Page 1

New Directory Login Free Directory for 2 weeks

Coronavirus info

Legal library

Existing legislation New legislation Amended legislation Local government decree Laws of a thousand years

Legislation in force Search /

/ 1997 XLVII. Act [Eüak. ]

The current state of the legislation (28.06.2021).
THE symbols indicate past and future changes in paragraphs.
I'll open it in the Rights Library
✖

Obtaining credit

1997 XLVII. law
on the handling and protection of health and related personal data

✖

Free
* Rights Library

The National Assembly - recognizing that health data is of a confidential nature and the widespread use of computer technology

✖

Free Directory

However, the processing of these data in healthcare is essential,
with regard to the provisions of the Act on the Right to Self-Determination of Information and Freedom of Information - the following Act
consists of:*

Chapter I.
General and interpretative provisions
§ 1 The purpose of this Act is to determine the special personal data concerning the state of health and the related
the conditions and purposes of the processing of personal data. Personal data only in cases and to the extent necessary to achieve a legitimate purpose
can be treated.
§ 2 The scope of this Act extends
the) *

to all organizations providing health care and to its professional supervision and control, and natural

(hereinafter referred to as the “health care network”) and all legal persons without legal personality
an organization and a natural person who processes health and personal data (hereinafter referred to as "other data controller")
body),
(b) all contacts with or coming into contact with or coming into contact with the healthcare network and other data management bodies;
natural person, whether ill or healthy (hereinafter referred to as "affected"), and
c) health and personal data concerning the data subject, processed in accordance with the provisions of this Act.
§ 3 For the purposes of this Act
the)*
b)

*

c)

*

treatment: any activity that is necessary to maintain health, as well as prevent disease, early

to detect, diagnose, cure, maintain or ameliorate disease deterioration
for the direct examination, treatment, care, medical rehabilitation of the person concerned, or for the purpose of all the examination of the person concerned
including the handling of medicines, medical aids, medical supplies,
patient transport as well as obstetric care;
(d) medical confidentiality: health and personal data which come to the knowledge of the controller during treatment, as well as
other data on ongoing or completed treatment and other information obtained in connection with the treatment;
(e) medical records: medical and personal data which come to the knowledge of the patient during treatment
record, record or data recorded in any other way, whatever its medium or form;
*
(f) treating
doctor: CLIV Act 1997 on health. a treating physician pursuant to Section 3 ( b) of the Act ;

(g) patient care provider : the doctor performing the treatment, the health professional, the person performing the activity related to the treatment of the data subject;
other person, the pharmacist;
*

h)
i)

*

(j) close relative: the spouse, the direct relative, the adopted child, the stepchild, the adoptee, the
step-parent and foster parent, as well as brother and partner;
(k) "urgent need" means a sudden change in the state of health which results in immediate medical attention;
in the absence of care, the person concerned would be in immediate danger of life or suffer serious or permanent damage to his or her health;
l)

*

*
(m) EEA
State: a Member State of the European Union and another State party to the Agreement on the European Economic Area, as well as

a State of which the European Community and its Member States are nationals and which is not a national of the Agreement on the European Economic Area
a State party to the Agreement on the European Economic Area under an international agreement concluded between States Parties
enjoys the same legal status as its national;
(n) *"third country" means any State that is not an EEA State;
She)*
*

3 / A. §

Information on the circumstances and cause of death of the deceased and on the deceased

for the management of personal data contained in the health record and the health data contained in the health record
the rules contained in a mandatory European Union act or legislation on the processing of personal data shall apply.
*

3 / B. §

For the purposes of this Act, personal identification data are those used to identify the data subject

personal data which the controller has, together with or identical to the health data, with the processing of the health data
for an inseparable purpose as part of the health record.

II. Chapter
Purpose of data management
§ 4. (1) The purpose of the processing of health and personal identification data:
*
a) promoting
the preservation, improvement and maintenance of health,

(b) *to facilitate the effective treatment of the patient by the patient, including specialist supervision,
(c) monitoring the health status of the person concerned,
(d) *public health [Article 16]. §], to take measures necessary in the interests of public health and epidemiology,
*
e) enforcement
of patients' rights.

(2) In addition to those specified in subsection (1), health and personal identification data may be
can be treated for the following purposes:
a) training of health professionals,
b) medical-professional and epidemiological examination, analysis, planning, organization of health care, planning of costs,
c) statistical analysis,
*
d) anonymisation
for impact assessment and scientific research,

(e) official or legality control, professional or legality supervision of the body or person handling the health data
facilitating the work of organizations providing care where the purpose of the audit cannot be achieved in any other way; and health care
performing the tasks of funding organizations,
*
(f) the
determination of social security or social benefits in so far as they are based on state of health; and

law enforcement in accordance with the Act on the Service Relationship of the Professional Staff of Bodies Performing Law Enforcement Tasks
the establishment of health care benefits, as well as the Act on the Legal Status of the Personnel of the National Tax and Customs Board
determination of health care benefits in accordance with
*
(g) the
provision of services to those entitled to healthcare at the expense of compulsory health insurance

and ordering of cost-effective medicines, medical aids and medical care
and the financing of benefits provided to beneficiaries under a contract under a separate legal act, and
the settlement of price subsidies and the establishment, payment and repayment of social security benefits,
in order to reimburse
*
(h) law
enforcement, as well as Act XXXIV of 1994 on the police. authorized to perform tasks specified by law

crime prevention,
i)

*

Act CXXV of 1995 on National Security Services. performing the tasks specified in the law, received therein

within the scope of the authorization,
*
j) administrative
authority procedure,
*
k) infringement
proceedings,
*
l) prosecution
proceedings,
*
m) court
proceedings,
*
n) placement
and care of the data subject in a non-medical institution,
*
o) determination
of fitness for work, regardless of whether the activity is an employment relationship, a civil servant,

government service, political service, tax and customs service, commissioner or civil service, professional service
*

relationship or other legal relationship,

*
p) determination
of suitability for education or training for the purpose of public education, vocational training or higher education,
*
q) determination
of suitability for military service or fulfillment of personal defense obligations,
*
r) unemployment
benefits, employment promotion and related controls,

s)

*

prescription medicines, medical aids and medical care for those entitled to healthcare

for the continuous and secure delivery or provision of
*
(t) the
investigation, recording and control of accidents at work, occupational diseases, including cases of increased exposure;

take the necessary occupational safety measures,
*
u) ethical
procedures for healthcare workers,
*
v) the
effectiveness and support of medicines and medical aids receiving performance-based support

and the establishment of procedures for the financing of diseases treated with these medicinal products,
*
w) organization
of patient trips,
*
x) evaluation
and development of the quality of health services, aspects of health services evaluation

regular review and development,
*
y) monitoring,
measuring and evaluating the performance of the health system,
*
(z) to
promote effective and safe medication for the person entitled to healthcare and to be cost-effective

to develop drug therapy,
*
(zs) the
enforcement of rights related to cross-border healthcare within the European Union.

3. For* purposes other than those set out in paragraphs 1 and 2, the person concerned or a lawful or authorized
(hereinafter referred to as “legal representative”) - a voluntary, clearly expressed will based on
and in a credible manner, with the consent of the
be handled in full or in part.
4. For the purposes of data processing pursuant to paragraphs 1 to 2, only health and personal data which:
is essential to achieve the purpose of data management.
*
§ 5. (1)* To handle
health and personal identification data within the health care network - if this Act

unless otherwise provided - entitled
a) the patient care provider,
(b) the head of the institution, and
*
c) the
Data Protection Officer,

d)

*

(2)

*

(3) A* person exposed to a risk to public health or epidemiology, associated with or in contact with such a person and therefore
a person at risk from a public health and epidemiological point of view and the health and safety of such persons
*

personal data handler health and personal data or telephone or other electronic contact
(a) the doctor treating the person concerned,
b) an official doctor working within the framework of the state health administration body,
c) the public health and epidemiological inspector,
(d) any other person or body authorized to process data for public health or epidemiological purposes; and
e) World Health Organization 2009 XCI. International Health Regulations (hereinafter referred to as the NER)
to a member of staff of a body involved in the implementation of the NER
shall be provided without delay and free of charge to the extent justified by a public health or epidemiological objective.
*

(4)

Data obtained and processed pursuant to paragraph 3 shall be used exclusively for public health epidemiological purposes

may be forwarded to the national NER information center in order to prevent and deal with emergencies.
*
§ 6 During
the handling and processing of health and personal data, the security of the data shall be ensured in the event of accidental or

deliberate destruction, destruction, alteration, damage, disclosure and
they must not be accessible to unauthorized persons.
Data processing for medical treatment
*
§ 7. (1) The
data controller - with the exception of paragraph (2) - and the data processor are obliged to keep medical secrets.

The controller shall be exempt from the obligation of professional secrecy if:
(a) the data subject has the written consent of the data subject or his or her legal representative to the transfer of the health and personal data
within the limits set out in
b) the transmission of health and personal identification data is required by law.
*
3. Article
15 of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter "the General Data Protection Regulation")

(3) of the personal data subject to data processing for any further copies in a ministerial decree
a fee shall be paid on the basis of specified cost elements.
*
(4) The
right under paragraph (3)

(a) a person authorized by him in writing during the period of care of the person concerned,
(b) on completion of the care of the person concerned, by a person authorized by him in a private document of full probative value;
deserves it.
(5) In* the life or after the death of the patient, the spouse, direct relative, brother and life partner of the person concerned
is entitled to exercise the right under paragraph 3 at the request of
(a) health data
aa) the exploration of the cause influencing the life and health of the spouse, direct relative, brother or partner and their descendants,
or
(ab) for the purpose of healthcare for persons referred to in point ( aa)
is required and
(b) it is not possible to acquaint or infer the health data in any other way.
6. In*the case referred to in paragraph 5, access shall be possible only to the health data referred to in paragraph 5 ( a).
directly related to the reason set out in
*
(7) In
the event of the death of the person concerned, his or her legal representative, close relative and heir shall, upon written request, be entitled to death.

or related to pre-mortem treatment
to get acquainted with the data, to inspect the health records and to receive a copy of them at his own expense.
*
§ 8 The
patient caregiver - with the exception of the chosen general practitioner and the forensic expert - shall be bound by the obligation of confidentiality.

also binds the patient who is not involved in the medical examination, diagnosis, treatment or surgery.
unless the disclosure is necessary for the diagnosis or further treatment of the person concerned.
§ 9. (1) The recording of health data is part of medical treatment. The doctor performing the treatment or the medical officer decides whether to be a professional
in accordance with the rules - in addition to the mandatory data - which health data is required to be included in Section 4 (1)
for the purpose of
(2) Another person performing activities related to the medical treatment of the data subject in accordance with the instructions of the doctor performing the treatment,
or to record health data to the extent necessary for the performance of his duties.
§ 10. (1) In* the case of data management and data processing for the purpose pursuant to § 4 (1) - (3) within the health care network
health and personal data can be transmitted or linked. It is mandatory for the health insurance body
Act LXXXIII of 1997 on health insurance benefits. Act (hereinafter: Ebtv.)
health data and social security identification numbers (hereinafter referred to as TAJ number) for the health care network and
may also be transmitted and linked between health insurance bodies to the extent necessary for the performance of the task. The different
health and personal data from other sources may be linked only to the extent and to the extent that
for prevention, treatment, public health, public health and epidemiological measures
*

required.

*
1a. For
the purposes of paragraph 1, the transmission of health and personal data within the healthcare network

in addition to the provisions of Section 4 (1) and (3), for the purposes set out in Section 4 (2) only if
may occur if they are directly related to the functioning of the health and patient care system.
(2) In* the case of data management and data processing pursuant to Section 4 (1), all
health data which, at the discretion of the treating physician or general practitioner, are important for the treatment, unless
it shall be prohibited by the person concerned in writing or in a registered declaration. The possibility of this before transmission is
the data subject shall be informed. In cases under § 13, the health and personal identification must be transmitted despite the ban of the data subject
data.
*
(3) In
the case of data transmission pursuant to subsection (2), it shall not be possible, except for the provisions of Section 11 (3) and Section 13, to

without the consent of the Member State of origin
data.
(4) In* case of urgent need, all medical and health conditions known to the treating physician that may be associated with the treatment.
personally identifiable information may be transmitted.
§ 11. (1) The doctor performing the treatment shall inform the data subject directly about the health data established by him or her.
inform and, unless expressly prohibited by the data subject, forward them to the data subject's chosen GP.
(2) The general practitioner shall, upon request, inform the data subject of the medical data available to him or her.
*
(3) The
general practitioner of the person concerned and the doctor performing his or her treatment for the purpose pursuant to Section 4 (1) - if the person concerned does not do so in writing

entitled to find out about the data of the health care used by the data subject at the expense of the compulsory health insurance
by providing the data to the health insurance body in the form of an electronic query. The family doctor added
you can see the details of the logged-in insured. The person concerned shall be informed of the protest in writing or orally by the treating doctor
the possibility of The data subject shall submit his / her protest to the health insurance body in person, by post or electronically.
*
(4) The
authorization for individual data inspection or data management pursuant to subsection (3) shall not entitle the treating physician either:

for the possible transfer or use of the data for other purposes.
§ 12. (1) Provision of health and personal identification data by the data subject - health care
except for the personal identification data required for the use of the information and the provisions of § 13 - voluntary.
2. In the event that the person concerned voluntarily contacts the healthcare network, the healthcare and
consent to the processing of your personal data shall be deemed to have been given and unless otherwise stated
the data subject (legal representative) must be informed.
(3) Voluntary necessity and lack of discretion of the data subject shall be presumed to be voluntary.
§ 13 The data subject (legal representative) is obliged to provide his / her health and personal identification data at the request of the patient care provider,
(a) if it is probable or confirmed that it is infected with a pathogen of one of the diseases listed in Annex I , or
suffers from an infectious poisoning or an infectious disease, except in the case pursuant to Section 15 (6),
(b) if required for the screening and suitability tests listed in Annex 2 ,
c) in case of acute poisoning,
(d) if it is probable that the person concerned is suffering from an occupational disease as defined in Annex 3 ,
e) if the provision of data involves the treatment, preservation or protection of the health of the fetus or minor child
necessary in order to
(f) if, for the purposes of law enforcement, crime prevention, prosecution, judicial proceedings or infringement or administrative proceedings
the competent body has ordered the inspection,
g) if the provision of data is necessary for the purpose of control in accordance with the Act on National Security Services.
§ 14. (1) In addition to the doctor performing the treatment and other patient care persons, only those whose
the presence of the data subject. Without the consent of the data subject, he or she may be present with respect for the human rights and dignity of the data subject
holding
a) another person, if the treatment regimen requires the simultaneous care of several patients,
b) a professional member of the police, if the medical treatment is provided to a detainee,
(c) a member of the penitentiary service, if he is receiving medical treatment for a person
who is serving a custodial sentence in a penitentiary institution and the safety of the patient providing medical treatment,
or to prevent escape,
(d) persons referred to in points (b ) to (c) , if the personal security of the patient so requires in the interests of law enforcement and the patient
is in a state of inability to make a statement.
(2) In addition to the persons specified in Section 17 (2), the
(a) who has previously treated the person concerned for the disease in question,
(b) *authorized by the head of the institution or the data protection officer for professional or scientific purposes,
unless the person concerned has expressly objected to it.
*
14 / A. § (1)
In the case of ordering medicines, medical aids and medical care, the prescription shall indicate
*
a) the
name, address, date of birth of the data subject,

(b) in the case of an order with social security benefits , in addition to point ( a) , the number of the
the International Classification of Diseases (ICD) code, and
c) in the case of a patient in public health care, in addition to the provisions of a) and b) , the number of the public health care card,
d) in* the case of a prescription ordered via the Electronic Health Services Area (hereinafter: EHIC), the provisions of points a) to c)
in addition to the sex of the data subject, in addition to the number of the data subject concerned or, failing that, other means used to identify the data subject,
the number of the personally identifiable document.
*
1a. The
EGCC operator shall ensure that:

(a) the medicinal product, the user authorized to order the medical device and having access to the ESA, shall obtain the prescription through the ESRAB;
may also issue, revoke,
b) the data of the prescription stored in the EESC, the data subject, the data subject's doctor and the medicinal product, medical device 35 / B. §
your connected server through the EESC, and
c) medicine, medical aid 35 / B. § connected server contains the contents of the paper-based prescription and 14 / A. § (1) d)
may be recorded in the EESC.
*

(1b)

*
1c. The
operator of the EGCC shall keep a register of prescriptions transmitted through or recorded in the EGCC, which

(a) the identity, content and usability of the prescription,
(b) details of the transmission, modification and revocation of the prescription; and
(c) contain information on the use of the prescription.
*

(1d)

(2) The provider or provider of a medicinal product, medical aid or medical care shall provide the data pursuant to subsection (1) in accordance with Section 4 (2).
for the purpose set out in point ( s) of paragraph
2a. If *the person issuing the prescription issued by the EESC does not prescribe and dispense medicinal products for human use
the prescriber of the medicinal product, the medical device is entitled to
to verify their number and identity.
*
(3) For
the purpose of Section 4 (2) ( z) , the pharmacist - if the person concerned does so in writing or electronically

contact in the context of contact - you can find out from the insured receiving the drug supply, the mandatory
medication-related data within one year, excluding mental and
data on the treatment of behavioral disorders and medicines for the treatment of sexually transmitted diseases,
that the data is provided to him in electronic form by the health insurance body. The pharmacist shall, without recording the data:
you can find out the name, amount and time of the drug. The person concerned shall be informed of the possibility of protest. The affected
you can make a protest to the health insurance body or the pharmacist. If the person concerned made the protest to the pharmacist, it shall be
pharmacist shall immediately forward it to the health insurance body. The data subject's signature certifies the insight
has happened.
*
4. During
the substitution of a medicinal product, the pharmacist may then become acquainted with the insured person receiving the supply of medicinal products in accordance with paragraph 3.

if the insured person receiving the medicinal product acts in person.
(5) At* the request of the insured, the pharmacist shall provide the insured with information on the insured person receiving the supply of medicinal products.
in accordance with paragraph 1.
*
6. From
the register of prescriptions transmitted or recorded by the EESC, pharmacists may lawfully

information can also be obtained through the EESC, with the exception that the EESC does not
data on medication used at the expense of Medication data in paragraphs 3 to 5
The rules on access to and documentation of information provided by the EESC shall apply in such a way that the person concerned
your right to protest is not violated.
Data management for public health, epidemiological and occupational health purposes

*

*
§ 15. (1) The
patient care provider shall immediately forward to the state health care administrative body the information obtained during the data collection.

health and personal data if
(a) an infectious disease listed in Annex 1 ( A) is detected or suspected,
b) -c)

*

*
(2) Incidence
of infectious diseases not listed in Annex 1 or listed in point B of Annex 1

In the case of patients, only the health data can be reported to the state health administration without personal identification data.
The public health administration body invoking the public health or epidemiological public interest - in the framework of an anonymous screening
with the exception of an HIV-infected and an AIDS patient who has been tested, may request the identity of the person concerned.
*
2a. The
patient care provider shall transmit to the public health administration the health and personal identification data of the persons

who microbiological laboratory test results in Annex 1 A) infections in point, infectious
probable or confirm the presence of diseases, poisonings or the presence of their pathogens. The patient caregiver forwards the health care
infections, infectious diseases and poisonings in accordance with Annex 1, point A)
the result of an examination for diseases specified in a ministerial decree which, despite previous probability, is not
confirms the existence of the disease in question. The state health administration body for the purpose specified in Section 4 (1) ( d) , a
for a period and to the extent necessary for the performance of a public health, public health or epidemiological task
health data, by providing a test result that indicates the existence of the disease in the previous probability
the relevant personal data must be deleted immediately.
*
2b. If the
result of the microbiological laboratory test is for diseases referred to in point B of Annex 1, or

probable or confirmed the presence of their pathogens, the patient caregiver performing the microbiological examination shall
in a non-personally identifiable manner to the public health administration.
2c. In*the event of the detection of pathogens under supervision as defined in a ministerial decree, the patient provider shall
forward it to the public health administration in a manner unfit for identification.
*
(3) The
state health administration body shall receive the health or personal identification data obtained pursuant to paragraphs 1 to 2c.

in order to take the necessary public health and epidemiological measures,
to a public administration body with data processing rights.
*
(3a) For
the purposes specified in Section 4 (1) ( d ), the patient care provider shall, for the period specified in a ministerial decree,

form and content of emergency care
(a) patients admitted to an inpatient hospital,
(b) in the case of rescue care incidents for which no inpatient
for acceptance,
provide health data to the public health administration in a non-personally identifiable manner.
*

(3b)

The data management body specified by law shall transmit the data for the purpose specified in Section 4 (1) ( d)

public health administration body in the form and content specified by law in the registry offices electronically
health data on deaths recorded in its registration system in a non-personally identifiable manner.
(4) Lung care institutions are institutions for the care of tuberculosis and skin and venereal diseases in accordance with the gender criteria set out in Annex 1.
in the event of the occurrence of diseases - with a view to endangering other persons - for the purpose pursuant to Section 4 (1)
may provide the surname and forename, the maiden name and the
place of residence and stay.
(5)

*

(6) If* the person concerned has been identified in order to determine whether he or she is infected with the HIV virus, his or her identity
without disclosing - you want to take part in a screening test, you are not obliged to pass on your personal identification data to the patient care provider.
7. If *the person concerned suffers or is suspected of suffering from one of the following diseases and the infection is
or contact with a farm animal or a wild animal, the public health

transmit the identity and health data of the data subject to the food chain competent for the place of residence (stay) of the data subject.
to the surveillance authority in order to take the necessary epidemiological measures:
a) anthrax
b) brucellosis
c) lyssa (rabies)
d) injury suspected of being a lyssa infection
(e) avian influenza
f) malleus
g) West Nile fever
h) trichinellosis
(i) tuberculosis
(j) tularaemia.
*
(8) The
patient care provider shall request the vaccine required for age-related vaccination for the purpose pursuant to Section 4 (2) ( b) and

transmits the names and social security identification marks of the persons to be vaccinated to the State Health Administration
body.
*
(8a) The
patient care provider for the purpose pursuant to Section 4 (2) ( b) in the case of compulsory and voluntary age-related vaccinations,

and, in the case of compulsory vaccinations to prevent the risk of disease, the identity of the vaccinated recipients,
also electronically in the manner specified in the Ministerial Decree - to the state health administration body.
*
9. The
bodies referred to in paragraphs 3, 7 and 8 shall use the health and personal data provided to them for the purpose of data processing.

to the extent necessary for the performance of their implementing task, for a period of 30 years from the start of the data processing.
*

15 / A. §

The observing doctor shall immediately forward to the health and safety authority the health and safety of the worker

personal identification data if
(a) an occupational disease as defined in Annex 3 is detected or suspected,
(b) in the context of the pursuit of the occupation of the person concerned
*

ba)

is exposed to a chemical specified in a ministerial decree and the concentration of the substance in its body is a

exceeds the permitted level, and
bb) in the case of noise, hearing loss of 30 dB at 4000 Hz occurs on any ear.
*
(2) The
occupational safety authority and the occupational hygiene and occupational health body shall , for the purposes of Section 4 (2) ( t) ,

for the investigation and registration of accidents at work, occupational diseases and cases of increased exposure, the task
manage the employee’s personal identification and health data for the time and to the extent necessary to
3. In order to achieve the objective set out in paragraph 2, the health and safety authority shall transmit the necessary data to the
occupational hygiene and occupational health body.
Data management for public health purposes

