Key Benefits:
77. Federal Act, with which the Medical Devices Act and the Federal Act on Health Austria GmbH are amended
The National Council has decided:
Article 1
Amendment of the Medical Devices Act
The Medical Devices Act, BGBl. No 657/1996, as last amended by BGBl. I n ° 153/2005 and the Federal Ministries of the Federal Ministries of Law 2007, BGBl. I n ° 6, shall be amended as follows:
1. The subsection in § 70 (1) reads as follows:
" Members of a legally regulated health professional, a professional who is authorised to operate or to use a medical device, head of relevant testing, monitoring and certification bodies, and technical Security officers of hospitals have information on medical devices with a view to "
2. § 70 (5) second sentence is deleted.
3. In accordance with § 72, the following § 72a is inserted:
" § 72a. (1) If there is a reasonable suspicion that a defective medical device has suffered or has been killed by a patient, the establishment of the health care system shall be obliged to do so in the course of the procedure laid down in § 72. To maintain the legal position of the patient or any surviving survivor with regard to the importance of the medical device for the enforcement of any liability claims.
(2) Agreements which prevent health care institutions from fulfilling their obligations under paragraph 1 shall be null and void. "
Section 73, together with the headline, reads:
" Cardiac Pacemaker, ICD, Looprecorder Register
§ 73. (1) Health Austria GmbH is entitled to:
| 1. |
for the protection of the health and safety of patients, users or third parties and for the prevention of risks associated with implantations of cardiac pacemakers, implantable defibrillators and loop recorders, |
|||||||||
| 2. |
for the purpose of medical product vigilance and market surveillance relating to cardiac pacemakers, implantable defibrillators and loop recorders, |
|||||||||
| 3. |
for the purpose of quality-assured treatment in connection with the appropriate implantations, |
|||||||||
| 4. |
for the purpose of quality assurance of cardiac pacemakers, implantable defibrillators and loop recorders, |
|||||||||
| 5. |
for the purpose of statistics as a basis for planning, quality assurance and quality reporting in the Austrian healthcare system and |
|||||||||
| 6. |
for scientific purposes |
|||||||||
| a register of cardiac pacemakers, implantable defibrillators and loop recorders in the form of an information composite system. Health Österreich GmbH is both the operator and the client of the register, and other contracting entities are those bodies of the health care system which transmit data in accordance with paragraph 3. |
||||||||||
(2) The following data types shall be processed in the register:
| 1. |
Data by means of the implanting/treating health device (designation of the implanting/treating device or Name of the treating physician, hospital number, contact details), |
|||||||||
| 2. |
Data on patient identification (name, gender, date of birth, social security number, contact details, area-specific personal identification mark), |
|||||||||
| 3. |
where applicable, death data (date, cause of death, autopsy status), |
|||||||||
| 4. |
relevant clinical data on anamnesis, current state of health and indication (pre-intervention, symptoms, etiology, preoperative cardiac rhythm), |
|||||||||
| 5. |
technical, clinical, organizational and temporal data on the supply process (surgeon, implant data of the medical devices and the associated probes, date of implantation, localization of medical devices, access, secondary prophylaxis), |
|||||||||
| 6. |
technical data on the implant, specific implant parameters, data for the individual implant adjustment (model, manufacturer and serial number of the medical devices and the associated probes, implant parameters), and |
|||||||||
| 7. |
technical, clinical, organizational, temporal and event-related data (technical and clinical control data of the implanted medical devices and their associated probes, functional condition, date and indication of the control, Complications, date of explant, Explanatory reason). |
|||||||||
(3) The implanting/treating health facilities shall be obliged, in accordance with paragraph 4, to submit the data types of health Österreich GmbH referred to in paragraph 2 online in person-related manner.
(4) The transmission is only permissible if the data subjects have been informed about the purpose of the data application and have expressly agreed to the data use for the purposes of the cardiac pacemaker, ICD, or looprecorder register. If consent is refused in the event of a follow-up contact, the person concerned must be informed that the direct personal reference is irreversibly deleted and that the data can no longer be used for his treatment purposes. Health Österreich GmbH is to be informed that has to immediately delete the direct personal reference immediately.
