Privacy policy

Basic Policy Regarding Protection of Personal Information (Privacy Policy)

Microsoft Health Insurance Association takes the following measures to appropriately safeguard information concerning individual members (“personal information” hereinafter).

The Health Insurance Society implements appropriate safety measures to safeguard the personal information it obtains on its members against leaks, loss, damage, or improper access.
The Health Insurance Society uses the personal information provided by members solely for purposes considered beneficial for members, such as health maintenance and promotion. In addition, it uses Individual Numbers only within the scope of the purposes specified in the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedure.
Except when it has obtained advance consent from the member, the Health Insurance Society will not provide personal information on a member to any third party. Additionally, it will not provide personal information containing Individual Numbers (“identifying personal information” hereinafter), whether or not the individual has consented, except in the cases specified in the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedure. However, in the following cases, it may provide personal information on members other than identifying personal information to third parties without obtaining advance consent from members:
- As stipulated by laws or regulations
- When necessary to protect the life, safety, or property of an individual in cases in which obtaining the consent of the member would be difficult
- When necessary to improve public health or to promote the healthy growth of children in cases in which obtaining the consent of the member would be difficult
- When necessary to cooperate with national governmental bodies or local governmental authorities, or parties entrusted by national government bodies or local governmental authorities to execute affairs as specified by law or regulations in cases in which obtaining the consent of the member could impede their execution
In addition to training and raising awareness among employees regarding personal information protection, the Health Insurance Society will strive to manage personal information appropriately by assigning persons responsible for such management at each section that handles personal information.
When subcontracting its business operations, the Health Insurance Society will carry out reviews and implement improvements to strengthen personal information protection measures. When concluding business subcontracting agreements, it will carefully examine the competence of subcontractors and consider issues relevant to personal information protection in the content of such agreements.
A member who wishes to review, revise, or otherwise access his or her personal information may contact the Health Insurance Society's Privacy Contact. The contact there will respond swiftly to such requests to the extent reasonable.
In addition to complying with laws, regulations, and other standards concerning the handling of members' personal information, the Health Insurance Society continually reviews and strives to improve the content of this Privacy Policy.

Cases of disclosure based on the Personal Information Protection Act

1. Purpose of use of personal information

The Association handles personal information for the following purposes. In the event of a change in the purpose of use, we will notify the person or announce it on our website, etc.

* The purpose of use of retained personal data is the same as in the table above.
* In the following cases stipulated in each item of Article 21, Paragraph 4 of the Personal Information Protection Law, we may not notify or announce the purpose of use.

Types of Personal Information	Purpose of use
Eligibility Information	Management of subscribers, determination of standard monthly remuneration, collection of insurance premiums, issuance and management of various certificates, linkage with online eligibility confirmation systems, linkage of information based on the Number Act, confirmation of matching with resident information
Information on the income of insured persons and their dependents	Certification and probate of dependents, issuance and management of certificates of elderly beneficiaries and certificates of reduction of standard contributions
Information on the income and status of dependents (including those who intend to become dependents) and their family members living with them	Recognition and probate of dependents
Information about the insurer to which the disqualified person is enrolled	Implementation of transfer of receipts and coordination among insurers
Information on cash transfers	Examination and payment of insurance benefits, information linkage based on the Number Act
Information about receipts	Examination and payment of insurance benefits, issuance of medical expense notices, analysis of medical expenses for the purpose of health management and policy planning of members, application for high-cost medical subsidies to the National Federation of Health Insurance Societies
Subscriber account information	Payment of insurance benefits, payment of subsidies, refund of insurance premiums, etc.
Information on health checkups	Recommendation of medical examinations to those who have not yet undergone medical examinations, identification of those eligible for health guidance, analysis of health checkup results for the purpose of health management and policy planning of members, recommendation of medical examinations to those in need of medical care, reporting of the results of specific health examinations to the government, linkage with online eligibility confirmation systems
Information on Health Guidance	Recommending the use of health guidance, analyzing the results of health guidance for the purpose of health management and policy planning of members, and reporting on the results of specific health guidance to the national government
Information on Health Services (Various Subsidies)	User management, review and payment of subsidies
Information on Health Services (Various Health Programs)	Information about user management, application for and participation in various health programs
Information on the labor status of insured persons	Examination and payment of injury and sickness allowance, examination and payment of maternity allowance
Information on the status of medical treatment obtained through inquiries to doctors, etc.	Examination and payment of injury and sickness allowance, examination and payment of medical expenses
Information on third-party acts (traffic accidents, etc.)	Claims against perpetrators and insurance companies
Information about the members of our association	Communication regarding union meetings and board meetings, holding elections, and conducting training
Information about our employees	Manage employment, provide training, and provide benefits

(1) When there is a risk of harming the life, body, property, or other rights and interests of the person or a third party by notifying the person of the purpose of use or publicly announcing it.
(2) When there is a risk of harming the rights or legitimate interests of the Association by notifying the person of the purpose of use or publicly announcing it.
(3) When it is necessary to cooperate with a national agency or a local government in executing the affairs prescribed by laws and regulations, and notifying the person of the purpose of use or announcing it is likely to interfere with the execution of the affairs.
(4) When it is recognized that the purpose of use is clear from the circumstances of acquisition

2. Details of Security Control Measures

Organizational Security Control Measures	In addition to appointing a person responsible for handling personal information, we have clarified the employees who handle personal data and the scope of personal data handled by such employees, and have established an emergency contact system for the person in charge in the event that a fact or indication of a violation of the law or union regulations is identified. The Company conducts regular self-inspections of the status of the handling of personal data and audits by auditors.
Personnel Security Control Measures	In addition to stipulating matters related to the confidentiality of personal data in the Rules of Employment, we conduct regular training for employees on matters to keep in mind regarding the handling of personal data, verify their effectiveness, and utilize them in measures to protect personal information.
Physical Security Control Measures	In areas where personal data is handled, we control the entry and exit of staff and restrict the equipment they bring in, and implement measures to prevent unauthorized persons from viewing personal data. In addition to taking measures to prevent theft or loss of equipment, electronic media, documents, etc. that handle personal data, we have implemented measures to ensure that personal data is not easily identified when carrying such equipment, electronic media, etc., including when moving within the office.
Technical Security Control Measures	We have introduced and constantly reviewed a system to protect information systems that handle personal data from unauthorized external access and malware, and we have implemented strict access control for such information systems to limit the scope of the person in charge and the personal information databases handled.

3. Procedures for Responding to Requests for Disclosure of Retained Personal Data

In accordance with the procedures established by the Association, we will respond to requests for notification of the purpose of use, disclosure, correction, etc. (correction, addition, deletion) or suspension of use (suspension of use, erasure, suspension of provision to third parties) of retained personal data.

4. Contact for Requests and Complaints Regarding the Handling of Retained Personal Data

Microsoft Health Insurance Association
kenpo@microsoft.com

Matters Requiring Implicit Consent

Each of the following 1 to 3 is deemed as provision of personal information to third parties, and in principle, a prior consent of the person concerned must be obtained.
However, in cases such as those that benefit the person concerned or those in which the employer would bear significant costs and it would not necessarily be reasonable to obtain an explicit consent of the person concerned, an implicit comprehensive consent is considered acceptable.
Therefore, Microsoft Health Insurance Association regards that its members have given their implicit comprehensive consent to the following matters when no explicit objection or reservation is raised by them.

Those insured, etc. (members) who oppose this treatment are asked to submit to the Health Insurance Association in writing the reason therefor.
Note that you can change your consent or reservation at any time at your request.

Provide high-cost medical care benefits through the employer without application by the person concerned
Provide additional benefits (benefits above and beyond the amount of medical care costs covered) through the employer without application by the person concerned
Provide the insured with notification of medical care costs paid for the entire household, including dependents (family members)

< Cases in which personal information may be provided to third parties without obtaining prior consent >

In the following cases, the Health Insurance Association may provide personal information of its members to third parties without obtaining their prior consent. (Under Article 23, Paragraph 1 of the Act on Protecting Personal Information [hereinafter referred to as "the Act"])

When required by laws or regulations
When necessary to protect an individual’s life, safety, or assets in cases in which obtaining the consent of the member would be difficult
When necessary to improve public health or to promote healthy childrearing in cases in which obtaining the consent of the member would be difficult
When necessary to cooperate with national governmental bodies or local governmental authorities, or with parties entrusted by national governmental bodies or local governmental authorities to execute affairs as specified by laws or regulations, in cases in which obtaining the consent of the member could impede their execution

< Cases not qualifying as provision to third parties >

The following cases are not deemed as provision to third parties. (Under Article 23, Paragraph 5 of the Act)

