Tag Archive for: Datenaustausch

Digitisation in insurance companies – individually or together?

In the private client business, insurance companies rely on individual solutions that are widely accepted. The situation is more difficult with corporate clients. Swissdec offers an opportunity to establish a nationwide solution. But there are a number of obstacles to overcome. Digitalisation of business processes is very important for insurance companies. The exchange of information with corporate clients plays an important role. In the area of private customers, there are already solutions that are actively used by the users. For corporate clients, a solution is not so obvious. Swissdec’s Swiss Performance Standard is a great opportunity to advance digitalisation in cooperation with customers. In addition to the Swiss Performance Standard, a solution such as Swissdec Enterprise Authentication (SUA) is also needed to ensure security in data exchange. The wish or requirement would also be that it is not only a solution that applies to Swissdec, but can also be used in the other digital business processes. This still requires a comprehensive dialogue among the companies, but also with the organisations that support such an application. At present, no definitive dates are known as to whether and when the insurance companies will introduce the Swiss and SUA performance standard. This is partly due to the fact that the cost-benefit assessment has not yet been completed and the dialogue with the companies also takes time. Understandably, the insurance companies are trying to offer their own differentiating solutions to their customers, but this cannot be the goal from the customer and application point of view. It would also be incomprehensible if every bank offered its customers a credit or debit card that could only be used with that provider. As a rule, one waits for a pilot solution to emerge in the market or to be successfully implemented. Actually, the need for such a further development is evident for all insurers.

Thanks to ERP, 20 insurance companies are already participating

Since many projects are pending and the allocation of resources for such a project is in competition with other projects, the “speed” is somewhat dependent on the usability of the application in analogue business processes. This is now the challenge to devote enough attention to the topic and also to find the business leaders who work on the implementation of such an important and necessary process for the customers. It is very positive that a considerable number of enterprise resource planning manufacturers, who know the needs of the customers very well, have found each other and are taking the preliminary work in hand together with Suva. More than 20 insurance companies are already participating in the Swissdec solution, which also guarantees that a very large number of customers will be able to benefit from the solution when it is implemented on the market.

Creative Commons LicenceCreate PDF

Related Posts

None found

Payroll reporting – many roads lead to Rome

The collection and processing of salary notifications is one of the core tasks of the compensation offices. As many channels as possible are made available here to simplify the administrative processes for employers and the self-employed. Employers and self-employed persons must settle wages within 30 days of the end of the payroll period. The salary statement must therefore be received by the compensation office by 30 January of the new year at the latest. This is the requirement for submitting the annual salary statement.

Figure 1: Screenshot “Wage declaration online” in the new online portal “connect” IGAKIS Genossenschaft

Today, the implementing agencies pursue a multi-channel strategy. This means that the employer decides independently which channel to use. The following variants are available today:

  • Salary declaration via paper form
  • Salary notification via the portal of the compensation funds
  • Wage reporting using Swissdec/ ELM (machine-to-machine communication)
  • Individual solutions (mail, Excel files, individual interfaces, etc.)

Each channel today also implements a different standard in the area of security/data protection. The “lowest” standard is certainly to be found in the paper form, which today offers no possibilities for identifying the sender and checking the data. This means that every incoming message is accepted and must be processed manually. In contrast, the security standard is increased when employers work with the portal of the competent compensation office. There, they work with logins that identify the user through multiple identification (onboarding) before the first login. A “higher” level of protection is implemented here.

Figure 2: Screenshot “Productive ELM notification” in the AHVeasy web portal of IGS GmbH

The “Digitised forms in social insurance” project

All roads lead to Rome, not only when it comes to wage registration. The project “Automated/ Digitised Forms Processing” is currently in the conception phase. This project is being implemented jointly by the Information Office and eAHV/IV. The aim of the project is to make around 50 forms available on the internet and to transfer the data via sedex directly to the specialist applications of the implementing offices. This will both modernise and speed up the process and increase data quality. With the help of this project, employers and insured persons will be provided with another channel for communication with the social insurance. Data protection will also be an important issue in the realisation of the digitalised forms. However, the premise of as good as necessary and not as good as possible also applies here.

