IBM Japan Health Insurance Association

IBM Japan Health Insurance Association

  • Small
  • Medium
  • Large
  • japanese
  • English

Privacy policy

Measures to safeguard personal information

As part of its routine activities, the Health Insurance Society handles personal information concerning insured persons and dependents, including eligibility and benefits information and medical care records.

While the Society has always handled personal information with the utmost care, the standards and other rules with which the Society must comply when handling personal information have been codified since full enactment of the Personal Information Protection Act in April 2005.

We will provide here an overview of the Health Insurance Society’s various measures to safeguard personal information. Note that certain exceptions and other considerations may apply; please contact the Society for more information.

The Health Insurance Society’s efforts to safeguard personal information

  • Specified purposes of use, restrictions on use for other purposes

    When handling personal information, the Society will specify whenever and to the extent possible the purposes for which such information is used. It will refrain from using the information for any other purpose without prior consent from the individual in question.

  • Notification and announcement of purposes of use

    When it obtains personal information, the Society will notify the individuals in question of the purposes of use, either by notifying individuals personally or by announcement via pamphlets, the Society website, or other means.

  • Obtaining personal information by appropriate means and ensuring the accuracy of personal data

    The Society will never seek to obtain personal information through inappropriate means. Additionally, to the degree possible, it strives to ensure the accuracy of the personal data obtained, given the purpose of use.

  • Safeguards, security measures and supervision of employees and subcontractors

    In addition to maintaining and publishing rules on protecting personal information, the Society strives to ensure the secure management of such information. It also supervises employees and business subcontractors assigned responsibility for handing personal information.

  • Restrictions on providing personal data to third parties

    In principle, personal data will not be provided to third parties without consent from the individuals in question.

  • Disclosure, correction, and cessation of use of personal information

    If the individual to whom the personal information pertains requests the disclosure of such information or asks through appropriate procedures to have it corrected or its use suspended, the Society will generally comply with such request. It will also seek to respond to complaints as quickly as possible.

Fundamental policy on protecting personal information (Privacy Policy)

The Society pledges to handle personal information (i.e., information that can be used to identify individuals), including names, addresses, gender, dates of birth, telephone numbers, and email addresses, as well as eligibility-related information (e.g., gain or loss of eligibility, standard remuneration), information on cash benefits (including benefits for burial, childbirth and childcare lump-sum grant, injury and sickness allowance, patient cost-sharing reimbursements, and additional benefits), rezept-related information (e.g., medical care costs, examination/treatment information), information on health screenings (e.g., check-up data), and information related to health management (e.g., information on the use of health-care facilities, information related to Society events), in accordance with the following policy:

Managing personal information

  • In addition to establishing its own Control Rules for the Protection of Personal Information, the Society pledges to comply with the Personal Information Protection Act and related laws and regulations.
  • The Society pledges to respect the rights of individuals with respect to personal information. If it receives inquiries from the individuals in question concerning their own personal information or requests to disclose, correct, or remove such information, it will respond in accordance with applicable laws and regulations, including the Health Insurance Act and the Control Rules for the Protection of Personal Information.
  • The Society pledges to strive to safeguard personal information at all times based on the appropriate management of such information, including the following measures:
    • Defining responsibilities clearly by appointing a person responsible for protecting and managing personal information
    • Implementing strict security measures to prevent the leakage, destruction, loss, falsification, or misuse of personal information
    • Restricting access to databases of personal information to ensure the management of such information in a secure environment
    • Comprehensive training of employees on policies and measures to safeguard personal information
  • In collecting personal information, except in cases where such collection is required under laws and regulations such as the Health Insurance Act, the Society pledges to clearly indicate to its members the purpose of collecting such information. The Society also pledges to use the collected personal information solely within the designated scope of use. It will refrain from providing such information to any third party except when subcontracting operations to achieve a specific purpose of use.
  • When subcontracting operations to a third party for specific ends, the Society pledges to manage and supervise the subcontractor to ensure appropriate handling of the personal information.
  • To keep personal information on its members as accurate, complete, and up-to-date as possible, the Society pledges to revise such information promptly upon request by members.
  • Inquiries concerning the handling and management of personal information are accepted at the office of the relevant contact point in the Society, as shown below:

    Contact point: IBM Japan Health Insurance Association (Chief Privacy Officer: Managing Director)
    TEL : 03-5614-6441
    FAX : 03-5614-6444
    Click here to submit an inquiry via the Web.

  • This Fundamental Policy, Control Rules for the Protection of Personal Information, and other related documents and rules will be revised as necessary in accordance with the enactment, amendment, or repeal of laws and regulations or changes in circumstances.

The Act on Protecting Personal Information (2003 Act No. 57, “Act” hereinafter) entered full effect on April 1, 2005. The Health Insurance Society itself has implemented a full range of precautions and measures on the handling of personal information currently held and personal information it may obtain in the future. Based on the Guidelines on Proper Handling of Personal Information at Health Insurance Societies, etc. (HIB No. 1227001) released December 27, 2004 by the Director of the Health Insurance Bureau of the Ministry of Health, Labour and Welfare, the Society will provide the notification indicated below concerning the purposes of use of the personal information it handles and its provision to third parties, as well as the items of personal information it holds for reasons related to its business operations.
The contact point for consultations and reception services pursuant to this notice is the Web inquiry service. If the website is not available to you for any reason, submit inquiries in writing to the Society Managing Director.

Purposes of use of personal information

The Health Insurance Society manages the personal information currently held on insured persons and dependents in compliance with the most rigorous standards. Pursuant to the Act on Protecting Personal Information, it establishes specific purposes for which it uses personal information to smoothly and accurately undertake eligibility operations (e.g., gaining and forfeiture of eligibility), operations related to insurance benefits, and health activities, as established under the Health Insurance Act and other applicable laws and regulations.
Article 15, Paragraph 1 of the Act requires the clear specification of the purposes of use of personal information. Article 16, Paragraph 1 of the Act specifies that personal information may not be used beyond the scope necessary to achieve the specified purposes of use, without first obtaining consent from the individual in question.
* Operation involving internal use within the Health Insurance Society
** Operation involving provision of information to other businesses

  • Purposes concerning collection of insurance premiums, etc.
    • To check eligibility as insured persons and ascertain standard monthly remuneration and standard bonuses*
    • To collect health insurance premiums*
    • To certify dependents*
    • To issue health insurance cards, etc.*
    • To subcontract to outside parties data processing regarding the eligibility of insured persons and other matters**
  • Purposes concerning provision of insurance benefits to insured persons and others
    • To provide insurance benefits and additional benefits*
    • To enable the automated payment of high-cost medical care benefits, partial cost-sharing reimbursements, etc.**
    • To subcontract to outside parties translation related to medical care costs incurred overseas**
    • To submit claims to casualty insurance companies or other parties for damages attributable to the actions of a third party**
    • To engage in joint operations to provide benefits for high-cost medical care by the National Federation of Health Insurance Societies (specifically, in application for subsidies provided by the joint operations)**
  • Purposes related to health activities
    • To enable health screenings, health guidance, and health consultations for health maintenance and promotion**
    • To provide loans for high-cost medical expenses and childbirth costs*
    • To subcontract health screenings to medical care institutions**
    • To subcontract operation of health promotion centers (e.g., lodges)**
    • To notify the insured person and others of amounts of medical care costs and benefits**
    • To subcontract business operations related to health activities**
  • Purposes related to screening and payment of medical fees
    • To check or review the content of medical cost details (rezepts), etc. (e.g., to prevent mistaken or improper billing)*
    • To subcontract checks/reviews of the content of rezept data**
    • To subcontract data entry for computer processing of rezept data and rezept image loading and processing**
  • Purposes to ensure the stability of Health Insurance Society operations
    • Analysis of medical care costs and sicknesses*
    • To subcontract data processing and other activities related to analysis of medical care costs and notification of medical care cost and benefit amounts**
  • Other purposes of use
    • To prepare basic data for maintaining and improving operations related to management and administration of the Health Insurance Society*
    • To maintain records related to management and administration of the Health Insurance Society*
    • To enable appropriate and effective accounting operations*
    • To make inquiries or provide answers to ensure appropriate processing related to the transfer of insured persons and other parties between health insurance societies or other insurers**
    • To engage in consultations with or to file documents with insurers, medical care institutions, etc. when demanding compensation from third parties**
    • To send Society bulletins, magazines, and other publications to insured persons at their home addresses*, **

Article 16, Paragraph 3 of the Act stipulates that restrictions on the use of personal information do not apply in the following cases: “(i) Cases in which the handling of personal information is based on laws and regulations; (ii) Cases in which the handling of personal information is necessary to protect the life, safety, or property of an individual and in which obtaining immediate consent from the person would be difficult; (iii) Cases in which the handling of personal information is especially important to safeguard public health or to promote the sound growth of children and in which obtaining immediate consent from the person would be difficult; (iv) Cases in which the handling of personal information is required to comply with a government body, local governmental authorities, or an individual or a business operator entrusted by a government body or local governmental authority to execute the affairs specified by laws and regulations and in which obtaining consent from the person is likely to impede their execution.”

Providing personal information to third parties

Pursuant to the Ministry of Health, Labour and Welfare guidelines mentioned above, the Society provides the following notices concerning the provision of personal information to third parties. The insured person or other individual in question is regarded to have given his or her implied and comprehensive consent when no explicit objection or reservation is raised by him or her in cases in which the purpose is to engage in actions and measures that would benefit the insured person, cases in which obtaining explicit consent would impose unreasonable burdens due to changes in current methods of notification of medical care costs, amounts of benefits paid, or other information, or cases in which obtaining explicit consent may prove unreasonable from the point of view of the individual in question. Since notification of medical care costs and amounts of benefits paid includes items concerning family members in addition to insured persons, this also applies to family members.

  • To provide notification of medical care costs, notification of determination of benefits and notification of generic drug paid for the entire household, including dependents (family members)
  • To provide statutory and additional benefits (including funeral expenses, injury and sickness allowance, childbirth and childcare lump-sum grant, and maternity allowance) through the employer
  • To enable automated payment of high-cost medical care benefits through the employer without application by the individual in question
  • For the following purposes to avoid duplicated benefits when a rezept involves aid for medical care costs from a municipal government or other government agency:
    • To consult with the medical care institution to confirm whether the insured person paid the cost
    • To consult with municipal government or other government agency to confirm whether public medical aid is available
  • To allow payment of subsidies through the employer when the insured person applies for subsidies in health activities undertaken by the Health Insurance Society

Cases not qualifying as provision to third parties under the Act on Protecting Personal Information

  • The exceptions enumerated under Article 23 (“Restriction of Provision to A Third Party”), Paragraph 1 of the Act:
    • Cases in which the provision of personal data is based on laws and regulations
    • Cases in which the provision of personal data is required to protect the life, safety, or property of an individual and in which obtaining immediate consent from the person would be difficult
    • Cases in which the provision of personal data is especially important to safeguard public health or to promote the sound growth of children and in which obtaining immediate consent from the person would be difficult
    • Cases in which the provision of personal data is required to comply with a government body, local governmental authorities, or an individual or a business operator entrusted by a government body or local governmental authority to execute the affairs specified by laws and regulations and in which obtaining consent from the person would likely impede their execution
  • Cases in which the Society has contracted operations directly to a business with the approval of the Board of Directors, pursuant to Article 23, Paragraph 4, Subparagraph 1 of the Act
  • Cases of shared use of personal data held by the Society, pursuant to Article 23, Paragraph 4, Subparagraph 3 of the Act
(A) Items of personal data subject to shared use
  • Rezept data (shared use with the National Federation of Health Insurance Societies)
  • The following data (shared use with the employer)
    • Personally identifiable data, including employee no., name, date of birth, address/tel. no., and emergency contact/family information
    • Basic personal data based on individual applications other than the above personally identifiable data (e.g., gender, academic history, previous employment history)
    • Data related to salary/remuneration
    • Data related to social insurance/welfare
    • Data related to job/position/external title or rank
    • Data related to employment categories and conditions
    • Data related to section where employed
    • Data related to location of employment
    • Data related to job performance
    • Data related to type of work
    • Data related to health examinations/medical interviews
    • Data about the various programs which the Health Insurance Association performs (charged optional examination etc.)
    • Other data attendant to the above
(B) Scope of parties involved in shared use
  • IBM Japan Health Insurance Association
  • Employer members of the IBM Japan Health Insurance Association
  • National Federation of Health Insurance Societies
(C) Purposes of use of parties involved in shared use
For activities undertaken with the National Federation of Health Insurance Societies pursuant to Article 2 of the Additional Rules to the Health Insurance Act For activities related to the Health Insurance Society undertaken with the employer ((1) various health promotion programs, (2) analysis for planning and drafting of disease-prevention programs, (3) activities related to health insurance)
(D) Party responsible for management
IBM Japan Health Insurance Association (Managing Director)

