Cross-border Data Transfer

Is the use of telehealth permitted?

Yes, it is expressly stated in the Act of 5 December 1996 on the Professions of Physician and Dentist that professional activities of a physician / dentist may be performed using ICT.

How is telehealth regulated?

There is no comprehensive domestic regulation on telehealth – telemedicine is regulated fragmentarily in a few acts of law. Act of 5 December 1996 on the Professions of Physician and Dentist provides a general possibility of rendering the telemedical services. Some other acts regulate certain aspects of telemedical services.

Recently a new the Regulation of the Minister of Health of 12 August 2020 on the organisational standard of teleporting in primary healthcare entered into force and sets forth rules on providing telemedical services within primary care.

Are there specific fields of healthcare in relation to which telehealth services are currently available, and do they involve the use of proprietary technology or platforms?

All types of healthcare services may be rendered this way. Obviously, physician must act with due diligence and follow current state of medical knowledge – if telemedical service is not sufficient from the medical standpoint, then the standard visit should occur.

There are no general rules what tools (platforms, apps etc.) should be used while rendering telehealth services.

Does the public health system include telehealth services, and if so, are such services free of charge, subsidised or reimbursed? Where the public health system does not include telehealth services, are such services covered by private health insurance?

The public health system includes telehealth services in regard of certain types of healthcare services (e.g. primary health, outpatient services etc.) and subject to certain conditions laid down in the law and ordinances of the President of the National Health Fund.

Do specific privacy and/or data protection laws apply to the provision of telehealth services?

There are no specific regulations related to privacy in telehealth services, however general privacy regulations are applicable, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("GDPR") and the Polish Act on Personal Data Protection of 10 May 2018.

The majority of the relevant obligations are established in the GDPR, including a number of obligations of the data controllers, rights of the data subject and legal basis for personal data processing. International data transfers are also regulated, with specific rules on extra-EEA transfers. Furthermore, the GDPR establishes specific rules on disclosing or entrusting the processing of personal data to third parties. All personal data processing activities related to the personal data of EUbased data subjects would need to be compliant with both the GDPR and any local regulations. Additionally, due to the special character of personal data processed (i.e. health data) a high and up-to-date level of organisational and technical safeguards would need to be ensured, in line with Article 32 of the GDPR.

Are there any currently applicable codes of conduct on the use of telehealth systems and/or security of telehealth data in your jurisdiction?

here are no official codes of conduct; however, certain aspects of telehealth are regulated in the law, e.g. in the Regulation of the Minister of Health of 12 August 2020 on the organisational standard of teleporting in primary healthcare.

Are any specific laws, regulations, or self-regulatory instruments expected to be adopted in the near future?

No specific instruments are known / expected at present.