111. Federal law, which enacted a health telematics law in 2012 and the General Social Insurance Act, the Industrial Social Security Act, the Farmers ' Social Insurance Act, the Official Health Insurance and Accident Insurance Act, the Genetically modified law and the Penal Code (Electronic Health Act-Law-ELGA-G)

The National Council has decided:

table of contents

Art.	Subject matter

1	Health telematics law 2012
2	Amendment of the General Social Insurance Act
3	Amendment of the Industrial Social Insurance Act
4	Amendment of the Farmers-Social Security Act
5	Amendment of the Staff Regulations-Health and Accident Insurance Act
6	Amendment of the Gentechnikgesetz
7	Amendment of the Criminal Code

Article 1

Federal law on data security measures for the use of electronic health data (Health telematics law 2012-GTelG 2012)

table of contents

§

Heading

1. Section: General provisions

1	Subject matter
2	Definitions

Section 2: Data security in the electronic transmission of health data

3	Principles of data security
4	Identity
5	Role
6	Confidentiality
7	Integrity
8	IT security concept

3. Section: Information Management

9	EHealth directory service organization (eHVD)
10	EHealth Directory Service Data
11	Monitoring
12	Fundamentals of cross-border healthcare

4. Section: Electronic Health Act (ELGA)

13	General provisions on the Electronic Health Act
14	Principles of data usage
15	Principles of ELGA participation
16	Rights of the ELGA participants
16a	e-Medication
17	ELGA ombudsman
18	Verification of the identity of participants
19Review of the identity of ELGA health service providers and the ELGA	Ombudsman
20	Storage of ELGA health data
21	Authorization system
22	Logging system
23	Zugangsportal
24	Rights of use to ELGA

Section 5: Final provisions

25	Administrative penalty provisions
26	entry into force
27	Transitional provisions
28	Regulation and directives
29	Release and entry into force of regulations
30	References
31	Enforcement

Section 1

General provisions

Subject matter

§ 1. (1) The subject matter of this Federal Act is the use (§ 4 Z 8 of the Data Protection Act 2000 [DSG 2000], BGBl. No 165/1999) Personal electronic health data provided by the health service providers in accordance with § 2 (2) (2).

(2) Objectives of this Federal Act are:

1.		to develop data security by means of national minimum standards in the use of electronic health data in directed and undirected communication and to prevent data misuse (2). Section),
2.		to create and disseminate the information needed for the development and management of health telematics (3. Section) and
3.		uniform rules for the undirected communication of electronic health data, in particular in ELGA (§ 2 Z 6), with special regard to the following:
a)			Participants/rights (§ 16), in particular the self-determination of the ELGA participants,
b)			Verification of the identity of participants (§ 18),
c)			Verification of the identity of ELGA health service providers (§ 19),
d)			individual and general access rights (§ 21) as well as
e)			Documentation and readability of the use of ELGA health data (§ 22)
		(4) Section).

(3) Unless this federal law contains any special provisions, other legislation shall remain unaffected.

Definitions

§ 2. In the sense of this federal law,

1.		"health data" means personal data according to § 4 Z 1 DSG 2000 on the physical or mental state of a person, including those related to the collection of the causes of such sensitivity and the provision of care, or Supply, diagnosis, therapy or care methods, care, prescribed or mediated medicinal products ("medication data") , medical remedies or aids, the offsetting of health services or the data collected for the insurance of health risks.
2.		"Health Service Providers" ("GDA") : Client or service provider in accordance with § 4 of the German Data Protection Act 2000, who regularly use health data in electronic form for the following purposes in a role according to the regulation adopted pursuant to § 28 (1) (1) (1) (1):
a)			medical treatment or care, or
b)			Nursing care or
c)			Accounting for health services, or
d)			insurance of health risks, or
e)			Perception of patient/inn/en/right.
3.		"IT security concept" means the sum of all data security measures of a health service provider, which are necessary and appropriate for the protection of personal data, in particular of sensitive data, in the sense of § 14 DSG 2000.
4.		"Registration sites" means those bodies which lead the directories pursuant to § 9 para. 3 Z 1 or are listed in § 9 para. 3 Z 2 and 3.
5.		"Role": classification of health service providers according to the nature of their areas of activity, their employment, their operational purpose or their service provision.
6.		"Electronic Health Act" ("ELGA") : an information system providing all authorised ELGA health service providers (Z 10) and ELGA participant/inn/n ELGA health data (Z 9) in electronic form in a local and time-independent manner (undirected communication).
7.		"Data Store" ("Repository") : technical infrastructure used for the storage of ELGA health data.
8.		"electronic references to ELGA health data": electronic information in ELGA on the nature and location of ELGA health data.
9.		"ELGA Health Data" means the following personal data, which could be essential for the further treatment, care or assurance of the continuity of supply of ELGA participants and may be used in ELGA:
a)			medical documents, including any image data in a standardised form, in accordance with Section 28 (2) (1), the health data according to Z 1, with the exception of data solely responsible for the offsetting of health services; or health-related insurance services, such as:
aa)				Letters of dismissal according to § 24 paragraph 2 of the German Hospital and Kuranstaltengesetz (KAKuG), Federal Law Gazette (BGBl). No 1/1957,
bb)				laboratory findings,
cc)				Findings of imaging diagnostics as well as
dd)				further medical findings in structure and format in accordance with § 28 para. 2 Z 3 lit. a,
b)			Media data according to Z 1 concerning prescription and non-prescription medicines ("e-medication"),
c)			Patients 'decrees (§ 2 para. 1 of the Patients' Disposal Law, BGBl. I No 55/2006),
d)			Precautionary measures (§ 284f of the General Civil Code, JGS. 946/1811),
e)			Data from the registries according to § § 73 and 73a of the Medical Devices Act (MPG), BGBl. No 657/1996, and
f)			Patient data according to Art. 14 para. 2 lit. b sublit. (i) Directive 2011 /24/EU on the exercise of patients ' rights in cross-border healthcare ("patient summary"),
		where secrets according to § 10 para. 4 KAKuG, data of this kind, if used by other health service providers, as well as records of results according to § 71a paragraph 2 of the Gentechnikgesetz (GTG), BGBl. No 510/1994, are in no way ELGA health data.
10.		"ELGA Health Service Provider" ("ELGA-GDA") are the following health service providers (Z 2):
a)			Members of the medical profession according to § 3 of the Medical Law 1998 (PhysicteG 1998), BGBl. I n ° 169/1998, also in the exercise of a medical profession in the form of cooperation as a self-employed professional group practice, with the exception of:
aa)				Doctors and doctors who fulfil the duties of the principal and supervisory service of the social insurance institutions,
bb)				Doctors and doctors who have to assess the fundamentals of insurance relationships and the resulting claims,
cc)				Occupational physicians (§ 81 of the Employees ' Protection Act, BGBl. N ° 450/1994),
dd)				Official doctors and medical officers (§ 41 Medical Association 1998),
ee)				physicians and physicians who are involved in determining the suitability for military service, and
ff)				School doctors and school doctors (§ 66 of the school teaching law, BGBl. No 472/1986),
b)			Members of the dental profession (§ 5 of the Dentist Act [ZÄG], BGBl. I n ° 126/2005), also in the exercise of the dental profession in the form of cooperation as a self-employed professional group practice, with the exception of:
aa)				Dentists and Dentists (§ 60 ZÄG),
bb)				Official dentists and dental surgeons (§ 32 ZÄG),
cc)				Dentists and dentists who fulfil the duties of the principal and supervisory service of the social insurance institutions, as well as
dd)				Dentists and dentists who have to assess the fundamentals of insurance relationships and the resulting claims,
c)			Pharmacies according to § 1 of the pharmacy law, RGBl. 5/1907,
d)			Hospitals according to § 1 KAKuG, excluding self-employed outpatient clinics (§ 2 para. 1 Z 5 KAKuG) in the field of occupational medicine and
e)			Care facilities, the operation of which is subject to a reporting, notification or authorisation requirement according to federal or state regulations, as well as to regulatory supervision or control.
11.		"ELGA system partner": the federal government, the federal states and the main association of the Austrian social insurance institutions (hereinafter referred to as the "Hauptverband").
12.		"ELGA participants": natural persons who fulfil the conditions of participation in § 15 and for which electronic references to ELGA health data (Z 9) in question may therefore be included.
13.		"Reference Register" ("Registry") : a register which, within the framework of ELGA, is used to record electronic references to ELGA health data (Z 9).
14.		"ELGA ombudsman": the body that advises and supports ELGA participants in the exercise and enforcement of their rights in matters of ELGA and in matters of data protection, as well as the ELGA system partners in the further development of participants/interiors/rights and data protection.
15.		"Appeals" means those bodies against which a general contradiction can be made in writing by ELGA participant/s.