*

Section* 16 (1) If the affected patient (including the fetus) has a congenital anomaly specified in a ministerial decree or
Is suffering from a rare disease with an ORPHA code (hereinafter: rare disease), Section 4 (1) ( b) and (c) and Section 4 (2)
For the purposes of point ( b) of paragraph 1, a doctor who detects an abnormality or a rare disease
identification and medical data of the person concerned and, in the case of a minor,
the name and address of the representative of the National Committee for Congenital Disorders in the manner specified in a ministerial decree.
For your records.
2. Prior to the notification under paragraph 1, the detecting physician shall verify that the data of the patient concerned under paragraph 1
are listed in the National Registry of Congenital Disorders. If the data have not yet been reported, the physician shall
shall act in accordance with paragraph If the inspection reveals that the patient 's records are incomplete, the
they are supplemented by the notifying doctor.
(3) If a lesion is observed in the fetus, including in the case of spontaneous or induced fetal death or stillbirth,
which may result in a congenital anomaly or a rare disease shall be dealt with in accordance with paragraph 1, with the
personal data shall mean the data of the pregnant woman.
4. The notifying doctor referred to in paragraph 1 and the nurse caring for the person concerned shall cooperate with the
With the body managing its National Register in order to reveal the causes of congenital developmental disorders and rare diseases,
to prevent them in order to monitor the treatment of patients.
(5) The bodies of the health care network may, at the request of the body maintaining the National Register of Congenital Disorders,
(1) ( b) and (c) and Section 4 (2) ( b) for the purpose of
disorders and rare diseases related to health and related personal data of the Congenital
For the body keeping the National Register of Disorders. Body maintaining the National Registry of Congenital Disorders
it may process the data referred to in paragraph 1 for a period of 50 years from the last transmission to the data subject.
(6) The body maintaining the National Register of Congenital Disorders shall keep records of congenital disorders and rare
international data provision on diseases.
(7) The body keeping the disease register specified in a ministerial decree (hereinafter: the body keeping the disease register) shall
in a supervised field of public health importance or otherwise entails a significant cost burden
disease groups, benefits and screenings (hereinafter collectively referred to as “diseases” for the purposes of this section)
establishes and operates in order to register these diseases in accordance with Section 4 (1) ( a) to (d) and Section 4 (2) ( b) , (c) , (d) and
for the purposes of point ( w) . The disease registry can be managed by the persons concerned for the purpose of collecting data and generating a contact code
health and mortality data related to the disease, the number, sex, place and date of
place of residence or stay.
8. The disease registries referred to in paragraph 7 shall be kept in accordance with Article 35 / L. Shall be established using an electronic disease register in accordance with
to operate. The body keeping the disease register is entitled to 35 / L. § stored in the electronic disease register via the EESC
download and manage it in your IT system.
(9) If the patient caregiver has a high or otherwise significant cost burden for the patient concerned from the point of view of public health.
detects one of the diseases listed in the Ministerial Decree or carries out a periodic review thereof, paragraph 7
shall transmit to the person concerned, for the purposes of this Regulation, the identity number specified in the Ministerial Decree and the detected person
disease-related health data established in accordance with paragraph 7
operated electronic disease register.
(10) The health insurance body shall determine the number of patients with PRC treated with the diseases listed in the Ministerial Decree and
its health data relating to that disease shall be transmitted by the body keeping the disease register for the purposes of paragraph 7;
for.
(11) The Central Statistical Office shall issue a list of deaths from deaths listed in the Ministerial Decree.
the number, sex, place and time of birth and place of residence or stay of the deceased
For the purposes of paragraph 1, it shall forward it to the body keeping the register of the disease in question. The disease register
the managing body shall transfer the fact of the death of the persons registered in the register to persons not included in the register but
the data of the deceased in the register and, after the reconciliation of the data, the data not registered in the register
deletes the data of the deceased. With regard to the processing of data subjects, the body keeping the disease register shall, inter alia,
shall act in accordance with paragraph
12. The body keeping the disease register shall consult with the data providers referred to in paragraphs 9 to 11 on the data submitted.
respect.
(13) The body keeping the disease register has provided the health data transmitted in connection with the personal data of the same data subject
and mortality data in 35 / L. § is assigned to the contact code formed by the management body. THE
the body keeping the disease register is the personal identifier obtained and managed for the purpose of linking after the connection code has been generated
delete data immediately.
(14) In the case referred to in subsection (13), after the formation of the contact code and the deletion of the personal identification data,
in a specific case or with the consent of the data subject, at the request of the body keeping the disease register, the contact code
the management body shall transmit to the body keeping the disease register the personal identification data and the TAJ number associated with the contact code.
(15) The provisions of subsections (13) and (14) shall not apply if the body keeping the disease register is required by law or
with the consent of the data subject, without the formation of a contact code, is entitled to the number and personal identification data of the data subject concerned
treatment.
(16) If the data in the disease register can be combined with the personal data of the data subject in accordance with paragraphs 14 or 15,
the body keeping the disease register shall have access to the health data required for the purposes of paragraph 7 through the EESC.
*
16 / A. § (1)
In the Ministerial Decree on the State Administrative Body of Health and the Territorial Nurse Care and the Mandatory

on health services for the prevention and early detection of diseases which may be covered by health insurance
within the framework of her duties specified in the Ministerial Decree, the nurse is responsible for targeted screening of the population and public health
To organize screening tests - in § 4 (1), c) and d) point, and § 4 (2) b) effect of point - the
Until the end of the screening test, you can manage the screening of the screening target group.
health and personal data directly related to the organization of the
(2) Also targeted at population-based screening, public health screening and public health screening
screening of health care providers who perform screening as a non-public health screening (hereinafter together:
in order to evaluate and monitor the results of the screening test - Section 4 (1) c) and d) and Section 4 (2) b)
for the purpose according to point - the employee of the health care public administration body in charge of evaluation and monitoring is the screening test
until the conclusion of the evaluation of its results, it may manage the health and personal data of the persons involved in the screening.
(3) In order to process data for the purpose pursuant to subsection (2), the National Cancer Registry pursuant to subsection (5) of section 16 shall forward the
for public health administration bodies for cancer diseases detected in the framework of public health screening
health and personal data.
(4) In order to process data for the purposes of subsection (2), the health care provider performing the screening examination shall
the personal data of the person who participated and the health data of the screening test, as well as the date of the screening test
forward it to the state health administration body.
*
16 / B. § (1)
Patient who has undergone an intervention related to the implantation, removal and replacement of a hip and knee joint endoprosthesis

for further medical treatment, in order to monitor his / her state of health, Section 4 (1) ( b) and (c) and Section 4 (2)
National Hip and Knee Endoprosthesis led by a body designated by ministerial decree for the purposes of points ( b), (e) and ( w) of paragraph
Implant Registry (hereinafter: Prosthesis Registry) is in operation.
(2) The health care provider performing the intervention shall transmit in accordance with the provisions of subsection (3) the
the following data to the Prosthesis Registry:
a) the personal identification data of the patient concerned in accordance with this Act,
(b) Act CLIV of 1997 on Health. Act (hereinafter: Eütv.) 101 / C. § (1) b) -f) ,
(c) the patient's interventional and medical condition related to the implantation, removal or replacement of the prosthesis
health data specified in the relevant ministerial decree.
(3) Data for the Prosthesis Register in accordance with paragraph (2)
(a) the non-publicly funded healthcare provider, after carrying out the intervention referred to in paragraph 1,
within 8 days of the person's dismissal from the healthcare provider,
(b) the publicly funded provider of health services related to the intervention referred to in paragraph 1 at the latest
Contained in the Government Decree on the detailed rules for financing from the Health Insurance Fund
at the same time as the report
forward.
4. With regard to prostheses referred to in paragraph 1, the data referred to in paragraph 2 ( a) and (b) shall be entered in the Prosthesis Register.
transmission - according to 22 / B. § by connecting to the IT interface according to § 22 / B - at the same time § Central
It is considered as a transfer of data to an implant register.
(5) The Prosthesis Register shall keep the registered data for fifty years from the last transmission of the data concerning the person concerned.
can be handled in a personally identifiable manner.
*
16 / C. § (1)
About blood donors involved in donor plasmapheresis procedures and for the collection and testing of human blood and blood components,

quality, safety and certain technical requirements for the processing, storage and distribution of
blood donors permanently excluded from blood donation, as defined in the Ministerial Decree
blood donation and plasmapheresis to ensure the quality of the plasma taken
a healthcare provider shall keep records for the purposes of Section 4 (1) ( a) and (d) .
2. The register referred to in paragraph 1 shall contain the following information:
a) the date of birth of the blood donor involved in the plasmapheresis procedure from the personal identification data specified in this Act, TAJ
number and sex,
(b) the dates of administration of whole blood and plasma and their total number,
(c) the amount of whole blood and plasma collected per collection and aggregate,
(d) quality and safety standards for the collection, testing, processing, storage and distribution of human blood and blood components;
as defined in the Ministerial Decree on safety standards and certain technical requirements thereof
the fact, reason and starting date of the final exclusion from blood donation.
3. A healthcare provider performing blood donation and plasmapheresis activities shall submit the data referred to in paragraph 2 to whole blood or plasma.
within 24 hours of the transmission of the National Health Administration administered by the Ministerial Decree designated by the Ministerial Decree
For the Cross-Donation and Donor Exclusion Register (hereinafter: Donor Register).
(4) The register pursuant to subsection (1) shall be kept by the health care provider performing blood donation and plasmapheresis activities at the ministerial level.
using an IT interface operated by a public health administration body designated by Decree.
(5) The Donor Register shall keep records of the blood donors involved in the donor plasmapheresis procedure since the last whole blood or plasma donation.
for a period of thirty years from the date of issue.
Healthcare professional training
*
§ 17. (1) For
the purpose of training health professionals - with the exception of the patient care provider and paragraph (2) - the person concerned (legal representative)

with the consent of the doctor, a medical student, a health professional, a student of a medical college may be present during the treatment,
or a student of a health vocational training institution.
(2) In the institutions of the health care network designated for the training of health professionals, the person concerned (legal representative) (1)
consent under paragraph 1 shall not be required. In the case of an inpatient institution, the data subject (legal representative) shall be notified no later than
to the institution, in the absence of a referral, immediately prior to admission, the health care network
in the case of institutions, at the latest before the start of treatment.
*

Epidemiological studies, analyzes, health care planning, organization, quality and performance evaluation
*

§ 18

*
(1) The
body responsible for professional quality assessment for the purposes of Section 4 (2) ( x) - excluding the

entitled to assess and improve the quality of health services,
health data necessary for the regular review and development of evaluation criteria for health services,
and, without linking to other personally identifiable information, the associated TAJ number, sex, date of birth and postal
zip code management. The health care network or the health insurance body is the body responsible for professional quality assessment
provide this data to the body responsible for professional quality assessment upon request and arrange for the data to be provided
access.
*
2. The
body responsible for professional quality assessment shall provide personal identification data for the same data subject in accordance with paragraph 1

forms a contact code immediately after the transfer. The contact code
the body responsible for the professional quality assessment shall have the same coding method for all data transmitted in accordance with paragraph 1
based on. The contact code provides data on the patient and individual care events and patient paths
unidentifiable interconnection. The contact code cannot and cannot be derived from personally identifiable information
same.
Page 2

*

(3)

The body responsible for professional quality assessment has received the contact code for the purpose of paragraph 1 after the training code has been established

deletes personally identifiable information immediately.
*
(4) The
body responsible for professional quality assessment shall be established by the bodies referred to in paragraph (1) for other data management purposes and in accordance with Section 4 (2).

Paragraph x) delivered by end of personal identifying information under paragraph (1) linked databases or
records are deleted immediately after the contact code is generated.
(5) In* order to investigate an individual case for the purpose of Section 4 (2) ( x) , the body responsible for quality assessment, the case
for 5 years after the end of the investigation, the health data of the data subject, as well as the number, gender, date of birth
date and postal code.
*
18 / A. § The
body responsible for performance evaluation may process the health data of the data subject for the purpose pursuant to Section 4 (2) ( y) ,

and the number, sex, date of birth and postal code of the TAJ concerned, the data transmission, data management and contact code.
in accordance with the provisions of Section 18 (1) - (4).
Section 19*(1) For the purposes of Section 4 (2) ( b) -c) and ( w) , the Minister responsible for health (hereinafter: the Minister) and the
a national institute under its management, a body responsible for the organization of regional patient pathways, and a public health administration
for the period and to the extent necessary for the performance of his duties, - may process the health data of the data subject, and - other
without linking to personally identifiable information - the TAJ, gender, date of birth and postal code of the person concerned.
*
(2) The
data referred to in paragraph 1 shall be used by the health care network or the health care provider for the purposes specified therein

forward it to the bodies referred to in paragraph 1.
*

Data processing for the purpose of enforcing rights in cross - border healthcare within the European Union
*
19 / A. § (1)
National contact point designated for the enforcement of rights related to cross-border healthcare

for the purpose of Section 4 (2) ( zs) - in relation to the right to cross-border healthcare,
until the information specified in the government decree on the tasks of the liaison body is provided - may manage the name, gender,
date of birth, place of residence, place of residence, TAJ number and health data of the cross-border
necessary to enforce their healthcare rights.
(2) The data indicated in paragraph (1) shall be used for the purpose specified in Section 4 (2) ( zs) for cross-border healthcare.
the national contact point designated for the enforcement of healthcare rights
to the public health administration body or the health insurance body.
(3) The state health administration body and the health insurance body shall provide health care for the purposes of subsection (2)
may manage the data of the data subject in accordance with paragraph 1 until
19 / B. § A* healthcare provider without a financing contract in the framework of cross-border healthcare
provided to an EU patient under the Compulsory Health Insurance Benefits Act (hereinafter referred to as the EU patient)
monthly, up to the 15th day of the month in question, in a non-personally identifiable
for the state health administration body:
(a) the number of patients treated in the Union, broken down by nationality,
(b) the number of healthcare services used by patients in the Union shall be healthcare providers and their operating licenses
according to the form of care according to the Ministerial Decree on the
(c) the professions licensed by the healthcare provider and the care provided under the health interventions carried out
case number.
Data management for statistical purposes
§ 20. (1) The* health data of the data subject for personal identification purposes, except for the provisions of subsections (2) - (3)
can be handled inappropriately.
2. The health and personal data of the data subject shall be used for statistical purposes in a personally identifiable manner
with the written consent of the
*
(3) In
the case of live births and deaths, through the registrar competent according to the place of birth or death, the Central Statistical Office

According to the Official Statistics Act, data on population movements must be transmitted to the Office for official statistical purposes.
The Central Statistical Office deletes personal data in accordance with the Act on Official Statistics, after which
it handles health data related to the population movement only in a way that is not personally identifiable.
*

(3a)

From the data referred to in paragraph 3, the Central Statistical Office shall report on death - related health and

transfers personal identification data to the state health administration body for the purposes of Section 4 (1) ( c) and (d) . The
the processing of personally identifiable data transmitted to it by the state health administration body for statistical purposes, or
immediately after anonymisation.
3b. In*its obligation to report births or deaths
the healthcare provider, the doctor determining the cause of death or the autopsy, official or judicial autopsy
institution may get to know it and forward it to a body specified by law in the event of a live birth, in the event of the child's parents, in the event of death
the identity of the surviving spouse, registered partner.
*

(4)

To meet international data reporting obligations, health policy decisions, health care

planning, organizing, monitoring public health indicators and quality and safety requirements
financing by the health care network and by the health insurance body
the scope of non-personally identifiable sectoral, professional data, data management and
determined by the Minister.
*
5. Data
collected by a health insurance body for financing purposes in a non-personally identifiable manner shall be

may also be handled for the purposes set out in
5a. The* data collected by the health insurance body for financing purposes shall be stored in a uniquely identifiable manner by the Central
For the Statistical Office - CLV 2016 on official statistics. in accordance with Section 28 of the Act (hereinafter: Stt.) a
on the basis of prior verification of a statistical purpose, to the extent necessary for that purpose - shall be transferred free of charge for statistical purposes and shall be
They can be used for statistical purposes by the Central Statistical Office. The scope of the received data and the detailed rules of the data transfer are set out in Stt. § 28
shall be laid down in a cooperation agreement as provided for in
*
(6) Fulfillment
of the tasks of the health care network related to data collection specified in the Statistics Act

manages data belonging to the provision of population movement data for the purpose of
Data management for scientific research
*
§ 21. (1) For
the purpose of scientific research, with the permission of the head of the institution or the data protection officer, it may be included in the stored data

however, health and identification data shall not be included in a scientific communication in such a way that
the identity of the person concerned can be established. No personal identification can be created from the stored data during scientific research
a copy that also contains data.
(2) Records shall be kept of the persons consulted pursuant to paragraph 1, the purpose of and the date of the inspection. THE
mandatory retention period of 10 years.
*
(3) The
head of the institution or the data protection officer shall give reasons for the refusal of the research request in writing. The application

in the event of a refusal, the applicant may apply to a court. The initiation of litigation and the conduct of proceedings are information self-determination
the Law on Freedom of Information and the Freedom of Information Act in case of rejection of a request for access to data of public interest
shall apply.
Data management of social security administrations
*
Section 22 (1)

The Ministry of Social Security Administration and the Ministry responsible for the operation of the Health Insurance Fund

hereinafter referred to as "the Ministry"), provided that the health and personal data can be transmitted to

*

*
(a) it
is necessary for the purpose of determining or paying the social security benefits due to the person concerned and

is based on
(b) control of the management of social security fund managers and the payment of social security benefits
justified for the purpose of
c) it* is necessary for the fulfillment of the objectives set out in Section 4 (2) ( g) .
*
(2) Health
and personal data shall be collected by the social security administrations and the Ministry solely for the purpose of

establishing, disbursing, conducting inspections, health insurance medical examinations and remedial activities
may be handled by an authorized employee, as well as by an employee authorized to perform a task pursuant to Section 4 (2) ( g) .
3. In*the course of inspections by the social security administrations, the social security institutions shall
an employee with a higher professional qualification may know the linked health and personal data of the person concerned.
(4)

*

*
(5) The
social security administrative body and the ministry may, for the purposes specified in Section 4 (2) ( g) , manage:

a) the identification of the healthcare provider, the recipient of the healthcare service, the referring doctor (ordering the service)
according to a separate legal act,
b) to a) the number of recipients in addition to those health services TAJ point, in case of eligibility for public health care
the number of the public health care card,
*
(c) the
diagnosis of the recipient of the healthcare, the healthcare provided to him / her (including the special

nutritional requirements and prescription products) the name, code, health
health data related to the service.
*
6. The
data referred to in paragraph 5 shall be kept for a period of 30 years from the date on which they are entered in the register of the health insurance body, provided that:

if legal proceedings have been instituted in the case involving data processing, they may be dealt with until the date of closure of the case. After that, the data
be deprived of the possibility of personal identification.
*
22 / A. § (1)
For the purposes of § 4 (2) v) , the Register of Diseases kept in accordance with the decree of the Minister responsible for health

works.

COVID19
Ask
Optenimpact
expertsanalyzes
for
annual
or interim reports
help
COVID19
for impact analysis!
Is it necessary or mandatory?
Sectoral impact analysis and partner body
data supplement 2021

(2) The Disease Register shall be established, operated and evaluated by the state health administration body.
(3) General rules for the safe and economical supply of medicinal products and medical devices and for the distribution of medicinal products
XCVIII of 2006 on supported under a performance-based grant volume contract pursuant to Section 26 (3a) of Act no
persons treated with or supported by a medicinal product
necessary to assess the effectiveness of a medicinal product or medical device subsidized under a contract
health and medical conditions associated with the use of these preparations and devices
non-personally identifiable data generated from personal identification data with the contact code of the health insurance body
forward it to the Disease Register. The health insurance body for the transfer of data to the Health Register is the health
on the detailed rules for the financing of healthcare by the Health Insurance Fund by healthcare providers
uses data reported in accordance with a government decree.
(4) The Health Register shall contain the transmitted health data in a manner that is not personally identifiable. The contact code
ensure that the patient treated, the ordering of each care event, including the medicinal product, the medical device and the
concatenation of non-personally identifiable data produced in a specified manner. The connection code is designed to
which precludes the decryption of personal data from the code. The health insurance body shall delete them after the transmission
data that it does not handle for other purposes.
(5) Non-personally identifiable health data collected in the Disease Register shall be aggregated in a health manner
the marketing authorization holder of the medicinal product in question or is purely scientific
for the purpose of statistical analysis for the purpose of research, in accordance with the provisions of its data management regulations.
Central implant register

*

*
22 / B. § (1)
CLIV. Act 101 / C. § (1) of the register

further treatment, health care of the person who has undergone the procedure related to the implantation, removal and replacement of the implant;
monitoring of their condition, prompt response to an unforeseen event, and compliance of implantable medical devices.
the central implant register after transmission to the central implant register
operating health insurance body shall form a contact code for personal data. The contact code is
is established by the health insurance body on the basis of the same coding method for all personally identifiable information in such a way that a
do not allow for the decryption of personal data and all transfers of data to the same patient, regardless of
from the health care provider performing the procedure - connect to the same contact code.
*
2. The
contact code referred to in paragraph 1 shall be transmitted by the health insurance body through the IT application operated by it.

send the record to the lead healthcare provider. The contact code in the health documentation - in this context a
in the final report provided to the patient.
3. The body designated to carry out official tasks in relation to medical devices shall be responsible for
non-personally identifiable in the central implant register for the performance of official
you can get to know the data.
(4) The health insurance body shall contact the non-personally identifiable data stored in the central implant register.
coded, on request within 8 days or if necessary to protect the health of persons wearing the implant,
immediately, by electronic means, provide information to the public health administration body and the person responsible for professional quality assessment
body.
(5) At the request of the healthcare provider containing the contact code indicated in the patient file, the health insurance
body shall immediately provide information on the data stored in the central implant register by means of a contact code by electronic means
in connection with an implant intervention previously performed on a person treated by a healthcare provider.
(6) If, in order to prevent or eliminate an urgent need or a dangerous condition for a person wearing an implant,
necessary and the last healthcare provider providing implantation care has ceased to exist without a legal successor or
medical records are not or can be obtained with a significant delay, the official medical devices
The body designated to perform the tasks may become acquainted with the Eütv. 101 / C. § (1) a) in order to ensure that the

contact the person concerned and inform them of the measures necessary to protect their health.
(7) The data stored in the central implant register shall be 50 years after the last data transmission to the data subject.
it has to be deleted.
*

22 / C. §

The body of medical experts, rehabilitation and social experts, the rehabilitation authority and certain social benefits
*

data management of the body acting to establish
*
22 / D. § Check
the eligibility conditions for in-kind support for pregnant women and provide support

on the basis of a data request with regard to the target group of the program, or
the natural identity data and social security number of a pregnant woman living in a family with the person
family and child welfare service and social welfare duties of the state in the Government Decree
designated body is entitled to manage it on the basis of the data provided by the body recording this data. During the application of this § during a family a
III of 1993 on social administration and social benefits The provisions of Section 4 (1) ( c) of the Act shall be construed.
*
*
22 / E. § (1)
The body
of medical experts, rehabilitation and social experts, rehabilitation authority, in the field of social responsibilities

district (capital district) office (hereinafter referred to as the district office) and for the forensic expert
body shall transmit the health and personal data provided for in paragraph 3 in so far as the
entitlement to social security or social benefits or benefits due to the person concerned on the basis of his or her state of health
necessary for the performance of its activities and expert activities necessary for the establishment and control of The
medical expert, rehabilitation or social expert body, rehabilitation authority, district office, forensic expert
you may consult your doctor in order to forward any information under paragraph 3 which is not available from the health insurance institution.
Apply the provisions of Section 23 (1) and (2) mutatis mutandis to your request and the obligation of the treating physician to provide data
must.
*
(1a) The
medical expert, organ regeneration, rehabilitation authority to access § 4 (2) by the EESZT f) of

health data required for the purposes of
*
(2) Health
and personal identification data shall be provided exclusively to the body of medical experts, rehabilitation and social experts,

an employee of a rehabilitation authority, a district office entrusted with the performance of expert activities and the assessment of a professional matter
you can handle.
*
(3) The
medical expert, rehabilitation or social expert body, rehabilitation authority, the district office, the forensic expert shall

It may handle it for the purpose specified in Section 4 (2) ( f) or in the law applicable to its activities
a) the identification of the healthcare provider, the recipient of the healthcare service, the referring doctor (ordering the service)
according to a separate legal act,
b) in a) social security numbers beyond those contained in paragraph recipients of health services,
(c) the diagnosis made by the recipient of the healthcare, the healthcare provided to him (including the medicinal product,
medical device and foods for special nutritional uses), name, code,
where the data referred to in points (a) to ( c) relate to the exercise of an activity as an expert under paragraph 1.
*
(4) The
data referred to in subsection (3) shall be submitted to the medical expert, rehabilitation or social expert body, rehabilitation authority, district

Office for 5 years from the start of the data processing. Where legal proceedings have been instituted in a case concerning data processing, the
medical expert, rehabilitation or social expert body, rehabilitation authority, the district office
for more than five years until the date of its completion. The data must then be destroyed.
*
(5) The
data referred to in subsection (3) shall be specified by the forensic expert in the Act on the Activity of Forensic Experts

handles according to the rules.
*

(5)

By way of derogation from paragraph 4, benefits for disabled persons under paragraph 3

the rehabilitation authority shall provide information on benefits for disabled persons and
Act CXCI of 2011 on the Amendment of Certain Acts. during the period specified in Section 21 (7) of the Act.
Transmission of data for requesting or requesting data from a body outside the health care network

*

§ 23. (1) At* the request or in writing of the following bodies, the doctor performing the treatment and the health insurance body
can be handled by the relevant health and the requesting or requesting body in accordance with the law, necessary for identification
provide your personally identifiable information to the requesting or requesting authority. In the request or data request, Section 4 (4)
the health and personal data to be disclosed, including
which are available based on the findings recorded by the healthcare provider. Requesting or requesting bodies a
may include:
*
(a) in
criminal matters, the court, the public prosecutor's office, the investigating authority, the preparatory body, the forensic expert, the civil

litigation and non-litigation, and in administrative matters, the administrative authority, the public prosecutor's office, the court, the forensic expert,
(b) the bodies conducting the infringement proceedings,
c) in* the case of a potential conscript and conscript, the district (capital district) office of the capital and county government office, the
The military administrative and central data processing body of the Hungarian Armed Forces, as well as the military medical fitness assessment
commission,
(d) national security services, Act CXXV of 1995 on National Security Services. performing tasks specified by law
within the limits of the powers conferred upon it by
*
e) the
military administrative and central data processing body of the Hungarian Armed Forces, the training of trained reservists in peacetime

and the rapid and differentiated recruitment of trained reservists, on national defense and the Hungarian
Within the scope specified in the Defense Forces Act,
*
(f) conducting
the procedure in an ongoing ethical procedure against the healthcare professional with competence and competence

chamber body,
*
g) performing
internal crime prevention and detection tasks as defined in the Police Act, as well as terrorism

emergency response bodies in order to perform the tasks specified in the law, within the scope of the authorization received therein,
*
h) during
the autopsy, the doctor performing the autopsy,

(i) *the law on the professional investigation of air, rail and waterborne accidents and other traffic incidents, and
on investigation and prevention of accidents and incidents in civil aviation and repealing Directive 94/56 / EC
during the technical examination provided for in Regulation (EU) No 996/2010 of the European Parliament and of the Council of 20 October 2010
traffic safety body.
*
2. The
request or request for data shall specify the precise purpose of the processing and the scope of the data requested.
*
(3) Act
XXXIV of 1994 on the Police. in Section 69 (3) of Act CXXII of 2010 on the National Tax and Customs Office.

Section 58 (3) of Act XC of 2017 on Criminal Procedure. as defined in Section 262 (3) of the Act
In the event of a request for data, the doctor performing the treatment is obliged to provide the health and personal identification data of the person being treated without the permission of the prosecutor's office.
fulfill a data request for data.
(4) If* medical data are required out of turn during a deceased examination,
(a) *in criminal matters, by the public prosecutor's office, the investigating authority and the body conducting the preparatory proceedings in cases of intolerance,
(b) in the course of official proceedings relating to extraordinary death, in order to exclude information indicating the offense, the
the request or request for information pursuant to paragraph 1 may be submitted by a short route, the treating doctor shall
outside.
*
23 / A. § (1)
Pursuant to the NER, at the request of the NER Contact Center of the World Health Organization, the national NER information

health and identity data which it handles in the public health or epidemiological
contact the requesting body - prevention or management of a public health epidemic of international concern
to the extent strictly necessary for the purpose of the request, if the request is specifically addressed to that data.
2. In the absence of a request under paragraph 1, or if the request contains health and personal data and telephone
the national NER information center shall, in the framework of the implementation of Articles 6, 7 and 9 of the NER,
to the extent strictly necessary to prevent or deal with a public health epidemic of international concern
provides health and identification information and telephone contact to the World Health Organization NER Contact
for the center.
3. The national NER information center shall be provided by the NER Contact Center of the World Health Organization or by the NER reporting center.
health and personal data transmitted by another data controller in accordance with the requirements of the system, or by telephone
inform the body involved in the implementation of the NER of the availability, if any, of a public health or epidemiological authority.
necessary to take action.
*

§ 24

1. When providing medical care to a data subject for the first time, if the data subject has suffered an injury that heals beyond 8 days and the injury

presumably as a result of a criminal offense, the attending physician will immediately report the identity of the person concerned to the police.
(2)

*

(3) In the case of the first-time health care of a minor concerned, the 1997 Act on the Protection of Children and the Administration of Custody
XXXI. also with regard to Section 17 of the Act - the doctor of the health care provider providing the care is obliged to provide the health care
notify the child welfare service competent according to the provider 's premises without delay if
(a) the injury or illness of the child is presumed to be the result of abuse or neglect,
b) becomes aware of circumstances indicating abuse or neglect of the child in the course of health care.
*
4. For
the transmission of data pursuant to paragraphs 1 and 3, the data subject or the person otherwise entitled to receive the data

consent is not required.
*
24 / A. § The
testing body shall immediately notify the testing authority of the health fitness data of road drivers through the EESC.

road traffic registration body.
*

§ 25

Health and personal identification data in administrative administrative procedures and institutional placement of the data subject,

may be transferred for the purpose of care if it is necessary for the exercise of the data subject's rights or the fulfillment of his obligations.
§ 26 If the health data of the data subject also concerns another person, the health and personal identification data
written consent of this third party (legal representative) must be obtained. No consent is required under Section 13,
in the cases referred to in Section 20 (3) and Section 23 (1) a) by the fact that in civil proceedings the third party
- health data on a sexually transmitted infectious disease cannot be released.
§ 27 Personal data unsuitable for personal identification may be transmitted without time and area restrictions.
Recording of health and personal data
§ 28. (1) The health and personal identification data of the data subject required for the purpose of medical treatment, as well as them
shall be recorded. The record of the transfer shall indicate the recipient of the transfer, the manner in which it is to be
and the scope of the data transmitted.
(2) The means of registration may be any data storage device or method that ensures the protection of data in accordance with § 6.
*
3. The
treating doctor shall keep a record of the medical data recorded by him or her or by any other carer, as well as any

keep a record of its activities and measures. The record is part of the record.
Section 29 (1) The patient care provider shall register
(a) those affected by which an infectious disease as defined in Annex 1 has been or is likely to be present;
suffer. In this context, records should be kept for preventive medication, screening, epidemiological surveillance,
persons subject to epidemiological control, epidemiological quarantine,
b) persons required to be vaccinated,
(c) those who are drug addicts, drug users or other addictive substances of a similar nature;
are used.
2. Persons referred to in paragraph 1 ( a) and those who have been vaccinated shall also be registered by an official doctor.
3. The health and personal data relating to the persons referred to in paragraph 1 ( c) shall be kept separate.
to store.
(4) The general practitioner shall keep a record of all medical data of the person concerned registered with him or her.
(5) The pharmacist shall keep a register of persons who have used drugs on prescription.
*
§ 30. (1) The
health documentation - the recordings made with the imaging diagnostic procedure, the findings made about it, as well as the

With the exception of paragraph 7, the final report shall be kept for at least 30 years from the collection of the data and for at least 50 years. The mandatory
after a registration period for medical treatment or scientific research, where appropriate, the data shall continue
can be registered. If further registration is not justified, with the exception of paragraph 3, the registration shall be destroyed.
(2) A* recording made with an imaging diagnostic procedure shall be made for a period of 10 years from the making thereof, and the finding made of the recording shall be
shall be kept for 30 years from the date of its preparation.
*
3. Where
the health record is of scientific significance, it shall be transmitted after the mandatory registration period

to the competent archives.
4. In*the event of termination of the dossier without a legal successor, with the exception of paragraph 5,
(a) health records of scientific importance to the archives referred to in paragraph 3,
*
b) other
medical documentation to a body designated by the Government

to be handed over.
(5) If* the file is terminated without a successor in title, but the tasks previously performed by it are performed by another body,
(a) medical records generated during the ten years prior to the date of termination of the dossier by the person performing the task
body,
b) to a) the medical records can not be transferred on the basis of point of § 30 (4) b) the data controller within the meaning of
shall be handed over to.
*
(6) The
provisions of this Act shall apply to medical records which have not been destroyed or which have been handed over to the archives pursuant to subsection (2).

apply mutatis mutandis.
*
(6a) Health
and personal data generated in the course of a patient's, patient's or children's rights representative's proceedings

shall be submitted to the body referred to in paragraph 4 ( b) upon completion of the procedure .
(7)

*

The provider or provider of a medicinal product, medical device or medical care shall provide paper-based prescriptions or

printed at the time of redemption of an electronic prescription in accordance with the Regulation on the prescription and dispensing of medicinal products for human use
keep a certificate of expenditure for 5 years, provided that if a medicinal product not listed in the
the prescription for the prescription of the prescription medicine ordered by the person entitled is returned, a copy of the prescription must be
shall be retained and the fact of dispatch shall be indicated on the original of the prescription. Medical aid in a specialty store is such
in the case of a medical device with a delivery period of more than 5 years, the paper-based prescription and the
time is the same as the unloading time. After the mandatory retention period, paper-based prescriptions and proof of expenditure must be destroyed.
*
(7a) The
medicinal product, a medical device available in a pharmacy 35 / B. § joined his server, in the EESC

records data on prescriptions issued and used on paper. The EESC is the operator of the individual prescription data for the prescription
30 years after its withdrawal, use or expiry date.
*
(7b) The
server of a medicinal product or medical device shall be entitled to request data within the retention period from the

about the prescriptions he serves.
(8) In* order to preserve the data, it must be ensured at all times that the medium can be read under the given technical conditions
remain or be readable.
*
(9) The
body specified in subsection (4) ( b) shall enter into a data processing contract with the body designated by decree of the Government.

a) paragraph (4) b) of,
(b) in paragraph 5 ( b) ,
(c) in paragraph 6a; and
d) by government decree
on the placement and processing of specific health records.
§ 31. (1) After the data collection, the erroneous health data contained in the health documentation shall be corrected or
delete so that the data originally recorded can be ascertained.
2. The data controller shall make a certified copy of the recorded data and health documentation if this is necessary for data security or
the physical protection of the stored data and the data disclosure obligation prescribed by this Act. To the data content of the certified copy
the provisions of Section 6 shall apply.
§ 32. (1) For the protection of health and personal identification data within the health care institution, for the preservation of the register, the
the head of the data processing institution is responsible.
(2) In the course of the activities of the head of the institution
a) ensure compliance with data protection rules,
*
b) control
the activities of data controllers and data processors related to data management and data processing,

c) initiate the use of new technologies and tools developed in the field of data protection and data security,
*
d) provide
data management training for persons involved in data management and data processing,

(e) *in the case of scientific research [Article 21]. § (1)] allows access to the health documentation,
*
f) appoint
the Data Protection Officer,
*
g) monitor
the activities of the Data Protection Officer,

h) ensure the preparation of the institution's data protection regulations,
(i) decide on the further storage or destruction of the recorded data after the mandatory registration period.
*
3. The
activities referred to in points ( a) to (e) of paragraph 2 may also be performed by the Data Protection Officer.

(4)

*
*

32 / A. §

Publicly funded health care that includes health and personally identifiable information recorded for medical treatment

a data processing organization that performs data processing in connection with an electronic register maintained by a service provider on the basis of a contract
upon termination of the data processing contract, the data controller is obliged to receive the data file received from the healthcare provider free of charge,
returned electronically in accordance with the instructions of the controller.

III. Chapter
*
§ 33. (1)
An institution or body or person outside the health care network (hereinafter: non-health care institution)

to the extent necessary for the performance of its tasks, it may handle health and personal identification data for the purpose pursuant to Section 4.
2. A non-medical institution for the accommodation or care of the data subject may handle any such
health and personal identification data that are necessary for institutional placement and care.
(3) For the data management of a non-healthcare institution - Articles 34-35. With the derogations provided for in § II. the provisions of this Chapter shall apply mutatis mutandis
governing.
§ 34. (1) In the case of a non-healthcare institution - in addition to the patient care - the data controller is entrusted with data management by the head of the institution,
and may be a person exercising official authority under a separate legal act.
(2) It may record health data in addition to the persons specified in Section 5 (1)
the)

*

in the field of pre-school education, school education with pre-school education, school maturity, training obligation, school

in case of conducting examinations related to career aptitude (Annex No. 2), a member of the pedagogical professional service institution,
(b) in the case of a conscript, a member of the committee for the assessment of military medical fitness (Annex 2); and
Chief Medical Officer of the Auxiliary Command.
§ 35. In a non-healthcare institution, the data controller is obliged to keep medical secrets that came to his / her knowledge during its operation. The
the data controller is exempted from the obligation of confidentiality in the cases pursuant to Section 7 (2).

III / A. Chapter*
*

Electronic healthcare service space

*
35 / A. § (1)
The body appointed by the Government in a decree shall act as the operator of the EESC, as the IT provider of the health care network.

in this Act or in a ministerial decree issued on the basis of the authorization of this Act
by operating a health sector IT system implementing specific central electronic services
*

related tasks.

2. In addition to the provisions of paragraph (1), the operator shall ensure that other
data transmission services.
3. In addition to the provisions set out in paragraphs 1 and 2, the operator shall, with the consent of the data subject,
data transmission services.
*
35 / B. § (1)
It is*obliged to connect to the EESC through its authorized IT system

(a) is entitled to provide health care services on the basis of an operating license issued by a state health administration body
a healthcare provider who is required to submit a financial report or provide electronic data,
b) the pharmacy,
c) the state ambulance service,
d) a public administration body and other organization specified by a decree of the Minister.
(2) Data controllers belonging to the health care network, not covered by subsection (1), shall be referred to the EESC by a ministerial decree.
may join under certain conditions.
3. The services of the EGCC shall be provided on the direct access interface provided by the operator and connected in accordance with paragraphs 1 and 2.
can also be used through the IT system of the data controller (hereinafter: connected data controller). For direct access
In order to use the interface, all natural persons who are connected data controllers or their own are required to register
use the services of the EESC on its behalf.
(4)

*

In the case of data exchange between IT systems between healthcare providers obliged to join the EESC

health data can only be transmitted through the EESC.
(5) A* data controller connected through its IT system may only connect to the EESC using an IT system that:
which has a permit issued by the operator. The connected data controller shall provide data to the EESC
throughout the period of its obligation to ensure that the requirements for joining the EESC are met.
*
6. The
IT system referred to in paragraph 5 shall be authorized by the ERA operator upon request if it is suitable for connection with the EESC.

cooperation and that, by applying it, the connected controller in relation to the EESC is covered by this Act
fulfill its specific obligations and exercise its rights.
*
(7) The
Minister shall determine in a decree the conditions necessary for the fulfillment of the requirements pursuant to subsection (6).
*
8. The
operator of the EGCC shall check that the obligation under paragraph 1 has been fulfilled and that the

whether the obligated healthcare provider fulfills its obligation to provide information through the EESC.
*
(9) In
the case specified by law, through the EESC, for the purpose of § 4, outside the health care network, not to the EESC

data that can also be transmitted to an affiliated body.
*

35 / C. §

1. The EESC shall be set up in accordance with Article 35 / B. § (3) (hereinafter: EESZT user)

identification of the ESA by the operator. By the connected data controllers as well as by the EESC users
the range of data and services available through the data subject under the legal provisions on the processing of the data concerned a
may be restricted by the operator.
2. The operator shall identify the EuSEF user and verify and verify the lawfulness of the data processing through the EJN.
maintain a uniform identification and authorization register to ensure
*
(3) The
identification and entitlement management register

a) contains the user's personal identification data, address,
(b) is included in the basic and operational register of persons with a medical qualification
its basic registration number,
c) may include the user's e-mail address, telephone number,
(d) contains the rights established for the user.
The identification and entitlement management records of persons with health professional qualifications are basic and operational
the data referred to in points ( a) and (b) of the users of the register of persons with a basic and
from its operational register.
*

35 / D. §

1. The operator shall verify the lawfulness of data processing through the EESC and inform the data subject

keep a register of the processing of personal data through the EESC for the purpose of
the) *

the date and sex of birth of the person concerned and the number of TAJ or, failing that, other health services

As defined in the Regulation on the detailed rules for its financing by the Health Insurance Fund (a
hereinafter referred to as "other identifier"),
b) the name of the data processing EEMP user,
c) the date of the data processing operation,
(d) the legal basis of the processing operation; and
(e) the definition of the personal data processed.
2. The period for which the data referred to in paragraph 1 shall be kept in the register shall be 25 years.
3. The operator shall, within the shortest period of time from the submission of the application, but no later than 25 days,
containing his surname, first name and TAJ number, in electronic form, at the request of the persons concerned
provide information in writing on the access interface or on paper on the data of the data subject registered in accordance with paragraph 1.
*
(4) Pursuant
to Section 7 (3), a paper-based data request may be linked to the payment of costs. Published in electronic form

data requests cannot be linked to the payment of reimbursement.
(5)

*

*
35 / E. § (1)
The *head of the operator shall be subject to the supervision of the operator in accordance with Article 37 (5) of the General Data Protection Regulation.

appoint a Data Protection Officer to provide the services of the EESC in accordance with Article 39 of the General Data Protection Regulation; and
the tasks set out in paragraphs 2 and 3.
*
2. The
Data Protection Officer shall provide data, documents or information from connected data controllers and ESDC users.

you can ask. The data, document or information requested shall be provided to the Data Protection Officer out of turn, but no later than five working days.
shall be made available to the
*
(3) The
Data Protection Officer

(a) in the event of a breach of legal provisions or security regulations or a data protection incident
and
(b) in the absence of cooperation under paragraph 2
call the connected data controller concerned.
4. In *the event of the failure of a call pursuant to paragraph 3, the Data Protection Officer shall
body, maintain it and notify the disciplinary authority in the event of legal discipline.
practitioner.
*

Central event catalog
*
35 / F. § (1)
A 35 / B. § (1) a) -connected data controller in § 4 (1) a) -c) or § 4 (2)

(f) shall make available to the operator, through the EESC, the
the following data relating to the data subject:

*

*
(a) the
number or, failing that, other identification, date of birth, sex, nationality of the SAD concerned transmitted by the EESC;

in the case of a prescription and a referral, the other personal data contained in the prescription and the referral, the identifier of the relevant EESC,
(b) the indication, type, date and duration of the supply event and other details specified in a ministerial decree; and
documents, and
(c) the designation of the healthcare provider providing the care event, the identifier of the healthcare provider and the
the EESC identifier of the person involved.
(2) The operator, through the services provided through the EGTC, to the EGTC user authorized to process the data
provides systematic access
a) the data set out in paragraph (1), and
(b) additional data relating to the data subject stored and made available in the IT systems of the connected controllers.
(3) The data pursuant to this § shall be kept by the operator for 5 years after the death of the person concerned, in accordance with the legislation on health documentation.
according to preserves.
(4) The person concerned is entitled to 35 / H. § in its declaration of self-determination to prohibit the connected data controller or the EESC
the user has access to his data pursuant to paragraph 1 in accordance with paragraph 2.
Master data register
35 / G. §

*

*

(1) To the registers belonging to the health sector specified by a decree of the Minister or their ministerial

the registrar through or through the EESC, as
provides access to those who have access to the data in the register by law. Access to register data
Provision through the EESC shall be without prejudice to the statutory obligation of the registry administrator to:
provide access to the register in other ways.
2. Where a register referred to in paragraph 1 is accessible through the EESC, the
may not, in the context of the provision of health care or related activities, claim that:
did not know the data recorded in the register. Until proven otherwise, the good faith of the person on the register shall be presumed
he acted in confidence.
Register of self - determination

*

*
*
35 / H. § (1)
The person
concerned shall be appointed by the body designated by the Government in a decree through the EESC, keeping the register of self-determination.

on a systematic electronic form, by means of an identification service compulsorily provided by the Government
electronically after identification, or in person at a government - designated body or government window, or
through a proxy holder, in writing, with the content specified in paragraph 3, to notify the health and related
consent to or restrict the processing of personal data under this Act, including access to data stored in the EESC
to issue a prescription in the name of the data subject (hereinafter referred to as
statement).

*

2. If the person concerned does not make a declaration of self-determination through the EESC, the body receiving the declaration shall draw up minutes,
and without delay, but no later than one working day from receipt or
With the data content specified in paragraph 4, systematised by the body keeping the register of self-determination.
forward it to the body keeping the register of self-determination on an electronic form.
3. The notification referred to in paragraph 1 and the register of self-determination shall contain:
(a) *if he wishes to give a declaration of self-determination, the authorization referred to in paragraph 1,
b) the number of the TAJ making the declaration of self-determination,
(c) an indication of the health data to which the declaration of self-determination relates and of that health data
a declaration of self - determination concerning the data, and
(d) in the case of a declaration of self-determination made in accordance with paragraph 2, the place where the declaration was made.

(4) If, in respect of a declaration of rights under paragraph (1), a legal document or a private document of full probative value
requires a reservation, the legal declaration registered in the register of self-determination fulfills this requirement.
*
(5) The
body keeping the register of self-determination

(a) for the connected controller and the EuSEF user in order to be able to establish that the
authorized to process your data,
Page 3

(b) to the authority or court competent to verify or establish the lawfulness of the processing,
in order to verify the lawfulness of the data processing
based on the number of the TAJ concerned, the EESC provides data on the declarations of self-determination of the person concerned. The provision of data must be so
that the personal data relating to the health or related data of the data subject, which are not necessary for the purpose of the processing,
the existence or non-existence of
*

35 / I. §

1. The entries in the register of self-determination for the data subject shall be irretrievably recovered 5 years after the death of the data subject.

it has to be deleted.
2. Unless proven otherwise, the good faith of the user of the EGCC shall be presumed to have been entered in the register of self-determination.
act on the basis of a declaration. The EESC user may not claim to be registered in the register of self-determination
statement is not known.
(3) The person concerned - 35 / H. § (1) - is entitled to make a written statement to his / her doctor,
in which it grants the attending physician an exemption from the restriction entered in the register of self-determination. In this case, the
the attending physician shall record in the EESC the fact, date and content of the statement.
(4) The legal representative or proxy of the data subject to make or amend a declaration of self-determination on behalf of the data subject
or to revoke the 35 / H. § (2) or on paper at the government window.
*

Health profile

*
35 / J. § (1)
The*treating physician of the person concerned or, in the absence thereof, his or her general practitioner shall be the state blood supply provider for the blood group of the person concerned.

Service is the meaning of § 4 (1) a) to c) , or in § 4 (2) f) , by authorized persons for purposes of point
In order to make it accessible to the public, the EESC shall record, in connection with the data subject it manages, in accordance with the provisions of this Act
personal identification number or, failing that, another identifier, date of birth, sex and
health data related to the health status, medical history and certain interventions of the person concerned (hereinafter:
health profile).
(2) The data recorded in the health profile shall be irretrievably deleted 5 years after the death of the data subject.
(3) Only for the EDC user entitled to access the data from the health profile register only individually - TAJ
number or, failing that, another identifier, may be transmitted.
4. The data subject shall be entitled to prohibit the disclosure of the data referred to in paragraph 1 to the data subject's doctor, general practitioner or public blood supply.
service record.
*

(5)

The data subject may request in writing the correction of the data entered in the health profile register - the incorrect data

within 30 days of becoming aware of it, from the doctor who registered it in accordance with paragraph 1, the public blood supply or the
from the operator.
*

Register of health records within the EESC

*
*
35 / K. § (1)
The connected
data controller shall, through the EESC, be obliged to provide the operator with the information specified in the decree of the Minister.

in accordance with the content and form requirements - to those entitled to inspect the health documentation in accordance with Section 4 (1)
access to the documents concerned through the EESC for the purposes set out in points (a) to ( d) or in Article 4 (2) ( f)
to send the following documents generated in the course of healthcare:
1. final report issued in inpatient specialist care,
2. an outpatient certificate issued in outpatient specialist care,
3. histological and pathological findings,
4. laboratory findings,
5. findings of imaging diagnostic services,
6. surgical descriptions.
(2) The connected data controller may also fulfill its obligation under subsection (1) by:
In this way, the EESC shall make the medical records available in the healthcare provider's system
if compliance with the technical requirements is certified by certification as specified in the Ministerial Decree.
*
3. The
documents sent pursuant to paragraph 1 shall be provided by the operator - in order to obtain medical records

and girls are entitled to § 4 (1) a) to d) , or in § 4 (2) f) the relevant purposes specified in paragraph
documents through the EESC - the EESC shall keep a register containing
(a) *the number or, failing that, any other identifier, date of birth, sex,
(b) the data needed to identify the producer of the health document,
(c) a description of the health document which does not contain information on the state of health of the person concerned,
(d) the information required for access to the medical document; and
(e) the health records referred to in paragraph 1.
*

Electronic disease register

*
35 / L. § (1)
The operator shall, on the basis of an agreement concluded with him, keep a register containing data related to each disease

ensure that they can keep the register electronically through the EESC (hereinafter
*

electronic disease register).

2. The operator shall immediately submit the data submitted to the electronic disease register via the EESC without consulting the data.
to a body designated by the Government (hereinafter for the purposes of this Chapter: the
in order to securely store data on the same data subject in electronic disease registries
with regard to personal data transferred by data controllers, immediately after the transfer, in the manner specified in this Section,
forms a contact code for each stakeholder.
(3) The contact code shall not be derived from personally identifiable information and shall contain a randomly determined, unique element. THE
the contact code must be established in such a way as to preclude the decryption of the personal data of the data subject from the code, or
but ensure the non-personally identifiable link between the health data of the data subject. THE
the contact code management body may not transmit, disclose or disclose the code generation method to others
available.
*

(4)

The body managing the contact code shall transmit the data transmitted to the disease register after the contact code has been generated a

deprived of personally identifiable data and supplemented with the contact code, it shall transmit the disease register to the body managing the disease register via the EESC. THE
the body keeping the disease register shall keep the health data contained in the electronic disease registers on the basis of a contact code
obviously.
*
(5) The
operator shall use the contact code with the TAJ number only in cases specified by law or with the consent of the data subject

provide medical or related personal data relating to the data subject.
6. In cases other than those referred to in paragraph 5, and with the exception of the data subject's request for data, the data in the electronic disease registers shall only be
unrecognizable.
*

Other EESC services

*
35 / M. § (1)
Within the framework of digital image transmission, the operator - individually for the purpose according to § 4 (1) a) -d) - individually, with TAJ number

or, failing that, by providing a diagnostic procedure for imaging the subject identified by another identifier
access to or transmission of recorded images or other digital image information by an EGTC user.
To that end, the EGCC operator shall keep a register which shall be linked to the number of the SAD concerned or, failing that, to another
in relation to the fact that the subject was imaged by an imaging diagnostic procedure and the path to the recording. The operator
the data relating to the data subject shall be deleted from the register 5 years after the death of the data subject.
2. The operator shall ensure that the electronic consultation is conducted through the EESC, if the doctor invited to the consultation
the council shall accept the request and shall have the right to know the data of the data subject.
(3) In order to technically optimize the service, the data transmitted by the operator during the digital image transmission shall not exceed 90
store for days.
*
(4) The
Ebtv. the body responsible for the national waiting list and the national chief medical officer are entitled to

have access to the health data necessary for its queue check tasks.
*

35 / N. §

The connected data controller or the EESC shall be obliged to report or provide data specified by law

the user performs the reporting or provision of data through the EESC as specified in the Ministerial Decree.
*

35 / O. §

(1) The operator shall ensure that the Ebtv. the requesting doctor through the EESC

may also be issued electronically and transmitted via the EESC (hereinafter: electronic service order).
(2) The electronic service order must contain:
a) the data, name, code used to identify the requesting doctor,
(b) the TAJ number of the person concerned by the service order or, failing that, another identifier; and
c) the textual description and code of the preliminary diagnosis giving rise to the service order, and in case of requesting a consultation, the question.
(3) The electronic service order may contain more than the provisions of paragraph (2)
a) the date of birth of the person concerned by the service order,
b) the name and institutional identification code of the requested service provider,
(c) the identity of the care provided by the requesting doctor; and
(d) a brief medical history of the person to whom the service is ordered.
(4) The operator shall ensure that the requesting doctor and the person affected by the service order receive the requested health care
the need to use the service at a specific healthcare provider and at a specific time through the EESC
the health care provider informs the requesting doctor and
the person affected by the service order.
5. The operator shall keep records of the provisions of paragraphs 1 and 4. Included in the register
(a) the identity, content and usability of the electronic service order
information
b) data relating to the transmission, modifying and withdrawing the electronic service order, and c) the electronic
data on the use of the service order.
(6) The operator shall keep the data of the register pursuant to subsection (5) from the cancellation of the electronic service order pursuant to subsection (1),
5 years from the date of use or expiry of the period of use, 5 years from the date of bookings under paragraph 4
after which it is deleted.
*

Transmission of data to a body outside the healthcare network that is not affiliated to the EESC
*
35 / P. § (1)
For the purpose pursuant to § 4 (2) j) , on a health care network designated by law or government decree

to a body outside the EESC which is not a member of the EESC
(a) the examination is carried out by a medical service provider conducting a medical fitness test for drivers and candidate drivers
the result,
(b) the doctor who determined the cause of death or the institution which carried out the post-mortem examination, official or judicial autopsy
statutory death certificate as an electronic document,
c) the health care provider is the Law on Civil Procedure, the Law on Official Statistics, and families
data pursuant to a government decree issued on the basis of the Act on the Support of
(2) The data specified in subsection (1) shall be provided by the health care provider, the doctor and the institution,
shall be deleted immediately after confirmation by the receiving body, unless authorized by this Act to process the data.

ARC. Chapter
Miscellaneous and final provisions
*
§ 36. (1)
The operator is obliged to provide the services of the EGCC from 1 June 2016 at the latest.

(2) A 35 / B. § (1) and (2), the data controller shall join the EESC within the time limit specified in the Ministerial Decree,
it is connected by means of an IT system which complies with the conditions laid down in the Regulation. The Minister in his decree is paragraph (1)
may determine the available capacities for the use of the EGCC for the period up to the accession deadline set out in
depending on the different conditions required.
(3) For the registers belonging to the master data register pursuant to this Act or for the purposes specified in a ministerial decree
Until 1 June 2016, the Registrar shall also provide access to
Act CCXXIV of 2015 on the amendment of laws on health insurance. the method of access used when the law enters into force
while maintaining.
*
(4) Act
CXXI ​of 2019 on the amendment of certain health-related laws for the purpose of legal harmonization. Act (hereinafter:

The disease register operating at the time of the entry into force of the Act, in accordance with the requirement established in Section 16 (8) of the Act.
compliance by 1 June 2021.
(5) A* healthcare provider who has joined or is required to join, who is a member of the Mod. health data upon entry into force
operates a transmission IT system, the 35 / B. § (4) of the 2021 Act.
must provide by 1 June.
*
(6) 35
/ M. § (4), the operator is obliged to provide access by 1 January 2021.
*
36 / A. § (1)
By 1 July 2020, the health insurance body shall hand over in electronic form to the operator of the EESC the information provided by the person concerned.

from compulsory health insurance after 1 November 2012
a) health care received 35 / F. § (1) for the purpose of loading into the event catalog, and
b) induced drugs 14 / A. § (1c) of the prescription on prescriptions transmitted through or recorded in the EESC
for entry in the register.
(2) A 35 / B. § (1) a) connected data controller - if the technical conditions of this at the connected data controller
insured - from 1 January 2020, the ESDC health documentation in electronic form within one hundred and eighty days
incurred in the course of healthcare provided after 1 November 2012, in accordance with Article 35 / K. § (1)
documents in accordance with
(3) Operator of the EESC
(a) the data received pursuant to paragraph 1 ( a) for the event catalog,
(b) the data received pursuant to paragraph 1 ( b) on a register of prescriptions transmitted through or recorded by the EESC,
(c) the data received pursuant to paragraph 2 shall be handled by the EESC in accordance with the provisions on the registration of health records.
*
§ 37. (1) The
provisions contained in this Act shall be implemented in accordance with the Act on the Right to Information Self-Determination and Freedom of Information.

together, shall be construed and applied accordingly, and the management of the TAJ number shall not be regulated by this Act
XX of 1996 on identification methods and identification codes to replace the personal identification mark provisions of this Act
should be used.
(2)

*

(3) The provisions of this Act shall also apply to health data concerning a deceased person.
*
§ 38. (1) This
Act shall enter into force on the 1st day of the 7th month following its promulgation.
*
(2) The
Minister is authorized to:
*
a) the
rules for the management of health data and the keeping of mandatory records pursuant to Section 30, in accordance with Section 15-16 / A. § and § 24

detailed rules for the transmission of data in accordance with
definition,
*

(b) the obligations relating to the notification of pathogens under epidemiological surveillance and of communicable diseases,
(c) detailed rules for reporting the fact and cause of death,
*
d) designate
the body keeping the National Register of Congenital Disorders, as well as the body responsible for congenital disorders.
*

detailed rules for the notification and registration of
e)

*

to determine, collect, process, report and publish the scope of data pursuant to Section 20 (4)

detailed rules for the application of
(f) the rules on the nature of the medical records to be used during treatment and the rules applicable
the data content of the forms within the framework of this Act,
(g) how to report each cancer and how to comply with the notification obligation and the
*

rules for the collection and management of data,

*
(h) for
the identification of medicinal products and medical devices available on prescription issued by the EESC, by electronic means;

to be issued, amended, revoked, transmitted by the EESC and a prescription transmitted by the EESC
detailed rules for the use of such prescriptions and for the registration of such prescriptions,
*

i) detailed rules for the Disease Register,

*
j) Section
18 (1) and Section 18 / A. § to determine the scope of health data, to transfer and transmit the data, a

detailed rules for the generation of the contact code,
*
k) treated
by the body responsible for the organization of the regional patient path for the purpose pursuant to Section 4 (2) ( w) , pursuant to Section 19 (1)

detailed rules for determining the scope of health data, transmission and transmission of data,
*
l) designate
a body to maintain the National Myocardial Infarction Register and for the notification of myocardial infarction-related diseases
*

and detailed rules for its registration,

*
(m) designate
a body to maintain the Prosthetic Register and the procedures for notification and registration in the Prosthetic Register;

detailed rules,

*

*
n) the
technical requirements of the EESC,

*

*
o) members
of the health care network referred to in Article 35 / B. § (2) of the Act on the Accession of Data Controllers to the EESC

the requirements of the IT system required to join the EESC, the content of the
requirements and detailed rules for its publication, as well as the administrative bodies and other bodies required to join the EESC.
organizations, the order of accession, the timetable for accession, the rules for the period of introduction of the EESC and the
*

conditions for direct access and identification requirements for the use of services,
*
(p) the
details of the supply event to be made available to the registry by the connected controller and the
*

detailed rules for the event catalog,

q) a*35 / G. § and the procedure for making them available through the EESC,

*

*
r) the
rules of procedure for the declaration of self-determination and the register of self-determination,
*
s) detailed
rules on the health profile,

t)

*

*

*

the scope of medical documents to be sent to the operator through the EESC, the medical documents

detailed rules for the registration of the health document, in case of providing access to the health document, to the technical requirements
*

rules for attesting conformity,

*
(u) the
scope of the electronic disease registries to be operated by the EESC, the establishment of the contact code and the electronic

detailed rules for disease registries,
v)

*

detailed rules for electronic consultation and digital image transmission, and 35 / N. § reporting and

reporting obligations and the procedure for fulfilling them,
*
w) the
content and form requirements of the sighting, the order of its issuance,
*
(x) the
range of diseases of major importance for public health or otherwise costly,

the body keeping the register of diseases and for the notification and registration of those diseases
*

detailed rules for the application of
y)

*

on the adequacy of the IT systems used by healthcare providers affiliated to the EESC

requirements,
(z) *designate a body to manage the Donor Register and detailed rules for the Donor Register
Regulation.
*
(3) The
Government is authorized to:

a) the data controller pursuant to Section 30 (4) ( b) ,
b) a data processor pursuant to Section 30 (9),
(c) *the operator of the EESC,

*

*
d) the
body keeping the register of self-determination,

e) a*35 / L. §
Regulation.
*
(4) This
Act is intended to comply with Recommendation 2003/670 / EC on the European list of occupational diseases.
*
(5) This
Act 2011/24 / EU of 9 March 2011 on the application of patients' rights in cross-border healthcare

compliance with Directive of the European Parliament and of the Council.
*
(6) This
Act concerns measures to facilitate the recognition of medical prescriptions issued in another Member State

It complies with Commission Implementing Directive 2012/52 / EU of 20 December 2012.
*
(7) This
Act on European Statistics and the European Statistics covered by the obligation of confidentiality

Regulation (EC, Euratom) No 1101/2008 of the European Parliament and of the Council on the transmission of data to the Statistical Office of the European Communities
Council Regulation (EC) No 322/97 on Community Statistics and establishing a Statistical Program Committee of the European Communities
Decision No 223/2009 / EC of the European Parliament and of the Council of 11 March 2009 repealing Council Decision 89/382 / EEC, Euratom
lays down the provisions necessary for the implementation of this Council Regulation.
*
§ 39. Act
CCXXIV of 2015 on the amendment of certain laws on health and health insurance. established by law

16 / B. § data transmissions shall be performed from 1 July 2016.

Annex 1 to Annex XLVII of 1997 to the law

*

List of communicable diseases for mandatory reporting by the person concerned and for the public health administration
in the case of mandatory data transmission
Infections, infectious diseases, poisonings and their pathogens
Reportable pathogen

Name of disease
A) Diseases to be reported with personally identifiable information
Acute flaccid paralysis (acute flaccid paralysis)
Amoebiasis

Entamoeba histolytica

Anthrax

Bacillus anthracis

Botulism

biovariants of Clostridium botulinum producing neurotoxin types A, B, and F.

Brucellosis

Brucella spp.

Campylobacteriosis

Campylobacter spp.

Creutzfeldt-Jacob disease (CJB)
Variant Creutzfeldt-Jacob disease (vCJB)

prion

Chikungunya fever

Chikungunya virus

Cholera

Vibrio cholerae

Cryptosporidiosis

Cryptosporidium spp.

Diphtheria (throat lizard)

Corynebacterium diphtheriae, Corynebacterium ulcerans, Corynebacterium
pseudotuberculosis

Echinococcosis

Echinococcus spp.

Healthcare associated infection
Healthcare-associated Clostridium difficile infection

C. difficile toxin positive strains

Healthcare-associated multidrug-resistant pathogen infection Multidrug-resistant pathogens cultured from blood, cerebrospinal fluid and other tissues:
Staphylococcus aureus MRSA;
Enterococcus spp. VRE;
Enterobacter spp. MENB;
Escherichia coli MECO;
Klebsiella spp. MKLE;
Acinetobacter baumanii MACI;
Pseudomonas aeruginosa MPAE;
Stenotrophomonas maltophilia MSTM;
Staphylococcus aureus VISA;
Klebsiella pneumoniae CRKL;
Other Enterobacteriacea CRE
Bloodstream infection related to health care

Any bacteria, fungi, viruses
(most common pathogens: CNS, S. aureus,
Enterococcus spp., E. coli, P. aeruginosa,
Enterobacter spp., K. pneumoniae, Candida spp.,
Acinetobacter spp)

Encephalitis infectiosa (infectious encephalitis)

any virus that causes encephalitis (most common pathogens: enteroviruses,
herpesviruses, LCM virus, CMV, tick-borne encephalitis virus, West Nile virus, etc.

Enterohaemorrhagic / verotoxin (shigatoxin) producing Escherichia coli

verotoxin (shigatoxin) producing Escherichia coli

disease
Other pathogenic Escherichia coli disease

Escherichia coli (toxin-producing with pathogenicity markers)

Food infection

any bacterium or virus identified as a pathogen of food infection

Food poisoning

any bacterium or toxin identified as a causative agent of food poisoning

Febris flava (yellow fever)

Yellow fever virus

Giardiasis

Giardia lamblia

Invasive disease caused by Haemophilus influenzae

Haemophilus influenzae detected from a normally sterile site

Hantavirus kidney syndrome

Hantaviruses

Hepatitis infectiosa (acute infectious hepatitis)
Hepatitis Acute hepatitis caused by the virus

Hepatitis A virus

Acute hepatitis caused by hepatitis B virus

Hepatitis B virus

Chronic infection with hepatitis B virus (newly diagnosed)

Hepatitis B virus

Acute hepatitis caused by hepatitis C virus

Hepatitis C virus

Chronic infection with hepatitis C virus (newly diagnosed)

Hepatitis C virus

Hepatitis E is an acute inflammation of the liver caused by the virus

Hepatitis E virus

Flu

Influenza virus

Keratoconjunctivitis epidemica (inflammatory inflammation of the conjunctiva and cornea)

Adenoviruses detected from conjunctival secretions

Tick-borne encephalitis

Tick ​encephalitis virus

Legionnaires' disease

Legionella spp.

Leptospirosis

Leptospira spp.

Listeriosis

Listeria monocytogenes

Lyme disease

Human pathogenic spirochetes belonging to the group Borrelia burgdorferi sensu lato

erythema migrans and
acute neuroborreliosis
Lyssa (rabies)

Rhabies virus

Injury suspected of being infected with Lyssa
Avian influenza

Avian influenza virus causing human disease

Malaria

Plasmodium spp.

Malleus

Burkholderia (Pseudomonas) model

Meningitis purulenta (purulent meningitis)

any bacterium that causes purulent meningitis

Meningitis serosa (serum meningitis)

aseptic meningitis viruses (various enteroviruses (Coxsackie A and B
certain serotypes of the virus, echovirus, enterovirus 71), herpesviruses, adenoviruses,
LCM virus, CMV, etc.

