Jump to content
Gesundheitsdaten Foemibanner Rot Photo by Ryoji Iwata on Unsplash
Freedom in the digital age
Art. 1, 2

Database with health data of 73 million statutorily insured individuals must not become a data leak

Die Daten von 73 Millionen gesetzlich Versicherten zu Forschungszwecken sind in Gefahr: Wir klagen zum Schutz vor Missbrauch

Informationen über unsere Gesundheit gehören zu den sensibelsten Daten, die über uns gespeichert werden. Deshalb müssen sie besonders gut geschützt werden. Das neue „Digitale-Versorgungs-Gesetz“ (DVG) droht diesen Schutz nun aufzuweichen. Bis zum 1. Oktober 2022 werden die Daten von 73 Millionen gesetzlich Versicherten zu Forschungszwecken vollautomatisch in einer zentralen Datenbank zusammengeführt und dann immer weiter ergänzt. Ein Widerspruchsrecht gegen die Weitergabe gibt es nicht. Die Nutzung von Gesundheitsdaten zu Forschungszwecken im Wohl der Allgemeinheit ist grundsätzlich sinnvoll. Die für die neue Gesundheitsdatenbank bislang gesetzlich vorgesehenen Schutzstandards reichen jedoch nicht aus. Gemeinsam mit der Informatikerin Constanze Kurz und einem weiteren Kläger mit einer seltenen Krankheit reicht die GFF Eilanträge gegen die Sammlung bei den Sozialgerichten in Berlin und Frankfurt ein. Das Ziel ist es zu erreichen, dass die Daten der Versicherten bestmöglich geschützt werden, um einen Missbrauch zu verhindern. Zudem muss es möglich sein, gegen die Datenverarbeitung Widerspruch einzulegen.

Bijan Moini

Jurist und Verfahrenskoordinator

„Niemand will Gesundheitsforschung verhindern. Aber das Gesetz sieht weder ausreichende Schutzstandards noch moderne Verschlüsselungsmethoden vor – das ist fahrlässig und gefährlich. Wenn Gesundheitsdaten einmal in falsche Hände geraten, kann das nicht mehr rückgängig gemacht werden“

By October 1, 2022, the statutory health insurers will feed extensive health data into a data collection for research purposes. The basis for this is the "Digital Health Care Act" (DVG), which came into force in 2019. The data includes, among other things, medical diagnoses, data on hospital stays, operations and medications of their insured. The information will be gradually added to and stored for up to 30 years. This affects 73 million people with statutory health insurance, or almost 90% of all people in Germany.

In principle, it makes sense to make health data available to certain government agencies and the scientific community. The health data of the statutory health insurers is a valuable resource that should not go unused in the public interest. If the data is made available to research, public health care can also be better evaluated and developed. The DVG also aims to promote innovative technologies as part of the digitization of healthcare.

PROTECTION PROVIDED SO FAR IS INADEQUATE

So far, data is only to be pseudonymized during fully automated transfer. This means that the name, birthday and month of the insured person are removed. However, an expert report by cryptography professor Dominique Schröder commissioned by GFF shows that such pseudonymization does not protect people from being re-identified. This poses a significant risk of misuse, especially since there is no obligation to use modern encryption technology to secure the data.

The legal regulation of the health database must be measured against both the European Union's General Data Protection Regulation (GDPR) and the German Basic Law. The lack of a right to object violates the fundamental right to informational self-determination and Article 21 of the GDPR.

Above all, there must be a right of objection for particularly vulnerable people such as those with a rare or stigmatizing disease. It must not be possible for bodies such as medical associations, universities and the highest federal authorities to gain access to this intimate and sensitive data, even against the declared will of the people concerned. People who are particularly in need of protection must fear personal disadvantages such as loss of reputation, exclusion or financial losses in the event of data misuse or data leaks. They therefore have a particularly strong interest in the confidentiality of their data.

The right to informational self-determination also gives rise to the goovernment's duty to protect data from misuse as well as possible and with the best technology. Important research for the common good must be made possible in such a way that no fundamental rights are violated in the process.

HIGH STANDARDS OF PROTECTION AND A RIGHT TO OBJECT

The GFF wants to use emergency motions and lawsuits to have the courts establish that high IT security standards must apply to the health database. This concerns the merging of data records prior to pseudonymization, the central storage of pseudonymized data records, and the processing of data by authorized users. In addition, a right of objection should be recognized and established, at least for those in particular need of protection.

The first plaintiff supported by GFF, Constanze Kurz, spokeswoman for the Chaos Computer Club and a computer scientist, fears that the security flaws could lead to a dangerous data leak. The second plaintiff has a rare disease and is worried about being easily re-identified despite pseudonymizing his data and being discriminated against, for example when looking for a job. The plaintiff and the applicant are represented in court by GFF cooperation lawyer Prof. Matthias Bäcker (University of Mainz).

Banner Foe Mis 37 Mann im Rollstuhl

FREEDOM NEEDS FIGHTERS

Freedom needs strong friends

Grundrechte verteidigen.
Fördermitglied werden!