Conclusion

From the point of view of social insurance, it is important that data protection is very well taken into account and that security standards are as high as necessary and not as high as possible. It is a great concern to receive data electronically, but also to ensure that overly complex onboarding processes do not discourage users from submitting data electronically. This philosophy optimally implements the multi-channel strategy for data delivery and ensures that “Many roads lead to Rome”.


References

  1. The IGAKIS cooperative is a community of interests of association and cantonal compensation funds as well as the Federal Compensation Fund, www.igakis.ch
  2. The IGS – Informatikgesellschaft für Sozialversicherungen – is the IT competence centre for cantonal social insurance funds and compensation funds, www.igs-gmbh.ch
Creative Commons LicenceCreate PDF

Related Posts

None found

Sedex – the digital postman of the Confederation

With sedex, the Federal Statistical Office (FSO) and the Federal Office of Information Technology (FOITT) offer a secure data exchange for authorities and public administrations. Encryption and security certificates are used

What is sedex?

sedex stands for secure data exchange and is a service of the FSO which is operated by the Federal Office of Information Technology FOITT. The highly available platform (24/7) was set up as part of the modernisation of the census and has been designed for the secure asynchronous exchange of data between organisational units since it went into operation on 15 January 2008. Against this background, the first sedex customers were the residents’ services of the municipalities, which have to provide the statistics to the FSO on a quarterly basis. Since sensitive data is exchanged, the platform had to meet high security and traceability requirements right from the start. For this purpose, sedex uses modern encryption procedures as well as security certificates of the Swiss Government PKI. Since 2009, the governance of sedex has also included other domains, and interested organisations can also use sedex’s service under certain conditions. In the first quarter of 2019, sedex was used by over 6,600 organisational units spread over more than 70 domains. In 2008, approximately 17.6 million messages were transmitted via sedex.

Who are sedex’s customers?

The customer base of sedex is regulated by so-called domains and ranges from the communal to the cantonal administrative level to various federal offices. One is always in the field of application of sedex when the applied processes require a regular and legally regulated data exchange, represent a stable circle of users, need high security requirements and a traceability of the messages is necessary. Today, sedex counts among its customers not only the population registers of the municipalities with the statistics deliveries, but also the debt collection offices, the civil registry, the federal building and housing register, the association of hospitals H+, eOperations Suisse, SSK, the association HPI Suisse ePolice, the joint institution KVG and many more. Among other things, these benefit from the fact that they do not have to set up their own infrastructure for data transport, the security issue is regulated and controlled by two federal offices, and they do not have to set up their own user administration and support organisation.

How does sedex work?

The sedex client (a Java application) essentially consists of 3 components, the adapter, the web service proxy and the controller, which are used to exchange messages between the sedex participants within seconds. The main task of the service is the asynchronous data exchange of individual messages between two sedex participants identified in the message. A message consists of an arbitrary data file (data_) and a sedex envelope (envelope envl_). The data file can be in any file format. For example, pdf, docx, zip, jpg, tar, xml, etc. The technical content or conventions (e.g. use of standards) are regulated by the domains. The envelope is a standardised XML file according to the eCH standard eCH-0090. The sender’s specialist application first writes the data file into the outbox of the sedex client, then the corresponding envelope. The data file is encrypted for transport using the Governikus public key / private key system. The sender’s sedex client then connects to the sedex platform and transmits the data via a secure connection. The sedex client of the recipient specified on the envelope retrieves the data on the sedex platform and decrypts it in its infrastructure. The solution is technically designed in such a way that only the recipient is able to decrypt this data. The envelope and the data file are then stored in the inbox of the sedex client. From there, the recipient’s specialised application can read the data.

