The legal framework of the EESZT

 

 

The National eHealth Infrastructure is operated within a strictly regulated legislative framework. The regulation of the EESZT is ensured on several legislative levels. The data protection regulations related to its records have been laid down in Act XLVII of 1997 on the Processing and Protection of Medical and Other Related Personal Data, which grants the EESZT the necessary rights to lawfully handle (store, process, display etc.) medical and other related personal data. For more than 20 years now, the Hungarian legal system has provided for the empowerment to connect and transfer medical and personal identification data in the healthcare provider network for the purpose of effective medical treatment, public health and epidemiological measures, the organisation of patient pathways and other purposes specified by law.

The availability of treatment and medication history is essential for effective medical treatment.

 

Before, the availability of these data was limited which could jeopardise effective medical treatment. The EESZT provides the necessary tools for this purpose.

Since the data contain personal and medical information, it is protected by a system of the highest, level 5 of security as established by the act on the electronic information security of central and local government agencies.

 

 

 

Providing a legal basis for the functioning of the EESZT, clarifying the circumstances of data management

 

 

Regulation of the organisational issues of the EESZT (appointing the operator, the administrative body managing the register of selfdetermination and the operator of the cross reference storage)

 

  • Conditions, process of joining
  • Rules and scheduling of joining
  • Scheduling the introduction of mandatoryuse of certain services
  • Detailed regulation of certain services

 

 

 

 

 

 

Summary of the regulation of the EESZT

Cited legal regulations and their abbreviation:

General rules relating to the operation of the EESZT:

Designation of the National Healthcare Service Center:

Designation of Nemzeti Infokommunikációs Szolgáltató Zrt. as operator:

Operation of the EESZT at the Government Data Center:

Prescription of EESZT accession and data provision as a minimum condition for authorisation, sanctioning

Prescription of EESZT data provision as condition for financing

Option of data management based on voluntary consent:

Mandatory use of the EESZT for data streams between providers:

Identification, user management:

Operational records:

System authorisation procedure:

Downtime, disruption:

Data access log:

 

Accession obligation

Group of persons required to join the EESZT:

Conditions and rules of accession:

  1. EESZT Decree Sections 2-3
  2. accession deadlines:
  3. EESZT Decree Section 22(1)

 

Data provision obligation

Means of providing data:

Initial date for performing the data provision obligation:

Reporting and data provision obligation:

Central event catalogue:

Health documentation records:

Health profile (eProfile):

Electronic prescription (ePrescription):

Electronic referral (eReferral) and scheduling appointments:

  • on rules of electronic referral, Section 4/A
  • on rules of scheduling appointments, Section 4/B

Electronic service ordering and scheduling appointments:

Static data management and records:

 

Data access rights:

Identification and authorisation management records, management of access rights:

Availability of directly accessible platform:

Central event catalogue:

Health document records:

Health profile (eProfile):

Electronic referral (eReferral) and scheduling appointments:

  • on rules of electronic referral, Section 4/A
  • on rules of scheduling appointments, Section 4/B

Electronic service ordering and scheduling appointments:

Electronic prescription (ePrescription):

Electronic disease registers:

Static Data Publication:

System links:

Documentation forwarding outside of the health care network:

Data verification by the National Health Insurance Fund of Hungary (NEAK) relating to wait lists:

Data management based on voluntary consent:

Retroactive data upload:

Patient consent records, digital patient consent declarations:

Registration of representation right in the EESZT:

 

Data processing

Remote consultation:

Digital Image Forwarding:

Report forwarding:

Documentation forwarding outside of the health care network:

Electronic disease register:

 

Legal regulations relating to data management

 

Legal regulations relating to compliance with information security:

  • Information Security Act Act L of 2013 on the electronic information security of state and local authority bodies
  • Implementing Decree of the Information Security Act: Decree No 41/2015 of 15 July 2015 of the Ministry of Interior on requirements relating to technological security and secure information devices and products defined in Act L of 2013 on the electronic information security of state and local authority bodies, and to classification in security classes and security levels

 

Other relevant legislation: