Documentation In The Outpatient Area

Original Language Title: Dokumentation im ambulanten Bereich

Read the untranslated law here: http://www.ris.bka.gv.at/Dokumente/BgblAuth/BGBLA_2013_II_305/BGBLA_2013_II_305.html

305. Regulation of the Federal Minister of health to the documentation in the outpatient area

According to § 4 paragraph 2, section 5a paragraph 2 and § 6 g of the Federal law on the documentation in healthcare, Federal Law Gazette No. 745/1996, as last amended by the Federal Act Federal Law Gazette I no. 81/2013, is prescribed:

1 section

General information

1. (1) this Regulation applies to the data transfer to the outpatient area in accordance with part B of the Federal Act on the documentation in healthcare. On 1 is the data transfer in the intramural outpatient area a) between State-funded hospitals (hospital carriers), the SV-beams, the main Association of Austrian social security institutions (in the following main Association) and the Federal Ministry of health, as well as b) between hospital institutions, apply the data transfer in the extramural primary care between the SV straps, the Confederation and the Federal Ministry of health the national health fund and the Federal Ministry of health, as well as 2.

(2) this regulation does not apply for the data transfer between providers/performance heritage wrestlers in the out-patient extramural area and the SV vehicles.

2. section

Data transmission and outline of the characteristics

§ Have encrypted 2. all data transfers to be carried out. In addition, the data transmission between the national health fund and the Ministry of health via an Internet application that is operated by the Federal Ministry of health and the transmission of data between the main Association of Austrian social security institutions (Hauptverband) as well as the Pseudonymisierungsstelle decorated with the main Association and the Ministry of health about the SV data hub has to be made.

§ 3. The data transfer must comply with the provisions of annex 1.

4. (1) the data transfers are in accordance with paragraph 2 to 5 of the following record types according to annex 2 and the content therein (characteristics) together: 1 record type A01: contact base data, 2. record type A02: diagnoses, unless this is provided for in the framework of model projects of the Federal Health Agency, and these are published on the website of the Federal Ministry of health, 3. record type A03: services, 4. record type L01 : Master data provider/service provider, 5. record type P01: Provider/service provider, 6 record type P02: pseudonym beneficiaries/service recipients and 7 record type S01: testing and the totals record.

The expression of the contents (characteristics) has to comply with the requirements of Appendix 3.

(2) the data transmission between the makers of hospitals, which are charged on country Health Fund (Fund-KA), and the Land Fund in accordance with § 6a of the Federal Act on the documentation in healthcare has the record types A01, anyway, for all contacts of non-stationary beneficiaries/service recipients to include A02, A03 and S01.

(3) the data transmission between the national health fund and the Ministry of health in accordance with § 6 (b) of the Federal Act on the documentation in healthcare has the record types A01, anyway, for all contacts of non-stationary beneficiaries/service recipients to include A02, A03 and S01.

(4) the data transmission between the Confederation and the Federal Ministry of health pursuant to section 6 c of the Federal Act on the documentation in healthcare has the record types A01, A02, A03, to include L01 and S01 for the out-patient extramural area.

(5) the data transmission between the Pseudonymisierungsstelle decorated with the Confederation and the Federal Ministry of health pursuant to section 6 c of the Federal Act on the documentation in the health care sector has for the out-patient extramural area the set of species P01, P02, S01 and to cover for the intramural outpatient record types P02 and S01.

These are section 5 (1) in the case of missing data of each quarter at the earliest possible date together with one of the following quarter messages to transmit.

(2) in the case of subsequent corrective data to a quarter is to correct the corresponding quarter message and promptly submit in full again.

(3) in the case of later to delete data of the quarter is to clean up the corresponding quarter message and to transmit immediately in full again.

3. section

Generation of the pseudonyms, as well as technical and organizational framework for the Pseudonymisierungen

Section 6 (1) pseudonym of / the supplier/service provider is using the HMAC algorithm from the contractual partner code of / to make the provider/service provider at the social security within a hardware security module (HSM) and then to encrypt within the HSM.

(2) the name of the / the beneficiary/performance recipient is using HMAC algorithm from the sector-specific personal identifier (bPK) for the area of health documentation (GH-GD) within a hardware security module (HSM) to make and then encrypt within the HSM.

