506. Ordinance of the Federal Minister of Health, which sets out more detailed rules on health telematics-Health telematics regulation 2013 (GTelV 2013)

On the basis of § 28 (1) of the Health Telematics Act 2012 (GTelG 2012), BGBl. I n ° 111/2012, in the version of the DSG-Novelle 2014, BGBl. I No 83/2013, shall be arranged:

Section 1

General provisions

Subject matter

§ 1. (1) The subject matter of this Regulation is closer to the technical and organisational bases of the health telematics, in particular:

1.		the definition of the roles to be used by health service providers (§ 2),
2.		the procedure for updating the roll catalogue (§ 3),
3.		the definition of cryptographic algorithms to ensure confidentiality (§ 4),
4.		Concretising the registration in or the discharge from the eHealth directory service (§ § 5 to 8) as well as
5.		the definition of requirements for the use of data of the eHealth directory service (§ 9).

(2) The provisions of this Regulation shall not be subject to the provisions of the fourth Section of the GTelG 2012 (Electronic Health Act-ELGA).

Section 2

Roles and confidentiality

Roles

§ 2. (1) In the case of the electronic use of health data, health service providers shall only have those in the Appendix 1 defined roles. Health service providers who operate in several roles shall each have the appropriate role to play in the specific use process.

(2) The Federal Minister of Health may, on the Internet and in the Official Journal of the Wiener Zeitung, provide a more detailed description of the Appendix 1 , in which, in particular, individual rolls are explained or delusions of the rollers are carried out.

Roll Catalog Update

§ 3. (1) Client or service provider according to § 4 of the Data Protection Act 2000 (DSG 2000, BGBl. No 165/1999, as amended), which take the view that their activities do not have a role to play in the Appendix 1 In accordance with Section 9 (3) of the German Telemedia Act (GTelG 2012), the registration of a new role must be applied for by a registration office. The application can be made in electronic form.

(2) A corresponding form shall be used for applications pursuant to paragraph 1, which is to be made available by the Federal Minister for Health on the Internet.

(3) In order to apply for a new role, please state:

1.		Name or name of the applicant,
2.		the postal and electronic accessibility of the applicant,
3.		for legal persons, the name of the contact person,
4.		a detailed description of the services or activities carried out by the applicant/applicant,
5.		the description of the legislation applicable to the provision of those services or the exercise of those activities;
6.		where available, the name of the authority which decides on the authority to carry out the activities or to provide the services under the legislation referred to in Z 5;
7.		any other conditions to be met for the provision of these services or the pursuit of such activities, such as training, reporting or authorisation obligations,
8.		Indication of the reasons why these services or activities of an existing role ( Appendix 1 ) cannot be allocated,
9.		a proposal for the name of the new role, and
10.		an explanation as to why this role has a nationwide relevance, such as an estimation, for how many other clients or service providers according to § 4 DSG 2000 the new role is expected to apply.

(4) The registration authorities shall examine the applications referred to in paragraph 1 for plausibility and, in particular, to determine whether the type of services or activities referred to is complementary to the requirements of the Appendix 1 in order to have a new role. You can carry out further surveys for this purpose. If the plausibility check cannot be completed positively, the applications for improvement are to be returned.

(5) At the end of the examination referred to in paragraph 4, the registration authorities shall:

1.		the request,
2.		the outcome of their audits, and
3.		A recommendation on the way forward
to the Federal Minister of Health.

(6) The Federal Minister of Health has the requested role to be included in the roll catalogue if:

1.		the role is not included in the roll catalog, and
2.		the activities to be carried out within the framework of the proposed role clearly differ from the activities of existing roles.

(7) Applications which do not comply with the criteria set out in paragraph 6 shall be dismissed by the Federal Minister for Health.

Confidentiality

§ 4. The Appendix 2 In any case, these algorithms meet the requirements of § 6 GTelG 2012.

Section 3

eHealth-Directory Service (eHVD)

General for registration

§ 5. (1) The registration of the data of health service providers referred to in § 10 paragraph 1 GTelG 2012 in the eHealth directory service and their delivery shall be carried out by the registration authorities responsible pursuant to § 9 paragraph 3 GTelG 2012.

(2) The Federal Minister of Health shall describe the data formats to be used by the registries as well as the specific technical requirements for the transmissions in accordance with § § 6 to 8 in a specification to be published on the Internet. is published. Amendments to this specification shall be implemented by the registries within six months of the date of their publication.

(3) The specification referred to in paragraph 2 has for simplified notifications in accordance with § 9 paragraph 3 Z 2 lit. a in connection with § 9 para. 4 GTelG 2012 more detailed provisions on

1.		the nature and extent of the data to be reported with regard to the organisational units; and
2.		to include the data to be received by the health service providers, and
3.		to take into account the right of health service providers to provide the information in accordance with § 10 (1) Z 6 GTelG 2012 in relation to the organisational units.

(4) As part of the first-time registration of health service providers in the eHealth directory service, the Federal Minister of Health has to award the unique identifier (OID) in accordance with § 10 paragraph 1 Z 6 GTelG 2012. The health service providers are entitled to determine or amend the symbolic identifier by means of the responsible registry if the requirements in accordance with § 10 (5) GTelG 2012 are complied with in this regard.

Registration by means of transmission from registers

§ 6. (1) Registration agencies pursuant to § 9 paragraph 3 Z 1 GTelG 2012 have to submit to the Federal Minister of Health the data referred to in § 10 para. 1 GTelG 2012 of all health service providers registered in their respective register.

(2) The obligation to transmit in accordance with paragraph 1 shall include all health service providers entitled to carry out the relevant role at the time of transmission.

(3) The transfers pursuant to paragraph 1 shall be carried out on working days from 1 March 2014.

Registration by reporting

§ 7. (1) Registration agencies pursuant to § 9 paragraph 3 Z 2 GTelG 2012 have to submit to the Federal Minister of Health the data referred to in § 10 paragraph 1 GTelG 2012 of the health service providers assigned to their respective impact area.

(2) The obligation to transmit in accordance with paragraph 1 shall include all health service providers entitled to carry out the relevant role at the time of transmission.

(3) The transfer in accordance with paragraph 1 shall be carried out no later than 1 March 2014 at least once a month, but without delay in case of omission of the authority to exercise the role.

Registration by the Federal Minister for Health

§ 8. (1) Health service provider, for which the Federal Minister of Health is responsible in accordance with Section 9 (3) (3) of the GTelG 2012, have the data referred to in § 10 paragraph 1 GTelG 2012 as well as any change in this data, in particular the omission of the data. authority to exercise the role, without delay.

(2) The messages referred to in paragraph 1 may also be reported in the course of a company service portal (§ 1 paragraph 1 of the Corporate Service Portal Act [USPG], BGBl. I n ° 52/2009, as amended), shall be made available to electronic services. The Federal Minister of Health has published the date and the roles for which this service is available on the Internet and in the Official Journal of the Wiener Zeitung.

Using data from the eHealth directory service

§ 9. (1) The Federal Minister of Health may publish the technical requirements as well as the terms of use for the use of data of the eHealth directory service in accordance with § 10 paragraph 7 GTelG 2012 on the Internet.

(2) interested parties in accordance with § 10 paragraph 7 GTelG 2012 have to request in writing to the Federal Minister of Health the transmission of data of the eHealth directory service in writing. At least they have:

1.		the scope of the data,
2.		the exact purpose of the use of the data, and
3.		the nature of the technical use of the data
shall be described.

(3) The transmission of data from the eHealth directory service is only permitted in the form of an overall data collection and only if the transfer recipient/recipient is in contact with the Federal Minister for Health in writing,

1.		to update the data at least once within three working days,
2.		ensuring that the identity and role of health service providers are checked solely on the basis of the eHealth directory service, if the eHealth directory service data is combined with its own data; data provided (§ 4 paragraph 4 Z 2 iVm § 5 Abs. 1 GTelG 2012) and
3.		the periodicity of the updating, the logging of transmissions, the measures to comply with the requirements of Z 2 as well as the compliance with the technical requirements according to paragraph 1 in its IT security concept (§ 8 GTelG 2012) be binding.