(5) The granting of access rights for the transfer and use of data by health care institutions is to be documented in a comprehensible way by the health Austria GmbH. When granting access rights through healthcare facilities, care must be taken to ensure that access rights are always granted only to the extent that this is necessary for a specific purpose in accordance with paragraph 1. The granting of the right of access shall relate to specific persons whose unambiguous identity and extent of entitlement to health Austria GmbH is to be proved.
(6) In the case of data processing according to para. 1 and 2, the use of the name and the area-specific personal identifier GH and AS (§ 10 para. 2 E-Government-Gesetz, BGBl, BGBl. I n ° 10/2004). The scope-specific person identifier AS may only be used and stored in encrypted form. Direct passenger reference shall be immediately irreversibly deleted by the operator as soon as he is no longer required for the purposes referred to in paragraph 1 (1) (1) and (3).
(7) Health Austria GmbH is entitled to request information at the Federal Institute of Statistics Austria on the date of death and the cause of death of persons whose data are processed in the register.
(8) The Managing Director of Health Österreich GmbH shall ensure that the identity and the role of the persons entitled to access are identified and recorded in accordance with the state of the art at every access point. It must ensure that appropriate precautions are taken in accordance with the state of the art in order to prevent the destruction or alteration of the data by means of a programme disorder (viruses), in order to prevent destruction, change or alteration of the data. To prevent the retrieval of data from the register by unauthorized users or systems. In addition, it must ensure that all operations carried out, such as, in particular, entries, changes, queries and transfers, are comprehensible. He has to create a data security concept which is binding for the employees of the health Austria GmbH.
(9) The confidentiality of the data transmission is to be ensured by means of encrypted transmission methods corresponding to the state of the art.
(10) Health Österreich GmbH has to provide appropriate technical and organisational measures to ensure the accuracy of the data transmitted.
(11) Any access to the data processed or processed in the register by Health Österreich GmbH may, with the exception of a request for information pursuant to § 50 Data Protection Act 2000, be made only in an indirect form of personal data, for scientific purposes (para. 1 Z 6) can only be accessed in an anonymized form.
(12) The health care institutions participating in the registers shall be entitled to:
| 1. |
for the purposes of paragraph 1 (1) (3), access to all data relating to that person in the register also in personal form, where this is necessary in the context of a specific treatment situation of the person concerned, |
|||||||||
| a) |
with the express consent of the person concerned, or |
|||||||||
| b) |
if it is impossible to obtain consent, in the vital interest of the person concerned, and |
|||||||||
| 2. |
for scientific purposes (para. 1 Z 6) in anonymized form access to the data processed in the register. |
|||||||||
(13) The Federal Office for Health Security is entitled, for the purposes of medical product vigilance, to access the data processed in the register in a personal form, provided that this is in the individual case for the protection of health and safety. of patients and for the defence of serious risks. Otherwise, the Federal Office for Health Security is entitled, for the purposes of medical device vigilance and market surveillance, and for the purposes of quality assurance of medical devices, to the data in the register in an indirect personal form access.
(14) The managing director of health Österreich GmbH is obliged to assign the access right for the individual users of the health Austria GmbH individually. The access rights of health Austria GmbH are subject to the provisions of § 15 Data Protection Act 2000, BGBl. I n ° 165/1999, and to document the data security concept. Such access rights shall be denied access to them if they no longer require them to carry out the tasks assigned to them, or if they do not use the data according to their intended purpose.
(15) The managing director of health Österreich GmbH has through organizational and technical precautions to ensure that access to rooms in which the database server is located is basically only entitled to health Austria GmbH is possible.
(16) If the database server is removed from the area of health Austria GmbH, the managing director of health Österreich GmbH has to ensure that an unauthorized use is excluded.
(17) The in-traffic providers of medical devices, which are held in the cardiac pacemaker, ICD, looprecorder register, are obliged to provide the technical data of their implants of health Austria GmbH required for the purpose of the register in electronic form.
(18) Health Österreich GmbH meets the obligation to report in accordance with § § 17f Data Protection Act 2000 for all clients. "
5. In accordance with § 73, the following § § 73a and 73b shall be inserted together with the headings:
" Implant Register
§ 73a. (1) Health Austria GmbH is entitled to:
| 1. |
for the purpose of protecting the health and safety of patients, users or third parties and for the prevention of risks of implantable medical devices, |
|||||||||
| 2. |
for the purpose of medical product vigilance and market surveillance of implantable medical devices, |
|||||||||
| 3. |
for the purpose of quality assurance of implantable medical devices, |
|||||||||
| 4. |
for the purpose of statistics as a basis for planning, quality assurance and quality reporting in the Austrian healthcare system and |
|||||||||
| 5. |
for scientific purposes |
|||||||||
| Implant registers for active implantable medical devices, soft tissue implants, cardiovascular, neurological and orthopaedic implants. |
||||||||||
(2) The following data types can be processed in the registers:
| 1. |
Patient identification (year of birth, gender, area-specific person identification), |
|||||||||
| 2. |
data on the implanting health facility, in particular for its identification, |
|||||||||
| 3. |
relevant clinical data on anamnesis, current state of health and indication, |
|||||||||
| 4. |
technical, clinical, organizational and temporal data on the supply process, |
|||||||||
| 5. |
Outcome measurement data (Outcome), |
|||||||||
| 6. |
technical data on the implant, specific implant parameters, data for individual implant adjustment, and |
|||||||||
| 7. |
technical, clinical, organizational, temporal and event-related data for follow-up care. |
|||||||||
(3) The implanting/treating facilities of the health care system shall, if necessary for the protection of the health and safety of patients, be obliged to use the data referred to in paragraph 2 and required for the purpose of register management. Health Österreich GmbH is also available online for personal data. The granting of access rights for the transfer and use of data to health care institutions is to be documented in a comprehensible way by the health Austria GmbH.
(4) The Federal Minister for Health, Family and Youth has to establish the establishment of implant registers and the specific data records for each register by means of a regulation. This Regulation shall also specify the specific processing purposes and the access rights corresponding to the relevant processing purpose.
(5) Personal data shall be encrypted immediately. In the case of data processing according to para. 1 and 2, only the use of the area-specific personal identifier GH and AS is used for the identification of patients (§ 10 paragraph 2 E-Government-Gesetz, BGBl. I n ° 10/2004). The scope-specific person identifier AS may only be used and stored in encrypted form. The direct personal reference must be immediately deleted immediately after conversion.
(6) The indirect personal reference shall be deleted as soon as it is no longer necessary for the purposes referred to in paragraph 1. Health Austria GmbH is entitled to request information at the Federal Institute of Statistics Austria on the date of death and the cause of death of persons whose data are processed in an implant register.
(7) The confidentiality of the data transmission is to be ensured by means of encrypted transmission methods corresponding to the state of the art.
(8) The Managing Director of Health Österreich GmbH has to ensure that the unique identity and role of the access authorized persons at every access to the state of the art are correspondingly proven and logged. It must ensure that appropriate arrangements are made in accordance with the state of the art in order to prevent the destruction or alteration of the data by means of programming disorders (viruses), and in order to prevent destruction, change or alteration of the data. To prevent the retrieval of data from the register by unauthorized users or systems. In addition, it must ensure that all operations carried out, such as, in particular, entries, changes, queries and transfers, are comprehensible. He has to create a data security concept which is binding for the employees of the health Austria GmbH.
(9) The health care institutions participating in the registers may access data in the registers for scientific purposes in an anonymized form.
(10) Any access to the data processed or processed in the registers by Health Österreich GmbH may only be accessed for the purposes of paragraph 1.
(11) The Federal Office for Health Security is entitled to access the data processed in the registers into an indirect personal form if this is intended for the purpose of protecting the health and safety of patients, for the purpose of protecting the health and safety of patients. Risk and for the purpose of medical device vigilance and market surveillance is necessary.
(12) The managing director of health Österreich GmbH is obliged to assign the access right for the individual users of the health Austria GmbH individually. The beneficiaries of health Austria GmbH are to be lecturing about the provisions in accordance with § 15 Data Protection Act 2000 and the data security concept. Such access rights shall be denied access to them if they no longer require them to carry out the tasks assigned to them, or if they do not use the data according to their intended purpose.
