VHI VHI and GDPR

P

Páid

Registered User
Messages
1,011
Since today VHI have made changes to the way day to day claims are handled because of GDPR.

I pay for 5 policies (for each member of my family including myself) and have a VHI online account. From today each adult must register for a myVhi account and make their claim(s) individually.

When you have 4 adults (and one minor) that's going to make it very difficult to claim online.
 
They probably got it wrong as gdpr does not apply in family context. I can still claim for myself and wife online with irishlife
 
The reason they gave is because health information is a special category.

It doesn't explain why I can see all claims in myVhi account. I cannot submit a claim but I can view it, even if it is of another family member?
 
Last edited:
I lodged a formal complaint with VHI on this point over the weekend. It is a real pain as the kids have gotten over 18 to be trying to submitting claims on their behalf. The most likely outcome of their policy is that one person in the family impersonates the others, which isn't great from a privacy POV. They've no difficulty with dealing with me when it comes to starting up the policy (including health information) or taking payment for the policy, but won't deal with me when it comes to making claims. It definitely seems like an over-zealous GDPR interpretation.
 
I see how it is a pain.

But there are lots of cases where someone might not want to share details of their medical treatment with their own immediate family.
 
NoRegretsCoyote said:
I see how it is a pain.

But there are lots of cases where someone might not want to share details of their medical treatment with their own immediate family.
Click to expand...
Maybe, and I've have no problem with allowing this to happen as appropriate.

But to STOP the other option happening, to stop one person simply managing the paperwork for the family, makes no sense.
 
You can submit receipt claims for all adults by post, as long as each adult signs the claim form. You just can't submit online (there is no option for the adults to provide their consent online).

Although it might help organise your paperwork, unfortunately this does not superceed the GDPR rules regarding an adults medical records.

As inpatient claims are submitted by hospitals and facilities only the patient (if over 18) will get the claim statement.
 
kitty81 said:
You can submit receipt claims for all adults by post, as long as each adult signs the claim form. You just can't submit online (there is no option for the adults to provide their consent online).

Although it might help organise your paperwork, unfortunately this does not superceed the GDPR rules regarding an adults medical records.

As inpatient claims are submitted by hospitals and facilities only the patient (if over 18) will get the claim statement.
Click to expand...
How come those GDPR rules about adult medical records don't seem to apply when taking out and paying for a policy with VHI ?
 
Retirement Plan there is no medical required to take out a plan.

Your 18 plus year old owns their own health data so it is not the business of any health insurer to tell you anything about their health without their say so. If they are in agreement, they can contact the insurer to provide their consent to discuss past claims with you. Consent cannot be provided for future claims.

Maybe I'm missing your point here but paying for a policy does not involve any discussion or documents about someone else's claims.

I understand that you find it frustrating but thats the law and unless you ask for the Data Protection Office to amend their GDPR rules, no amount of complaining to the insurer will change it
 
kitty81 said:
Retirement Plan there is no medical required to take out a plan.

Your 18 plus year old owns their own health data so it is not the business of any health insurer to tell you anything about their health without their say so. If they are in agreement, they can contact the insurer to provide their consent to discuss past claims with you. Consent cannot be provided for future claims.

Maybe I'm missing your point here but paying for a policy does not involve any discussion or documents about someone else's claims.

I understand that you find it frustrating but thats the law and unless you ask for the Data Protection Office to amend their GDPR rules, no amount of complaining to the insurer will change it
Click to expand...
That's just my point - there is no facility to tell the insurer that I have consent to do the administration of claims online. They don't allow it.

They WILL allow me to do it with a paper claim, provided I get the other adult's signature, so they don't have a problem in principle with one person doing the admin. They just don't allow me to do it online, a silly rule, an overzealous interpretation of GDPR, that imposes an administrative burden on their members and is a barrier to online business.
 
Your adults over 18 can give you their log in details if they so wish and you can work away to your hearts content with their personal information but unless your 18 plus year old tells the insurer, how are they to know that they are happy with their health information being given out to others ? Take your word for it?

No problem giving you the information following a postal claim if the 18 plus year old has signed the form as that signature is for that very purpose. I agree that not being able to do it online is a nuisance but show me any other company that has cracked that problem.
I think your complaint has now moved to the inability to do this online rather than arguing the GDPR rules with the insurer.

I don't agree that its a silly rule, its only silly if you feel entitled to information that is not yours.
 
kitty81 said:
Your adults over 18 can give you their log in details if they so wish and you can work away to your hearts content with their personal information but unless your 18 plus year old tells the insurer, how are they to know that they are happy with their health information being given out to others ? Take your word for it?

No problem giving you the information following a postal claim if the 18 plus year old has signed the form as that signature is for that very purpose. I agree that not being able to do it online is a nuisance but show me any other company that has cracked that problem.
I think your complaint has now moved to the inability to do this online rather than arguing the GDPR rules with the insurer.

I don't agree that its a silly rule, its only silly if you feel entitled to information that is not yours.
Click to expand...
Laya allows us to submit receipts on behalf of our 2 adult children. (22 and 20)

This might be due to the policies being run through my wifes company and payroll, ie she pays for it.

Have Laya " cracked " the problem or are VHI being over zealous?
 
"Who does the GDPR not apply to?


The GDPR does not apply to certain activities including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities.24 Oct 2017".

This is just one reply to the question, other replies say more or less the same question.

It seems to say that processing of personal/household activities isn't covered by GDPR.

Our children don't pay for their insurance and if they attend an outpatient hospital/clinic we pay whatever needs paying and simply claim it back, online with scanned receipts or more recently via the app where all 4 of us are identified as individuals, and each claim assigned to whoever needed medical assistance.

Again our experience.
 
I am unaware if Laya have a pre-claims process however if not, they are in clear breach of GDPR rules allowing you your adult children's medical information

'The special category personal data is about sensitive information. It relates to the patient’s physical, mental or sexual health. Other sensitive data include religion, membership of a trade union, or past legal history. The processing of special category data will be prohibited unless the data subject has given his/her explicit consent.'
 
kitty81 said:
Your adults over 18 can give you their log in details if they so wish and you can work away to your hearts content with their personal information but unless your 18 plus year old tells the insurer, how are they to know that they are happy with their health information being given out to others ? Take your word for it?

No problem giving you the information following a postal claim if the 18 plus year old has signed the form as that signature is for that very purpose. I agree that not being able to do it online is a nuisance but show me any other company that has cracked that problem.
I think your complaint has now moved to the inability to do this online rather than arguing the GDPR rules with the insurer.

I don't agree that its a silly rule, its only silly if you feel entitled to information that is not yours.
Click to expand...
If I login with details of my adult child, I am impersonating them. I'm pretending to VHI that I AM that person. Why would this be a better outcome for you, than VHI actually updating their processes to reflect how families work?

As it happens, I'm looking for VHI to give me access to any information. I HAVE the information, given to me by my family member. There is no medical information on it, just a GP receipt. So why would have to now keep track of a separate set of login details for each child, AND make sure that they're around when I'm submitting their claim so I can get the 2FA authentication code that comes to their phone, not mine, in order to submit a claim?

And yes, my complaint IS about not being able to do this online, but it is VHI who have said that the reason for not doing it online is GDPR. This is the kind of thing that gives GDPR a bad name.

kitty81 said:
I am unaware if Laya have a pre-claims process however if not, they are in clear breach of GDPR rules allowing you your adult children's medical information

'The special category personal data is about sensitive information. It relates to the patient’s physical, mental or sexual health. Other sensitive data include religion, membership of a trade union, or past legal history. The processing of special category data will be prohibited unless the data subject has given his/her explicit consent.'
Click to expand...
Again, Laya are NOT allowing access to any information. The policy holder already HAS the information. Laya are just allowing the same person that they were happy to take money off to manage the claims process for the family.
 
kitty81 said:
I am unaware if Laya have a pre-claims process however if not, they are in clear breach of GDPR rules allowing you your adult children's medical information

'The special category personal data is about sensitive information. It relates to the patient’s physical, mental or sexual health. Other sensitive data include religion, membership of a trade union, or past legal history. The processing of special category data will be prohibited unless the data subject has given his/her explicit consent.'
Click to expand...
Further up the thread another poster said that they didn't have any issue either with Irish Life Health care.

Further more I think we are essentially talking about claiming outpatient/ doctor expenses. The information about medical conditions etc is not something that would need to be sent to any health insurance provider.

Additionally as family members surely we would share that information anyway, afterall they are our children.
 
RetirementPlan, to be clear no 'outcome is better for' me. I am not VHI or Laya or Irish Life, I am explaining the Data Protection Office rule.

If you are able to log in to their accounts, they have made the decision to allow you to do so by providing passwords. If you stole their log in details, that's on you.

'How families work'. My guess is that my family works very different to yours. I do not assume the right to any other adults medical visits. What about separation/divorce families, where there are court orders in place that a policy must be maintained? What way does that family work?

It makes no difference to me what data you want or have, my post was attempting to explain that if you, your adult child or your spouse attends a Consultant, a Fertility specialist, an Obstetrician, a STI visit, a GP, a Counsellor, a Psychiatrist, a Mental Health admission, a miscarriage trauma, a gambling/substance abuse addiction that they do not want you to know about you feel that because you pay their insurance you should be entitled to know?

Where does the access to the information stop?

Or is it a free for all? For everything, inpatient and outpatient?

These are adults we are discussing, I would whole heartedly agree for minors but an adult is an adult regardless if they are your children or not.

If they are happy to discuss all visits with you, you should have no problem organising your paperwork with the appropriate consent provided to the insurer. If not, thankfully they have their own rights due to GDPR.

I feel I'll have to agree to disagree with you on this topic but your adult children and spouse should hold the same right over their medical information as you enjoy as the payer.

I hope your insurer can come up with a solution to help you manage it online.
 
kitty81 said:
RetirementPlan, to be clear no 'outcome is better for' me. I am not VHI or Laya or Irish Life, I am explaining the Data Protection Office rule.
Click to expand...
With respect, you seem to be able to project yourself into the roles of VHI and the family member when it comes to how this thing works, so its not unreasonable to suggest that you project yourself into the role of VHI in assessing your proposal that I impersonate family members by getting their login details.

How it is a better outcome to get them to give me their login details rather than them just giving me the receipt for their GP visit and asking me to handle the claim?

There is no 'Data Protection Office' rule, by the way. In Ireland, we have the Office of the Data Protection Commissioner. There is nothing in the GDPR (which comes from Europe) that stops me from making a claim on a receipt that a family member has handed to me.
kitty81 said:
If you are able to log in to their accounts, they have made the decision to allow you to do so by providing passwords. If you stole their log in details, that's on you.
Click to expand...
Your proposal would require both them and me to breach the VHI terms of use, which say; (my bolding for emphasis)
Policyholders act for all members included on the policy with regard to the administration of the policy (e.g. cover changes, payments/refunds, renewals, and addition/deletion of dependants. Use for any other purpose is prohibited.
Click to expand...
Members must keep their login details secret and must not record them in a form or manner which would be intelligible or otherwise accessible to an unauthorised person.
Click to expand...
This is not a workable proposal.

In general, sharing passwords is a very poor security practice. VHI should absolutely NOT be building systems that require people to share passwords and impersonate each other.

kitty81 said:
'How families work'. My guess is that my family works very different to yours. I do not assume the right to any other adults medical visits. What about separation/divorce families, where there are court orders in place that a policy must be maintained? What way does that family work?

It makes no difference to me what data you want or have, my post was attempting to explain that if you, your adult child or your spouse attends a Consultant, a Fertility specialist, an Obstetrician, a STI visit, a GP, a Counsellor, a Psychiatrist, a Mental Health admission, a miscarriage trauma, a gambling/substance abuse addiction that they do not want you to know about you feel that because you pay their insurance you should be entitled to know?

Where does the access to the information stop?

Or is it a free for all? For everything, inpatient and outpatient?

These are adults we are discussing, I would whole heartedly agree for minors but an adult is an adult regardless if they are your children or not.
Click to expand...
Please stop spinning this as some kind of patriarchal coercive controlling issue. The issue here is that a young adult goes to the GP, I pay for their GP visit, they give me the receipt from the GP. It is that simple. I'm currently unable to claim for this receipt from VHI.