Cases in which a business operator handling personal information entrust the handling of personal information in whole or in part within the scope necessary for the achievement of the purpose of utilization
Cases in which personal information is provided as a result of the succession of business in a merger or otherwise
Cases in which personal information is used jointly between specific individuals or entities and in which this fact, the items of the personal information used jointly, the scope of the joint users, the purpose for which the personal information is used by them, and the name of the individual or business operator responsible for the management of the personal information is, in advance, notified to the person concerned or put in a readily accessible condition for the person concerned

Shared use of personal information (1) Grant business for high medical benefits

We would like to inform you that our health insurance association will jointly use the personal information (personal data) we hold as follows.
In addition, in Article 23, Paragraph 4, Item 3 of the Personal Information Protection Law, "(1) Joint use of personal data, (2) Items of personal data used jointly, (3) Joint use Person who receives the personal information (personal data) if the person is in a state where he / she can easily know the range of the person, (4) purpose of use, and (5) name / name of the person in charge of managing personal data." Is not a third party, so it is possible to provide the personal information (personal data) without obtaining the consent of the person in advance.

Items of personal information (personal data) to be shared
- (1) Regarding the medical fee statement, (including the dispensing fee statement, hereinafter referred to as "RECEIPT"), CSV information of the electronic RECEIPT or a copy of the paper RECEIPT,
- (2) Patient name, gender, personal or family classification, by hospitalization outpatient, medical treatment date, RECEIPT request amount, etc. (stated "Grant application summary statement data" or "Grant application summary statement" In addition to the above, all items of the RECEIPT description data.
Common users
National Federation of Health Insurance Societies：Grant Business Group・Staff in charge of high-cost medical
Outsourcer : Japan Productivity Center ICT・Healthcare Promotion Department and partner companies
Shared purpose
Our association : To apply for a grant for a high-cost medical business.
National Federation of Health Insurance Societies : To properly deliver high-cost medical business. In addition, it will be used as a material to appeal the tendency of increasing medical expenses by publishing a receipt of 10 million yen or more per month (excluding personal information).
Person responsible for the management of personal information
National Federation of Health Insurance Societies：Union Support Manager
Our association : Responsible person of handling personal information
Questions about this matter, etc.
Contact
Microsoft Health Insurance Association
kenpo@microsoft.com

Shared use of personal information (2) Personal information used jointly with business owners

We would like to inform you that our health insurance association will jointly use the personal information (personal data) we hold as follows.
In addition, in Article 23, Paragraph 4, Item 3 of the Personal Information Protection Law, "(1) Joint use of personal data, (2) Items of personal data used jointly, (3) Joint use when the person is in a state where he / she can easily know the range of the person, (4) the purpose of use, and (5) the name / name of the person in charge of managing personal data, "the personal information (personal data) is provided. Since the recipient is not a third party, he / she can provide the personal information (personal data) without obtaining the consent of the person in advance.

Items of personal information (personal data) to be shared
The following personal data of the insured
- (1) Personal information (name, gender, date of birth, staff number, department, job rank, address, telephone number, standard monthly salary, standard bonus, business office loan email address, dependent information required for dependent certification, etc. )
- (2) Health insurance information that returns to the provisions of the Industrial Safety and Health Act, and information on the examinees of the health checkup (regular health checkup, NINGEN DOCK, etc.) conducted by the employer or the health insurance association as a health business (symbol, number, name, date of birth, gender, age, address, telephone number, email address, office name, employee code, health checkup consultation date, scheduled health checkup date, health checkup institution name, health checkup implementation item, health checkup result, findings, interviews, guidance content, etc.)
- (3) Whether or not the subjects of lifestyle-related disease prevention education extracted by the health checkup receive medical treatment
Common users
Health insurance association, health insurance association staff, medical workers such as industrial physicians and public health nurses of business owners, contractor.
Shared purpose
- (1) In order for the health insurance association to smoothly and accurately carry out the business of the health insurance association (acquisition / loss of qualifications, etc.), insurance benefits, health business, etc.
- (2) The health insurance association and business owners will work to maintain and improve their health and prevent their aggravation through follow-up measures, health guidance, and encouragement of consultation based on the results of the health checkup of the insured.
  In order to carry out effective project implementation with the business owner by evaluating and analyzing after implementation.
Person responsible for the management of personal information
Health insurance association, chairman, managing director, business owner, head of human resources department.
Questions about this matter, etc.
Contact
Microsoft Health Insurance Association
kenpo@microsoft.com

PAGE TOP