of claims for reimbursement or compensation against third parties
- preparation, agreement and execution of morbidity-orientated remuneration agreements
- preparation, execution of pilot projects, contracts for integrated forms of care and for the outpatient provision of highly specialised services, including the execution of performance and quality audits
- implementation of the risk adjustment scheme, as well as the preparation and implementation of structured treatment programmes, including recruiting policy holders to participate in these programmes
- conclusion and execution of nursing care rate agreements, remuneration agreements and performance and quality agreements
- consulting on measures for prevention and rehabilitation, and consulting on participation, as well as benefits and help with care
- coordination of nursing care, care consulting, and fulfilment of duties at care support points
- performance of discharge and sickness allowance case management.
- acquisition of new members
- reimbursement of employer’s contributions in the case of illness or maternity
- combating of misconduct in healthcare (Section 197a SGB V)
- research projects
In addition, AOK Hessen processes data on the basis of express declarations of consent (Art. 6 (1) a) GDPR).
What data do we process?
We process the following categories of data:
- personal data (e.g. address and communication data, date of birth, photo)
- data on membership and its initiation
- data on the insurance contract
- contribution and payment data
- benefit, health care and account data, including health information (e.g. diagnoses, periods of inability to work)
- data on the caregiver
- data on the legal representative
- data on optional tariffs and bonus programmes
- data of care providers and other contractual partners
- data of employers and their tax consultants
- data of prospective customers, prize draw participants
Who receives your data?
Data is transferred regularly in accordance with the statutory provisions to: providers of pension and accident insurance, the German Federal Employment Agency (Bundesagentur für Arbeit), the Health Insurance Medical Service (MDK), care providers, welfare authorities and, in relation to payment transactions, financial institutions, employers and paying agents. Furthermore, data may be transferred only in those individual cases stipulated by law under Section 67d et seq. SGB X (e.g. police authorities, local and municipal administration, tax authorities).
AOK Hessen may arrange for its statutory tasks to be carried out by another funding agency, associations or other service providers (in particular, processors).
AOK Hessen may use and process the lawfully collected and stored data of the data subject for other purposes if there is another legal basis for doing so under the SGB or if the data subject has given their express consent for this.
How long do we store your data for?
The data is stored while the task(s) are being completed and for the duration of the retention periods prescribed by law (e.g. Section 110a SGB IV, Section 304 SGB V, Section 84 SGB X, Section 107 SGB XI) and is then deleted.
What rights do you have?
- right of access to processed data (Art. 15 GDPR in conjunction with Section 83 SGB X)
- right to rectification of inaccurate data (Art. 16 GDPR in conjunction with Section 84 SGB X)
- right to erasure (Art. 17 GDPR in conjunction with Section 84 SGB X)
- right to restriction of processing (Art. 18 GDPR in conjunction with Section 84 SGB X)
- right to object (Art. 21 GDPR in conjunction with Section 84 SGB X)
- right to data portability (Art. 20 GDPR)
- In the case of data processing based on consent, you have the right to revoke this consent at any time with future effect.
Who is responsible for data processing and who can you contact in this regard?
AOK – Die Gesundheitskasse in Hessen
Körperschaft des öffentlichen Rechts
Basler Str. 2
61352 Bad Homburg
If you have any questions or if you believe that the processing of your personal data is not being carried out lawfully, you can contact us or our data protection officer. You can reach our data protection officer at:
Contact details of data protection officer:
Data protection officer at AOK Hessen
Basler Str. 2
61352 Bad Homburg
Do you have a right of complaint?
You have the right to complain to the supervisory authority if you believe that the processing of your personal data is not being carried out lawfully. The address of the supervisory authority responsible for AOK Hessen is:
Der Hessische Datenschutzbeauftragte
Postfach 31 63
phone: +49 (0)611 1408-0
fax: +49 (0)611 1408-900 or -901