The National eHealth Infrastructure is operated within a strictly regulated legislative framework. The regulation of the EESZT is ensured on several legislative levels. The data protection regulations related to its records have been laid down in Act XLVII of 1997 on the Processing and Protection of Medical and Other Related Personal Data, which grants the EESZT the necessary rights to lawfully handle (store, process, display etc.) medical and other related personal data. For more than 20 years now, the Hungarian legal system has provided for the empowerment to connect and transfer medical and personal identification data in the healthcare provider network for the purpose of effective medical treatment, public health and epidemiological measures, the organisation of patient pathways and other purposes specified by law.

The availability of treatment and medication history is essential for effective medical treatment.

 

Before, the availability of these data was limited which could jeopardise effective medical treatment. The EESZT provides the necessary tools for this purpose.

Since the data contain personal and medical information, it is protected by a system of the highest, level 5 of security as established by the act on the electronic information security of central and local government agencies.

 

 

 

Providing a legal basis for the functioning of the EESZT, clarifying the circumstances of data management

 

Regulation of the organisational issues of the EESZT (appointing the operator, the administrative body managing the register of selfdetermination and the operator of the cross reference storage)

 

• Conditions, process of joining
• Rules and scheduling of joining
• Scheduling the introduction of mandatoryuse of certain services
• Detailed regulation of certain services

 

 

 

 

 

 

Cited pieces of legislation and their abbreviation:

• Act XLVII of 1997 on the processing and protection of health care and related personal data: Health Data Act
• Decree No 39/2016 (XII. 21.) of the Minister of Human Resources on detailed rules relating to the National eHealth Infrastructure: EESZT Decree
• Decree No 44/2004 (IV. 28.) of the Minister of Health, Social and Family Affairs on the prescription and dispensing of pharmaceutical products for human use: Pharmaceutical Products Decree
• Act LXXXIII of 1997 on mandatory health insurance: Health Insurance Act
• Government Decree No 217/1997 (XII. 1.) implementing Act LXXXIII of 1997 on mandatory health insurance: Implementing Decree
• Decree No 14/2007 (III. 14.) of the Minister of Health on the acceptance of medical devices for social security funding eligibility, their ordering with subsidisation, distribution, repair and renting: GYSE Decree

General rules relating to the operation of the EESZT:

Designation of the National Healthcare Service Center:

• Government Decree No 516/2020 (XI. 25.) by authorisation under Section 38(3) c) of the Health Data Act
  • Section 7(4): Operator of the EESZT
  • Section 7(5): Body managing patient consent records pursuant to Section 35/H of the Health Data Act
  • Section 7(6): Body managing connection code for performance of tasks under Section 35/L of the Health Data Act

Designation of Nemzeti Infokommunikációs Szolgáltató Zrt. as operator:

• Decree No 7/2013 (II. 26.) of the Minister for National Development  Schedule 1, paragraphs 1.23 and 1.24

Operation of the EESZT at the Government Data Center:

• Government Decree No 467/2017 (XII. 28.), Section 4(2) and Schedule 3 thereof

Prescription of EESZT joining and data provision as a minimum condition for authorisation, sanctioning

• Government Decree No 96/2003 (VII. 15.) Section 8(4), Section 11/A, Section 16(2), Section 17

Prescription of EESZT data provision as condition for financing

• Government Decree No 43/1999 (III. 3.) Section 5/C

Option of data management based on voluntary consent:

• Health Data Act Section 35/A (3)

Mandatory use of the EESZT for data streams between providers:

• Health Data Act Section 35/B (4), Section 36(4)

Identification, user management:

• Health Data Act Section 35/C

Operational records:

• EESZT Decree Section 11

System authorisation procedure:

• Health Data Act Section 35/B (4)-(5)

Suitability of IT system used for EESZT connection:

• EESZT Decree Section 3/A

Downtime, disruption:

• EESZT Decree Section 10

Data processing log:

• Health Data Act Section 35/D (1)-(2)

 

Obligation to join:

Group of persons required to join the EESZT:

• Health Data Act Section 35/B
• EESZT Decree Section 2 (1)-(1a)

Conditions and rules of joining:

• EESZT Decree Sections 2-3

Joining deadlines:

• EESZT Decree Section 22(1)
• Health Data Act Section 36(7)

 

Data provision obligation

Means of providing data:

• EESZT Decree Section 6

Initial date for performing the data provision obligation:

• EESZT Decree Section 22 (2)-(7)

Reporting and data provision obligation:

• Health Data Act Section 35/N
• EESZT Decree Section 6, Section 20, Schedule 5

Central event catalogue:

• Health Data Act Section 35/F
• EESZT Decree Section 12, Schedule 1

Health documentation records:

• Health Data Act Section 35/K
• EESZT Decree Section 19, Schedule 4

Health profile (eProfile):

• Health Data Act Section 35/J
• EESZT Decree Section 18, Schedule 3

Electronic prescription (ePrescription):

• Pharmaceutical Products Decree Section 7(1a), Sections 11/B-11/C, Sections 20/A-20/C, Section 24, Schedules 8 and 9
• Health Data Act Section 14/A (1) d), (1a), (1c), (2a)

Electronic prescription of medical devices (eGYSE):

• GYSE Decree Sections 13-14
• Health Data Act Section 14/A (1), (1a) c)-d), (2b)

Electronic referral (eReferral) and scheduling appointments:

• Health Insurance Act, Section 18/A
• Implementing Decree:

• on rules of electronic referral, Section 4/A
• on rules of scheduling appointments, Section 4/B

Electronic service ordering and scheduling appointments:

