In the decision of February 7, 2022, GZ: DSB-D124.2499, 2022-0.094.281, the data protection authority had to deal with the scope of a right to information in the context of a so-called succession to a fund position. The respondent, a licensed pulmonary specialist, had obtained from his retired predecessor the complainant’s patient records pursuant to sec. 51, para. 4 ÄrzteG adopted. The complainant, who had been treated by the predecessor, requested information on his personal data from the successor in the health insurance plan.
The patient data of the “predecessor” were largely recorded in index cards, the complainant was not undergoing treatment with the successor in the health insurance plan, and he relevant the incompleteness of the information provided. In particular, there would have been a failure to explain the “illegible passages” on the index cards and the abbreviations. Furthermore, according to the complainant, the information was incomplete, as it did not contain any data on an inhalation device that he had taken over from his predecessor as an unsaleable medical sample.
The data protection authority dismissed the complaint because the request that the successor to the health insurance plan be allowed to “interpret” handwritten records of the medical history, findings and diagnosis of his predecessor, as it were, within the scope of the information provided under data protection law, was in any case excessive. In the case of such a subsequent “interpretation” of the handwritten index cards of the successor to the health insurance plan – especially if, in the absence of a treatment contract, there is no diagnosis by the successor to the health insurance plan himself – errors may also occur that are hazardous to the health of the complainant, so that – when viewed correctly – the transparency demanded by the complainant in the sense of a correct interpretation of handwritten notes of the predecessor by a successor to the health insurance plan is neither possible nor required. By transmitting the patient record cards – which were in principle technically readable and had been taken over from the predecessor – the respondent had fulfilled his obligations in terms of the Art. 12 par.1 GDPR and Art. 15 DSGVO fulfilled. Regarding the alleged incompleteness of a missing information section on the inhalation device, the data protection authority followed the credible presentation of the successor to the health insurance plan (respondent) and dismissed the complaint with reference to the case law of the BVwG on Zl. W101 2139434-1 of 27.09.2019, according to which the information must be based on the “available information” – in the sense of the information actually available at the time of the request for information from the controller – no subsequent obligation to collect information from the controller can be derived that goes beyond the information available to him.
The decision is not legally binding, as the complainant filed an appeal in due time.
Source: DSB Austria