Gesundheitstelematikverordnung 2013 (Gtelv 2013)

Original Language Title: Gesundheitstelematikverordnung 2013 (GTelV 2013)

Read the untranslated law here: http://www.ris.bka.gv.at/Dokumente/BgblAuth/BGBLA_2013_II_506/BGBLA_2013_II_506.html

506. Regulation of the Federal Minister for health, with the detailed regulations for the e-health - applied Gesundheitstelematikverordnung 2013 (GTelV 2013)

On the basis of § 28 para 1 of the Gesundheitstelematikgesetzes 2012 (GTelG 2012), Federal Law Gazette I no. 111/2012, as amended by the amendment to the DSG 2014, Federal Law Gazette I no. 83/2013, is prescribed:

1 section

General terms and conditions

Subject

§ 1 (1) further regulations by technical and organisational foundations of e-health are covered by this regulation, in particular 1 the definition of the roles to be used by health service providers (§ 2), 2. the procedure for updating the role catalog (§ 3), 3. set of cryptographic algorithms to guarantee of confidentiality (§ 4), 4. details of the registration in or the discharge from the eHealth directory service (articles 5 to 8), and 5. the setting of requirements for the use of data of the eHealth directory service (section 9).

(2) not covered by this regulation are regulations on the section 4 of GTelG 2012 (electronic health record - ELGA).

2. section

Roles and confidentiality

Roles

Health service provider have section 2 (1) for the electronic use of health data to use exclusively the roles defined in Appendix 1. Health service providers that operate in multiple roles, each have the appropriate to the specific operation of use of role to use.

(2) the Federal Minister for health may publish a more detailed description of the roles mentioned in annex 1 on the Internet and in the Official Gazette of the Wiener Zeitung, explains in particular individual roles or boundaries of the roles carried out.

Update of the role catalog

3. (1) contractor or service provider pursuant to section 4 of the data protection Act 2000 (DSG 2000, Federal Law Gazette I no. 165/1999, in the currently valid version), which considers, that their occupation of any role can be associated to the annex 1, have to apply for the registration of a new role GTelG 2012 at a Registrar pursuant to § 9 para 3. The submission may be in electronic form.

(2) for applications referred to in paragraph 1, a corresponding form is to use, which can be set by the Federal Minister of health on the Internet available.

(3) when applying for a new role, it shall be indicated: 1. name or designation of the applicant, 2. the postal and electronic accessibility of applicant / claimant, 3. for legal entities is a the name of the contact person, 4. detailed description of the DSD / services provided by the applicant or activities pursued, 5. the designation of the law applicable to the performance of these services or the exercise of these activities , 6 if available, the name of the authority which decides about permission to carry out the activities or the provision of services on the basis of the legislation referred to in Z 5 any other requirements to be fulfilled for the performance of these services or the exercise of these activities are 7, how about training, notification or registration obligations, 8 indication of the reasons why these services or activities an existing role (Appendix 1) can not be associated , 9. a proposal for the designation of a new role, as well as 10 a justification why this role has nationwide relevance, like for example an estimate for how many other clients or service providers in accordance with § 4 DSG 2000 the new role is expected to apply to.

(4) the registrars have the applications referred to in paragraph 1 on plausibility and amended in particular to check whether the addition of Appendix 1 to a new role is required in relation to the type of the mentioned services or activities. You can perform these additional surveys. The validation not completed, are the applications to improve to reset.

(5) after completion of the test in accordance with paragraph 4, the registrars 1 have the application, 2. to transmit the results of their checks, and 3. a recommendation to the further actions of the Federal Minister of health.

(6) the Federal Minister of health has to take the requested role in the role catalog, if: 1 the role in the role catalog is included and the activities to be executed in the context of the proposed role clearly differ 2. from the activities of existing roles.

(7) applications, which do not meet the criteria laid down in paragraph 6, has the Federal Minister of health decision to reject.

Confidentiality

§ 4. The algorithms listed in Appendix 2 meet the requirements of § 6 anyway, GTelG 2012.

