Privacy and Data Protection

Is the use of telehealth permitted?

Telehealth in Austria is, in principle, permitted.

The applicable professional rules requiring doctors to exercise their profession "personally and directly" could imply a general prohibition of distance or remote treatments without definite prohibition. Whenever medical science requires physical contact (e.g. physical assessment) between a doctor and the patient, any treatment without such contact is a violation of the principle of directness. Consequently, without clear legal guidance any introduction of telehealth measures / devices requires careful assessment under the principle of directness and personal exercise in that specific context.

How is telehealth regulated?

No explicit regulations relating to telehealth are in place. Relevant provisions from which to source some guidance can be found inter alia in the Federal Doctors Act (ÄrzteG), Federal Dentist Act (ZahnärzteG), Federal Health Telematics Act (Gesundheitstelematikgesetz) and the Health Telematics regulation (Gesundheitstelematikverordnung). The latter specifically deals with the processing of personal electronic health data and genetic data by healthcare providers (see Privacy and data protection).

In 2013, the Minister of Health established a TeleHealth Commission (Telegesundheitsdienste-Kommission) which continues to work on improving the scope of telehealth. The Commission also adopts resolutions and provides reports to the competent Ministry of Health.

Are there specific fields of healthcare in relation to which telehealth services are currently available, and do they involve the use of proprietary technology or platforms?

According to the TeleHealth Commission, the term telehealth covers a broad spectrum, including but not limited to:

• telemonitoring (medical monitoring of a patient’s state of health);
• teletherapy (active intervention in the treatment of a patient);
• teleconciliations (obtaining a second opinion from another doctor); and
• teleconference (involvement of a second physician for ongoing medical treatment by a doctor).

According to the TeleHealth Commission a more developed and applied area of telehealth is the field of telemonitoring, in particular for patients with diabetes, cardiac insufficiency and abnormal levels of blood pressure.

However, there is no official list of which types of healthcare services are provided via telehealth in Austria. It depends on each individual doctor which telehealth services they wish to offer (provided the principle of directness and personal exercise are complied with as well as the data protection requirements are met).

Beside apps like Skype or Zoom, whose use within providing telehealth services is not forbidden (provided data protection requirements are met), such services can also be provided through specific e-health-applications, which can be certified by TELEMED Austria (e.g. "eedoctors-App" was officially certified since April 2020). TELEMED Austria is also hosting a register, which contains certified telehealth services providers.

Does the public health system include telehealth services, and if so, are such services free of charge, subsidised or reimbursed? Where the public health system does not include telehealth services, are such services covered by private health insurance?

Medical advice via phone or video-conference is reimbursed by the public health system. Private insurance companies have also started to offer telehealth packages. Teleconsultation in urgent cases under the telephone number 1450 and with doctors (including psychological urgent cases) are offered. It is possible to transfer data from medical devices or smartphone-sensors. The hotline 1450 is a general e health service tool and first point of contact, including during out of office hours.

How should the cross-border transfer of personal information collected and processed in the course of telehealth services be carried out to ensure compliance with applicable privacy laws?

In principle the GDPR and the corresponding national implementation Acts must be complied with. Attention should be paid to the fact that these data are all health data and thus special categories of data (sensitive data). Regarding cross-border transfers of telehealth data outside the European Union, the findings from the Schrems II judgment and the relevant standard contractual clauses need to be implemented.

Are there any currently applicable codes of conduct on the use of telehealth systems and/or security of telehealth data in your jurisdiction?

The TeleHealth Commission (see Availability of Telehealth) has presented a recommendation, which mainly comprises:

• a catalogue of criteria for the evaluation of telehealth services in terms of prioritisation, including the application of these evaluation criteria to identify specific telemonitoring projects in the areas of diabetes and cardiovascular diseases that have the greatest potential for introduction into mainstream care, and

• a list of questions on possible business or organisational models for the roll-out of telehealth services into mainstream care, including answers to these questions for the areas of diabetes and cardiovascular disease. A corresponding directive issued by the Ministry of Health has been adopted which deals with the technical implementation of telehealth.

Are any specific laws, regulations, or self-regulatory instruments expected to be adopted in the near future?

The Austrian Medical Chamber has raised the need for a legal frame for telemedicine and e health. A legislative initiative on these issues has not reached parliamentary discussion yet and we are not aware of any near changes in this regard.