Data Protection

What is personal Data?

Personal data is information which relates to an identified person or allows identifying (directly or indirectly) a natural person. For the United Nations Staff Mutual Insurance Society against Sickness and Accident (UNSMIS), a self-insured and self-administered medical health Insurance provide this may include:

  • Personal identification information such as first name, last name and nationality.
  • Directory information (telephone number, addresses, email…)
  • Financial data, namely IBAN and banking information.
  • Personal health information such as medical certificates, medical forms and invoices.
  • Professional data such as the start/end of your employment contract, forecasted retirement date and personnel/index number.


How is personal data treated?

All the above information is treated as confidential. All UNSMIS databases, servers and online claims portal are in compliance with UN IT security policies. 

All paper claims are destroyed after 10 years. UNSMIS plans to do the same for e-claims. UNSMIS staff are briefed upon joining and regularly reminded that UNSMIS takes a zero-tolerance approach on the divulgation of confidential data. Medical cases escalated by insured members to the Executive Committee of UNSMIS are presented as anonymous. 


Why does UNSMIS need your personal data? 

As a health insurer UNSMIS must store personal, bank and medical records of all its insured members in order to carry out its functions.

To ensure the correct administration of the medical insurance plan and settlement of claims, as an insured you are giving your consent to UNSMIS regarding the processing of the medical data concerning you and your insured family members. UNSMIS reserves the right at any moment to ask for additional relevant information in order to correctly process health insurance claims. 


Is your personal data shared with any third parties?

As a rule of thumb UNSMIS does not share your personal data. However, there are certain instances, dictated by the need to process a claim or by law, where some of your personal information may be disclosed to third parties. Examples include, but are not limited to; 

  • the medical advisor of UNSMIS, for medical approvals,
  • auditors, and even in such cases we try and release unstructured data where possible.
  • authorities who have legal authority and justification to request such information (i.e. police, legal carers, etc...) 
  • family members, only if they have the necessary power of attorney or equivalent legal authority.
  • any legally authorized third-party administrators whose services may be used to assist the processing or settlement of a claim.