There is nothing in my proposal that would stop the adult from looking after their own claims. I'm not trying to prevent anyone from looking after their own claims. I'm looking at a GP receipt and a dentist receipt from young adults in the house in front of me, both transactions that I have paid for, and VHI are stopping me from making a claim on the policy that I also paid for.

Organisations like VHI are spending millions to put their services online. It is VERY MUCH to VHIs benefit to allow me to do my business online. Their over zealous interpretation of GDPR has created an unintended consequence of a barrier to online adoption of services. I can claim with a simple signature on a paper form, but not through their online system. I'm actually doing VHI a very big favour by nudging them on to ensure that their online system mirrors their paper system.
kitty81 said:
If they are happy to discuss all visits with you, you should have no problem organising your paperwork with the appropriate consent provided to the insurer. If not, thankfully they have their own rights due to GDPR.
Click to expand...
They ARE happy to discuss these visits with me. I can organise my paperwork however I like, but I can't make an online claim for the receipts that the family members have handed to me.
kitty81 said:
I feel I'll have to agree to disagree with you on this topic but your adult children and spouse should hold the same right over their medical information as you enjoy as the payer.

I hope your insurer can come up with a solution to help you manage it online.
Click to expand...
There is nothing in my proposal that reduces the rights of other family members to privacy of their medical information. If they want to take on the admin workload, I'll be only too delighted. But they generally don't.
 
RetirementPlan said:
With respect, you seem to be able to project yourself into the roles of VHI and the family member when it comes to how this thing works, so its not unreasonable to suggest that you project yourself into the role of VHI in assessing your proposal that I impersonate family members by getting their login details.

How it is a better outcome to get them to give me their login details rather than them just giving me the receipt for their GP visit and asking me to handle the claim?

There is no 'Data Protection Office' rule, by the way. In Ireland, we have the Office of the Data Protection Commissioner. There is nothing in the GDPR (which comes from Europe) that stops me from making a claim on a receipt that a family member has handed to me.

Your proposal would require both them and me to breach the VHI terms of use, which say; (my bolding for emphasis)


This is not a workable proposal.

In general, sharing passwords is a very poor security practice. VHI should absolutely NOT be building systems that require people to share passwords and impersonate each other.


Please stop spinning this as some kind of patriarchal coercive controlling issue. The issue here is that a young adult goes to the GP, I pay for their GP visit, they give me the receipt from the GP. It is that simple. I'm currently unable to claim for this receipt from VHI.

There is nothing in my proposal that would stop the adult from looking after their own claims. I'm not trying to prevent anyone from looking after their own claims. I'm looking at a GP receipt and a dentist receipt from young adults in the house in front of me, both transactions that I have paid for, and VHI are stopping me from making a claim on the policy that I also paid for.

Organisations like VHI are spending millions to put their services online. It is VERY MUCH to VHIs benefit to allow me to do my business online. Their over zealous interpretation of GDPR has created an unintended consequence of a barrier to online adoption of services. I can claim with a simple signature on a paper form, but not through their online system. I'm actually doing VHI a very big favour by nudging them on to ensure that their online system mirrors their paper system.

They ARE happy to discuss these visits with me. I can organise my paperwork however I like, but I can't make an online claim for the receipts that the family members have handed to me.

There is nothing in my proposal that reduces the rights of other family members to privacy of their medical information. If they want to take on the admin workload, I'll be only too delighted. But they generally don't.
Click to expand...
Dude you really didn't have to respond in the manner you have but I'm glad you have. I tried earlier today but gave up .

The issue here is simply that you are responsible for the health insurance of your family and therefore should be able to proceed with the administration of that responsibility, which no doubt you do.

I find infuriating that someone else comments with so much whataboutery to justify every nonsensical point.....without an iota of the practicalities.

Of 3 health insurance companies quoted on this 2 seem to be able to do what you would like to do.....except the VHI .

Best of luck and stupendous retort
 
You must log in or register to reply here.
Back
Top