Positive receipt after delivery

After successful delivery, a positive receipt is issued to the sender and the data is destroyed on the sedex platform. If delivery cannot be made for any reason, the sender will receive a negative receipt with the corresponding reason. All transactions are logged and traceability is guaranteed at all times. The sedex client can also be used for synchronous data communication. Encrypted data communication between consumer and provider of a web service is ensured without influencing the content. The added value lies in offering sedex participants who want to consume web services a simplified and uniform implementation of these services. The specialist application establishes a connection with the sedex client. This happens within the protected infrastructure of the participant. The sedex client “knows”, based on the call, where the desired web service is available on the Internet and establishes a secure tunnel to it. The web service consumer can rely on the fact that the actually requested web service provider provides information (and not a fictitious one). The web service provider (e.g. UPI of the central compensation office) can check whether the request actually comes from the alleged consumer. The web service provider can also integrate the authorisation system of sedex to simplify the user administration of the web service consumers. The advantage and success of sedex lies in the simplicity of the system and the high level of security it guarantees. The system is secure, traceable and reliable and therefore counts more and more customers among its circle.

Creative Commons LicenceCreate PDF

Related Posts

None found

Insurance companies rely on M2M communication

Suva has been using the Swiss wage standard (ELM) for many years to process wage declarations from companies. Now, in addition to the Swiss wage standard (ELM), the Swiss benefit standard (KLE) is to be introduced in order to be able to process claims digitally and without media discontinuity Digitalisation plays an essential role for the future development of the insurance business as well as for the companies insured with Suva. Suva is therefore increasingly relying on solutions that support M2M (machine-to-machine) communications. As a member of the Swissdec association, Suva has been relying on the successfully implemented Swiss wage standard (ELM) in the area of wage declarations for many years. This enables Suva-insured companies to transmit their annual wage declarations directly from Swissdec-certified payroll accounting systems to Suva and other institutions (AHV, tax offices, other insurers and FSO) without media discontinuity. For some years now, Swissdec has been working on a second standard together with Suva and other insurers. This is the Swiss benefit standard (KLE). In future, this will enable the complete processing of claims management and daily allowance processes from Swissdec-certified payroll accounting with Suva and other insurers who are ready to receive data. A major difference between the Swiss payroll and benefit standard is the bidirectional data communication and the binding nature of the process. For the settlement of accidents, the data exchange must take place via a secure and protected channel. In addition, it must be ensured that the recipient of the data is really the company it claims to be. For this reason, a solution such as Swissdec Enterprise Authentication (SUA) is mandatory when the Performance Standard-CH is used in practice. SUA not only fulfils the requirements for security and data protection, but also enables companies to obtain a so-called company certificate quickly and easily.

Creative Commons LicenceCreate PDF

Related Posts

None found

The social security data exchange ecosystem

The eAHV/IV association defines interfaces and standards for data exchange and coordinates the digitisation projects for AHV and IV. The goal is to reduce the administrative burden for all parties involved. This requires a highly available infrastructure and an ecosystem that actively connects the parties and partners involved. Today, 108 implementing agencies are active in the first pillar of social insurance. They are organised in the IV-Stellen Konferenz (IVSK), the Konferenz der Kantonalen Ausgleichskassen (KKAK) and the Schweizerische Vereinigung der Verbandsausgleichskassen (VVAK). The Central Compensation Office (CCO) is the central enforcement body of the Confederation in the area of Pillar 1 social insurance. It covers: old-age and survivors’ insurance (AHV), disability insurance (IV) and the income compensation scheme (EO). The eAHV/IV Association was founded in 2004 by the four members KKAK, VVAK, IVSK and ZAS. The association unites all funds, all associations, the ZAS and the IT of the AHV and IV implementation offices and forms the bridge between German and Latin Switzerland. As the representative of the interests (professional association) of over 100 implementing agencies, the e-AHV/IV Association is continuously modernising the data exchange (DA) in the AHV and IV. The association’s overriding goal is to relieve companies of administrative work. Together with representatives of the implementing agencies, the IT of the implementing agencies, the Federal Social Insurance Office (FSIO) and third parties, eAHV/IV defines and develops interfaces and standards for data exchange and additionally coordinates eGovernment and digitisation projects for the AHV and IV.

