The EESZT and data protection

Medical data contained in the EESZT is protected. The system is secured with the highest level of data and cyber protection.

 

The EESZT ensures secure access to data to all physicians who are treating physicians of the patient, in relation to whom the patient does not restrict access rights to data stored in the EESZT. Professional users of the systems can login to the healthcare cloud and access contents in line with their qualifications and the authorisation attached to their institutional role. Login requires a unique identifier. An integral part of this process is authentication with the eID, which contains a storage medium, when one accesses the cloud. The EESZT mobilToken token-based authentication system for remote system use is now available for both Android and iOS. It is an application for mobile devices which can generate a one-time password for the EESZT-login when the user enters their PIN code, allowing medical software to connect to the EESZT framework without the use of e-ID card authentication. The e-ID card is suitable for the identification of patients and health professional, medical personnel and pharmacists alike. The e-ID card and its PIN code ensures secure login to the EESZT as a two-factor - i.e. possession and knowledge -authentication device.

 

Self-determination of patients in the EESZT system

 

All persons have the civil right and responsibility to self-determination with regard to medical information.

 

In order to protect personal information, the system allows every citizen to freely control the access to their information entered into the EESZT. The scope of Digital Patient Consent with regard to medical and related personal data is allowed by provisions defined in Act XLVII. of 1997 about the handling and protection of health care data and related personal data as amended by Act CCXXIV of 2015.

Users may exercise their right to digital selfdetermination, i.e. control access to their medical data on the Citizen Portal of the EESZT. By default, the system only allows some sensitive data to be accessed by the patient’s General Practicioner and relevant therapist (specialist). Through patient consent, the patient can decide to lift this restriction. The restriction can be overruled in the case of an emergency or life-threatening situation, which means the doctor can have access to all data. The professional background for such forceful access must be justified and documented which is logged in the system in an identifiable manner. This means that in the instance of every query, the person, time and purpose of access to medical data is recorded.