Invasive disease caused by meningococcus (meningitis epidemica,

Neisseria meningitidis detected from a normally sterile site

meningococcoemia)
Morbilli (measles)

Measles virus

West Nile fever

West Nile virus

Ornithosis (parrot disease)

Chlamydia Psittaci

Paratyphus

Salmonella Paratyphi A, B, C

Mumps epidemic (mumps)

Mumps virus

Pertussis (whooping cough)

Bordetella pertussis

Plague

Yersinia pestis

Anterior acute polio (myocardial infarction)

Poliovirus types 1, 2, 3

Q fever

Coxiella burnetii

Rotavirus gastroenteritis

Rotavirus

Rubella (smallpox)

Rubella virus

Congenitalis rubella syndrome

Rubella virus

Salmonellosis

Salmonella spp.

Scarlatina (red)

Erythrogen toxin-producing strains of Streptococcus pyogenes

Shigellosis

Shigella spp.

Severe Acute Respiratory Syndrome (SARS)

SARS coronavirus

Invasive disease caused by Streptococcus pneumoniae

Streptococcus pneumoniae detected from a normally sterile site

Strongyloidosis

Strongyloides stercoralis

Taeniasis

Taenia spp.

Tetanus

Clostridium tetani

Toxoplasmosis

Toxoplasma gondii

Congenitalis toxoplasmosis

Toxoplasma gondii

Tuberculosis

Mycobacterium tuberculosis complex

Trichinellosis

Trichinella spp.

Tularemia

Francisella tularensis

Typhus abdominalis

Salmonella Typhi

Typhus exanthematicus

Rickettsia prowazeki

Varicella (chickenpox)

(do not report pathogen)

Variola (smallpox)

Smallpox virus

Viral haemorrhagic fevers

Dengue virus, Ebola virus, Hantavirus, Lassa virus, Marburg virus, Rift Valley fever
virus,
Crimean Congo haemorrhagic fever virus

Yersiniosis

Yersinia enterocolitica, Yersinia pseudotuberculosis

No particularly dangerous infectious disease has been detected in Hungary before
Human diseases caused by a new influenza virus

Influenza virus A, B, C

B) Diseases to be reported without identification
AIDS

HIV

HIV infection

HIV

Acute urogenital chlamydiasis

Serotype DK of Chlamydia trachomatis

Gonorrhea

Neisseria gonorrhoeae

Lymphogranuloma venereum

Serotypes L1, L2 and L3 of Chlamydia trachomatis

Syphilis

Treponema pallidum

Connatalis syphilis

Treponema pallidum

Annex 2 to Annex XLVII of 1997 to the law
Screening and suitability tests in case of mandatory reporting by the data subject
1.

Job, professional, health fitness medical examinations (preliminary, periodic, extraordinary, final).

2.

Screening tests, including biological monitoring tests, for the detection of occupational diseases.

3.

Related to the determination of military medical fitness and other medical fitness required for the establishment of a service relationship
specialist examinations.

4.

Medical examinations required for driving licenses.

5.

Medical examinations required for the acquisition and possession of small arms, ammunition, gas and alarm weapons.

6.

In connection with the establishment of school preparation, compulsory schooling and the obligation to train, the vision, hearing, intellectual development, speech development
abilities or other abnormalities.

Annex 3 to Annex XLVII of 1997 to the law

*

List of notifiable occupational diseases
EU code

Mist

1

A) CHEMICAL PATHOGENIC FACTORS

100

A1

Diseases caused by acrylonitrile

101

THE 2

Diseases caused by arsenic and its compounds

102

THE 3

Diseases caused by beryllium and its compounds

103.01

A4

Diseases caused by carbon monoxide

103.02

A5

Diseases caused by phosgene

104.01

A6

Diseases caused by hydrogen cyanide

104.02

A7

Diseases caused by cyanides and their compounds

104.03

A8

Diseases caused by isocyanates

105

A9

Diseases caused by cadmium and its compounds

106

A10

Diseases caused by chromium and its compounds

107

A11

Diseases caused by mercury and its compounds

108

A12

Diseases caused by manganese and its compounds

109.01

A13

Diseases caused by nitric acid

109.02

A14

Diseases caused by nitrogen oxides

109.03

A15

Diseases caused by ammonia

110

A16

Diseases caused by nickel and its compounds

111

A17

Diseases caused by phosphorus and its compounds

112

A18

Diseases caused by lead and its compounds

113.01

A19

Diseases caused by sulfur oxides

113.02

A20

Diseases caused by sulfuric acid

113.03

A21

Diseases caused by carbon disulfide

114

A22

Diseases caused by vanadium and its compounds

115.01

A23

Diseases caused by chlorine

115.02

A24

Diseases caused by bromine

115.04

A25

Iodine diseases

115.05

A26

Diseases caused by fluorine and its compounds

116

A27

Aliphatic and alicyclic hydrocarbons from petrol (low boiling hydrocarbon blends)
diseases caused

A28

Diseases caused by vinyl chloride

A29

Diseases caused by trichlorethylene

A30

Diseases caused by tetrachlorethylene

A31

Diseases caused by halogenated derivatives of other aliphatic and aromatic hydrocarbons

118

A32

Diseases caused by butyl, methyl and isopropyl alcohol

119

A33

Diseases caused by ethylene glycol, diethylene glycol, 1,4-butanediol and nitro derivatives of glycols and glycerol

120

A34

Methyl ether, ethyl ether, isopropyl ether, vinyl ether, dichloroisopropyl ether, guaiacol, methyl ether and ethyl ether of ethylene glycol.

117

diseases
121

A35

Acetone chloroacetone, bromoacetone, hexafluoroacetone, methyl ethyl ketone, methyl n-butyl ketone, ethyl isobutyl ketone, diacetone alcohol,
diseases caused by mesityl oxide, 2-methylcyclohexanone

A36

Diseases caused by other alcohols, glycols, ketones, aldehydes, esters

122

A37

Diseases caused by organic phosphoric acid esters, carbamate insecticides

123

A38

Diseases caused by organic acids

124

A39

Diseases caused by formaldehyde

125

A40

Diseases caused by nitroglycerin and other aliphatic nitro derivatives

A41

Diseases caused by benzene

A42

Diseases caused by toluene

A43

Diseases caused by xylene

A44

Other diseases caused by benzene homologue

126.02

A45

Diseases caused by naphthalene or naphthalene equivalents (naphthalene equivalents are characterized by CnH2n-12)

126.03

A46

Diseases caused by styrene and divinylbenzene

127

A47

Diseases caused by halogenated derivatives of aromatic hydrocarbons

128.01

A48

Diseases caused by phenols and their equivalents or their halogenated derivatives

128.02

A49

Diseases caused by naphthol and its equivalents or halogenated derivatives

128.03

A50

Diseases caused by halogenated derivatives of alkylaryl oxides

128.04

A51

Diseases caused by halogenated derivatives of alkylarylsulfonates

128.05

A52

Diseases caused by benzoquinones

129.01

A53

Aromatic amines or aromatic hydrazines or their halogenated, phenolic, nitrified, nitrated or sulphonated derivatives

126.01

diseases caused
129.02

A54

Diseases caused by aliphatic amines and their halogenated derivatives

130.01

A55

Diseases caused by nitrated derivatives of aromatic hydrocarbons

130.02

A56

Diseases caused by phenols and nitrated derivatives of their equivalents

131

A57

Diseases caused by antimony and its compounds

132

A58

Diseases caused by nitric acid esters

A59

Diseases caused by nitroglycerin and other nitric acid esters

133

A60

Diseases caused by hydrogen sulfide

135

A61

Encephalopathies caused by organic solvents, not elsewhere specified or included

136

A62

Polyneuropathies caused by organic solvents, not elsewhere specified or included

A63

Diseases caused by dioxane (diethylene oxide)

A64

All other chemicals used during work, occupations and entering the worker's body surface and body
(including other plant protection products)

201.01

A65

Soot-induced skin diseases and skin cancer

201.02

A66

Bitumen-induced skin diseases and skin cancer

201.03

A67

Tar-induced skin diseases and skin cancer

201.04

A68

Tar-induced skin diseases and skin cancer

201.05

A69

Skin diseases and skin cancers caused by anthracene and its compounds

201.06

A70

Skin and skin cancers caused by minerals and other oils

201.07

A71

Skin diseases and skin cancer caused by crude paraffin

201.08

A72

Skin diseases and skin cancers caused by carbazole and its compounds

201.09

A73

Skin diseases and skin cancers caused by the by-products of carbon distillation

202

A74

Chemical irritant dermatitis

A75

Contact allergic dermatitis caused by chemicals

A76

Other chemical skin diseases (eg oil acne) and mucosal diseases

A77

Other skin diseases and cancers

301.11

A78

Silicosis

301.12

A79

Silicosis combined with pulmonary tuberculosis

301.21

A80

Asbestosis

301.22

A81

Mesothelioma following inhalation of asbestos dust

301.31

A82

Other pneumoconioses

302

A83

Complication of asbestos in the form of bronchial cancer

303

A84

Broncho-lung diseases caused by sintered metals

304.04

A85

Respiratory diseases caused by inhalation of dust from cobalt, tin, barium and graphite

A86

Hard metal-induced pulmonary fibrosis

304.05

A87

Siderosis

304.06

A88

Scientifically proven chemical allergen-induced and work-related allergic asthma

304.07

A89

Scientifically proven and allergic rhinitis caused by chemical allergens

305.01

A90

Upper respiratory diseases caused by wood dust

306

A91

Asbestos-induced fibrosis of the pleura with respiratory restriction

307

A92

Chronic obstructive bronchitis and emphysema of miners working in a deep mine

308

A93

Lung cancer caused by inhalation of asbestos dust

309

A94

Diseases caused by aluminum and its compounds

310

A95

Bronchopulmonary diseases caused by alkaline slag dust
B) PHYSICAL DISEASES

502.01

B1

Ultraviolet, infrared, other diseases caused by non-ionizing radiation (excluding electroophthalmia)

502.02

B2

Electroophthalmia

503

B3

Noise-induced hearing loss

504

B4

Diseases caused by working under pressure

505.01

B5

Disease caused by locally acting vibration

505.02

B6

Diseases caused by whole-body vibration (including discs of the lumbar spine)

B7

Diseases caused by other occupational physical pathogens

B8

Diseases caused by ionizing radiation

508

C) BIOLOGICAL FACTORS
401

C1

Other zoonoses

402

C2

Tetanus

403

C3

Brucellosis

C4

Ornithosis

C5

Tick-borne encephalitis

C6

Atrax

C7

Leptospirosis

C8

Q fever

C9

Tularemia

C10

Borelliosis (Lyme disease)

C11

Trichophytase

404

C12

Occupational hepatitis

405

C13

Occupational tuberculosis

406

C14

Amoebiasis

407

C15

Chronic damage to health caused by infectious diseases, if it has occurred in connection with the occupation

C16

Tropical diseases acquired through official foreign service

C17

Skin diseases caused by pus

C18

Skin diseases caused by fungi

304.01

C19

Exogenous (extrinsic) allergic alveolitis

304.02

C20

Lung diseases caused by inhalation of dusts and fibers from cotton, flax, hemp, jute, sisal and sugar cane

C21

Other occupational diseases caused by biological pathogens

304.06

C22

Scientifically proven biological allergens-induced and work-related allergic asthma

304.07

C23

Scientifically proven biological allergens-induced and work-related allergic rhinitis
D) NON-OPTIMAL USE, PSYCHOSOCIAL ERGONOMIC DISEASES

Page 4

506.10

D1

Disease of periarticular hoses due to pressure

506.11

D2

Pre-patellar and sub-patellar bursitis

506.12

D3

Olecranon bursitis

506.13

D4

Shoulder bursitis

506.21

D5

Diseases caused by tendon overload

506.22

D6

Disease caused by peritendine overload

506.23

D7

Muscle and tendon adhesion sites are diseases caused by overwork

506.30

D8

Injury of the meniscus of the knee joint

506.40

D9

Pressure-induced peripheral nerve damage

506.45

D10

Carpal tunnel syndrome

507

D11

Nystagmus of miners

D12

Diseases of the lumbar spine caused by disc movement of the disc

D13

Diseases of the cervical spine caused by disc movement of the disc

D14

Diseases caused by excessive or unilateral use of bones, joints, muscles, tendons

D15

Psychosocial pathogenic factors

D16

Diseases caused by ergonomic pathogens

D17

Other illnesses related to work or the work environment

Annex 4 to Annex XLVII of 1997 to the law

*

Back to top

About Wolters Kluwer

Informations

Our pages

Company history

F.A.Q

Wolters Kluwer

Our core values

Privacy Policy

Legal library

Sales representatives

Media offer

Trainings

Customer service

Cookie settings

Tax Online

Follow us

Legal world

Because it's important to make the right decision!

Contact Cookie Management Information

Imprint

© Wolters Kluwer

