Microsoft Health Insurance Association

Microsoft Health Insurance Association

  • Japanese
  • English
Text Size
  • Small
  • Medium
  • Large

Privacy policy

Basic Policy Regarding Protection of Personal Information (Privacy Policy)

Microsoft Health Insurance Association takes the following measures to appropriately safeguard information concerning individual members (“personal information” hereinafter).

  • The Health Insurance Society implements appropriate safety measures to safeguard the personal information it obtains on its members against leaks, loss, damage, or improper access.
  • The Health Insurance Society uses the personal information provided by members solely for purposes considered beneficial for members, such as health maintenance and promotion. In addition, it uses Individual Numbers only within the scope of the purposes specified in the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedure.
  • Except when it has obtained advance consent from the member, the Health Insurance Society will not provide personal information on a member to any third party. Additionally, it will not provide personal information containing Individual Numbers (“identifying personal information” hereinafter), whether or not the individual has consented, except in the cases specified in the Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedure. However, in the following cases, it may provide personal information on members other than identifying personal information to third parties without obtaining advance consent from members:
    • As stipulated by laws or regulations
    • When necessary to protect the life, safety, or property of an individual in cases in which obtaining the consent of the member would be difficult
    • When necessary to improve public health or to promote the healthy growth of children in cases in which obtaining the consent of the member would be difficult
    • When necessary to cooperate with national governmental bodies or local governmental authorities, or parties entrusted by national government bodies or local governmental authorities to execute affairs as specified by law or regulations in cases in which obtaining the consent of the member could impede their execution
  • In addition to training and raising awareness among employees regarding personal information protection, the Health Insurance Society will strive to manage personal information appropriately by assigning persons responsible for such management at each section that handles personal information.
  • When subcontracting its business operations, the Health Insurance Society will carry out reviews and implement improvements to strengthen personal information protection measures. When concluding business subcontracting agreements, it will carefully examine the competence of subcontractors and consider issues relevant to personal information protection in the content of such agreements.
  • A member who wishes to review, revise, or otherwise access his or her personal information may contact the Health Insurance Society's Privacy Contact. The contact there will respond swiftly to such requests to the extent reasonable.
  • In addition to complying with laws, regulations, and other standards concerning the handling of members' personal information, the Health Insurance Society continually reviews and strives to improve the content of this Privacy Policy.
Disclosure of purpose of use of personal information held by the Microsoft Health Insurance Association

Microsoft Health Insurance Association will create a personal information database based on personal information such as application forms received from the insured and their families (subscribers), health checkup result, personal information described in the "medical fee statement (hereinafter referred to as" "RECEIPT")".
And we will use them for the following health insurance business.

In a large sense, the purpose of using personal information of this association is to provide insurance benefits for illness, injury or death or childbirth other than work accidents of the subscribers stipulated in the Health Insurance Act. In other words, we will carry out the business necessary to maintain and improve the health of our subscribers.

However, the health insurance association handles a large amount of medical information such as RECEIPT and health checkup result data and other personal information, and is a business that requires the strong trust of its subscribers. In the guidelines provided by the Ministry of Health, Labor and Welfare, it is desirable to have a more detailed and limited purpose.

Therefore, as a general rule, the association will make the purpose of use of personal information listed in (Attached Table 1) as shown in (Attached Table 2), and announce the method of using personal information as follows.

In addition, personal information held by the association will not be used for anything other than the health activities carried out by the association.

  • About various notifications of applicable relationship
    • Focusing on the items described in the "Notification of acquisition of insured qualification" and "Notification of dependents (transfer)" when joining the association (code number, name, date of birth, gender, address, monthly remuneration, etc.) By inputting and processing to, a "master database" (hereinafter referred to as "MASTER") such as a subscriber ledger is created, data is stored in the business processing computer of our association, and it is used for general health insurance business.
    • When submitting the "Dependent (Transfer) Notification", the certification work will be carried out based on the income judgment documents such as taxation / tax exemption certificate and enrollment certificate.
    • If there are any changes or additions to the data registered in the "MASTER", the data will be changed by notification of changes (corrections) regarding the application relationship.
    • Using the MASTER, it is linked with benefit data, receipt data, medical examination data, etc., and is used for checking payment of benefits, etc., and for notifying medical expenses. It is also used for extracting target persons for implementing various insurance businesses and contacting subscribers.
    • We may use the contact information such as the address and name of the MASTER to contact the contact information provided in the notification, etc., if necessary even after the disqualification of the association.
    • When a medical institution or other insurer (including ward / municipalities, pension offices) inquires about health care such as whether or not you have lost your qualification, we will confirm the other party and issue the MASTER insurance certificate. We will answer whether you are qualified or disqualified, such as symbol number, name, date of birth, gender, qualification acquisition date, disqualification date, etc.
    • If a person who has lost his / her qualification is suspected of having a medical examination after losing his / her qualification, we will inquire name, date of birth, gender, qualification acquisition date, qualification loss date to the other insurer, etc.
    • Data is imported into the MASTER by "calculation basis notification" and "monthly change notification", and insurance premiums (including adjusted insurance premiums and long-term care insurance premiums) will be collected.
  • About benefit-related application documents such as cash benefits
    • Business processing Enter data into computer data, check the application details, and perform appropriate benefit determination processing.
    • Data input and save of benefit records will be used for subsequent application checks.
    • It is necessary to make adjustments for claims for lump-sum payment for childbirth and childcare and lump-sum payment for family birth and childcare so that they do not overlap with other insurers. We refer other insurers for the code number, name, date of birth, etc. of the MASTER to determine the benefits.
    • If another insurer makes an inquiry about whether or not you are requesting a lump-sum birth allowance or family lump-sum birth allowance, we reply to you regarding the application and benefits after confirming the other party.
    • We confirm the claimant of the injury and illness allowance using the receipt data, and in some cases, confirm the treatment status with the attending physician or conduct a visit survey to determine the benefit.
  • About medical fee statement RECEIPT
    • The image and receipt data of the RECEIPT requested by the Social Insurance Medical Fee Payment Fund will be stored in the union's paperwork computer and used for health insurance business.
    • We will ask the consignment organization to check the data, and request the Social Insurance Medical Fee Payment Fund to reexamine the data if there is any doubt about the content of the claim.
    • If you suspect that you will be examined after losing your qualification in the reexamination request, we will inform and confirm to medical institution of the union name, code number, name, date of birth, date of disqualification, date of consultation.
    • We will check with the medical institution about the public expenditure of patients who are expected to receive high medical expenses and whether or not there is a subsidy for local government medical expenses. We will ask the medical institution for confirmation by telling the medical institution the name of the union, the code number, the name, the date of birth, etc.
    • The RECEIPT data will be used for medical expense analysis, and will be used for measures to optimize medical expenses of our association, as well as for post-medical guidance after health examinations and extraction of people targeted for lifestyle-related disease prevention education.
    • Based on the RECEIPT data, we will extract the subscribers who have been examined by multiple medical institutions within the same month and provide guidance.