Section 2

Data security in the electronic transmission of health data

Principles of data security

§ 3. (1) This section applies to all forms of electronic transmission of health data (directed and undirected communication) by health service providers (§ 2 Z 2).

(2) (4) (3) to (6) and § § 5 to 7 shall not apply to the electronic transmission of health data within a health service provider if, by means of effective and state-of-the-art data security and data security, and Control measures may be excluded from access to health data and thus to the knowledge of unauthorised third parties.

(3) The admissibility of health data should be used by means of rolls. Health service providers have technical means to ensure that there is no use of health data outside the allowed roles.

(4) Health service providers may disclose health data only if:

1.		the transfer to a purpose specified in § 9 DSG 2000 is permitted and
2.		the identity (§ 4) of those persons whose health data are to be passed on, and
3.		the identity (§ 4) of the health service providers involved in the transfer has been established; and
4.		the roles (§ 5) of the health service providers involved in the transfer have been established; and
5.		the confidentiality (§ 6) of the continuing health data is guaranteed; and
6.		the integrity (§ 7) of the continuing health data is guaranteed.

Identity

§ 4. (1) In the case of the passing on of health data, the identity (§ 2 Z 1 of the eGovernment Act [E-GovG], BGBl. I n ° 10/2004) for those persons whose health data are to be passed on.

(2) In the case of undirected communication, it is also possible to prove and verify the unique identity (§ 2 Z 2 E-GovG) of persons whose health data is to be passed on.

(3) The patient index according to § 18 may be used to check the unique identity (§ 2 Z 2 E-GovG) of persons whose health data are to be passed on outside of ELGA (4). Section) is used.

(4) Proof and verification of the unique identity (§ 2 Z 2 E-GovG) of health service providers have

1.		through the use of electronic signatures, which must be traceable to qualified certificates, as well as area-specific personal identifiers (§ 9 E-GovG), or
2.		by electronic comparison with the eHealth directory service (§ 9) or
3.		by electronic comparison with the health service provider index (§ 19)
shall be made.

(5) For reasons of patient/inn/en/safety, the unique identity shall be:

1.		of persons whose health data are to be passed on, and
2.		health service providers,
with the help of the unique electronic identifiers according to § 8 E-GovG.

(6) In order to facilitate identification in the area of health (§ 9 para. 1 E-GovG), § § 14 and 15 E-GovG are not to be applied via the use of the citizen card function in the private sector. Instead, the provisions of the E-GovG, which apply to contracting entities of the public sector, such as in particular § § 8 to 13 E-GovG, are to be applied in a reasonable manner. As a result, the healthcare service providers are in particular entitled to demand the provision of their data applications with bPK according to § 10 para. 2 E-GovG from the root number register authority.

Role

§ 5. (1) Proof and examination of the role of health service providers shall be carried out in accordance with Section 4 (4).

(2) The Federal Minister of Health has to lay down these roles in accordance with Section 28 (1) (1) (1) of the Regulation.

Confidentiality

§ 6. (1) Confidentiality in the electronic transmission of health data shall be ensured by either:

1.		the electronic transmission of health data is carried out via networks which, in accordance with the state of the art in network security, are secured against unauthorised access by at least
a)			the protection of data traffic by means of cryptographic or structural measures,
b)			the access to the network exclusively for a closed or a definable user/group,
c)			the authentication of the users
		, or
2.		protocols and procedures,
a)			that will result in complete encryption of health data, and
b)			whose cryptographic algorithms are listed in the regulation in accordance with § 28 (1) (2) (2).

(2) In the case of the electronic transmission of health data in accordance with paragraph 1 (2), the information which may be excluded from the encryption shall not be allowed to provide information on the data subjects (§ 4 Z 3 DSG 2000), whose health data are passed on, nor on any authentication data.

(3) It is necessary to ensure that the storage of health data in data storage provided by an operator on a demand-oriented basis ("cloud computing") is carried out only if the health data is provided with one of the following: Current state of the art procedures (para. 1 Z 2) have been encrypted.

Integrity

§ 7. (1) The verification and verification of the integrity of electronic health data shall be due to the use of advanced or qualified electronic signatures in accordance with § 2 Z 3 of the Signature Act (SigG), BGBl. I No 190/1999.

(2) Paragraph 1 shall not apply to the electronic transfer of health data between healthcare service providers if a network secured according to the state of the art is used in accordance with Article 6 (1) Z 1 and access to This network is only possible for health service providers, which are well known in advance.

IT security concept

§ 8. (1) Health service providers shall, on the basis of an IT security concept, document all data security measures taken pursuant to § 14 DSG 2000 and the provisions of this Federal Act. This documentation must show that both access and disclosure of the data are properly carried out and that the data are not accessible to unauthorized persons.

(2) The legal entities of hospitals as well as the supervisory or control authorities of institutions of care, the Austrian Medical Association, the Austrian Dentistry Chamber, the midwifery body, the Austrian Pharmacists ' Chamber, the The Austrian Economic Chamber and the main association may provide standardised forms and filling aids for the documentation provided for in paragraph 1 in support of those healthcare service providers for which they are responsible for the registration in accordance with § 2 Z 4.

(3) The documentation referred to in paragraph 1 shall be communicated to the Federal Minister of Health at the request of the Federal Minister for Health.

Section 3

Information Management

EHealth directory service organization (eHVD)

§ 9. (1) The Federal Minister for Health has the

1.		support for the permitted use of health data in electronic form,
2.		improving information on health-related services, and
3.		Support for planning activities and for reporting (§ 11)
to run an eHealth directory service (eHVD).

(2) Health service providers shall be entered by the registration offices in the eHVD.

(3) The registration of the data referred to in § 10 paragraph 1 in the eHVD and its discharge from the eHVD is carried out:

1.		through current electronic transmission from:
a)			the list of doctors in accordance with § 27 of the Medical Act 1998,
b)			the dental list in accordance with § 11 ZÄG,
c)			the Hebammenregister according to § 42 of the Hebammengesetz, BGBl. No 310/1994,
d)			the pharmacy list according to § 2 paragraph 4 Z 12 of the Pharmacerkammergesetz 2001, BGBl. I No 111/2001,
e)			the list of clinical psychologists and health psychologists according to § 16 of the Psychological Law, BGBl. No 360/1990,
f)			the Psychotherapist List according to § 17 of the Psychotherapy Act, BGBl. No 361/1990,
g)			the music therapist list according to § 19 of the Musiktherapiegesetz, BGBl. I No 93/2008, and
h)			The Kardiotechnikerliste according to § 19 of the Kardiotechnikergesetz (Kardiotechnikergesetz), BGBl. I No 96/1998 or
2.		due to electronic reporting
a)			of a health service provider already registered in the eHVD, via its own sub-organizational units,
b)			of the provincial capitals on those in their federal state or of the district administrative authorities on the
aa)				, amended and repealed permits issued to health service providers, or
bb)				otherwise indicated activities of health service providers,
c)			the main association of the insurance institutions which are included in it, and
d)			the legal entities of health care institutions, or
3.		by the Federal Minister of Health for all other health service providers.

(4) The facilitation of the notification in accordance with paragraph 3 Z 2 lit. a may be used by health service providers who are not natural persons only if they store their organisational structure internally and are guaranteed that:

1.		this organizational structure is present in current form,
2.		a natural person can be held responsible for all health data produced,
3.		the stored organization data cannot be changed without a trace, and
4.		the date of the storage of the organizational data remains verifiable and cannot be changed without a trace.

(5) The registration authorities have the technical and organisational requirements for

1.		the entry in accordance with paragraph 3, and
2.		the clarification of cases of doubt as regards data quality
to create.

EHealth Directory Service Data

§ 10. (1) The following data shall be included in the eHVD:

1.		the name and academic grade or name of the health service provider;
2.		the name of the legal entity where the health service provider is not a natural person,
3.		Indicators of the health service provider, including the unique electronic characteristics according to § 8 E-GovG,
4.		Information on the professional, postal and electronic accessibility of the health service provider,
5.		the role (s) and special powers or characteristics of the health service provider;
6.		the unique identifier (OID) and the symbolic identifier,
7.		the nationality of the health service provider;
8.		the information required for the encryption of health data or the electronic address at which such information can be found;
9.		the indication of whether it is an ELGA health service provider,
10.		Information on geographical location of the health service provider,
11.		information on the range of services provided by the health service provider;
12.		the name of the registration office pursuant to § 2 (4) (4) from which the data were submitted to the eHVD and, where appropriate, the name of the source of origin of the data; and
13.		the date of the inclusion of the data in the eHVD as well as the date of the last correction.

(2) By way of derogation from paragraph 1, information on electronic availability (par. 1 Z 4) and the information relating to paragraph 1 (1) (8) and (11) only to the extent that they are to be included in the eHVD as they are transmitted by the registration authorities.

(3) The information on special powers or properties referred to in Section 1 (5) and (1) (6), (9), (10), (12) and (13) shall be supplemented by the Federal Minister of Health.

(4) For the clear electronic identification of health service providers (para. 1 Z 3), which are natural persons, have to use registrats of domain-specific persons identification marks. In addition to the information provided in section 1, the date of birth, sex and place of birth of the registration office shall not be made available by the registration authorities to the area-specific personal identifiers. where the latter is available and is required for identification purposes.

(5) The unique identifier referred to in paragraph 1 Z 6 (OID and symbolic identifier) is based on the ÖNORM A 2642, "Information Technology-Communication of open systems, procedures for the registration of information objects in Austria" of 1. January 2011 from the identifier (OID) of the Federal Ministry of Health to be derived. The data referred to in paragraph 1 (1) to (7), (12) and (13) may be transmitted by the Federal Minister of Health to an optional system for the award and administration of object identifiers.

(6) The data contained in the eHVD are, with the exception of the identifiers and the nationality of the health service provider (paragraph 1). 1 Z 3 and Z 7) and those data which are excluded from publication by virtue of existing legislation, are available to the public and, where necessary, also be made available in English.

(7) The Federal Minister for Health may transmit the data stored in the eHVD pursuant to paragraphs 1 to Z 1 to 6, 8, 12 and 13 to health service providers or their service providers in the scope of the needs to be detected. The communication recipients may use the data exclusively for purposes in accordance with § 9 (1) (1) (1) (1).

Monitoring

§ 11. (1) The Federal Minister of Health can evaluate the use and impact of information and communication technologies in the health sector-taking into account the requirements of the European environment-a nationwide Set up reporting systems which, on the basis of standardised specifications, provide information, in particular, on:

1.		the availability of technical infrastructure, including the communication infrastructure;
2.		the nature and extent of the health telematics applications and procedures used, and
3.		the economic framework conditions of the health telematics
.

(2) The nature and extent of the related surveys can be determined on the basis of role-specific features with varying degrees of detail.

(3) The Federal Minister of Health shall submit the report in accordance with paragraph 1 to the National Council and shall be entitled, the results of this report shall also be submitted for reporting to bodies of the European Union or to other international bodies. Organizations.

(4) Health service providers, as well as all other bodies with information on the use of information and communication technologies in the healthcare sector, shall be obliged to draw up a report as referred to in paragraph 1 above. to provide the necessary information or to make the required documents available.

Fundamentals of cross-border healthcare

§ 12. The Federal Minister of Health has to support the continuity of treatment and patient/inn/en/safety across borders and to provide the necessary, in particular technical basics.

Section 4

Electronic Health Act (ELGA)

General provisions on the Electronic Health Act

§ 13. (1) The use of the Electronic Health Act fulfils an important public interest in accordance with Article 8 (4) of Directive 95 /46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23.4.1995, p. No. OJ L 281, 23.11.1995 p. 31. This important public interest in the use of ELGA arises in particular from:

1.		an improved, faster availability of medical information that leads to a quality increase in diagnostic and therapeutic decisions, as well as treatment and care,
2.		the increase in the quality of processes and results of health services,
3.		the development of integrated care and intersectoral interface management in the public health sector,
4.		the maintenance of high-quality, balanced and generally accessible health care,
5.		the strengthening of patient/inn/en/rights, in particular the rights of information and legal protection in accordance with DSG 2000, in the use of personal data and
6.		a contribution to the maintenance of the financial balance of the social security system.

(2) ELGA health service providers have the right to store ELGA health data in ELGA for the purpose of fulfilling the purposes set out in § 14 para. 2 and taking into account the respective professional duties (e.g. § 49 (1) Medical Act 1998; § 10 Pharmacy Operating Regulations 2005, Federal Law Gazette (BGBl). II No 65/2005), unless otherwise provided in this Federal Act, such as by the exercise of ELGA participants/rights in accordance with § 16.

(3) In order to ensure the objectives set out in paragraph 1 above, in ELGA at the earliest from the dates specified in § 27 (2) to (6) and at the latest from the point in time pursuant to § 28 (2) (4), to be stored:

1.		Letters of dismissal (§ 2 Z 9 lit. a sublit. aa) by hospitals (§ 2 Z 10 lit. (d)
2.		Laboratory findings (§ 2 Z 9 lit. a sublit. (bb) by members of the medical profession (§ 2 Z 10 lit. (a) provided that these specialists are in the special subjects medical-chemical laboratory diagnosis or hygiene and microbiology, as well as by hospitals (§ 2 Z 10 lit. (d) in the context of outpatient treatment,
3.		Findings of diagnostic imaging by members of the medical profession (§ 2 Z 10 lit. (a) provided that these specialists are the special subject of radiology, as well as by hospitals (§ 2 Z 10 lit. (d) in the context of outpatient treatment,
4.		Medication data (§ 2 Z 9 lit. (b) in so far as it is based on trade name or Active substance, by members of the medical profession (§ 2 Z 10 lit. (a) in the Regulation,
5.		Medication data (§ 2 Z 9 lit. (b) in so far as it is based on trade name or Active substance, by pharmacies (§ 2 Z 10 lit. (c) and hospital-leading physicians and doctors in charge of the levy;
6.		Other findings (§ 2 Z 9 lit. a sublit. (dd) according to § 28 (2) (3) and (4)

(4) Alldue image data (§ 2 Z 9 lit. (a) shall be stored in ELGA only and to that extent only, as deemed necessary by the ELGA health service provider.

(5) The ELGA system partners have to make available ELGA, taking into account the necessary safety requirements, in such a way that the connection of ELGA to the ELGA participant/in/n and the ELGA health service provider users-and User-friendly, in particular by easy-to-handle, effective search and filter functions optimized for medical criteria.

