Data Security Obligations

Are there any currently applicable codes of conduct on the use of telehealth systems and/or security of telehealth data in your jurisdiction?

here are no official codes of conduct; however, certain aspects of telehealth are regulated in the law, e.g. in the Regulation of the Minister of Health of 12 August 2020 on the organisational standard of teleporting in primary healthcare.

Last modified 17 May 2021

Poland

Poland

Is the use of telehealth permitted?

Yes, it is expressly stated in the Act of 5 December 1996 on the Professions of Physician and Dentist that professional activities of a physician / dentist may be performed using ICT.

Last modified 17 May 2021

Poland

Poland

How is telehealth regulated?

There is no comprehensive domestic regulation on telehealth – telemedicine is regulated fragmentarily in a few acts of law. Act of 5 December 1996 on the Professions of Physician and Dentist provides a general possibility of rendering the telemedical services. Some other acts regulate certain aspects of telemedical services.

Recently a new the Regulation of the Minister of Health of 12 August 2020 on the organisational standard of teleporting in primary healthcare entered into force and sets forth rules on providing telemedical services within primary care.

Last modified 17 May 2021

Poland

Poland

Are there specific fields of healthcare in relation to which telehealth services are currently available, and do they involve the use of proprietary technology or platforms?

All types of healthcare services may be rendered this way. Obviously, physician must act with due diligence and follow current state of medical knowledge – if telemedical service is not sufficient from the medical standpoint, then the standard visit should occur.

There are no general rules what tools (platforms, apps etc.) should be used while rendering telehealth services.

Last modified 17 May 2021

Poland

Poland

Does the public health system include telehealth services, and if so, are such services free of charge, subsidised or reimbursed? Where the public health system does not include telehealth services, are such services covered by private health insurance?

The public health system includes telehealth services in regard of certain types of healthcare services (e.g. primary health, outpatient services etc.) and subject to certain conditions laid down in the law and ordinances of the President of the National Health Fund.

Last modified 17 May 2021

Poland

Poland

Do specific privacy and/or data protection laws apply to the provision of telehealth services?

There are no specific regulations related to privacy in telehealth services, however general privacy regulations are applicable, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("GDPR") and the Polish Act on Personal Data Protection of 10 May 2018.

The majority of the relevant obligations are established in the GDPR, including a number of obligations of the data controllers, rights of the data subject and legal basis for personal data processing. International data transfers are also regulated, with specific rules on extra-EEA transfers. Furthermore, the GDPR establishes specific rules on disclosing or entrusting the processing of personal data to third parties. All personal data processing activities related to the personal data of EUbased data subjects would need to be compliant with both the GDPR and any local regulations. Additionally, due to the special character of personal data processed (i.e. health data) a high and up-to-date level of organisational and technical safeguards would need to be ensured, in line with Article 32 of the GDPR.

Last modified 17 May 2021

Poland

Poland

How should the cross-border transfer of personal information collected and processed in the course of telehealth services be carried out to ensure compliance with applicable privacy laws?

Under the GDPR (see also Privacy and data protection), transfers of personal data within the EEA are permitted.

However, all extra-EEA transfers need to be based on one of the following: (i) an adequacy decision of the Commission (applicable to a limited number of jurisdictions); (ii) one of the appropriate safeguards under Article 46 of the GDPR, such as standard contractual clauses approved by the Commission ("SCC") or approved binding corporate rules; or (iii) one of the exemptions listed in Article 49 of the GDPR. In addition, as a result of the recent CJEU ruling in the Schrems II case (C-311/18), international transfers based on the SCCs will need to be preceded by an internal analysis of risks of transfer to a particular jurisdiction and necessary safeguards to be introduced by the data controller in order to ensure a safe transfer. The result of such analysis may indicate that SCC alone would be insufficient and additional contractual safeguards are necessary.

Last modified 17 May 2021

Poland

Poland

Are there any currently applicable codes of conduct on the use of telehealth systems and/or security of telehealth data in your jurisdiction?

here are no official codes of conduct; however, certain aspects of telehealth are regulated in the law, e.g. in the Regulation of the Minister of Health of 12 August 2020 on the organisational standard of teleporting in primary healthcare.

Last modified 17 May 2021

Poland

Poland

Are any specific laws, regulations, or self-regulatory instruments expected to be adopted in the near future?

No specific instruments are known / expected at present.

Last modified 17 May 2021

Poland

Poland

Andrzej Balicki

Andrzej Balicki

Partner

DLA Piper Giziński Kycia sp.j.

T: +48 2 2540 7401[email protected]
Piotr Czulak

Piotr Czulak

Senior Associate

DLA Piper Giziński Kycia sp.j.

T: +48 2 2540 7457[email protected]
Jolanta Dąbrowicz

Jolanta Dąbrowicz

Senior Associate

DLA Piper Giziński Kycia sp.j.

T: +48 2 2540 7491[email protected]