Section 4

Final provisions

Publications

§ 10. The Federal Minister of Health has to carry out the publications provided for in this Regulation on the Internet in the public health portal (www.gesundheit.gv.at).

Inforce and external force

§ 11. (1) The Regulation shall enter into force 1. Jänner 2014 in force.

(2) With the end of December 31, 2013, the Health Telematics Ordinance 2012, BGBl, will be taking place. II No 483/2012, except for force. As far as the health telematics regulation, BGBl. II No 451/2008, as amended by the BGBl Regulation. II No 464/2010, it shall also enter into force with effect from 31 December 2013.

Stöger

Appendix 1: Roles

Part 1: Roles for People

1.		Medical doctor for general medicine, accompanied, if appropriate, by the Medical School/Medical Training Order 2006 (ÄAO 2006), BGBl. II No 286/2006, as amended, as applicable, the additional term of the additive compartment in parentheses
2.		Doctor of medicine/Approbate doctor
3.		Specialist medical specialist, with the addition of the professional title (special subject as well as the additive compartment/additive compartments in parentheses), which is applicable in accordance with the provisions of the AAO 2006
4.		Specialist for dentistry, oral and maxilloed medicine
5.		Dentists/dentists
6.		Dentistin/Dentist
7.		Psychotherapist/Psychotherapist
8.		Clinical psychologist/clinical psychologist
9.		Health psychologist/Health psychologist
10.		Music therapist/music therapist
11.		Hebamme
12.		Physiotherapist/Physiotherapist
13.		Biomedical Analyst/Biomedical Analyst
14.		Radiologietechnologin/Radiologietechnologe
15.		Dietetologist/Dietologist
16.		Ergotherapist/Ergotherapist
17.		Logopädin/Logopäde
18.		Orthoptist/orthoptist
19.		Certified health and nurses/certified health care and nurses
20.		Certified Pediatric Nurse/Diploma for Children's Pediatric Nurses
21.		Certified psychiatric health and nurse/diploma in psychiatric health and health care
22.		Healing asseurin/Heilmasseur
23.		Diploma in cardio technician/diploma in cardio technician

Part 2: Roles for Organizations

1.		General hospital
2.		Sonderkrankenanstalt
3.		Nursing home
4.		Sanatorium
5.		Independent Ambulatory
6.		Medical group practice
7.		Dental group practice
8.		Enforcement of criminal measures and measures
9.		Public pharmacy
10.		Care facility
11.		Mobile care
12.		Kuranstalt
13.		Investigation stalt
14.		Tissue Bank
15.		Tissue removal device
16.		Blood donation
17.		Rescue Service
18.		Occupational health centre
19.		Eye and contact lens optics
20.		Hearing aid acoustics
21.		Orthopaedic products
22.		Dental technology
23.		Health management
24.		Public Health Service
25.		ELGA ombudsman
26.		Opposition
27.		Patient representation
28.		Social security
29.		Health care
30.		Health insurance
31.		Settlement Service
32.		ICT Health Service

Appendix 2: Permitted Algorithms

1.		All procedures listed in the Annex of the Signature Ordinance 2008 (SigV 2008), BGBl. II No 3/2008, as amended, are permitted.
2.		Suitable symmetrical methods are:
-			AES (Advanced Encryption Standard) with a key length of 128, 192, or 256 bits [FIPS 197]
-			TDEA (Triple Data Encryption Algorithm) with an effective key length of at least 112 bits [NIST 800-67]
		each in CBC or CTR mode [NIST 800-38A].

Abbreviations (quoted references):

[FIPS 197]	"Advanced Encryption Standard (AES)"; National Institute of Standards and Technology (NIST); Federal Information Processing Standards Publication 197; November 2001.
[NIST 800-67]	"Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher"; National Institute of Standards and Technology; NIST Special Publication 800-67, Revision 1; 2012
[NIST 800-38A]	"Recommendation for Block Cipher Modes of Operation-Methods and Techniques"; National Institute of Standards and Technology; NIST Special Publication 800-38A; 2001.