Council of Europe calls on member states to ban genetic tests for insurance purposes - and better protect health-related and genetic data processed by insurance companies
Strasbourg, 26.10.2016 – The Council of Europe calls upon the Governments of its Member States to ensure non-discrimination, including on grounds of genetic characteristics, and the protection of private life in the framework of insurance contracts covering risks related to health, age or death.
“People’s health and genetic data are highly sensitive and must be properly protected. Governments have duty to ensure nobody is discriminated on the grounds of his or her genetic characteristics. Genetic tests for insurance purposes should therefore be banned,” said Secretary General Jagland. “Our recommendations show the way how to better protect the rights of insured people in an increasingly international market,” he added.
The new
Recommendation adopted today sets out essential principles aimed at protecting the rights of persons whose personal data are processed for insurance purposes. It takes into account insurance companies’ legitimate interest in assessing the level of risk presented by the insured person. The recommended measures include strict safeguards for the collection and processing of health-related personal data, based on the insured person’s consent, as well as the prohibition of requiring genetic tests for insurance purposes.
As a first international legal instrument in this field, the Recommendation notably aims at preventing any processing of health-related data which would not be justified and would not comply with the criteria of relevance and validity.
The text also underlines the necessity of facilitating access to insurance, under affordable conditions, to persons presenting an increased health risk, and the importance of promoting fair and objective settlement of disputes between insured persons and insurers.
-------------------------------
of the Committee of Ministers to the member States
on the processing of personal health-related data for insurance purposes, including data resulting from genetic tests
(Adopted by the Committee of Ministers on 26 October 2016
at the 1269th meeting of the Ministers’ Deputies)
The Committee of Ministers, under the terms of Article 15.b of the Statute of the Council of Europe,
Considering that the aim of the Council of Europe is to achieve a greater unity between its members, in particular through harmonising laws on matters of common interest;
Recalling the principles laid down in:
- the Convention for the Protection of Human Rights and Dignity of the Human Being with regard to the Application of Biology and Medicine (“the Convention on Human Rights and Biomedicine”) (ETS No. 164), and
- the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108);
Taking into consideration:
- Recommendation Rec(2002)9 on the protection of personal data collected and processed for insurance purposes;
- Recommendation Rec(97)5 on the protection of medical data;
as well as the revised European Social Charter (ETS No. 163) and the European Code of Social Security (ETS No. 48);
Bearing in mind the significant expansion of private insurance contracts covering risks related to an individual’s health, physical integrity, age or death;
Considering the sensitive nature of the personal health-related data processed in these contracts;
Taking into account developments in the field of genetics, in particular the prospects of obtaining data more and more easily on the genetic characteristics of individuals, the analysis of which may be particularly complex;
Bearing in mind the risks of an incorrect or excessive interpretation of these data regarding the state of health of the persons concerned in the – sometimes very distant – future;
Convinced of the social importance in each country of appropriate coverage for certain risks related to health, physical integrity, age or death;
Recognising at the same time the insurer’s legitimate interest in assessing the level of risk presented by the insured person;
Aware of the role that voluntary private insurance can play in supplementing (and occasionally replacing) coverage for these risks by the social security scheme or other public or compulsory insurance;
Convinced, moreover, of the social importance, which varies from country to country, of coverage for risks related, for example, to death, insofar as insurance may be a precondition for access to certain financial services;
Emphasising the need to strike a fair balance between the constraints relating to the nature of the private insurance contract, the protection of the insured person’s individual interests and the social importance of coverage for certain risks;
Considering the need for member States to take appropriate measures to ensure respect for the fundamental rights of insured persons with regard to private insurance contracts relating to a person’s health, physical integrity, age or death;
Considering, in particular, the need to provide a regulatory or convention-based framework for the processing for insurance purposes of health-related personal data, in particular predictive data, whether genetic or not, and to promote the insurability of individuals presenting a greater health risk, especially in view of the social importance of coverage for certain risks;
Considering that obtaining these results may in certain cases require legislation or regulations, whereas in other cases dialogue between the insurers, patient and consumer representatives, health professionals, the competent authorities and other relevant stakeholders may produce satisfactory results,
Recommends that the governments of member States implement the provisions of this recommendation.
I. General provisions
Object
1. Member States should take appropriate measures to ensure respect for the fundamental rights of persons, without discrimination, in the context of the insurance contracts covered by this recommendation.
Scope
2. This recommendation applies to personal and group insurance contracts with the objective of insuring the risks linked to a person’s health, physical integrity, age or death.
3. None of the proposed measures of this recommendation should be interpreted as limiting or otherwise affecting the possibility for any member State to grant the insured person a wider measure of protection.
Definitions
4. For the purpose of this recommendation:
- “insured person” refers to the individual whose risks are covered by a contract, whether in the process of being drawn up or already concluded;
- “insurer” refers to both insurance and re-insurance companies;
- “third party” is any natural or legal person other than the insured person or the insurer;
- “examination” includes any test, genetic or otherwise;
- “genetic test” refers to a test involving analysis of biological samples of human origin, aiming to identify the genetic characteristics of a person that are inherited or acquired during early prenatal development;
- “health-related personal data” refer to all personal data related to the health of an individual;
- “processing of personal data” means any operation or set of operations which is performed upon personal data.
II. Processing of health-related personal data
Principle 1 – Insurers should justify the processing of health-related personal data.
5. Health-related personal data should only be processed for insurance purposes subject to the following conditions:
- the processing purpose has been specified and the relevance of the data has been duly justified;
- the quality and validity of the data are in accordance with generally accepted scientific and clinical standards;
- data resulting from a predictive examination have a high positive predictive value; and
- processing is duly justified in accordance with the principle of proportionality in relation to the nature and importance of the risk in question.
6. Health-related personal data from family members of the insured person should not be processed for insurance purposes, unless specifically authorised by law. If so, the criteria laid down in paragraph 5 and the restriction laid down in paragraph 17 should be respected.
7. The processing for insurance purposes of health-related personal data obtained in the public domain, such as on social media or internet fora, should not be permitted to evaluate risks or calculate premiums.
8. The processing for insurance purposes of health-related personal data obtained in a research context involving the insured person should not be permitted.
9. Questions posed by the insurer should be clear, intelligible, direct, objective and precise. Insurers should provide easy access to a contact person, having the requisite competence and experience, to address any difficulties of understanding with regard to the documents for the collection of health-related personal data.
Principle 2 – Insurers should not process personal health-related data without the consent of the insured person.
10. Health-related personal data should not be processed for insurance purposes without the insured person’s free, express and informed, written consent.
11. Health-related personal data should in principle be collected from the insured person by the insurer. The transmission of health-related personal data by a third party should be made subject to the insured person’s consent.
Principle 3 – Insurers should have adequate safeguards for the storage of health-related personal data.
12. Insurers should not store health-related personal data which is no longer necessary for the accomplishment of the purpose for which it was collected. They should, in particular, not store health-related personal data if an application for insurance has been rejected, or if the contract has expired and claims can no longer be made. An exemption can be made if further storage is required by law.
13. Insurers should adopt internal regulations to protect the security and confidentiality of the insured person’s health-related data. In particular, health-related personal data should be stored with limited access separately from other data, and data kept for statistical purposes should be anonymised.
14. Internal and external audit procedures should be put in place for adequate control of the processing of health-related personal data with regard to security and confidentiality.
III. Specific provisions on genetic tests
Principle 4 – Insurers should not require genetic tests for insurance purposes.
15. In accordance with the principle laid down in Article 12 of the Convention on Human Rights and Biomedicine, predictive genetic tests must not be carried out for insurance purposes.
16. Existing predictive data resulting from genetic tests should not be processed for insurance purposes unless specifically authorised by law. If so, their processing should only be allowed after independent assessment of conformity with the criteria laid down in paragraph 5 by type of test used and with regard to a particular risk to be insured.
17. Existing data from genetic tests from family members of the insured person should not be processed for insurance purposes.
IV. Provisions on risk assessment
Principle 5 – Insurers should take account of new scientific knowledge.
18. Insurers should regularly update their actuarial bases in line with relevant, new scientific knowledge.
19. At the request of the insured person, the insurer should provide relevant information and justification to that person regarding the calculation of the premium, any additional premium or any total or partial exclusion from insurance.
V. Social importance of coverage for certain risks
Principle 6 – Member States should facilitate risks coverage that is socially important.
20. Member States should recognise the social importance of coverage for certain risks and should, where appropriate, take measures to facilitate affordable access to insurance coverage for persons presenting an increased health-related risk.
VI. Mediation, consultation and monitoring
Principle 7 – Member States should ensure adequate mediation, consultation and monitoring.
Mediation in disputes between insured persons and insurers
21. Member States should ensure that mediation procedures are set up, where they do not exist, to ensure fair and objective settlement of individual disputes between insured persons and insurers. Insurers should inform all insured persons about the existence of these mediation procedures.
Collective consultation between parties
22. Member States should promote consultation between insurers, patient and consumer representatives, health professionals and the competent authorities, to ensure a well-balanced relationship between the parties and increase transparency vis-à-vis the public.
Monitoring of practices
23. Member States should ensure independent monitoring of practices in the insurance sector in order to evaluate compliance with the principles laid down in this recommendation.