Personal information held by the Society for business purposes

Insured persons

Type of personal information Content of personal information
Insured person eligibility information Symbol/number, name, date of birth, gender, date of eligibility, initial date of eligibility, date of forfeiture of eligibility, standard monthly remuneration, remuneration, insured person’s address (at time of eligibility), bonus amount, starting date of childcare leave, ending date of childcare leave
Voluntarily and continuously insured person eligibility information Symbol/number, name, date of birth, gender, date of eligibility, date of forfeiture of eligibility, standard monthly remuneration at time of forfeiture of eligibility, presence/absence of dependents, insured person’s address, insured person’s contact information (tel. no.)
Special-case retired insured person eligibility information Symbol/number, name, date of birth, gender, date of eligibility, date of forfeiture of eligibility, presence/absence of dependents, insured person’s address, insured person’s contact information (tel. no.)
Information on cash benefits to insured persons Symbol/number, name, date of birth, address, tel. no., remittance beneficiary bank/account no., name of medical care institution performing examination, year/month of examination, illness or injury, salary income, basic pension no., pension amount, medical care costs, date prosthetic equipment was fitted, cost of purchase of prosthetic equipment, previous year’s income (only for tax-exempt persons), transportation costs, name of certifying medical care institution, period unable to work, salary during period unable to work, attendance at workplace during period unable to work, date of childbirth, expected date of childbirth, number of children born, name(s) of child(ren) born, relationship, year/month/date of death, cause of death (condition), content of copy of official register indicating removal, cost of funeral (for funeral expenses only), claimant address, claimant address (when the insured person has died), claimant remittance beneficiary bank/account no.
Information on insured persons’ rezepts Whether the party is the insured person or a dependent, examination/treatment category, insurer no., symbol/number, benefit ratios, year/month of examination/treatment, prefecture code, medical care institution code, name, gender, date of birth, special notes, whether work-related or work-induced, name and address of medical care institution, department consulted, name of injury or illness, date consultations commenced, outcome of illness/injury, actual number of days of consultation, final points, public expenditure points, amount of partial contribution, amount contributed by patient, amount contributed for outpatient treatment, amount contributed for inpatient treatment, public expenditure amount, name of prescribed drugs, amount contributed for prescribed drugs, public expenditure portion of amount contributed for prescribed drugs, number of days of treatment associated with meal costs, public expenditure portion of number of days of treatment associated with meal costs, amount decided for treatment associated with meal costs, public expenditure portion of amount decided for treatment associated with meal costs, standard contribution for treatment associated with meal costs, public expenditure portion of standard amount for treatment associated with meal costs, consultation details, images (of rezept)
Information on insured persons’ health examinations Symbol/number, name, address, date of birth, tel. no., employer name, employee no., email address, examination cost, health-examination benefit-type code, items not examined, type of examination, date of examination, name of examining institution, address of examining institution, examination results, results of medical interview, images (X-rays), content of consultation/guidance, medical opinion, name of nurse/health nurse, records of purchase of emergency medicine/household medicine, previous illnesses, family previous illnesses
Insured person judo therapy information Symbol/number, name, date of birth, name of judo therapist, year and month of treatment, cost of treatment, name of injury or illness, bank account of judo therapist for transfers
Information on eligibility for copayment rate for Elderly Recipients (aged 70–74) Symbol/number, name, date of birth, gender, address, amount of public pension received, salary income amount, amount of other income, presence/absence of dependents
Insured person’s long-term care insurance eligibility information Symbol/number, name, date of birth, gender, date of 40th birthday, date of 65th birthday, long-term care insurance insured person category, date of exemption from long-term care insurance, ending date of exemption from long-term care insurance, year/month/date of departure from Japan, year/month/date of return to Japan, date of submission of notice of moving out/in to municipality
Information on use of health activities by insured persons Symbol/number, name of insured person, name of user (or person examined), date of birth of user (or person examined), whether the party is the insured person or a dependent, relationship, consulting hospital name, consulting hospital tel. no., amount of health examination costs, internal postal code, email address, employer (personal) tel. no., amount subject to payment, subsidy amount decided, type of examination, age, address, home tel. no., name of recreational facility used, year/month/date of use of recreational facility, number of days of lodging, BMI measured value (height, weight), value of additional points applied for (self-assessment item)

Dependents

Type of personal information Content of personal information
Dependent eligibility information Name, date of birth, gender, relationship to insured person, occupation (name of employer or school), average monthly income, living together or separately, date of dependent authorization, date of forfeiture of dependent eligibility, address of dependent living away from insured person
Voluntarily and continuously insured dependent eligibility information Same as voluntarily and continuously insured person eligibility information
Special-case retired insured person dependent eligibility information Same as special-case retired insured person eligibility information
Information on cash benefits to dependents Name, date of birth, relationship to insured person, bank account for transfers, name of medical care institution where consultation took place, year and month of consultation, name of injury or illness, income for the previous year (only for tax-exempt persons), medical care costs, date prosthetic equipment was fitted, purchase date of prosthetic equipment, date of childbirth, expected date of childbirth, number of children born, name(s) of child(ren) born, relationship, year/month/date of death, cause of death (condition), content of copy of official register indicating removal
Information on dependents’ rezepts Same as Information on insured persons’ rezepts
Information on dependents’ health examinations Same as Information on insured persons’ health examinations
Dependent judo therapy information Dependent name, dependent’s date of birth, relationship to insured person, other items same as for insured persons
Information on dependent eligibility for copayment rate for elderly recipients (aged 70–74) Dependent name, dependent’s amount of public pension received, dependent’s salary income amount, dependent’s amount of other income
Dependent’s long-term care insurance eligibility information Same as Insured person’s long-term care insurance eligibility information
Information on use of health activities by dependents Same as information on use of health activities by insured persons (not including those available only to insured persons)

Procedures for correction or cessation of use of personal data

Pursuant to the Health Insurance Act, personal data held by the Health Insurance Society concerning its members cannot in principle be deleted at the member’s request, since most information comes from sources such as notices pursuant to the Health Insurance Act. Except for voluntarily and continuously insured persons or special-case retired insured persons, each member must be covered by the health insurance of the society his or her employer joins. As was the case previously, corrections and additions require submission of notices of change or correction. While members retain the right to demand the cessation of use of personal data, in most cases, this would result in the inability to provide benefits or administer health examinations and is likely to be counter to the interests of the member with respect to other health activities.

  • How to submit requests: In writing (Spoken requests and requests submitted by telephone, fax, email, or other means will not be accepted.) However, for ordinary corrections, please continue to submit the required notice.
  • Submit to: Managing Director, IBM Japan Health Insurance Association
  • Required information: Applicant name, date and time of request, nature of request, reason for request
    Note: Please explain your request in the greatest possible detail. Identify the personal data and clearly indicate whether the request concerns all or part of the data.

Procedures for personal data disclosure

Articles 25 and 29 of the Act and Articles 7 and 8 of Cabinet Order No. 507 require the Health Insurance Society to establish procedures for requesting the disclosure of personal data held by it. The Society’s procedures are outlined below. However, disclosure of rezepts will be handled in accordance with the June 20, 2011 notice (HIB No. 0620-1) from the Director of the Health Insurance Bureau of the Ministry of Health, Labour and Welfare, “Partial revision of ‘Disclosure of medical cost details and other information to insured persons.’”

  • Disclosure may be requested by: the individual in question or his or her agent
  • Agents: (A) Legal agent of a minor or an adult ward
          (B) An agent entrusted by the individual in question to submit/handle the request for disclosure
  • How to submit requests for disclosure: In writing (Spoken requests and requests submitted by telephone, fax, email, or other means will not be accepted.) Requests may be submitted by post if delivery in person would be difficult.
  • Submit to: Managing Director, IBM Japan Health Insurance Association
  • Required information: Applicant name (and name of agent if submitting request via an agent), date and time of request, personal data for which disclosure is requested (indicate whether disclosure requested is for all or only part of such data—for example, data for a certain period of time)
  • Document to attach: Document certifying that the applicant is the individual in question (or his or her agent)

- - -Record of updates- - -

September 15, 2011
Reviewed and revised
February 17, 2011
Reviewed and revised
October 17, 2008
Reviewed and revised
February 16, 2007
Names of prescribed drugs added to content of personal information
March 22, 2005 (first edition)
Published in My Health no. 17 (March 22, 2005)

PAGE TOP