• Health Data Act Section 35/O
• EESZT Decree Section 20/D

Master data management and records:

• Health Data Act Section 35/G
• EESZT Decree Section 13, Section 14, Schedule 2

 

Data access rights:

Identification and authorisation management records, management of access rights:

• Health Data Act Section 35/C
• EESZT Decree Sections 8-9

Availability of directly accessible platform:

• EESZT Decree Section 7

Central event catalogue:

• Health Data Act Section 35/F

Health document records:

• Health Data Act Section 35/K

Health profile (eProfile):

• Health Data Act Section 35/J

Electronic referral (eReferral) and scheduling appointments:

• Health Insurance Act, Section 18/A
• Implementing Decree

• on rules of electronic referral, Section 4/A
• on rules of scheduling appointments, Section 4/B

Electronic service ordering and scheduling appointments:

• Health Data Act Section 35/O
• EESZT Decree Section 20/D

Electronic prescription (ePrescription):

• Pharmaceutical Products Decree Section 20/A-20/C
• Health Data Act Section 14/A (1a)-(1d), (2a)
• Pharmacist care: Health Data Act Section 14/A (6)

Electronic prescription of medical devices (eGYSE):

• GYSE Decree Section 13-14

Electronic disease registers:

• Health Data Act Section 16, Section 35/L, Section 36 (4)

Master Data Publication:

• Health Data Act Section 35/G
• EESZT Decree Section 13, Section 14, Schedule 2

System links:

• Health Data Act Section 35/B (4), Section 36(4)

Documentation forwarding outside of the health care network:

• Health Data Act Section 35/A (2), Section 35/P

Data verification by the NHIFM relating to wait lists:

• Health Data Act Section 35/M (4)

Data processing based on voluntary consent:

• Health Data Act Section 35/A (3)

Retroactive data upload:

• Health Data Act Section 36/A (2)

Patient consent records, digital patient consent declarations:

• Health Data Act Section 35/H, Section 35/I
• EESZT Decree Sections 15-17

Registration of representation right in the EESZT:

• Health Data Act Section 35/H (1)

 

Data processing:

Online consultation:

• Health Data Act Section 35/M (2)

Digital Image Forwarding:

• Health Data Act Section 35/M (1), (3)

Report forwarding:

• Health Data Act Section 35/N
• EESZT Decree Section 20 and Schedule 5

Documentation forwarding outside of the health care network:

• Health Data Act Section 35/A (2)

Electronic disease register:

• Health Data Act Section 35/L

 

Legal regulations relating to data processing:

• General Data Protection Regulation (GDPR): Regulation (EU) 2016/679 of the European Parliament and of the Council
• Act CXII of 2011 on informational self-determination and freedom of information
• Health Data Act relevant provisions

• EESZT Decree relevant provisions
• Health Insurance Act relevant provisions
• on management by the TAJ number operator for multiple purposes: Section 23, points k), l) and m) of Act XX of 1996 on means of identification replacing the personal identification code and on the use of identification codes
• Act LXXX of 1997 on persons eligible for social security care and private pension, and on coverage for such services, Section 43

 

Legal regulations relating to compliance with information security:

• Information Security Act. Act L of 2013 on the electronic information security of State and local authority bodies
• Implementing Decree: Decree No 41/2015 (VII. 15.) of the Minister of the Interior on requirements relating to technological security and secure information devices and products defined in Act L of 2013 on the electronic information security of State and local authority bodies, and to classification in security classes and security levels

 

Other relevant legislation:

• Act XX of 1996 on means of identification replacing the personal identification code and on the use of identification codes
• Act CLIV of 1997 on health care
• Government Decree No 134/1999 (VIII. 31.) on the settlement and disbursement of pharmaceutical products, medical devices and subsidies provided for the price of thermal bath services within the framework of outpatient care
• Government Decree No 516/2020 (XI. 25.) on duties of the National Healthcare Service Center
• Decree No 1/2003 (I. 21.) of the Minister of Health, Social and Family Affairs on pharmaceutical products prescribed with social security funding and on the amount of funding
• Government Decree No 96/2003 (VII. 15.) on general conditions of providing health services and on the operating licence authorisation procedure
• Decree No 43/2005 (X. 15.) of the Minister of Health on rules relating to pharmaceutical products deemed to be strictly controlled substances prescribed by physicians, marketed by pharmacies, used by health care providers, their registration and storage
• Decree No. 2/2008 (I. 8.) of the Minister of Health on products marketed by pharmacies and to be stockpiled on a mandatory basis
• Decree No 7/2013 (II. 26.) of the Minister for National Development on organisations using centralised IT and electronic communications services under a special service agreement, and on IT systems operated or developed by the central service provider
• Decree No 9/2012. (II. 28.) of the Minister for National Resources on determination of outpatient care eligible for financing by the Health Insurance Fund, conditions and rules of eligibility applicable to use, and on settlement of performance
• Decree No 76/2004. (VIII. 19.) of the Minister of Health, Social and Family Affairs on detailed rules relating to the determination, collection, processing of the scope of certain sectoral (health, professional) data
• Decree No 49/2018. (XII. 28.) of the Minister of Human Capacities on the scope of diseases deemed to be a public health priority or otherwise involving substantial costs, designation of the body managing the disease register containing diseases, and on detailed rules relating to the reporting and registration of such diseases
• Decree No 7/2004. (XI. 23.) of the Minister of Health on professional requirements of the distribution, repair and rental of medical devices
• Act XCVIII of 2006 on general rules of the safe and economical supply of pharmaceutical products and medical devices, and the distribution of pharmaceutical products