(6) The ELGA system partners and the ELGA health service providers, where appropriate represented by the respective legal representation of interests, shall have, in accordance with their respective concerns, with due regard to the economic representability and the status of the Technology, parameters that are essential for user and user-friendliness, to be determined together. The relevant and technical questions and parameters are to be agreed with the Austrian Chamber of Commerce prior to the establishment of the agreement.

(7) For reasons which are not indebted by the ELGA health service provider, it is not technically possible to use ELGA in the specific individual case, or is the life or health of the person by the time spent in search of the ELGA participants are seriously threatened, the ELGA health service provider is not obliged to identify ELGA health data by means of ELGA.

Principles of data usage

§ 14. (1) The use (storing and identifying) of ELGA health data shall be permitted only if:

1.		The ELGA participants (§ 15 para. 1) have been clearly identified in accordance with § 18,
2.		the ELGA health service providers or the ELGA ombudsman body have been clearly identified in accordance with § 19 and
3.		The ELGA health service provider or the ELGA ombudsman pursuant to § 21 on the use of the ELGA health data is authorized.

(2) ELGA health data made available by ELGA may be used solely for personal use.

1.		For health purposes in accordance with § 9 Z 12 DSG 2000, except for the management of health services, of
a)			The ELGA participant/in treating or supervising ELGA health service providers,
b)			ELGA health service providers, to which an ELGA participant has been assigned for treatment or care by an ELGA health service provider in accordance with lit a, and
c)			Persons who are the persons in lit. (a) and (b) to assist health service providers in the performance of their activities and, in the specific case, have been instructed to do so; or
2.		for the perception of the participants/rights pursuant to § 16 of
a)			ELGA participant,
b)			their legal or authorised representatives, and
c)			the ELGA ombudsman (§ 2 Z 14)
shall be used.

(2a) The perceptions of the participants/rights pursuant to § 16 shall apply from the completion of the 14. Year of age (culminating minors) exclusively to the ELGA participant.

(3) The request, access to and use of ELGA health data made available by ELGA is, in any case, prohibited:

1.		Persons or entities which are neither ELGA health service providers (§ 2 Z 10) nor ELGA ombudsman (§ 2 Z 14),
2.		ELGA health service providers who are not involved in the treatment or care of an ELGA participant/an ELGA participant,
3.		ELGA health service providers, if the conditions set out in paragraph 1 are not met,
4.		The ELGA ombudsman, if it is not involved in the advice or support of an ELGA participant,
5.		Employer/in/n, Employers, Personnel Consultants/
6.		insurance undertakings,
7.		holders of statutory social security and health and accident insurance institutions, provided that they are not involved in the treatment or care of an ELGA participant (s) under (2) and (3a);
8.		administrative authorities and courts, and
9.		other natural and legal persons who are not expressly entitled to do so under this Federal Act, and for all purposes which are not expressly designated as admissible in this Federal Act.

(3a) ELGA health service providers who are involved in or are employed by employers or employees and in the treatment or care of ELGA participants who are their workers or are employed by them, shall be entitled to: Use ELGA health data only if it is

1.		These ELGA participants have previously expressly referred to the participants/rights pursuant to § 16 and
2.		have ensured, by means of technical means, that only persons within ELGA health service providers can access the ELGA health data in the specific treatment or care process of the relevant ELGA participant/der The relevant ELGA participant.

(4) ELGA health service providers, the ELGA ombudsman and its service providers and employees-these are employees (employees) and persons in a employee-like relationship (employee-like) To keep secret health data entrusted to them on the basis of their professional employment, or which have become accessible to them, without prejudice to any other statutory duty of confidentiality.

(5) The Federal Minister for Health shall be responsible for the reporting obligation pursuant to § 17 DSG 2000 for the ELGA health service providers.

Principles of ELGA participation

§ 15. (1) ELGA participants are all natural persons who

1.		are recorded in the patient index according to § 18 and thus in any case those persons who are in the data applications of the main association according to § 31 paragraph 4 Z 3 lit. a ASVG or the supplementary register according to § 6 paragraph 4 E-GovG and
2.		have not objected to an ELGA participation (par. 2).

(2) Participation in ELGA may be revoked at any time in general (opt-out). It should be stated whether this contradiction should refer to all or individual types of ELGA health data (§ 2 Z 9). This general contradiction can be

1.		in writing, against appeals to be determined in accordance with Article 28 (2) (7) (7) (7), or
2.		take place electronically via the access portal (§ 23),
in any case, however, that the unique identity of the person who does not wish to participate in ELGA can be considered as well as the authenticity of the communication. The contradiction must be confirmed. The Federal Minister of Health has to set up an appeal body by means of a regulation (Section 28 (2) (7)). In particular, detailed rules should be laid down for the performance of their tasks and for ensuring the participants/interior/rights.

(3) All references and ELGA health data, including medication data, which are present in the ELGA reference registers up to the time of the objection in accordance with paragraph 2 of the ELGA reference registers, shall be deleted; if the deletion is due to other The references to ELGA must be made inaccessible to the public.

(4) General contradictions (opt-out) in accordance with paragraph 2 may be revoked at any time. As long as there is a valid objection, no references to ELGA health data accessible to ELGA may be stored in accordance with § 20 para. 2 first sentence. For periods of valid objection as referred to in paragraph 2 or § 16 para. 2 Z 2 does not have any legal right to a subsequent inclusion of references to ELGA-health data.

Rights of the ELGA participants

§ 16. (1) ELGA participants have the right to do so electronically by way of the access portal (§ 23) or in writing to the ELGA ombudsman (§ 17)

1.		Information on the ELGA health data concerning them as well as log data pursuant to section 22 (2), as well as
2.		individual access rights in accordance with section 21 (3), by means of
a)			Show or hide electronic references and ELGA health data, including medication data for ELGA health service providers, and delete them; if deletion is due to other legal documentation obligations or § 22 (5) Z 1 , the references to ELGA shall be inaccessible, or
b)			Shorten time periods for existing access rights in accordance with § 18 (6) or
c)			Establish an ELGA health service provider of special trust with the consent of the health service provider in accordance with section 18 (7).

(2) ELGA participants have the right to the treating or supervising ELGA health service providers.

1.		the inclusion of medication data (§ 2 Z 9 lit. (b) as well as references to ELGA health data (§ 2 Z 9 lit. (a) to require, pursuant to § 20 (2), first sentence in conjunction with Section 13 (3) and (4), and
2.		to object to the inclusion of electronic references and ELGA health data, including individual medication data for a treatment or care case, unless this is due to other statutory documentation obligations is excluded. This is the right of the ELGA participant, in particular with regard to ELGA health data, which are available on
a)			HIV infection,
b)			mental illness,
c)			Data in accordance with § 71a (1) GTG or
d)			Abortion
		, to be informed.

(3) Persons who:

1.		the participation in ELGA in accordance with § 15 para. 2, or
2.		to exercise the attendees/rights to which they are responsible,
must not suffer any disadvantages in access to medical care or in terms of cost-bearing. However, they are responsible if, for this reason, an ELGA health service provider is unable to become aware of any essential circumstance for treatment or care, despite the fact that it is due to due diligence. ELGA health service providers are not obliged to demand the exercise of participants/rights in relation to the ELGA participant/s.

(4) ELGA health service providers shall be informed of the provisions laid down in paragraphs 1 to 3 in the form of an easily legible, easily visible and accessible venue on their premises. Within the scope of their transferred sphere of action, the legal advocacy groups for health professionals who work as a health service provider in their capacity as a health service provider have the relevant information. To make available to ELGA health service providers.

(5) The Federal Minister for Health has to publish information on the current status of ELGA on an ongoing basis and to inform the interested parties about their rights.

e-Medication

§ 16a. (1) In the field of action transferred, the main body shall establish an information system on prescribed and given medicinal products as an ELGA application by 31 December 2014 ("e-medication") and from that date. In accordance with § 2 Z 10, the information system has an overview of the members of the ELGA participant and the ELGA health service providers in accordance with § 2 Z 10, while respecting the participants/rights in accordance with § 16 of the ELGA participant. is to be offered. To this end, ELGA health service providers have, in accordance with their obligations laid down in this Federal Act, the ELGA health data according to § 2 Z 9 lit. b in this information system, provided that this is not excluded by the exercise of participants/rights. The audit of interactions is carried out in the responsibility of the ELGA health service providers and is not the subject of the information system.

(2) The operation of the e-medication system must not interfere with the provision of services for the treatment or care of ELGA participants, in particular in the freedom of treatment of physicians.

(3) The identification of the ELGA participant in accordance with § 18 (4) (4) (4) is limited to the use of the data for the storage of the medication data.

ELGA ombudsman

§ 17. (1) The ELGA ombudsman (§ 2 Z 14) is to be established by the Federal Minister of Health by Regulation (§ 28 paragraph 2 Z 8). In particular, detailed rules for the performance of the tasks referred to in paragraph 2 and in order to ensure the rights of the ELGA participants must be taken.

(2) The Federal Minister of Health has to operate the ELGA ombudsman office. The role of the ELGA ombudsman is to provide information, advice and assistance to stakeholders in matters relating to ELGA, in particular in the enforcement of participants/internal rights and in matters of data protection. With this in mind, the ELGA Ombudsman has, as a point of contact for the ELGA participant, to provide all information necessary for the processing of his/her data in ELGA within a period of two weeks, on request. Contracting entities. In doing so, the staff of the ELGA ombudsman are free of instructions in the exercise of their duties to the Federal Minister for Health in connection with the information, advice and support. The access of the ELGA ombudsman to ELGA health data has to be recorded. The responsibilities of the Data Protection Commission remain unaffected by this provision.

(3) The ELGA ombudsman also has the support of the ELGA system partners in the further development of the participants/interior/rights and data protection.

(4) Persons working for the ELGA ombudsman may act in ELGA matters at the request of ELGA participant/in/n for these according to § 5 para. 3 E-GovG. At the request of the persons working for the ELGA ombudsman, the root-number register authority has to place a bPK of the representative in place of the number of persons who are active in the ELGA.

Verification of the identity of ELGA participant/inn/n

§ 18. (1) The main body shall set up and operate a patient index in the sphere of action transferred. This serves:

1.		the review of the unique identity (§ 2 Z 2 E-GovG) of natural persons in the context of ELGA or other eHealth applications as well as
2.		the localisation of reference registers in which references to ELGA health data of these natural persons can be found.

(2) The following data of natural persons shall be processed in the patient index:

1.		Name information:
a)			First name (s)
b)			Family or surname
c)			Birth Name
d)			academic degrees
2.		Personal characteristics:
a)			Date of birth
b)			Place of Birth, where available
c)			Gender
d)			Date of death, if available
e)			Nationality
3.		Address Data
4.		Identity data:
a)			Social Security Number
b)			local patient/inn/en/identifications
c)			bPK-GH
d)			Data of the European Health Insurance Card beyond the period of Z 1 to 3
e)			other state identifiers.

(3) The data in accordance with paragraph 2 are primarily based on the data applications of the main association according to § 31 paragraph 4 Z 3 lit. a ASVG as well as the supplementary register in accordance with § 6 paragraph 4 E-GovG.

(4) The verification of the identity of the ELGA participants (Section 14 (1) (1)) shall be carried out in electronic form with the participation of the ELGA participant (s) of the ELGA participant. In this case, the identity data stored in the patient index can be compared with the identity data determined in the context of the identification. The identification of the identity data can be performed by

1.		an electronic examination of the validity of the e-card and the reading of the e-card data by means of an e-card system (§ § 31a ff ASVG) or
2.		Using a Citizen Card (§ 2 Z 10 E-GovG) or
3.		Use of identity data of a natural person clearly identified in accordance with § 4 (2), who is a provider of an ELGA health service provider in accordance with § 2 Z 10 lit. d and e are stored whereby the IT security concept in accordance with § 8 the verification of the identity of the ELGA participants technically has to be secured for the purpose of the use of the ELGA health data according to § 14 para. 2 Z 1 or
4.		Use of data of an electronic or otherwise clearly identifiable regulation or assignment (§ 14 para. 2 Z 1 lit. (b) if the identification of the identity data is not carried out in accordance with Z 1 to 3,
,

(5) In the course of the identification of the identity data by means of an e-card system (§ § 31a ff ASVG), in the same work step, but technically separate from the data flows of ELSY (§ § 31a ff ASVG), an all-out contradiction according to § 16 para. 2 Z 2 is also to be found. document.

(6) The verification of the identity of the ELGA participants (para. 4) may be used for the access and use of the ELGA health data for the purposes set out in § 14 para. 2

1.		ELGA health service providers according to § 2 Z 10 lit. a, b, d and e and the ELGA ombudsman according to § 2 Z 14 no longer than 28 days and
2.		ELGA health service provider according to § 2 Z 10 lit. c not longer than two hours
.

(7) By way of derogation from paragraph 6, an ELGA participant may, in accordance with § 2 Z 10 lit. a, b, c and e in conjunction with section 21, paragraph 2, with the consent of the ELGA health service provider of the special trust according to § 2 Z 10 lit. a, b, c and e, a time limit of up to 365 days.

(8) Apart from the cases in accordance with § 17 para. 4, representations of ELGA participant/s in electronic traffic may be registered exclusively in accordance with § 5 paragraph 1 E-GovG, with:

1.		in place of the number of numbers, a bPK of the ELGA participant is to be entered as well as
2.		the authority to access ELGA must be entered separately.

(9) Ten years after knowledge of the date of death of an ELGA participant/an ELGA participant, the main association has to automatically delete the data of the deceased/deceased in the patient index.

Verification of the identity of ELGA health service providers and the ELGA ombudsman

§ 19. (1) In order to verify the identity of ELGA health service providers and the ELGA ombudsman, the Federal Minister of Health shall establish and operate a health service provider index. The data to be included in the health service provider index shall be determined from the eHVD and shall include the information in accordance with § 10 (1) Z 1 to 8.

(2) The identity of ELGA health service providers and/or The ELGA ombudsman is to be determined by determining the data in accordance with § 10 (1) (1) (1) to (8), whereby the determination of these data by

1.		appropriate identification cards of the e-card system (§ § 31a ff ASVG) or
2.		Using a Citizen Card (§ 2 Z 10 E-GovG) or
3.		Use electronic signatures that must be traceable to qualified certificates,
shall be carried out.

(3) The verification of the identity established in accordance with paragraph 2 shall be carried out in electronic form by matching the data obtained in accordance with paragraph 2 with the data stored in the health service provider index.

Storage of ELGA health data

§ 20. (1) Unless otherwise stated in § § 15 (2) and (16) (2) (2) (2), ELGA health service providers have to store ELGA health data in data stores which are suitable for use in the territory of the European Union in accordance with § 28 paragraph 2 Z 5. saving (§ 13 para. 3). Already saved ELGA health data cannot be changed. If circumstances arise which may lead to a significant change in the course of the treatment, an updated version must be additionally stored. The customer for the storage is the respective ELGA health service provider.

(2) If nothing else arises from § § 15 (2) and 16 (2) (2) (2), ELGA health service providers shall have to store in reference registers which must be located in the territory of the European Union (Section 13 (3)). This does not apply in cases in which ELGA participants have objected to the inclusion of references. The customer for the storage is the respective ELGA health service provider.

(3) ELGA health data as well as electronic references thereto shall be stored decentrally for ten years, irrespective of other legal documentation obligations. After that, the electronic references and the ELGA health data shall be deleted by the operators of the data storage and reference register for ELGA, which is appropriate in accordance with § 28 paragraph 2 Z 5; if the deletion is due to other legal documentation obligations or in accordance with § 22 (5) Z 1, the references to ELGA shall be inaccessible.

(4) Medication data according to § 2 Z 9 lit are deviating from (2) and (3). B

1.		to store centrally in ELGA without the inclusion of electronic references, and
2.		One year from the date of delivery of the person responsible for technical operations, to be automatically deleted.

(5) Electronic references are to be created automatically and have to contain:

1.		Data relating to the ELGA participant:
a)			the bPK-GH of the ELGA participant or the ELGA participant, or
b)			local patient/inn/en identifiers,
2.		Data relating to the ELGA health service provider:
a)			the unique identifier of the ELGA health service provider responsible for the inclusion of the ELGA health data;
b)			the natural person who has stored the ELGA health data in ELGA,
3.		Data relating to the ELGA health data:
a)			the location of the ELGA health data,
b)			the unique identifier of the ELGA health data,
c)			the date and date of the establishment of the ELGA health data;
d)			the reference to any earlier versions of these ELGA health data,
e)			if available, a structured reference to the medical name of the ELGA health data, and
f)			Date and time at which the electronic reference to ELGA health data has been included in a reference register.

Authorization system

§ 21. (1) The authorization system shall be established and operated by the ELGA system partners. It is used to manage access rights and to control access to ELGA health data. No ELGA health data or references may be displayed without access permission.

(2) Due to the general access rights that determine which standard accesses are allowed, the following:

1.		Members of the medical profession (§ 2 Z 10 lit. (a) on all ELGA health data (§ 2 Z 9);
2.		Members of the dentist's profession (§ 2 Z 10 lit. (b) on ELGA health data according to § 2 Z 9 lit. a and b,
3.		Pharmacies (§ 2 Z 10 lit. (c) on medication data in accordance with § 2 Z 9 lit. b,
4.		Hospitals (§ 2 Z 10 lit. (d) all ELGA health data (§ 2 Z 9);
5.		Facilities of care (§ 2 Z 10 lit. (e) to all ELGA health data (§ 2 Z 9),
6.		Representatives according to § 14 paragraph 2 Z 2 lit. b to all ELGA health data (§ 2 Z 9) as well as
7.		Staff of the ELGA ombudsman on all ELGA health data (§ 2 Z 9)
.

(3) ELGA participants are allowed to use individual access rights:

1.		in the context of general access rights, show or hide electronic references and ELGA health data, including medication data for ELGA health service providers, as well as delete if the deletion is due to other legal provisions The references to ELGA shall be inaccessible to ELGA, or shall be excluded in accordance with Section 22 (5) (1) (1).
2.		Shorten time periods for existing access rights in accordance with § 18 (6) or
3.		Establish an ELGA health service provider of special trust with the consent of the health service provider in accordance with section 18 (7).

Logging system

§ 22. (1) The logging system is to be set up and operated by the ELGA system partners. The logging system is used for documenting and enforceability of the use of ELGA health data.

(2) Any use of ELGA health data within the framework of ELGA shall be recorded in accordance with § 14 of the German Data Protection Act (DSG 2000) with:

1.		date and time of use,
2.		the unique protocol transaction number,
3.		the nature of the use,
4.		the clear electronic identity of the ELGA health service provider or the ELGA ombudsman who has initiated the operation,
5.		the name of the natural person who actually used the ELGA health data,
6.		the unique identifier of the ELGA health data used;
7.		the query criteria and
8.		the error messages for other queries if they lead to error messages.

(3) The historical data referred to in paragraph 2 shall be kept and readable as well as available three years after access.

(4) In accordance with Section 16 (1) (1) (1), ELGA participants have the right to obtain information on the historical data relating to them and to use them. The presentation of these logging data has to be simple and clear.

(5) The logging data referred to in paragraph 2 shall not be used for the purposes of personal use, except:

1.		for judicial or non-judicial enforcement as well as defence against claims made by law or
2.		in order to ensure that they are used in accordance with the roles (§ 5) or
3.		for information on the updating of ELGA health data, or
4.		in the case of technical necessity or
5.		indirectly related to the optimisation and evaluation of ELGA.

(6) ELGA health service provider according to § 2 Z 10 lit. (a) and (c) shall have the right to obtain and use information relating to the historical data relating to the uses which they have carried out.

(7) The ELGA system partners have to design ELGA in such a way that changes to ELGA health data, which can lead to a significant change in the course of treatment or care (§ 20 para. 1 third sentence), to those ELGA health service providers, who have accessed the ELGA health data in the non-updated version, are available in ELGA in accordance with § 21 (3).

Zugangsportal

§ 23. (1) The Federal Minister for Health has to operate a public health portal for the provision of quality-assured health-related information for the population.

(2) This health portal is the access portal of ELGA, which is

1.		ensure the verification of the unique identity of the ELGA participants in accordance with § 18 (4) (2) (2), and
2.		Offer functions for the maintenance of the participants/rights according to § § 15 and 16
must.

(3) ELGA health service providers may only access the health data of ELGA participant/inn/n via the access portal subject to compliance with the provisions of this Federal Law.

(4) The health portal may offer access to other health-related electronic services.

Rights of use to ELGA

§ 24. (1) In order to safeguard the financial balance of the social security system, the use of the ELGA components shall be:

1.		Patient index (§ 18),
2.		Health service provider index (§ 19),
3.		Reference register (§ 20),
4.		Data storage (§ 20),
5.		authorization system (§ 21),
6.		Logging system (§ 22) and
7.		Zugangsportal (§ 23)
for the determination of ELGA health data made available by ELGA in accordance with § 14 para. 2 free of charge.

(2) irrespective of their legal form, operators of data stores and referral registers may not be excluded as service providers for ELGA as soon as they fulfil the requirements of section 28 (2).

Section 5

Final provisions

Administrative penalty provisions

§ 25. (1) Who

1.		it does not, contrary to § 3 (3), to ensure that there is no use of health data outside the allowed roles, or
2.		Contrary to § 4, the identification of persons whose health data is to be passed on or by health service providers is not allowed or
3.		Contrary to Article 5 (1), proof or examination of the role of health service providers shall not be allowed or
4.		, contrary to § 6, to ensure the confidentiality of health data by means of data security measures, or
5.		Contrary to § 7, proof or examination of the integrity of electronic health data, or
6.		Contrary to § 16, paragraph 3, persons in access to medical care or to the costs of the costs are worse or worse
7.		the facilitated conditions set out in Article 27 (10) or (12) shall take place without meeting the conditions for doing so; or
8.		as an ELGA health service provider, intentionally using ELGA health data without being authorised to do so,
If the action does not constitute the offence of a criminal offence within the jurisdiction of the courts or is threatened with tighter punishment under other administrative penalties, an administrative surrender and a fine to punish up to 10 000 euros.

(2) Likewise, provided that the action does not constitute a criminal offence within the jurisdiction of the courts or is threatened with a more stringent penalty under other administrative criminal provisions, it shall be punishable as such:

1.		as an employee of the ELGA-ombudsman, intentionally using ELGA-health data without being entitled to do so, or
2.		as a staff member of the Federal Ministry of Health (Federal Ministry of Health) uses ELGA health data without being entitled to do so.

(3) In the cases referred to in paragraph 1 (8) and (2), the attempt shall also be punishable.

entry into force

§ 26. (1) This federal law shall enter into force 1. Jänner 2013 in force.

(2) The Health Telematics Act, BGBl. I n ° 179/2004, as last amended by the Federal Law BGBl. No 36/2010, with the expiry of 31 December 2012.