    • Based on the RECEIPT data, we will determine the payment of high-cost medical expenses and additional benefits (partial contribution refund, total high-cost medical treatment surcharge, family medical treatment surcharge).
    • The payment of injury and illness allowance will be decided with reference to the RECEIPT data.
    • With reference to the RECEIPT data, we will determine the payment of medical expenses such as judo uniform medical treatment and second family medical expenses.
    • When requesting disclosure, we will output the RECEIPT data and respond accordingly. In addition, when requesting disclosure, if you are not the person, we will disclose it only to those who are approved in accordance with the disclosure request procedure.
    • We will hand over the RECEIPT data to the contractor and notify the subscriber of the medical expenses.
    • In addition, since the medical expense notification will be provided to the insured in a lump sum for all households, it is assumed that "comprehensive consent by implied consent has been obtained".
    • If you receive insurance medical treatment due to a third party's act such as a traffic accident, we will submit a copy of the patient's receipt to the non-life insurance company as proof of medical expenses.
    • We will outsource to an external translator to translate the RECEIPT of those who received medical treatment overseas into Japanese.
    • In order to apply for the joint business of high-value medical benefits carried out by the Health Insurance Federation, we will send the application form containing the receipt data and a part of its contents to the high-cost medical staff of the Health Insurance Federation's grant business group. And we are subsidized for medical expenses.
  • About health checkups
    • Health checkups will be outsourced to a health checkup contractor.
    • The result numerical value will be notified to the examinee, and the numerical data will be input by the health checkup contractor into the business processing computer of the association. The data will be used for post-health guidance and selection of subjects for lifestyle-related disease prevention education.
    • Our association conducts health checkups as a joint project with business owners, and we also contact the business owners regarding the numerical values of the health checkup results of the insured and the legal inspection items under the Industrial Safety and Health Act, and both parties will have that data and use for the health management of the insured (employee).
      In addition, items other than legal inspection items will be handled in the same way with the consent of the person.
    • For those who are eligible for lifestyle-related disease prevention education extracted by the health checkup, we will provide the medical staff such as industrial physicians and public health nurses of the business owner with whether or not they have undergone a medical treatment.
      The information will be used for lifestyle-related disease prevention education jointly with the business owner.
    • By saving the health checkup result data in the MASTER and comparing it with future data, we will use them as reference material for health management projects and health guidance.
  • Implementation of other health activities
    • Our Association may outsource various health services to third parties for the purpose of maintaining and improving the health of its subscribers. Health information may also be shared.
    • Health information obtained through health services will be shared with business owners with the consent of the person concerned and will be used for the health management of the insured.
    • Health information associated with various health services will be stored in the "Master" and used for health promotion projects for those who have health insurance.
    • Our Association will conduct stress checks cooperating with business owners. Our Association will share the results of the checkups and analysis with the business owner. The results of the checks and analysis may be re-consigned to a third party.
  • About officer / employee personnel-related data, association meeting member list, and office staff list
    • Documents related to the appointment and recruitment of association staff will be kept strictly after use.
    • Documents related to remuneration for officers and employees will be kept strictly and used for tax withholding and other processing.
    • Documents related to personnel such as personnel evaluation will be kept strictly and used for personnel changes.
    • The list of members of the association and the list of directors will be used for communication when the association and the board of directors are held.
    • The list of persons in charge of business establishments will be used for information sessions for persons in charge of business establishments, the Health Management Promotion Committee, and other individual business communications.
  • About specific personal information

    Specific personal information refers to personal information that includes a personal number (commonly known as my number) (It corresponds to the individual number and is a number, symbol or other code used in place of the individual number, and it includes things other than the resident's code number. ) in its contents.

    Specific personal information will be linked between persons who handle administrative affairs such as administrative agencies (Example: Receive taxation / exemption information from the municipality when certifying dependents of the health insurance association ), etc., in accordance with the "Act on the Use of Numbers for Identifying Specific Individuals in Administrative Procedures" Hereinafter referred to as "numbering method", The range of use is defined.
    We will not use it beyond the purpose of use specified in the range of use specified by the numbering method.

    In addition, personal numbers may be attached to the notifications in 1 and 2 above, which may be specific personal information. If you use it for the purpose or method of use specified in 1 or 2, we will take measures such as masking or deleting your personal number because it is outside the range of use specified in the Numbering Law.

    In addition, we will store, manage, dispose of, and delete the personal information of our association as follows.

    • (1) Personal information written on paper such as various notifications, application documents, and receipts will be stored in the warehouse until the specified storage period in accordance with the document storage regulations of our association when the input processing is completed. We will not take it out of the storage location except when it is necessary to confirm it.
      In addition, personal information in media other than paper will be properly preserved and managed in accordance with the operational management regulations for storage in media other than paper.
    • (2) For personal data that has been stored for a specified number of years or personal data that is no longer needed after processing, paper documents will be cut into unreadable sizes. Regarding the disposal of large amounts of personal data, we will outsource the disposal to a confidential document disposal company.
      Also, regarding the disposal of personal computers and magnetic media, the data will be discarded or leased back so that the data cannot be read by data erasure software.
Matters Requiring Implicit Consent

Each of the following 1 to 3 is deemed as provision of personal information to third parties, and in principle, a prior consent of the person concerned must be obtained.
However, in cases such as those that benefit the person concerned or those in which the employer would bear significant costs and it would not necessarily be reasonable to obtain an explicit consent of the person concerned, an implicit comprehensive consent is considered acceptable.
Therefore, Microsoft Health Insurance Association regards that its members have given their implicit comprehensive consent to the following matters when no explicit objection or reservation is raised by them.

Those insured, etc. (members) who oppose this treatment are asked to submit to the Health Insurance Association in writing the reason therefor.
Note that you can change your consent or reservation at any time at your request.

  • Provide high-cost medical care benefits through the employer without application by the person concerned
  • Provide additional benefits (benefits above and beyond the amount of medical care costs covered) through the employer without application by the person concerned
  • Provide the insured with notification of medical care costs paid for the entire household, including dependents (family members)

< Cases in which personal information may be provided to third parties without obtaining prior consent >

In the following cases, the Health Insurance Association may provide personal information of its members to third parties without obtaining their prior consent. (Under Article 23, Paragraph 1 of the Act on Protecting Personal Information [hereinafter referred to as "the Act"])

  • When required by laws or regulations
  • When necessary to protect an individual’s life, safety, or assets in cases in which obtaining the consent of the member would be difficult
  • When necessary to improve public health or to promote healthy childrearing in cases in which obtaining the consent of the member would be difficult
  • When necessary to cooperate with national governmental bodies or local governmental authorities, or with parties entrusted by national governmental bodies or local governmental authorities to execute affairs as specified by laws or regulations, in cases in which obtaining the consent of the member could impede their execution

< Cases not qualifying as provision to third parties >

The following cases are not deemed as provision to third parties. (Under Article 23, Paragraph 5 of the Act)

  • Cases in which a business operator handling personal information entrust the handling of personal information in whole or in part within the scope necessary for the achievement of the purpose of utilization
  • Cases in which personal information is provided as a result of the succession of business in a merger or otherwise
  • Cases in which personal information is used jointly between specific individuals or entities and in which this fact, the items of the personal information used jointly, the scope of the joint users, the purpose for which the personal information is used by them, and the name of the individual or business operator responsible for the management of the personal information is, in advance, notified to the person concerned or put in a readily accessible condition for the person concerned
Shared use of personal information (1) Grant business for high medical benefits

We would like to inform you that our health insurance association will jointly use the personal information (personal data) we hold as follows.
In addition, in Article 23, Paragraph 4, Item 3 of the Personal Information Protection Law, "(1) Joint use of personal data, (2) Items of personal data used jointly, (3) Joint use Person who receives the personal information (personal data) if the person is in a state where he / she can easily know the range of the person, (4) purpose of use, and (5) name / name of the person in charge of managing personal data." Is not a third party, so it is possible to provide the personal information (personal data) without obtaining the consent of the person in advance.

  • Items of personal information (personal data) to be shared
    • (1) Regarding the medical fee statement, (including the dispensing fee statement, hereinafter referred to as "RECEIPT"), CSV information of the electronic RECEIPT or a copy of the paper RECEIPT,
    • (2) Patient name, gender, personal or family classification, by hospitalization outpatient, medical treatment date, RECEIPT request amount, etc. (stated "Grant application summary statement data" or "Grant application summary statement" In addition to the above, all items of the RECEIPT description data.
  • Common users
    National Federation of Health Insurance Societies:Grant Business Group・Staff in charge of high-cost medical
    Outsourcer : Japan Productivity Center ICT・Healthcare Promotion Department and partner companies
  • Shared purpose
    Our association : To apply for a grant for a high-cost medical business.
    National Federation of Health Insurance Societies : To properly deliver high-cost medical business. In addition, it will be used as a material to appeal the tendency of increasing medical expenses by publishing a receipt of 10 million yen or more per month (excluding personal information).
  • Person responsible for the management of personal information
    National Federation of Health Insurance Societies:Union Support Manager
    Our association : Responsible person of handling personal information
  • Questions about this matter, etc.
    Contact
    Microsoft Health Insurance Association
    kenpo@microsoft.com
Shared use of personal information (2) Personal information used jointly with business owners

We would like to inform you that our health insurance association will jointly use the personal information (personal data) we hold as follows.
In addition, in Article 23, Paragraph 4, Item 3 of the Personal Information Protection Law, "(1) Joint use of personal data, (2) Items of personal data used jointly, (3) Joint use when the person is in a state where he / she can easily know the range of the person, (4) the purpose of use, and (5) the name / name of the person in charge of managing personal data, "the personal information (personal data) is provided. Since the recipient is not a third party, he / she can provide the personal information (personal data) without obtaining the consent of the person in advance.

  • Items of personal information (personal data) to be shared
    The following personal data of the insured
    • (1) Personal information (name, gender, date of birth, staff number, department, job rank, address, telephone number, standard monthly salary, standard bonus, business office loan email address, dependent information required for dependent certification, etc. )
    • (2) Health insurance information that returns to the provisions of the Industrial Safety and Health Act, and information on the examinees of the health checkup (regular health checkup, NINGEN DOCK, etc.) conducted by the employer or the health insurance association as a health business (symbol, number, name, date of birth, gender, age, address, telephone number, email address, office name, employee code, health checkup consultation date, scheduled health checkup date, health checkup institution name, health checkup implementation item, health checkup result, findings, interviews, guidance content, etc.)
    • (3) Whether or not the subjects of lifestyle-related disease prevention education extracted by the health checkup receive medical treatment
  • Common users
    Health insurance association, health insurance association staff, medical workers such as industrial physicians and public health nurses of business owners, contractor.
  • Shared purpose
    • (1) In order for the health insurance association to smoothly and accurately carry out the business of the health insurance association (acquisition / loss of qualifications, etc.), insurance benefits, health business, etc.
    • (2) The health insurance association and business owners will work to maintain and improve their health and prevent their aggravation through follow-up measures, health guidance, and encouragement of consultation based on the results of the health checkup of the insured.
      In order to carry out effective project implementation with the business owner by evaluating and analyzing after implementation.
  • Person responsible for the management of personal information
    Health insurance association, chairman, managing director, business owner, head of human resources department.
  • Questions about this matter, etc.
    Contact
    Microsoft Health Insurance Association
    kenpo@microsoft.com
Cases of disclosure based on the Personal Information Protection Act

1. Purpose of use of personal information

The Association handles personal information for the following purposes. In the event of a change in the purpose of use, we will notify the person or announce it on our website, etc.

  • * The purpose of use of retained personal data is the same as in the table above.
  • * In the following cases stipulated in each item of Article 21, Paragraph 4 of the Personal Information Protection Law, we may not notify or announce the purpose of use.
Types of Personal Information Purpose of use
Eligibility Information Management of subscribers, determination of standard monthly remuneration, collection of insurance premiums, issuance and management of various certificates, linkage with online eligibility confirmation systems, linkage of information based on the Number Act, confirmation of matching with resident information
Information on the income of insured persons and their dependents Certification and probate of dependents, issuance and management of certificates of elderly beneficiaries and certificates of reduction of standard contributions
Information on the income and status of dependents (including those who intend to become dependents) and their family members living with them Recognition and probate of dependents
Information about the insurer to which the disqualified person is enrolled Implementation of transfer of receipts and coordination among insurers
Information on cash transfers Examination and payment of insurance benefits, information linkage based on the Number Act
Information about receipts Examination and payment of insurance benefits, issuance of medical expense notices, analysis of medical expenses for the purpose of health management and policy planning of members, application for high-cost medical subsidies to the National Federation of Health Insurance Societies
Subscriber account information Payment of insurance benefits, payment of subsidies, refund of insurance premiums, etc.
Information on health checkups Recommendation of medical examinations to those who have not yet undergone medical examinations, identification of those eligible for health guidance, analysis of health checkup results for the purpose of health management and policy planning of members, recommendation of medical examinations to those in need of medical care, reporting of the results of specific health examinations to the government, linkage with online eligibility confirmation systems
Information on Health Guidance Recommending the use of health guidance, analyzing the results of health guidance for the purpose of health management and policy planning of members, and reporting on the results of specific health guidance to the national government
Information on Health Services (Various Subsidies) User management, review and payment of subsidies
Information on Health Services (Various Health Programs) Information about user management, application for and participation in various health programs
Information on the labor status of insured persons Examination and payment of injury and sickness allowance, examination and payment of maternity allowance
Information on the status of medical treatment obtained through inquiries to doctors, etc. Examination and payment of injury and sickness allowance, examination and payment of medical expenses
Information on third-party acts (traffic accidents, etc.) Claims against perpetrators and insurance companies
Information about the members of our association Communication regarding union meetings and board meetings, holding elections, and conducting training
Information about our employees Manage employment, provide training, and provide benefits
  • (1) When there is a risk of harming the life, body, property, or other rights and interests of the person or a third party by notifying the person of the purpose of use or publicly announcing it.
  • (2) When there is a risk of harming the rights or legitimate interests of the Association by notifying the person of the purpose of use or publicly announcing it.
  • (3) When it is necessary to cooperate with a national agency or a local government in executing the affairs prescribed by laws and regulations, and notifying the person of the purpose of use or announcing it is likely to interfere with the execution of the affairs.
  • (4) When it is recognized that the purpose of use is clear from the circumstances of acquisition

2. Details of Security Control Measures

Organizational Security Control Measures In addition to appointing a person responsible for handling personal information, we have clarified the employees who handle personal data and the scope of personal data handled by such employees, and have established an emergency contact system for the person in charge in the event that a fact or indication of a violation of the law or union regulations is identified. The Company conducts regular self-inspections of the status of the handling of personal data and audits by auditors.
Personnel Security Control Measures In addition to stipulating matters related to the confidentiality of personal data in the Rules of Employment, we conduct regular training for employees on matters to keep in mind regarding the handling of personal data, verify their effectiveness, and utilize them in measures to protect personal information.
Physical Security Control Measures In areas where personal data is handled, we control the entry and exit of staff and restrict the equipment they bring in, and implement measures to prevent unauthorized persons from viewing personal data. In addition to taking measures to prevent theft or loss of equipment, electronic media, documents, etc. that handle personal data, we have implemented measures to ensure that personal data is not easily identified when carrying such equipment, electronic media, etc., including when moving within the office.
Technical Security Control Measures We have introduced and constantly reviewed a system to protect information systems that handle personal data from unauthorized external access and malware, and we have implemented strict access control for such information systems to limit the scope of the person in charge and the personal information databases handled.

3. Procedures for Responding to Requests for Disclosure of Retained Personal Data

In accordance with the procedures established by the Association, we will respond to requests for notification of the purpose of use, disclosure, correction, etc. (correction, addition, deletion) or suspension of use (suspension of use, erasure, suspension of provision to third parties) of retained personal data.

4. Contact for Requests and Complaints Regarding the Handling of Retained Personal Data

Microsoft Health Insurance Association
kenpo@microsoft.com

PAGE TOP