Privacy and Data Protection

Is the use of telehealth permitted?

Yes, it is expressly stated in the Act of 5 December 1996 on the Professions of Physician and Dentist that professional activities of a physician / dentist may be performed using ICT.

How is telehealth regulated?

There is no comprehensive domestic regulation on telehealth – telemedicine is regulated fragmentarily in a few acts of law. Act of 5 December 1996 on the Professions of Physician and Dentist provides a general possibility of rendering the telemedical services. Some other acts regulate certain aspects of telemedical services.

Recently a new the Regulation of the Minister of Health of 12 August 2020 on the organisational standard of teleporting in primary healthcare entered into force and sets forth rules on providing telemedical services within primary care.

Are there specific fields of healthcare in relation to which telehealth services are currently available, and do they involve the use of proprietary technology or platforms?

All types of healthcare services may be rendered this way. Obviously, physician must act with due diligence and follow current state of medical knowledge – if telemedical service is not sufficient from the medical standpoint, then the standard visit should occur.

There are no general rules what tools (platforms, apps etc.) should be used while rendering telehealth services.

Does the public health system include telehealth services, and if so, are such services free of charge, subsidised or reimbursed? Where the public health system does not include telehealth services, are such services covered by private health insurance?

The public health system includes telehealth services in regard of certain types of healthcare services (e.g. primary health, outpatient services etc.) and subject to certain conditions laid down in the law and ordinances of the President of the National Health Fund.

How should the cross-border transfer of personal information collected and processed in the course of telehealth services be carried out to ensure compliance with applicable privacy laws?

Under the GDPR (see also Privacy and data protection), transfers of personal data within the EEA are permitted.

However, all extra-EEA transfers need to be based on one of the following: (i) an adequacy decision of the Commission (applicable to a limited number of jurisdictions); (ii) one of the appropriate safeguards under Article 46 of the GDPR, such as standard contractual clauses approved by the Commission ("SCC") or approved binding corporate rules; or (iii) one of the exemptions listed in Article 49 of the GDPR. In addition, as a result of the recent CJEU ruling in the Schrems II case (C-311/18), international transfers based on the SCCs will need to be preceded by an internal analysis of risks of transfer to a particular jurisdiction and necessary safeguards to be introduced by the data controller in order to ensure a safe transfer. The result of such analysis may indicate that SCC alone would be insufficient and additional contractual safeguards are necessary.

Are there any currently applicable codes of conduct on the use of telehealth systems and/or security of telehealth data in your jurisdiction?

here are no official codes of conduct; however, certain aspects of telehealth are regulated in the law, e.g. in the Regulation of the Minister of Health of 12 August 2020 on the organisational standard of teleporting in primary healthcare.

Are any specific laws, regulations, or self-regulatory instruments expected to be adopted in the near future?

No specific instruments are known / expected at present.