3. section

eHealth directory service (eHVD)

General information on the registration

5. (1) the registration in section 10, paragraph 1 GTelG referred to 2012 data by health service providers in the eHealth directory service and their discharge takes place through the pursuant to § 9 para 3 GTelG 2012 registration authorities.

(2) the Federal Minister of health has to describe the data formats to be used by the registration authorities, as well as the specific technical requirements for the submissions referred to in articles 6 to 8 in a specification that is to publish on the Internet. This specification changes are to implement the registration authority within six months after its publication.

(3) the specification referred to in paragraph 2 has Z 2 for simplified declarations referred to in § 9 para 3 lit. (a) in conjunction with § 9 para 4 GTelG 2012 more detailed provisions concerning 1. type and amount of data to be reported with regard to the organizational units, and 2. to contain the data that is to be applied by health service providers as well as 3 the right of initiative of the health service provider for the information pursuant to article 10, paragraph 1 Z 6 GTelG 2012 in relation to the organizational units into account.

(4) the Federal Minister of health has to forgive 6 GTelG Z 2012 within the framework of the first-time registration of health service providers in the eHealth directory service the unique identifier (OID) in accordance with article 10, paragraph 1. The health service provider shall be entitled to set the symbolic identifier means the competent registration authority or change, if in this respect the requirements laid down in article 10, par. 5 2012 GTelG.

Entry through delivery of registers

6. (1) registrars pursuant to § 9 para 3 Z 1 GTelG 2012 have the Federal Minister of health in article 10, paragraph 1 GTelG referred to 2012 data of all health service providers registered in their respective register to submit.

(2) the obligation of transmission referred to in paragraph 1 includes authorized health service providers all at the time of delivery to the perception of their role.

(3) the transfers referred to in paragraph 1 have to be carried out from March 1, 2014, on working days.

Registration message

7. (1) registrars pursuant to § 9 para 3 Z 2 GTelG 2012 have the Federal Minister of health in article 10, paragraph 1 GTelG referred to 2012 data of the health service provider associated with its respective sphere to transmit.

(2) the obligation of transmission referred to in paragraph 1 includes authorized health service providers all at the time of delivery to the perception of their role.

(3) the transfers referred to in paragraph 1 from 1 March 2014 at the latest at least once a month, with the loss of permission to carry out the role immediately, however, must be made.

Entry by the Federal Minister for health

§ 8 (1) have a health service provider, for which according to § 9 para 3 Z competent registration authority is 3 GTelG 2012 of the Federal Minister of health, in article 10, paragraph 1 GTelG 2012 referred data as well as any change of these data, in particular the removal of the permission to carry out the role, immediately to submit.

(2) the notifications referred to in paragraph 1 also in the ways one can in the corporate service portal (§ 1 para 1 of the corporate service portal Act [USPG], Federal Law Gazette I no. 52/2009, in the currently valid version) be made available provided electronic services. The Federal Minister of health has the time and the role for which this service available is to publish on the Internet and in the Official Gazette of the Wiener Zeitung.

Use of data of the eHealth directory service

§ 9 (1) the Federal Minister for health can the technical requirements as well as the terms and conditions for the use of data of the eHealth directory service in accordance with § 10 section 7 2012 publish GTelG on the Internet.

(2) interested parties according to § 10 para 7 GTelG 2012 have to apply for the transmission of data of the eHealth directory service in writing with the Federal Minister of health. In this, they are at least: 1. the amount of data, 2. the exact purpose of using the data, and 3. the way of the technical use of the data to describe.

(3) the transmission of data of the eHealth directory service is exclusively in the form of a total inventory of data and only permissible, if the delivery recipient / the delivery recipient to the Federal Minister of health in writing committed, 1 at least once within three business days to update the dataset, 2.

at a possible linking of data of the eHealth directory service with its own data to ensure that the examination of identity and role of health service providers exclusively based on the data provided by the eHealth directory service (§ 4 para 4 No. 2 in conjunction with article 5, paragraph 1 GTelG 2012) and 3. the periodicity of updating, the logging of transfers, the measures taken to comply with the requirements according to no. 2, as well as to comply with the technical requirements laid down in paragraph 1 in its IT security concept (§ 8 GTelG 2012) to set binding.

4 section

Final provisions

Publications

§ 10. The Federal Minister of health has to make the publications provided for in this regulation on the Internet in the public health portal (www.gesundheit.gv.at).

Entry into force and expiry

11. (1) the regulation with 1 January 2014 into force.

(2) with expiry of the 31 December 2013 enters the Gesundheitstelematikverordnung 2012, Federal Law Gazette II No. 483/2012, override. As far as the Gesundheitstelematikverordnung, Federal Law Gazette II No. 451/2008 is in the version of regulation BGBl. II Nr 464/2010, still in force, is it also at the end of 31 December 2013 override.

Sands

Appendix 1: Roles

Part 1: II roll sleeps 1 doctor of general medicine, if necessary, enclosing according to doctors - doctors training regulations 2006 (ÄAO 2006), Federal Law Gazette No. 286/2006, in the current version, applicable additional designation of the additive compartment in parentheses 2. medical doctor / certified doctor 3. specialist/specialist, enclosing the 2006 true according to ÄAO occupation (special compartment as well as additional designation the additive compartment / the additive compartments in parentheses) 4 specialist/specialist in dental , Oral and maxillofacial surgery 5 dental/dentist 6 Dentistin/dentist 7 psychotherapist/psychotherapist 8 clinical psychologist/clinical psychologist 9 health psychologist/health psychologist 10 music therapist/music therapist 11 midwife 12 physiotherapist/physical therapist 13 biomedical analyst/biomedical analyst 14 Radiology technologist/Radiology technologist of 15 dietician/nutritionist of 16 occupational therapist/Ergotherapeut 17 speech therapist/speech therapist 18 orthoptist/orthoptist of 19 qualified health and nurse/certified health and nurse 20 certified pediatric nurse/certified children nurse 21 qualified mental health and psychiatric nurse/certified health and nurse 22 healing masseuse/therapist 23 qualified Kardiotechnikerin/graduate Kardiotechniker part 2: roll 2. 3 Sonderkrankenanstalt for organizations 1 General Hospital nursing home 4. sanatorium 5 independent Clinic 6 medical group practice 7 dental group practice 8 criminal and enforcement 9 community pharmacy 10 care facility 11 mobile care 12 Spa 13 research institution 14 tissue bank 15 tissue sampling device 16 blood establishment 17 rescue 18 Arbeitsmedizinisches Centre 19 eye and contact lens optics 20 hearing aid acoustics 21 orthopedic products 22 dental technology 23 24 public health management health service of 25 ELGA ombuds office 26 contradiction point 27 advocacy 28 29 social security health care 30.
Health insurance 31 clearing service 32. ICT health services Appendix 2: permissible algorithms 1.
All procedures, which annexed the signature Ordinance 2008 (SigV 2008), Federal Law Gazette II No. 3/2008, in the currently valid version, stated, are allowed.

2. as a symmetric algorithms are suitable: - AES (advanced encryption standard) with a key length of 128, 192, or 256 bits [FIPS 197] - TDEA (triple data encryption algorithm) with an effective key length of at least 112 bits [NIST 800-67] in CBC or CTR mode [NIST 800-38A].

 

Abbreviations (cited references):



[FIPS 197]



Advanced Encryption Standard (AES); National Institute of standards and technology (NIST); Federal information processing standards publication 197; November 2001.



[NIST 800-67]



"Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher"; National Institute of standards and technology; NIST Special Publication 800-67, revision 1; 2012



[NIST 800-38A]



"Recommendation for Block Cipher Modes of Operation - Methods and Techniques"; National Institute of standards and technology; NIST Special Publication 800-38A; 2001.