The network

Figure 1: Ecosystem of the eAHV/IV

Due to the statutory task performed by the implementing agencies, eAHV/IV has a large network of partners. These are positioned very differently and perform different roles. For example, eAHV/IV is the topic leader for eGovernment Switzerland on the topic of AHV/IV. The eCH

association defines the nationwide standards that are applied as far as possible in eAHV/IV.

Art. 33: Confidentiality: Persons involved in the implementation, control or supervision of the implementation of social security legislation must maintain confidentiality vis-à-vis third parties.

Close cooperation takes place specifically with the Federal Social Insurance Office (FSIO)

. As the supervisory authority, the FSIO is responsible for setting requirements/standards for the implementation of social insurance. Some of the laws and directives also deal with the topics of data exchange, information security or modernisation of supervision (in preparation, consultation). Specifically, for example, Article 33 of the ATSG (Federal Act on the General Part of Social Insurance Law).

Categories of data exchange

Data exchange in the 1st pillar of social insurance can be divided into several categories:

    • Data exchange with the insured person
    • Company / employer
    • Authorities (Confederation / Canton / Municipality)
    • Third parties (health / accident insurers / SUVA / RSA / etc.)

Figure 2: Schematic representation of data exchange

High-availability infrastructure – sedex

The exchange of data with the employer, the insured person and the municipal authorities is basically defined by the implementing agencies or the IT of the DS. The only exception is the exchange of data from the employer via third parties – for example Swissdec or easyGov. The majority of our data exchange projects use sedex. sedex stands for secure data exchange and is a service of the Federal Statistical Office (FSO). The platform is designed for secure asynchronous data exchange between organisational units. The platform is highly available (24/7). sedex was set up as part of the modernisation of the census from 2010 onwards in order to ensure the delivery of statistics from the municipal population services and the federal register of persons to the FSO. Since sensitive data is exchanged, the platform had to meet high security and traceability requirements from the very beginning. For this purpose, sedex uses modern encryption procedures as well as security certificates of the Swiss Government PKI. Since going live in mid-2008, sedex has also opened up to participants outside of register harmonisation and statistics. Today, sedex is used by over 4,850 organisational units in over 60 domains. In 2017, approximately 14.8 million messages were transmitted via sedex. sedex acts as a “postman” and can be compared to a registered letter. It is very gratifying that more than 30 million records are already exchanged electronically in the 1st pillar social insurance ecosystem.

For the future

One challenge for the future will be the electronic contact with insured persons. Although the signing of the Tallinn Declaration has defined that every citizen may communicate electronically with the authorities in Switzerland, this is still a long way off. It is important to bear in mind that in the context of social insurance, most data is personal and the majority of it is classified as requiring special protection. Due to this situation, it must be ensured that the communication from the implementing agencies to the insured persons is correct. This means that an onboarding process is necessary to ensure that the mail addresses used are indeed correct. This will be a very big challenge, especially since all citizens of Switzerland are integrated in the social security system. One approach to solving this would be, for example, the nationwide introduction of the e-citizen dossier, as described in the study “Digital Switzerland – a location for the future”.


References

https://www.bsv.admin.ch/bsv/de/home/publikationen-und-service/gesetzgebung/vernehmlassungen/aenderung-ahvg.html https://www.bfs.admin.ch/bfs/de/home/register/personenregister/sedex.html https://www.egov-schweiz.ch/media/archive2/Zukunftsstandort_digitale_Schweiz_dt_Web.pdf

Creative Commons LicenceCreate PDF

Related Posts

None found