(13) The managing director of health Österreich GmbH has to ensure, through organisational and technical arrangements, that access to rooms in which the database server is located is, in principle, only authorized to access health Austria GmbH is possible.
(14) If the database server is removed from the area of health Austria GmbH, the managing director of health Österreich GmbH has to ensure that an unauthorized use is excluded.
(15) The in-traffic carriers of implants, which are conducted in registers as referred to in paragraph 1, are obliged to provide the technical data of their implants of health Austria GmbH in electronic form required for the purpose of the register ,
Traceability of medical devices
§ 73b. The Federal Minister for Health, Family and Youth has, as far as this is necessary with a view to the protection of the health and safety of patients, users or third parties and the defence of risks, on the basis of species, groups or groups of persons. Classes of medical devices with increased risk potential by means of regulation for the placing on the market of medical devices responsible and health care institutions on appropriate preventative measures and measures with regard to the traceability of medical devices To commit medical products and to make provisions on the subject
| 1. |
the types, groups or classes of medical devices that are covered by the traceability requirements, |
|||||||||
| 2. |
the product or product group-specific requirements with regard to traceability and the nature, content, specificity and availability of the records required in this respect, and |
|||||||||
| 3. |
the manner in which appropriate implant registers are set up in health care facilities and the records required for that purpose. " |
|||||||||
6. § 75 reads:
" § 75. If there is a reasonable suspicion that:
| 1. |
a medical device, including the health or safety of patients, users or third parties, even if properly implanted, set up, maintained or intended to be used in accordance with the findings of the can endanger medical science acceptable levels, or |
|||||||||
| 2. |
a medical device does not meet the essential requirements within the meaning of § § 8, 9, of a regulation according to § 10, or if applicable, the requirements of § 11, or |
|||||||||
| 3. |
a medical device has other defects which may lead to an unacceptable risk to patients, users or third parties; or |
|||||||||
| 4. |
in the context of the development, manufacture or final inspection of a medical product, defects have occurred or occur which may lead to an unacceptable risk to patients, users or third parties, |
|||||||||
| the Federal Office for Health Security shall carry out the necessary assessments, monitor measures in accordance with § 72, carry out or arrange for the necessary investigations or the person or institution responsible for the medical product in question. Transport, applies, operates or operates, to arrange for the medical device to be examined by a notified body, an accredited body otherwise appropriate, or by an expert, and for the reports and results to be carried out by an expert . The bodies or experts shall be selected in agreement with the Federal Office for Health Security. " |
||||||||||
7. In § 90 (2) the word order is deleted "or state authorized" .
8. § 117 (2) reads:
" (2) Prior to the release of regulations pursuant to this federal law, the federal ministers responsible pursuant to paragraph 1 shall have to hear an advisory board, which, in addition to experts in the field of matter to be controlled, is in each case a representative of the Federal Ministry. for the economy and labour, the Federal Ministry of Social Affairs and Consumer Protection, the Austrian Medical Association, the Austrian Dentists ' Chamber, the Federal Chamber of Labour, the Austrian Chamber of Commerce, the Austrian Pharmacists Chamber, of the main association of the Austrian Social insurance institutions, the Austrian Agency for Health and Food Security GmbH, PharmMed business unit, and the Austrian Senior Citizens ' Council are members. In addition, the patient representations existing in accordance with § 11e of the Federal Law on hospitals and health care institutions (KAKuG) are entitled to send a representative. "
9. § 117 is added to the following paragraph 3:
" (3) The Chairman of the Advisory Board pursuant to Section 2 of the Advisory Council shall be a staff member of the Federal Ministry of Health, Family and Youth, and the work of the Advisory Board shall be determined by a point of order to be adopted by the Federal Minister for Health, Family and Youth . In this case, it is in any case to be provided that, in cases of particular urgency or importance, it is possible for the advisory board to be referred to in the circulation path. In agreement with the Chairman, the representatives may, in accordance with paragraph 2, be able to contribute further experts. "
Article 2
Amendment of the Federal Act on Health Austria GmbH
The Federal Act on Health Austria GmbH (GÖGG), BGBl. I n ° 132/2006, as last amended by the Federal Ministries of State Law 2007, BGBl. I n ° 6, shall be amended as follows:
In accordance with § 15, the following § 15a and heading is inserted:
" Quality Register
§ 15a. (1) Health Austria GmbH is entitled to:
| 1. |
for the purpose of statistics as a basis for planning, quality assurance and quality reporting in the Austrian healthcare system and |
|||||||||
| 2. |
for scientific purposes |
|||||||||
| in connection with certain indications or treatment methods, quality registers (§ 4 para. 2 Z 3). |
||||||||||
(2) The following data types can be processed in the registers:
| 1. |
Patient identification (year of birth, gender, area-specific person identification), |
|||||||||
| 2. |
data on the health facility that is being treated, in particular on its identification and structural information, |
|||||||||
| 3. |
relevant clinical data on anamnesis, current state of health and indication, |
|||||||||
| 4. |
technical, clinical, organizational and temporal data on the supply process, |
|||||||||
| 5. |
Outcome measurement data (Outcome), and |
|||||||||
| 6. |
technical, clinical, organizational, temporal and event-related data for follow-up care. |
|||||||||
(3) The Federal Minister for Health, Family and Youth/The Federal Minister for Health, Family and Youth has to establish the establishment of a quality register and the specific data records for the individual registers by regulation. This Regulation shall also specify the specific processing purposes and the access rights corresponding to the relevant processing purpose.
(4) The institutions of hospitals and eligible relatives of statutory health care professionals are authorized to submit the data of the health Österreich GmbH, which is required for the purpose of register management, also online to persons. The granting of access rights for the transfer and use of data to the institutions of the hospitals and to eligible relatives of legally regulated health professions is through the health of Austria GmbH in a comprehensible way.
(5) Personal data shall be encrypted immediately. In the case of data processing according to para. 1 and 2, only the use of the area-specific personal identifier GH and AS is used for the identification of patients (§ 10 paragraph 2 E-Government-Gesetz, BGBl. I n ° 10/2004). The scope-specific person identifier AS may only be used and stored in encrypted form. The direct personal reference must be immediately deleted immediately after conversion.
(6) The indirect personal reference shall be deleted as soon as it is no longer necessary for the purposes referred to in paragraph 1. Health Austria GmbH is entitled to request information at the Federal Institute of Statistics Austria on the date of death and the cause of death of persons whose data are processed in a register.
(7) The confidentiality of the data transmission is to be ensured by means of encrypted transmission methods corresponding to the state of the art.
(8) The Managing Director of Health Österreich GmbH has to ensure that the unique identity and role of the access authorized persons at every access to the state of the art are correspondingly proven and logged. It must ensure that appropriate arrangements are made in accordance with the state of the art in order to prevent the destruction or alteration of the data by means of programming disorders (viruses), and in order to prevent destruction, change or alteration of the data. To prevent the retrieval of data from the register by unauthorized users or systems. In addition, it must ensure that all operations carried out, such as, in particular, entries, changes, queries and transfers, are comprehensible. He has to create a data security concept which is binding for the employees of the health Austria GmbH.
(9) Any access to the data processed or processed in the registers by Health Österreich GmbH may only be accessed for the purposes of paragraph 1 of this article.
(10) The hospitals participating in the registers and members of relevant legally regulated health professions, as well as the countries, may access data in the registers for scientific purposes in an anonymised form.
(11) The managing director of health Österreich GmbH is obliged to assign the access right for the individual users of the health Austria GmbH individually. The persons entitled to access the data shall be informed of the provisions in accordance with Section 15 of the Data Protection Act 2000 and the Data Security Concept. Such access rights shall be denied access to them if they no longer require them to carry out the tasks assigned to them, or if they do not use the data according to their intended purpose.
(12) The managing director of health Österreich GmbH has through organizational and technical precautions to ensure that access to rooms in which the database server is located is basically only entitled to health Austria GmbH is possible.
(13) If the database server is removed from the area of health Austria GmbH, the managing director of health Austria GmbH shall ensure that an unauthorized use is excluded. "
Fischer
Gusenbauer