Transitional provisions

§ 27. (1) The Federal Minister of Health has the access portal (§ 23) to set up and make available the appeals (§ 28 paragraph 2 Z 7) as well as the ELGA ombudsman (§ 17) in accordance with the technical availability until 31 December 2013. that the perception of the participants/internal/rights is guaranteed and can be done in a timely way. From this point on, ELGA can be used.

(2) Unless a regulation is determined at a later date pursuant to Section 28 (2) (4), Section 13 (3) shall apply from 1. Jänner 2015 for

1.		Hospitals pursuant to Section 3 (2b) of the KAKuG, which are deducted from the State Health Fund,
2.		the General Accident Insurance Institution, in so far as it operates according to Article 24 (2) of the ASVG Hospital, and
3.		Establishments of care pursuant to § 2 Z 10 lit. e,
insofar as the use of the ELGA components (§ 24) for the use of ELGA health data is technically possible.

(3) Unless a regulation is determined at a later date pursuant to Section 28 (2) (4), Section 13 (3) shall apply from 1 July 2016.

1.		Pharmacies according to § 1 of the pharmacy law,
2.		Doctors and doctors who are working freelance,
3.		Group practices and
4.		self-employed ambulatories according to § 3a KAKuG,
insofar as the use of the ELGA components (§ 24) for the use of ELGA health data is technically possible. However, this does not apply to medical doctors, group practices and independent ambulatories (§ 3a KAKuG) with regard to the obligation pursuant to Section 13 (3) (4) and (6) if these ELGA health service providers are not in any position to The contractual relationship is a bearer of the statutory social security insurance.

(4) Unless a regulation is determined at a later date pursuant to Section 28 (2) (4), the following shall apply from 1. Jänner 2017 § 13 para. 3 for private hospitals pursuant to § 1 para. 2 of the Private Sickness Funds Act (PRIKRAF-G), BGBl. I n ° 165/2004, insofar as the use of ELGA components (§ 24) is technically possible for the use of ELGA health data.

(5) From 1. Jänner 2017 shall be subject to technical availability

1.		patient orders,
2.		Precautionary measures and
3.		the medical records (§ 2 Z 9 lit. e)
to be available in ELGA.

(6) Unless a regulation is determined at a later date pursuant to Section 28 (2) (4), the following shall apply from 1. Jänner 2022 § 13 para. 3 for

1.		Freelance dentists and dentists,
2.		dental group surgeries and
3.		self-contained dental bullets.

(7) Unless a regulation is determined at a later date in accordance with § 28 (2) (4), the latest date shall be 1. January 2015 as standard in accordance with § 28 paragraph 2 Z 1 lit. a to c may be a search in the document metadata via the document register at any rate.

(8) Unless a regulation is determined at a later date in accordance with § 28 (2) (4), the latest date shall be 1. January 2015 as standard in accordance with § 28 paragraph 2 Z 1 lit. a to c either a structure and an outline which is consistent in terms of content, so that content can be incorporated into medical information systems, or at least a standardization of the structure of the content, to be ensured.

(9) Unless a regulation is determined at a later date in accordance with § 28 (2) (4), the latest date shall be 1. Jänner 2018 as standard according to § 28 paragraph 2 Z 1 lit. a to c encode the information in ELGA in accordance with uniform requirements, which are carried out by the ELGA system partners, with the participation of legal representations of interest, provided that these are affected in the tasks to be carried out by them, will be developed.

(10) Where evidence or verification of identity, roles or integrity is not reasonable in accordance with the provisions of the second section (directed and undirected communication), in particular due to the absence of existing technical infrastructure, health data may be only if at least the identities and relevant roles of the health service providers involved in the transfer are mutually exclusive

1.		personal contact or
2.		telephone contact or
3.		Contract provisions or
4.		Electronic Directory Query
a)			the Austrian Medical Association, or
b)			the Austrian Dentists ' Chamber, or
c)			of the Austrian Hebammen Body or
d)			the Austrian Pharmacists ' Chamber, or
e)			the main association, or
f)			of the Federal Ministry of Health
is confirmed.

(11) In the cases referred to in paragraph 10 (1) and (2), prior to the initial transfer of the health data between the health service providers involved,

1.		Date and type of contact,
2.		the full names and relevant roles of the health service providers involved in the transfer,
3.		information on the accessibility of health service providers, and
4.		the information on the natural persons involved in the contact
shall be documented. The information on accessibility is to be kept up-to-date.

(12) The transfer of health data may, exceptionally, also be made by fax, subject to the conditions laid down in paragraph 10 (1) to (3), if:

1.		The fax connections (including the possibility to print out fax connections installed in computer systems) are protected from unauthorized access and use,
2.		proof of their timeliness, in particular after changes in the technical equipment and after the re-installation of fax machines, the telephone numbers, in particular the stored telephone numbers, are regularly checked,
3.		automatic redirects, except to the respective health service providers themselves, are disabled,
4.		the security mechanisms supported by the device are used, and
5.		if only remote maintenance functions are activated only for the agreed duration of the remote maintenance.

(13) The facilitated conditions set out in paragraphs 10 and 12 may not be claimed if the use of health data, in accordance with the provisions of the second section, is based on the state of the technical possibilities and on the basis of the provisions of the second section. economic representability (Section 14 (1) of the German Data Protection Act (DSG 2000)) is reasonable.

(14) In the case of the transfer of health data, the facilitated conditions as set out in paragraph 10 or 12 shall apply to all health service providers involved if, for at least one of the health service providers involved, the facilitated conditions are facilitated. Conditions set out in paragraph 10 or 12 shall apply.

(15) By 30 June 2016, § 6 shall not apply to the transmission of health data by radio for the purpose of the operational organisation of rescue services.

Regulation and directives

§ 28. (1) The Federal Minister of Health has to lay down a regulation on the basis of this law:

1.		the roles of health service providers, with the requirements for the establishment of additional roles to the Federal Minister of Health from the respective registration office under connection
a)			a description of the nature and extent of the activities carried out;
b)			the conditions to be met for the performance of those activities,
c)			the name of the legal basis for the exercise of the right to practise, and
d)			the body that decides on
		are to be transmitted,
2.		after hearing a confirmation body according to § 19 SigG, which cryptographic algorithms are suitable for encryption in accordance with § 6, according to the respective state of network security, and
3.		the detailed rules for registration in accordance with § 9, in particular the technical requirements, the data formats, the periodicity of the updating of the data and the security requirements to be complied with.

(2) The Federal Minister of Health, on the basis of this law, also has a regulation for the 4. Section (ELGA) to specify:

1.		the structure, format and standards referred to in Article 27 (7), (8) and (9), which shall apply to:
a)			Letters of dismissal according to § 2 Z 9 lit. a sublit. aa,
b)			Laboratory findings according to § 2 Z 9 lit. a sublit. bb,
c)			Findings of imaging diagnostics, including any image data in accordance with § 2 Z 9 lit. a sublit. cc and
d)			Medication data according to § 2 Z 9 lit. B
		in ELGA, whereby internationally recognized standards, economic viability and the state of the technical possibilities regarding the level of detail of the structures in the affected ELGA health service providers shall be taken into account,
2.		which medicinal products which are relevant for interaction, are not subject to medical prescription, in accordance with § 2 Z 9 lit. b are to be recorded,
3.		the structure and format used for
a)			the following findings (§ 2 Z 9 lit. a sublit. dd):
aa)				Pathology findings by specialist physicians for pathology and hospitals in the context of outpatient treatment,
bb)				other medical findings in the context of outpatient treatment (hospital sambulance, independent ambulatories, qualified medical specialist area) and
cc)				out-patient care reports and
b)			automation-supported information according to Art. 14 para. 2 lit. b sublit. i of Directive 2011 /24/EU on the exercise of patients ' rights in cross-border healthcare (§ 2 Z 9 lit. f)
		are to be used in ELGA, with the participation of the ELGA system partners and legal advocacy groups, provided that they are affected in the tasks they are performing, following the conclusion of a uniform standardisation procedure, structure and format are to be determined in accordance with the criteria of Z 1,
4.		the respective point in time, from which the point in Z 1 lit. a to d as well as the in Z 3 lit. a and b are to be stored in ELGA in accordance with § 13 para. 2 and 3 in conjunction with paragraph 1 Z 1, respectively to be identified,
5.		Standards for the search function in accordance with § 13 (5), the time availability, the security requirements and the protection of the components used for ELGA, while ensuring that maintenance work is logged and in doing so either only encrypted data can be viewed, or a four-eye principle is guaranteed,
6.		Extent and level of detail of the information, as well as minimum requirements for the content of the hangout in accordance with § 16 (4),
7.		Those bodies in respect of which the objection pursuant to Article 15 (2) has to take place in such a timely manner that, at any rate, the participation can be contradicted even before the commissioning of ELGA and in which ELGA participants receive support in the perception of of their participants/rights,
8.		the establishment of an ELGA ombudsman pursuant to § 17,
9.		the establishment of terminals with portal functionality (§ 23) as well as service centers by the ELGA system partners,
10.		the date from which a uniform nomenclature for ELGA health data (§ 2 Z 9) has to be used,
11.		the operator of the authorization system in accordance with § 21 or the operator of the logging system in accordance with § 22 and
12.		the start and end of test phases for ELGA in conjunction with Z 1, 3 and 4, including an all-overdue, independent evaluation.

(3) Prior to the release of a regulation pursuant to paragraph 2, a hearing of the legal entities of hospitals pursuant to § 3 para. 2b of the KAKuG, which is to be deducted from the State Health Fund, shall be subject to the General Accident Insurance Institution, insofar as it is referred to in § § 3 (2) of the 24 para. 2 ASVG hospitals operate, the Austrian Medical Association, the Austrian Pharmacists Chamber, the Austrian Dentistry Chamber, the Austrian Chamber of Commerce, the Main Association, the Association of Patients ' Lawyers as well as the countries.

(4) The Federal Minister of Health shall, after hearing the relevant legal representations of interests concerned, determine in each case the date on which certain health service providers are concerned, taking into account the provisions of Article 27 (13) of this Regulation. the transfer of health data under the facilitated conditions of section 27 (10) and (12) is no longer permissible.

(5) In the case of the enforcement of § § 16a and 18, the main association shall be bound by the instructions of the Federal Minister of Health.

Release and entry into force of regulations

§ 29. Regulations pursuant to this Federal Act may be adopted from the date on which the legislative provisions to be implemented are to be held; however, they may not enter into force before the provisions of the law to be implemented.

References

§ 30. If this federal law refers to other federal laws, these are-unless expressly stated otherwise-to be applied in their respectively valid version.

Enforcement

§ 31. The Federal Minister of Health is responsible for the enforcement of this federal law.

Article 2

Amendment of the General Social Insurance Act

The General Social Security Act, BGBl. No. 189/1955, as last amended by the Federal Law, BGBl. I n ° 89/2012, will be amended as follows:

1. In § 31d the term " "Planning for the" .

(2) The following sentence is added to § 81 (1):

" This information also contains the indication for the insured and their relatives that the ELGA participant/in/n of the current general contradiction (§ 15 para. 2 of the Health Telematics Act 2012 [GTelG 2012], BGBl. 1 GTelG 2012), the right to receive ELGA health data (§ 16 sec. 2 Z 1 GTelG 2012), the opposition in individual cases (§ 16 paragraph 2 of the GTelG 2012), the determination of the individual's individual rights. Access rights for health service providers and ELGA health data (§ 16 para. 1 Z 2 GTelG 2012) as well as the possibility of using the ELGA ombudsman (§ 17 GTelG 2012) is open. "

Article 3

Amendment of the Industrial Social Insurance Act

The Industrial Social Security Act, BGBl. No 560/1978, as last amended by the Federal Law, BGBl. I No 76/2012, shall be amended as follows:

The following sentence shall be added to section 43 (1):

" This information also contains the indication for the insured and their relatives that the ELGA participant/in/n of the current general contradiction (§ 15 para. 2 of the Health Telematics Act 2012 [GTelG 2012], BGBl. 1 GTelG 2012), the right to receive ELGA health data (§ 16 sec. 2 Z 1 GTelG 2012), the opposition in individual cases (§ 16 paragraph 2 of the GTelG 2012), the determination of the individual's individual rights. Access rights for health service providers and ELGA health data (§ 16 para. 1 Z 2 GTelG 2012) as well as the possibility of using the ELGA ombudsman (§ 17 GTelG 2012) is open. "

Article 4

Amendment of the Farmers-Social Security Act

The farmers social security law, BGBl. N ° 559/1978, as last amended by the Federal Law, BGBl. I No 76/2012, shall be amended as follows:

The following sentence shall be added to section 41 (1):

" This information also contains the indication for the insured and their relatives that the ELGA participant/in/n of the current general contradiction (§ 15 para. 2 of the Health Telematics Act 2012 [GTelG 2012], BGBl. 1 GTelG 2012), the right to receive ELGA health data (§ 16 sec. 2 Z 1 GTelG 2012), the opposition in individual cases (§ 16 paragraph 2 of the GTelG 2012), the determination of the individual's individual rights. Access rights for health service providers and ELGA health data (§ 16 para. 1 Z 2 GTelG 2012) as well as the possibility of using the ELGA ombudsman (§ 17 GTelG 2012) is open. "

Article 5

Amendment of the Staff Regulations-Health and Accident Insurance Act

The Civil And Accident Insurance Act, BGBl. No 200/1967, as last amended by the Federal Law, BGBl. I No 35/2012, shall be amended as follows:

The following sentence shall be added to Article 27 (1):

" This information also contains the indication for the insured and their relatives that the ELGA participant/in/n of the current general contradiction (§ 15 para. 2 of the Health Telematics Act 2012 [GTelG 2012], BGBl. 1 GTelG 2012), the right to receive ELGA health data (§ 16 sec. 2 Z 1 GTelG 2012), the opposition in individual cases (§ 16 paragraph 2 of the GTelG 2012), the determination of the individual's individual rights. Access rights for health service providers and ELGA health data (§ 16 para. 1 Z 2 GTelG 2012) as well as the possibility of using the ELGA ombudsman (§ 17 GTelG 2012) is open. "

Article 6

Amendment of the Gentechnikgesetz

The Genetic Engineering Act, BGBl. No. 510/1994, as last amended by the Federal Law, BGBl. I n ° 13/2006, shall be amended as follows:

1. In § 71 (2), the expression " Health telematics law, BGBl. I No 179/2004 " by the expression " Health telematics law 2012, BGBl. I No 111/2012 " replaced.

2. In accordance with § 112, the following § 113 and heading is inserted:

" Entry into force-Provisions

§ 113. Section 71 (2) in the version of the Electronic Health Act, BGBl. I n ° 111/2012, occurs with 1. Jänner 2013 in force. "

Article 7

Amendment of the Criminal Code

The Criminal Code, BGBl. No 60/1974, as last amended by the Federal Law, BGBl. I No 61/2012, shall be amended as follows:

1. In Section 121 (1), after the word order "a hospital" the phrase " or any other health service provider (§ 2 Z 2 of the Health Telematics Act 2012, BGBl. I No 111/2012) " inserted.

2. According to Article 121 (1), the following paragraph 1a is inserted:

" (1a) It is also necessary to punish those who are unlawfully demanding the disclosure (inspection or exploitation) of secrets of their state of health with the intention of acquiring or prosecuting this or another person's health. Person for the case of refusal to harm or endanger. "

Fischer

Faymann