Romania
Is the use of telehealth permitted?
Yes, telehealth is permitted in Romania.
Romania
How is telehealth regulated?
Government Emergency Ordinance no. 196/2020, which entered into force on 19 November 2020 (“GEO no. 196/2020”), represents the general legal framework regulating telehealth.
GEO no. 196/2020 is implemented through Government Decision no. 1133/2022 regarding the approval of the Methodological Norms for the implementation of the provisions of the Government Emergency Ordinance no. 196/2020 for the amendment and completion of Law no. 95/2006 on healthcare (”GD no. 1133/2022”). GD no. 1133/2022 regulates the medical specialties and the list of services that are the object of telehealth services, the conditions for the organization and operation of telemedicine.
Before GEO no. 196/2020 was adopted, there was limited legislation regarding specific types of telehealth, such as telehealth targeted at rural areas.
In addition, specific legislation relating to temporary general telehealth rules was applicable in the context of the COVID-19 pandemic.
Romania
Are there specific fields of healthcare in relation to which telehealth services are currently available, and do they involve the use of proprietary technology or platforms?
GEO no. 196/2020 covers prophylactic and curative telehealth services and regulates the following services: (i) remote consults, (ii) tele-expertise, (iii) teleassistance, (iv) teleradiology, (v) telepathology and (vi) remote monitoring of the patient.
The services can be performed by any means of telecommunication, irrespective of the audio or video platform, the electronic equipment, cable networks, optic fibre, radio, satellite or other such means that are used. The communication platforms that are used must ensure the security of the data.
The medical specialties and the list of services that can be performed through telehealth are regulated through GD no. 1133/2022..
Romania
Does the public health system include telehealth services, and if so, are such services free of charge, subsidised or reimbursed? Where the public health system does not include telehealth services, are such services covered by private health insurance?
GEO no. 196/2020 and its methodological norms apply to both public and private healthcare providers.
GEO no. 196/2020 provides that the telehealth services may be reimbursed from public funds in accordance with the general rules for reimbursement of medical services. This means that some telehealth services can be free of charge for patients, similar to face-to-face medical services.
Private health insurance, which can be taken up with private healthcare providers, may cover other telehealth services, depending on the package or offer of each private healthcare provider.
Romania
Do specific privacy and/or data protection laws apply to the provision of telehealth services?
There are no telehealth-specific data protection laws in Romania, however more general privacy legislation may be relevant.
The main piece of legislation on the protection of personal data is Regulation (EU) 2016/679 (GDPR). The GDPR provides specific rules for the processing of data concerning health, which is classified as belonging to a special category of personal data.
Additionally, two national pieces of data protection legislation could also potentially impact the provision of telehealth services: (i) Law no. 190/2018 on implementing measures to Regulation (EU) 2016/679 ("Law 190/2018"), and (ii) Decision no. 174/2018 for establishing the list of the processing operations for which it is mandatory to perform a data protection impact assessment ("Decision 174/2018").
According to Law 190/2018, "the processing of genetic data, of biometric data or of health data for the purpose of automated decision-making or profiling is permitted with the explicit consent of the data subject or if the processing is carried out under explicit legal provisions, with appropriate measures protecting the rights, freedoms and legitimate interests of the data subject". Furthermore, "the processing of health data for the purpose of ensuring public health cannot be subsequently performed for other purposes by third entities".
Pursuant to Decision 174/2018, a data protection impact assessment is required inter alia in the following cases:
- the processing of personal data in order to perform a systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person;
- processing on a large scale of genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation;
- processing on a large scale of personal data of vulnerable persons, through automatic means of systematic monitoring and/or recording of behaviour;
- processing on a large scale of personal data through the innovative use or the implementation of new technologies; and
- processing on a large scale of data generated by devices with sensors that transmit data over the Internet or other means
Romania
How should the cross-border transfer of personal information collected and processed in the course of telehealth services be carried out to ensure compliance with applicable privacy laws?
Cross-border transfers of telehealth data must be carried out in accordance with Chapter V (Transfers of personal data to third countries or international organisations) of the GDPR.
Romania
Are there any currently applicable codes of conduct on the use of telehealth systems and/or security of telehealth data in your jurisdiction?
We are not aware of the existence of such public codes of conduct.
Romania
Are any specific laws, regulations, or self-regulatory instruments expected to be adopted in the near future?
We are not aware.
Romania
