The confidentiality of the health records of insurance company clients is currently the focus of interest in the industry, following the recent decision by the Authority for the Protection of Personal Data that the transfer of details of such records by medical diagnostic centers without the permission of the insured is illegal. The ruling, which was the result of a personal complaint by an insured person whose policy was terminated by the insurer, has given rise to a measure of anxiety. The insurers consider the ban a major impediment to risk management. According to reports, the first side effects of the ruling have already appeared, with hospitals and diagnostic centers refusing to provide such copies of records to insurance companies, despite the existence of relevant terms in policies. In the test case, the Authority for the Protection of Personal Data fined both the insurance company and the diagnostic center on the basis of Law 2472/97, which expressly states that health records constitute sensitive personal data. Therefore, their transfer without the «free, clear and special statement of volition and in full knowledge of the subject» is illegal. In that particular case, the failure of the insured person to inform the company of an existing condition before the issuance of the policy was a violation of contractual terms and justified its unilateral cancellation. The insurance company’s action had a lawful basis in the terms of the policy itself, which stated that the insured «expressly consents to the collection, processing, maintenance and use of an archive of sensitive personal data, concerning the health, physical condition, any disabilities, health record, administration of medicines and all other details of his/her health.» The insured further acknowledged that «the collection and processing of such data is necessary for the realization of the purpose and the general operation of the insurance contract, and that any revocation of this consent grants the right of immediate cancellation» by the insurer. Such terms are clearly in contradiction of the ruling from the Authority, which opined that the transfer of data in this particular case did not meet the conditions of consent which required the insured’s authorization according to case. Industry sources argue that the Authority’s rationale touches sensitive cords, presenting the insurance firm’s action as arbitrary and abusive. They argue that the case must be considered in the light of market realities, which often lean more toward the insured than the insurer, and that, paradoxical as it may sound, the accumulated experience of the last decade proves that insurers are burdened with excessive compensation sums via the unchecked use, for instance, of hospitalization cards. Additionally, they note that the concealment of serious medical conditions by the insured is widespread. The counterargument is that the correct pricing of the product is the responsibility of the insurer rather than the insured. But correct pricing also presupposes full knowledge of the insured’s medical history. In any case, the development holds special interest at a time when Greece’s consumer movement is growing in strength, which insurers have to take into account. Not thriving According to industry representatives, the abuse of private healthcare by many insurants, who do not declare prior conditions, will lead to an increase in costs for all others. They point to the fact that premiums in this category of coverage in the last five years have risen by between 20 percent and 50 percent. Furthermore, they complain that the prevalence of the view that firms do not have their clients’ best interest at heart and impose too many exemptions or compensation deductibles undermines the philosophy of private insurance itself, indeed, when the market accounts for a very small share of gross national product. They add that it is evident that the sector is not profitable in itself, as it is usually subsidized by crossover sales with other products, such as life insurance.