Login
For provider
Login
Become a provider
Article content at a glance
Health data is particularly sensitive information that must be strictly protected because it reveals a great deal about a person's physical and mental health.
If it falls into the wrong hands, there is a risk of discrimination, identity theft, blackmail or unwanted profiling by companies.
Sharing such data only makes sense if it is clear who needs it for what purpose and how securely it is processed.
The right to informational self-determination makes it possible to find out what data is stored at any time and to control its use.
Health data is some of the most personal information we have, as it reveals a lot about our physical and mental condition. This data is also considered particularly sensitive under data protection law (e.g. the European General Data Protection Regulation, GDPR for short). You should therefore pay particular attention to this data and not carelessly entrust it to others unless you absolutely have to.
What counts as health data?
Various data can be health data!
- Medical information, such as diagnoses, laboratory values, X-ray or MRI images, vaccination status, allergies and intolerances
- Treatment-related data, such as medical reports and findings, information on operations or therapies, medication plans, care and rehabilitation documentation
- Data from digital devices, e.g. health apps, fitness bracelets or smart watches, such as steps taken, pulse, heart rate, sleep duration or blood glucose measurements
- Personal data relating to health, such as age, gender, pregnancy, information on disabilities or illnesses [1]
What can happen if health data falls into the wrong hands?
If your health data ends up in the wrong place within the closed healthcare system, this is not initially a disaster. Not all doctors can do as much with your findings - dentists, for example, are not interested in your ECG data and simply ignore it. However, companies and insurance companies in particular can find out a lot about you based on your health data, which can also be a disadvantage for you.
Discrimination
You could be treated differently when applying for new jobs if employers find out about your illnesses or pregnancy. Insurance companies could demand higher premiums from you or refuse benefits altogether (e.g. if they find out that you smoke). If you ride a motorcycle, for example, you could also face disadvantages with risk insurance. Even if riding a motorcycle is not direct information about your health, in the overall picture it allows conclusions to be drawn about the risk to your body.
Identity theft and fraud
Health data can be used to create fake prescriptions, bills or even complete identities. Criminals could try to bill treatments in your name, obtain medication or use your insurance number for other fraudulent purposes.
Extortion and damage to reputation
Unauthorized persons could threaten you with publishing sensitive diagnoses (a particular risk for public figures). These could be mental illnesses, addiction problems, sexual health information or diagnoses with social stigma.
Unwanted advertising or profiling
Companies could use the data to place targeted advertising or create health profiles - without your consent. For example, if you are considered to be particularly unhealthy or stressed, you will increasingly be offered appropriate dietary supplements, diet and fitness programs or sports equipment. In addition to manipulating you into making purchases, such advertising can lead to you making health decisions without consulting a medical professional.
When is it okay to disclose health data?
Doctors, hospitals, pharmacies, health insurance companies, medical emergencies and nursing or care services obviously need health data in order to provide you with the best possible care and advice. The most important thing is that
- you know who receives the data,
- understand why it is needed and
- make sure that your data is handled securely.
The latter is not always easy to recognize. Even if you are informed about how your data is handled (e.g. via a data protection information sheet) and everything sounds trustworthy, there is no guarantee that your data will remain in safe hands. Even if there is no malicious intent behind it, everyone makes mistakes and even in healthcare facilities it can happen that your data is inadvertently passed on to unauthorized persons or accessed by criminals on a large scale. The likelihood of this happening increases with the increasing digitalization of data.
Digitalization and health data
Many data entries in the healthcare sector are made via patient portals (e.g. for making appointments) or are stored in the electronic patient file. Health apps, digital fitness bracelets and smart watches are also very popular, as they can monitor steps, heart rate and sleep, for example. For these options to be really helpful, we need sufficient media literacy - in other words, the knowledge of how to use digital services safely, sensibly and responsibly.
If in doubt, go through the following steps:
1. critically examine offerings: Which offers seem trustworthy? What is the service used for? Official applications, such as those from health insurance companies, doctors' surgeries or government agencies, are usually much safer than apps from unknown providers. Ratings, seals or recommendations from specialists can provide additional guidance.
2. check data collection: How is the data protected in the service? Many applications explain this in their settings or in the data protection information. It is worth at least briefly skimming through this information to get a feel for what personal data you are sharing. It is best to choose services that originate from the EU, as these are at least subject to stricter data protection laws than services from the USA or China, for example [2]. Also make sure that you protect access to your data with a secure password that you do not use anywhere else.
3. listen to your gut feeling: If you don't feel comfortable using an app or service, find out about alternatives. Example: Using the electronic patient file is not compulsory. You can also object to its use [3]. And appointments in surgeries can often still be arranged by email or telephone.
4 If you already use an app/service: Be self-determined with your data. You can decide who you make what information available to - and you have the right to request information at any time about what data has been stored about you and to have it corrected or deleted.
The right to informational self-determination
Not sure which of your data is stored by a practice or app provider? Then simply ask them. The right to informational self-determination, i.e. that you can decide for yourself who has what data about you, entitles you to ask all data processors about the data they have stored about you. You can find a sample letter for this at the consumer advice center (https://www.verbraucherzentrale.de/sites/default/files/2019-10/Auskunft_nach_Art._15_DSGVO.pdf).
However, you can also simply write an email to the service provider/provider, in which case you will also receive this information back by email. If you are not sure whether your email provider is trustworthy, as this email exchange is sent via their server, then it is better to do this by post.
More self-determination = fewer worries
The better you understand how digital services work, the easier it is for you to decide who you trust with your health data - and who you would rather not. Sensitive information deserves to be handled with particular care. With a little media literacy and healthy caution, you can navigate the digital health sector safely.
Take our online self-test to improve your digital skills in general!
Sources
[1] Stiftung Datenschutz: Health data - practical guide: https://stiftungdatenschutz.org/ehrenamt/praxisratgeber/praxisratgeber-detailseite/gesundheitsdaten-323
[2] VFR Verlag für Rechtsjournalismus GmbH: Data protection in the USA: Where does it stand compared to Europe? https://www.datenschutz.org/usa/
[3] AOK: Opposition to the electronic patient file (ePA): https://www.aok.de/pk/versichertenservice/elektronische-patientenakte-widerspruch/