Legal framework of the EESZT

 

 

The National eHealth Infrastructure is operated within a strictly regulated legislative framework. The regulation of the EESZT is ensured on several legislative levels. The data protection regulations related to its records have been laid down in Act XLVII of 1997 on the Processing and Protection of Medical and Other Related Personal Data, which grants the EESZT the necessary rights to lawfully handle (store, process, display etc.) medical and other related personal data. For more than 20 years now, the Hungarian legal system has provided for the empowerment to connect and transfer medical and personal identification data in the healthcare provider network for the purpose of effective medical treatment, public health and epidemiological measures, the organisation of patient pathways and other purposes specified by law.

The availability of treatment and medication history is essential for effective medical treatment.

 

Before, the availability of these data was limited which could jeopardise effective medical treatment. The EESZT provides the necessary tools for this purpose.

Since the data contain personal and medical information, it is protected by a system of the highest, level 5 of security as established by the act on the electronic information security of central and local government agencies.

 

 

 

Providing a legal basis for the functioning of the EESZT, clarifying the circumstances of data management

 

 

Regulation of the organisational issues of the EESZT (appointing the operator, the administrative body managing the register of selfdetermination and the operator of the cross reference storage)

 

  • Conditions, process of joining
  • Rules and scheduling of joining
  • Scheduling the introduction of mandatoryuse of certain services
  • Detailed regulation of certain services

 

 

 

 

 

 

Legal framework of the EESZT

References to legislation in force

List of cited legislation and abbreviations:

General rules relating to the operation of the EESZT:

Designation of the Ministry of Interior as the operator of the EESZT:  

  • Central eHealth Decree, Section 5/A
    • The Minister responsible for health care is
      • the operator of the EESZT pursuant to Section 35/A of the Health Data Act
      • the body maintaining the self-determination register pursuant to Section 35/H of the Health Data Act,
      • the body managing the contact code for performance of tasks pursuant to Section 35/L of the Health Data Act,
      • the national contact point for enforcing rights relating to cross-border health care pursuant to Section 19/A of the Health Data Act.
    • The Minister responsible for health care, as national contact point, ensures the exchange of information relating to the enforcement of rights regarding cross-border health care in cooperation with the national contact points of other member states, and the European Commission.
    • In performing their tasks, the Minister responsible for health care shall enforce the provisions of the General Data Protection Regulation (GDPR), and shall ensure that no unauthorized body or person has access to the data contained in the EESZT.
    • The Minister responsible for health care shall involve the Service Center as a data processor in the performance of their duties under this section.

Designation of NISZ Nemzeti Infokommunikációs Szolgáltató Zrt. as operator:

Appointment of ESZFK Nonprofit Ltd. as the organization responsible for the operation, application management, development, and customer service tasks of EESZT:

Requirement of EESZT connection and data provision as a minimum condition for authorisation, sanctioning

Requirement of EESZT data provision as condition for financing

Option of data management based on voluntary consent:

Mandatory use of the EESZT for data streams between providers:

Identification, user management:

Operational records:

System authorisation procedure:

Suitability of IT system used for EESZT connection:

  • EESZT Decree Section 3/A
  • Central eHealth Decree Section 2(1a)

Downtime, disruption:

Data processing log:

Obligation to connect:

Those required to connect to the EESZT:

Conditions and rules of connecting:

Connection deadlines:

Data provision obligation

Means of providing data:

Initial date for performing the data provision obligation:

Reporting and data provision obligation:

Central event catalogue:

Health documentation records:

Health profile (eProfile):

Electronic prescription (ePrescription):

Electronic prescription of medical devices (eGYSE):

Electronic referral (eReferral) and scheduling appointments:

  • on rules of electronic referral, Section 4/A
  • on rules of scheduling appointments, Section 4/B

Electronic service ordering and scheduling appointments:

Master data management and records:

Data access rights:

Identification and authorisation management records, management of access rights:

Availability of a directly accessible platform:

Central event catalogue:

Health document records:

Health profile (eProfile):

Electronic referral (eReferral) and scheduling appointments:

  • on rules of electronic referral, Section 4/A
  • on rules of scheduling appointments, Section 4/B

Electronic service ordering and scheduling appointments:

Electronic prescription (ePrescription):

Electronic prescription of medical devices (eGYSE):

Electronic disease registers:

Master Data Publication:

System connections:

Documentation forwarding outside of the health care network:

Data verification by the NHIFM relating to wait lists:

Data processing based on voluntary consent:

Retroactive data upload:

Patient consent records, digital patient consent declarations:

Registration of representation right in the EESZT:

Data processing:

Online consultation:

Digital Image Forwarding:

Report forwarding:

Documentation forwarding outside of the health care network:

Electronic disease register:

Legal regulations relating to data processing:

Regulations relating to compliance with information security:

  • Act LXIX of 2024 on the cybersecurity of Hungary
  • Decree 7/2024 (VI. 24.) of the Minister in charge of the Prime Minister’s Office on the requirements for classification into security classes and the specific protective measures applicable to each security class

Other relevant legislation: