The Agency for Personal Data Protection in Bosnia and Herzegovina ('AZLP') announced, on 7 April 2021, its decision relating to an insurance company, ASA Osiguranje d.d. Sarajevo, in which it had found that the company had acted in violation of Article 4(1)(a) of the Law on the Protection of Personal Data No. 49/06 ('the Law'), following its request for medical documentation in response to a recourse claim to reimburse treatment costs of an injured party. 

Background to the decision

In particular, the AZLP noted that the decision relates to a report it had received from the Health Insurance Institute of Sarajevo Canton ('the Institute') against ASA Osiguranje for requesting medical documentation to reimburse treatment costs of an injured party. In this regard, following the company's request for medical documentation, the Institute responded that it is not able to submit such documentation since it comprised of special category personal data, the processing of which is prohibited. Thereafter, the company rejected the claim since the medical documentation requested was not submitted. 

Findings of the AZLP

Notably, the AZLP found that since the insurance company is not a health institution, it is unacceptable for it to collect and process medical documentation to assess claims, and therefore the company had lacked a legal basis to collect and process such information and to request such information from the Institute.

Outcomes

Ultimately, the AZLP found the company in violation of Article 4(1)(a) of the Law and stated that no appeal is allowed against the decision, but an administrative dispute may be initiated before the Court of Bosnia and Herzegovina within 60 days from the date of delivery of the decision.

You can read the decision, only available in Bosnian, here.