Compliance with data protection regulations is a high priority at MÜNCHENSTIFT. We would therefore like to inform you below about the collection of your personal data in connection with the medical questionnaire and the medical statement for registration for short-term care or full inpatient admission in accordance with Art. 13 of the General Data Protection Regulation (GDPR).
The controller responsible for the collection and processing of your personal data that we receive from you when you complete the medical questionnaire is named in the imprint.
2. Purposes and legal bases of data processing
For pre-contractual measures (e.g. coordination of occupancy in our homes) as well as for the needs-based fulfilment of the contract concluded with you, we have to process personal data of you and your relatives.
The legal basis for the collection and processing of your master data results on the one hand from the obligations arising from the contract concluded with you (Art. 6 para. 1 p.1 lit. b) GDPR and on the other hand from special laws of the social security codes (Art. 6 para. 1 p. 1 lit. c) GDPR).
If health data are processed in this context, the legal basis under data protection law is Art. 9 para. 2 lit. h) GDPR. These are processed in particular for various purposes within the framework of the implementation and planning of the contractual relationship:
For resource and problem identification, e.g.:
- Medical prescriptions and medication administration,
- Risk assessment of pressure sores and fall hazards and consideration of necessary prophylaxis.
To determine the nursing goals, e.g.:
- Wound treatment and
- wound progression.
To plan and implement nursing measures, e.g.:
- Performance record of nursing care,
- Performance record of medical, therapeutic and psychosocial treatment,
- nursing report,
- Movement planning if required,
- Drinking protocol/balance sheet if required
For evaluation of care planning.
3. Storage period
We store your personal data in accordance with our statutory retention obligations and delete it after the respective retention period has expired.
4. Data transmission
Of course, we treat your data confidentially and only pass it on to third parties if there is an obligation to pass it on or a right to do so under data protection law.
Health data may be received by third parties (e.g. health and long-term care insurance companies, in the case of social welfare recipients by the social welfare agency) or viewed in the facility (in particular by the medical service of the health insurance companies, the inspection service of the private health insurance companies and the Heimaufsicht). This transmission of data is required by law:
- Billing of services to the long-term care insurance fund (§§ 93, 94, 104, 105 SGB XI),
- the health insurance funds (§§ 284, 302 SGB V) and
- if necessary, to the social welfare agency (§§ 93 ff. SGB XI and §§ 67 ff. SGB X),
- independent experts after commissioning by the long-term care insurance fund (§ 18 SGB XI).
In addition, in the context of quality and billing audits, representatives of the Medical Service of the Health Insurance Funds, the auditing service of the private health insurance funds or experts appointed by the state associations of the long-term care insurance funds may view or transmit personal data (§§ 276, 284 SGB V, §§ 93, 97, 97a, 114, SGB XI).
Your data will neither be used for other purposes nor processed outside the EU.
5. Data subject rights
As a data subject, you have the right to information about the personal data that concerns you, as well as to the correction or deletion of incorrect data, provided that one of the reasons cited in Art. 17 GDPR is constituted, such as the data are no longer required for the purposes pursued.
You also hold the right to restrict processing if any of the preconditions set out in Art. 18 GDPR apply and, in cases of Art. 20 GDPR, the right to data transfer.
If data are collected on the basis of Art. 6 para. 1 p. 1 lit. f) GDPR, the data subject has the right to object to the processing at any time for reasons relating to their particular situation. In this case, we shall no longer process your personal data unless we can demonstrate compelling reasons for processing that override the interests, rights and freedoms of the data subject, or unless processing serves the assertion, exercise or defence of legal claims.
Any data subject has the right to complain to the supervisory authority if they consider that the processing of their personal data breaches data protection regulations. The responsible supervisory authority is:
6. Our data protection officer
We will be happy to provide you with more detailed information on request.
Version: October 2023