Legal analysis of the law
- Title of the law and Official Gazette number (last change or modification)
Law on Health Insurance – (“Official Gazette of the Republic of Macedonia“ n. 25/2000, 34/2000, 96/2000, 50/2001, 11/2002, 31/2003, 84/2005, 37/2006, 18/2007, 36/2007, 82/2008, 98/2008, 6/2009, 67/2009, 50/2010, 156/2010, 53/2011, 26/2012, 16/2013, 91/2013, 187/2013, 43/2014, 44/2014, 97/2014, 112/2014 and 113/2014)
- Does the Law envisage processing of personal data and in what type of Collection? (Evidence, Register, Database)
The law envisages the processing of personal data in the following forms:
Electronic card for health insurance.
- What is the purpose of collecting personal data? Is that purpose clear?
Exercising rights of health insurance.
- What categories of personal data are collected? Is the scope in compliance with the purpose?
Scope of personal data collected for the purposes of issuing and maintenance of the Electronic health card is defined by a Rulebook of the Health Insurance Fund.
For issuing the Electronic health card the following personal data is being collected: name and surname, unique health insurance number, serial number of the card, legal base of insurance, PIN, sex, date of birth, insured status, and duration of the health insurance.
The Electronic health card can also contain data for father’s name, unique health insurance number of the carrier of the insurance, place and state of birth, blood donations.
As regards the Electronic card for health insurance, having in mind that the categories of personal data, the manner of processing of personal data and the scope of personal data for every collection has to be based on law the real practice is not in compliance with the LPDP. Namely, all previously mentioned is defined by a Rulebook and not by the Law on Health Insurance. Modification on the Law on Health Insurance should be done so that the categories of personal data, the manner of processing of personal data and the scope of personal data for every collection are defined by law.
- Who collects the personal data at first instance? (company, institution)
Health Insurance Fund.
- Is the Consent of the data subject for personal data protection envisaged by this law?
- Is the keeping period of personal data clearly defined?
No. Precise definition of the keeping period should be done in this law. Additional provision for the technical and organizational measures is needed.
- Does the law contain separate provision for personal data protection that clearly states the implementation of technical and organizational measures?
Additional provision for the technical and organizational measures is needed not only for the internal procedures of the Pension and Disability Fund but as well for sharing data with other subjects.
- Is the processing of personal data prescribed by this law connected to implementation of another law?
Law on Health Insurance
- Are there any exceptions for processing of sensitive data? (PIN, biometrics, video surveillance)