The Health Insurance CZ is changing the way it is working with authorizing applications. CZ is in compliance with the order imposed by the Dutch Personal Data Protection Authority (AP) in February 2020.
More data than necessary
The AP has established on last year, after an investigation, that the working method used by CZ for authorization applications was breaching the privacy legislation. When it is asked an authorization, the insured is asking the prior approval of the health insurance for the refund of specific care.
The AP has discovered that in a specific number of cases CZ has processed more health data than necessary in order to assess those authorization applications. It was about insurer requests that need a doctor for special recovery cure. For example, after a complex bone fracture or a motor condition.
The AP has imposed to CZ a penalty order for this. CZ has presented an appeal against this Administrative Court. During this procedure AP and CZ have talked each other about changing the standard procedure of CZ.
Guidelines for the assessing
CZ is working with a new guideline in order to assess authorization applications for the specialized medical cure of rehabilitation without hospitalization. AP has ended that CZ has made enough improvements on this sense.
The Authority believes that CZ has improved the way in which it explains to insurers which health data are necessary for assessing their application and why. It guarantees that it will not process more information than necessary.
The Authority is also pleased of steps made by CZ. In addition, these guidelines shall be used as a model for other health insurer and for the whole sector.
Complaints on CZ
A total amount of 12 insurer have presented a complaint to AP and have asked that AP will take an executive action against CZ. They believe that CZ has processed too many health data in assessing their application for rehabilitation cures.
CZ has removed personal data of these insured.
SOURCE: DUTCH DATA PROTECTION AUTHORITY