(3) the first-time configuration of HSM has to be carried out at the premises of the Pseudonymisierungsstelle decorated with the main Association (as a privacy service provider) in the presence of a representative / a representative of the Federal Ministry for health (as data protection) and supervised by a notified body in accordance with section 19 of the Act of signature. The entire process is recorded.

(4) after the initial configuration in accordance with paragraph 3, the backup copy of the cryptographic key used on a notified body in accordance with article 19 of the law is to pass and from this safe and secret to be kept. The backup copy must be used exclusively on behalf of Federal Minister / the Federal Minister for health and for the following purposes: 1. to restore the configuration of HSM in the event of a fault and 2 for additional required HSM (expansions) configurations.

These configurations have in the premises of Pseudonymisierungsstelle decorated with the main Association in the presence of a representative of the Federal Ministry for health and supervised by a notified body in accordance with section 19 of the Act of signature must be. The entire process is recorded.

7. (1) complying with data protection in the context of the use of pseudonyms and the related processes must be tested by a / an independent/independent external/external reviewer/expert in regular audits and confirmed.

(2) an audit is for the first time before the start of the Pseudonymisierungen according to § 6 and subsequently regularly carry out at least every two years.

(3) the Pseudonymisierungsstelle established the Confederation has to support the conduct of audits by its own personnel and to ensure that the external reviewer/expert receives access to all information necessary for the conduct of audits.

(4) the selection and hiring of / the external reviewer/expert be carried out by the Federal Ministry of health.

4 section

Disposable derivation (hash derivation) the record ID

§ 8. When to apply the not back billable record ID from the recording number and the number in accordance with § 6 b and 6 c of the Federal Act on the documentation in healthcare is the cryptographic hash function SHA-256 algorithm to the disposable derivative (hash derivative).

5. section

Data security measures

§ 9 (1) all institutions involved in reporting about the ambulatory have an IT security concept all in accordance with § 14 data security measures taken to document DSG 2000 and the provisions of this Federal Act. That both correctly accessed as the dissemination of the data and the data are not accessible to unauthorized, must be drawn from this documentation.

(2) the confidentiality of the electronic transmission of health information is thus to ensure that electronic distribution is carried out by health data over networks, which are secured according to the State of the art in network security against unauthorized access, by them at least 1 the protection of traffic by cryptographic or structural measures, 2. network access only for a closed or identifiable user / users group, and 3. the authentication of the user/users provide.

(3) access to the raw data contained in the data warehouse DIAG (§ 4 para 3 of the Federal Act on the documentation in the health sector), including the stored pseudonyms to section 5a paragraph 1 Nos. 1 and § 6 c para 1 No. 2 of the Federal Act on the documentation in the healthcare sector, is exclusively for those in the Federal Ministry of health immediately with the creation and maintenance of the DIAG people employed allowed. The persons authorized to use the DIAG for analysis purposes do not have access to the raw data and the stored pseudonyms to section 5a paragraph 1 Nos. 1 and § 6 c para 1 No. 2 of the Federal Act on the documentation in the healthcare sector.


(4) each institution involved in reporting about the ambulatory has proven to ensure that a non-disclosure agreement issued authorized employee before accessing the data or before using the DIAG every/each.

6 article

Entry into force and transitional provisions

§ 10 (1) is for the first time the data reported for the year 2014 to apply this regulation.

(2) this regulation on data messages in the context of model projects of the Federal Health Agency has by way of derogation from paragraph 1 for the year 2013 to apply. You will 2013 associated record types P01 (pseudonym service provider/service provider) and P02 (pseudonym beneficiaries/service recipient) of the Pseudonymisierungsstelle decorated with the main Association at the latest together with the data message to the 2nd to the data message to the 1st quarter to deliver quarter of 2013 to the Federal Ministry of health.

(3) upon entry into force of this regulation the regulation of the Federal Minister of health on the implementation of § occurs § 6 and 9 of the Federal Act on the documentation in healthcare (health documentation law implementation regulation, Federal Law Gazette II No. 202/2010) override.

Sands