Yes - § 22 FDPA permits the processing of sensitive data if the processing is necessary for the purpose of, for example, preventive medicine, employee working capacity assessments, medical diagnosis, health and social care treatments, management of systems, agreements with health professionals (and their staff) where data is provided under the obligation of professional secrecy, and for reasons of public interest in the area of public health (as required, for example, to ensure high quality and security standards for health services, drugs or medical products). However, such processing is only possible if certain safeguards are taken to protect such data ("suitable and specific" safeguards).
§ 29(2) FDPA states that where, in the context of a client-lawyer relationship, the data of third persons are transferred to persons subject to a legal obligation of professional secrecy, the right to be informed does not apply unless the individual has an overriding interest to be informed.
§ 29(3) FDPA protects persons subject to professional secrecy obligations and limits DPA access requests;
§ 13(4) FDPA binds the Federal Commissioner to secrecy.