Central and Eastern Europe
Electronic healthcare, or simply eHealth, involves using information and communication technologies (ICT) for healthcare. Implementation of eHealth is progressing in the countries where bnt attorneys are represented, albeit at different paces.
What is the current status of eHealth in the CEE? Does eHealth protect sensitive patient data? Who can access patients’ medical records? Do healthcare providers (HCP) or health care professionals (HC professionals) have to observe any deadlines?
In Slovakia, eHealth has been formally implemented and operational since 1 January 2018. The launch of the system was protested by HCPs and HC professionals, who complained that the system was not ready for all outpatient departments. To date, not every HCP or HC professional is connected to the eHealth system, even though not abiding by eHealth legislation may result in sanctions.
The eHealth system in Slovakia is designed as follows: patients only need to show doctors their electronic ID (eID) cards instead of insurance cards. Their doctors will scan the eIDs with a reader, and will immediately receive the patient’s medical information. Medical records will also be available online ‒ accessible to patients from everywhere. Doctors then prescribe medication online, so that all patients need to do is to present their eID card to the pharmacy.
The following services are live: ePrescription, eAuthentification, eExamination and Citizen Health eBook. Extensive functions, such as eLAB, Patient Summary and eMedication, are scheduled to be added in 2018.
According to SIDC annual statistics on ePrescription available on the SIDC website, 6,254,216 ePrescriptions were issued in March 2018, with a rising trend in prescribed and issued ePrescriptions since January 2018.
Are (sensitive) personal data protected? Who can access patients’ medical records?
In Slovakia, patients can access their Citizen Health eBook (CHeB) on the National Health Portal by using their eID with a chip. The CHeB will automatically display data from the information systems of healthcare providers (i.e. hospitals, pharmacies, ambulances, laboratories) and health insurance companies. General practitioners (GPs) have unrestricted access to their patients’ medical records (excluding records on mental health). Specialists will have access only to a patient summary (containing basic information on the patient´s health status), while the patient’s consent is required for other parts of the CHeB.
Doctors sign in to the system with their healthcare professional eID. Their information system will then communicate with eHealth and send the information safely to the CHeB (after electronically signing, encrypting and separating clinical and identification patient data).
The HCP is considered a controller under the law on personal data protection, and as such must adopt appropriate technical and organizational measures. This obligation exists even if data processing is outsourced, since the General Data Protection Regulation (GDPR) imposes strict requirements for choosing a processor. Once the GDPR comes into force, a controller that processes so-called “sensitive” personal data ‒ which include, for example, health or biometric data ‒ on a large scale will be obliged to perform a so-called DPIA (DPIA – Data Protection Impact Assessment). The GDPR does not define the term “on a large scale”, but an example would be personal data processing by hospitals.
Deadlines
Healthcare professionals were required to obtain an HC professional eID and sign in to the National Health Portal by 1 January 2018. Sanctions for non-compliance with law are different for HCPs and HC professionals. Patients must present eIDs to their doctors from 1 January 2022. Until then, patients can also present themselves with an insurance card.
In Estonia and Lithuania, the eHealth system has been implemented and provides the following services: (i) the Patient Portal, allowing patients to view their medical data, appoint representative(s) and act on behalf of persons who have appointed them as their representative, (ii) Health information systems, including electronic health records, allowing doctors quick access to a patient’s complete health information, (iii) ePrescription, (iv) Digital Registration, (v) eMedical Certificate.
In the Czech Republic, only ePrescription is operational, while the eHealth records service is in legislative preparation. According to SIDC annual statistics on ePrescription available on the SIDC website, 4,776,215 ePrescriptions were issued in March 2018.
In Germany and Bulgaria, eHealth system services have not been launched so far but implementation is pending.
Implementation of the eHealth system is almost completely achieved in Hungary. Publicly-founded HCPs ‒ so called “family doctors” ‒ as well as pharmacies had to register by 1 November 2017. Private HCPs need to register by 1 November 2018.
In Poland, implementation of eHealth is pending but facing ever more obstacles along the way. For a couple of years now, e-Verification has been operational, i.e. HCPs or HCOs can verify and confirm a given patient’s eligibility for publicly-funded treatment online. Additionally, e-Doctor sick-leave certificates have been launched. The plan is that by the end of June 2018 these e-certificates will be the mandatory form of filing doctor’s sick-leaves (with the social insurance office and the employer); the paper form will be allowed in emergency cases only. E-prescriptions are on the verge of being introduced. Under an initial phase-in programme, connection is supposed to be launched in the first half of 2018. Patient health books are kept in paper form.