eSanté PLATFORM
TERMS OF SERVICE
Click here to download PDF document
I.Preamble
The law of 17 December 2010 relating to the reform of the healthcare system created the eSanté Agency with the aim of improving the use of new information and communication technologies in the health sector, and for safe care.
Article 60ter of the Social Security Code (hereinafter SSC) has thus stated the eSanté Agency’s mission to be to operate and manage the eSanté Platform, which has the function and objective of facilitating the exchange, sharing and better use of health data at the national and European levels, between the various stakeholders in the health, aid and care sector at the national and European level.
The purpose of the information below is to specify and regulate the use of the eSanté Platform operated and managed by the eSanté Agency in application of its legal mission.
II.Definitions
eSanté Agency: the EIG National agency for shared information in the field of health created in application of Article 60ter of the SSC (more information on its members, its functioning and organisation www.esante.lu, eSanté Agency section);
eSanté Portal: eSanté Agency website accessible online by anyone, where all communications and information relating to the eSanté Agency, the eSanté Services and in general to the field of Health and the use of new technologies in the latter are published;
eSanté Account: personal and secure account that gives access to eSanté services. This account can be activated through the portal. Authentication by LuxTrust is compulsory for healthcare professionals and optional for patients.
eSanté Platform: the national health data exchange and sharing platform developed and operated by the eSanté Agency in application of Article 60ter of the SSC, through which eSanté services are made available;
eSanté service(s): any electronic service, irrespective of its nature and the technology used, made available or which will be made available to Users in the eSanté Platform, the purpose of which is to promote the exchange and sharing of health data in accordance with articles 60ter and 60quater of the SSC. It is specified that an eSanté Service can be developed and/or operated under the responsibility of a third party that will be identified;
User(s): any natural person authorised to access and use the eSanté Services, or who are beneficiaries of the latter, made available on the eSanté Platform in application of these General Terms and Conditions and the applicable Special Terms and Conditions, or any natural person meeting at least one of the definitions hereinafter of Patient, Healthcare Professional and Health Worker;
Patient(s): any natural person affiliated to the Luxembourg health insurance, and any natural person not affiliated to the Luxembourg health insurance benefiting from healthcare services in the Grand Duchy of Luxembourg or in relation to any organisation in the health, aid and care sector authorised to use the platform;
Healthcare Professional(s): any natural person duly authorised to legally practice a health profession in Luxembourg, strictly defined in the amended law of 29 April 1983 concerning the exercise of the professions of doctors, dentists and veterinary surgeons, in the amended law of 26 March 1992 on the exercise and upgrading of certain healthcare professions, as well as in the amended law of 31 July 1991 determining the conditions for authorisation to practice the profession of pharmacist;
Health worker(s): any natural person not identified as a Healthcare Professional nevertheless exercising a professional activity in the medico-social sector, in particular in any private or public organisation or public administration of social security, and who can lawfully hold an eSanté account according to the criteria of the eSanté Agency pursuant to article 60ter of the SSC. This category also includes Healthcare Professionals no longer carrying out their activity and having previously benefited from an eSanté account;
Healthcare establishment(s): any hospital establishment as defined by the law of 8 March 2018 relating to hospitals and hospital planning, any medical analysis laboratory as defined by the amended law of 16 July 1984, any other healthcare establishment approved in application of the amended law of 8 September 1998 regulating relations between the State and organisations working in the social, family and therapeutic fields, as well as any pharmacy authorised to open in application of the provisions of the law of 4 July 1973;
General Terms and Conditions: these general terms of service;
Special Terms and Conditions: any terms of service or charter of use specific to one or more eSanté Services made available to Users on the eSanté Platform, in addition to these General Terms and Conditions;
Rules of Use: all the General Terms and Conditions and Special Terms and Conditions in force as well as generally any instructions and guide to the proper use of the eSanté Platform and eSanté Services accessible by Users through them.
III.Purpose
The purpose of these General Terms and Conditions is to define, in accordance with the applicable legislation, the rules of access and use for Users relating to the eSanté Platform and the eSanté Services.
The General Terms and Conditions are therefore applicable to all Users and are fully enforceable against them as soon as their account is activated (see art. IV c.), regardless of the eSanté Services they use or which they can access, regardless of the connection mode. The Special Terms and Conditions cannot exclude the application of the General Terms and Conditions to the eSanté Service concerned.
By accessing and using the eSanté Platform and the eSanté Services, each User is deemed to have read and unreservedly accepted these General Terms and Conditions and all Special Terms and Conditions of the eSanté Service that they access and use. Therefore, any action, behaviour and use of the User on the eSanté Platform must comply with these Rules of Use without exception, particularly concerning the protection of personal data.
The Rules of Use may be modified in whole or in part at any time by the sole decision of the eSanté Agency. The modified versions will come into force on the day of their publication on the eSanté Platform, unless otherwise specified. Each User will be notified by message on the portal when logging in. It is therefore the User's responsibility to take note of the changes made and to comply with them.
Browsing through and use of the eSanté Portal are governed exclusively by the legal notices specific to the latter, which can be accessed here. Therefore, any User browsing the eSanté Portal must comply with the said legal notices in addition to the Rules of Use.
IV.eSanté Platform and eSanté Services
- Description
The eSanté Platform can be described as a technical space dedicated to the various health and medico-social stakeholders as well as to Patients. It provides the devices, tools and features required to allow the proper functioning of all eSanté Services hosted on the eSanté Platform for the purposes of the exchange and secure sharing of dematerialised health data via telecommunications networks (e.g. internet, mobile), in compliance with applicable laws, regulations, ethical rules and technical rules.
In this context, the eSanté Platform offers the possibility:
- To give only authorised Users access to the Platform and to the eSanté Services specifically concerning them (see list in appendix 1) through a single connection point,
- To ensure the authentication and identification of Users of the eSanté Services, including the identification between Users with a high degree of certainty through repository, identification and security directories (see art IV b.);
- To provide to any eSanté Service, including the DSP, a technical base of high availability and with a high level of security to allow its use by any User concerned on any compatible technical environment (latest known versions of internet browsers and operating systems);
- To define standards for transmission, communication, transport, exchange and sharing of health data according to recognised standards, ensuring that the data can be read by any User in a secure manner;
- To ensure the partitioning of exchanges and sharing of health data by eSanté Service, for the sake of data security and integrity, as well as the protection of personal data.
The eSanté Services are, in accordance with article 60ter of the SSC, IT projects of national or even European scope, of any form whatsoever, dedicated to all or part of the Users, which facilitate and secure the exchange, sharing and/or allow better use of health data.
They can be developed at the initiative of the eSanté Agency or any other private or public body (see Article II). They are made available on the eSanté Platform as they are developed and after verification of their compliance with Articles 60ter and 60quater of the SSC, as well as any other applicable legal or regulatory provision, in particular concerning the protection of personal data. A list in the appendix presents, in a non-exhaustive manner, the various eSanté Services made available on the date of publication of these General Terms and Conditions.
Each version of the Special Terms and Conditions issued governing the use of one or more eSanté Services therefore mentions, among other things:
- Its purpose and the conditions of access and use in accordance with applicable legislation;
- The Users concerned, either as direct users or as beneficiaries, and the data processed;
- The body responsible for its development.
- Right of Access to the eSanté Platform and to the eSanté Services
The eSanté Services are gradually made available on the eSanté Platform. Therefore, access rights will be allocated to Users authorised to use the eSanté Services actually made available, according to their Special Terms and Conditions, without prejudice to any application of access rights as regards the protection of personal data.
The eSanté Agency will carry out all communication and information required with the Users concerned and within the eSanté Portal.
The eSanté Platform is mainly accessible by connecting the User through the eSanté Portal, allowing them to authenticate themselves online.
The eSanté Platform and/or all or part of the eSanté Services can also be connected to the user's information system by installing technical connectors, or any other technology, certified to comply with the technical and security standards issued by the eSanté Agency. Thus, a healthcare establishment, not being a User according to article II hereof, will be able to connect its information system, certified compliant, to the eSanté Platform, if necessary via the shared infrastructure manager, for the purpose of allowing Healthcare Professionals working on its behalf to access it to use the eSanté Services after they have previously authenticated themselves in the Establishment’s information system.
Access rights are allocated exclusively to Users meeting the definitions of article 2 hereinabove and in accordance with the provisions of articles 60ter and 60quater of the SSC and the related Grand-Ducal Regulations, namely those registered respectively in the identification repository directories:
- For Healthcare Professionals: by their registration in the official registers kept by the Minister responsible for health in accordance with the legal provisions referenced in Article 2 hereof;
- For Patients: any natural person meeting the definition of Article 2 and particularly registered in the register kept by the joint social security centre owing to its legal missions, with any Healthcare Professional and Healthcare establishment providing health, aid and care services, or with an organisation authorised as a beneficiary of their benefits/services;
- For Health Workers: upon formal request from the organisation to which the natural person belongs sent to the eSanté Agency, in compliance with the criteria and procedures issued by the latter, and in special cases by the natural person himself/herself.
In the event that a person meets multiple categories of Users as defined in Article 2 hereof, they will be assigned a specific right of access attached to each category.
The loss of his/her position as a Healthcare Professional, Patient or Health Worker entails for the User the loss of his/her right of access as a Healthcare Professional, Patient or Health Worker respectively. The loss of position is determined by the legal provisions referenced in the definitions of Article II above, and the criteria of the eSanté Agency for Health Workers. In the event that a person meets multiple categories of Users, the loss of position in one category may in no case automatically lead to the loss of position in the other category.
The attribution of a right of access to the eSanté Platform for a User under the aforementioned conditions results in his/her registration in the security directory and the creation of a personal account on the eSanté Platform, to which the login identifiers are associated.
The eSanté account of each User allows him/her to access only the data concerning him/her as well as the eSanté Services associated with his/her position of Patient, Healthcare Professional or Health Worker respectively.
Any connection as a Patient will not allow the User concerned to access data relating to the exercise of his or her role as a Healthcare Professional or Health Worker; in order to access it, he/she must connect with the login identifiers associated with this position.
The eSanté Services are accessible exclusively through the eSanté Platform or the establishment of technical connectors approved beforehand by the eSanté Agency by virtue of its purpose defined by Article 60ter of the SSC.
The right of access to eSanté Services is determined by the respective Special Terms and Conditions according to the purpose of the service, and is therefore granted to the Users concerned according to the rules and procedures defined by the manager of the eSanté Service concerned.
It is specified that the attribution of a right of access to a User for an eSanté Service does not in any way affect the User’s obligation to use the eSanté Service while respecting the rights of third parties, and in particular their privacy.
- Connection methods
The User must access the eSanté Portal for the first time to activate his/her eSanté account (hereinafter eSanté platform) according to the procedure communicated on the Portal (for the healthcare professional, for the patient). It is specified, however, that the activation of the account is carried out by default by the eSanté Agency for Health Workers.
However, Healthcare Professionals working in a healthcare establishment will be able to access eSanté Services, including the DSP, through the internal information system of the Healthcare Establishment to which they will be connected and according to the procedures defined by said Establishment.
Patient and Healthcare Professional Users connect to the eSanté Platform using strong authentication methods to verify their identity as well as their position.
The authentication procedures on the eSanté Platform through the eSanté Portal are personally communicated to each User present in the repository directories by the eSanté Agency:
- Healthcare Professionals must possess an active Luxtrust product associated with their position and obtained according to Luxtrust procedures (accessible here). It will be associated with their eSanté account when their account is activated;
- Patients have the possibility to connect by different strong authentication mechanisms, the first of which are as follows (other mechanisms will be made available in the future):
- A Luxtrust product that they personally possess in accordance with Luxtrust procedures (accessible here). It will be associated with their eSanté account when their account is activated;
- The OTP (One Time Password) mechanism offered by the eSanté Agency when activating their account, in addition to a username / password pair determined at the end of the activation procedure.
- Health Workers will be personally assigned a username / password combination, under the identification procedure set up by the eSanté Agency, without prejudice to the imposition of the use of a highly secure communication network identified by the eSanté Agency for the use of eSanté Services.
When a Healthcare Professional and/or a Health Worker logs in through the information system of the Healthcare Establishment in which he/she works, his/her authentication is carried out by the measures implemented by the said Establishment. The Healthcare Establishments will take the necessary measures at their level to ensure an adequate level of authentication with regard to the security criteria of the eSanté Agency, subject to suspension of the connection authorisation granted by the eSanté Agency.
For the record, it may be possible for Users to access the eSanté Platform by other connection methods offering a lower level of security. In this case, eSanté services requiring a high level of security will not be made accessible (e.g. DSP, secure messaging), and in general the eSanté Agency reserves the right to provide access to other eSanté Services in degraded mode only (i.e. not offering all the features).
At any time, the eSanté Agency reserves the right to modify the connection methods of Users, whatever they may be, and if necessary only for one category, in particular because of security constraints and technological developments.
In this case, it will be the responsibility of each User to modify their connection methods upon receipt of the notification sent by the Agency, failing which the account may be temporarily blocked.
Regarding the connection of an information system of a Healthcare Establishment, any envisaged modification will be agreed between the eSanté Agency and the Healthcare Establishment concerned, which will manage, if necessary, any modification of the connection within its information system.
The eSanté Platform enables a centralised administration and management of Users, in particular through the use of “Single Sign On” technology via the security directory.
The User's authentication on the eSanté Platform by the implemented systems allows him/her to access all the eSanté Services to which he/she is authorised according to his/her position and the terms defined for each of the eSanté Services within their respective Special Terms and Conditions.
It is specified that authentication and access via an information system other than the eSanté Portal will only allow access to the sole eSanté Service for which the information system concerned and the User are both authorised.
In this context, Users are responsible for obtaining information about the eSanté Services that they can access outside the eSanté Platform, if applicable from the manager of the information system concerned.
V.User commitments
The eSanté Platform and the eSanté Services are tools made available to Healthcare Professionals and Health Workers as part of the care of Patients in the healthcare system and the management of health services, and to Patients for allowing them to use new communication technologies.
Their use is therefore governed by articles 60ter and 60quater of the SSC and by the related Grand-Ducal Regulations enforcing the former, without prejudice to the users’ compliance with all legal, regulatory and ethical provisions that would be applicable to them because of their status as Patients, Healthcare Professionals and/or Health Workers, relating to the relationships between stakeholders in the field of health, aid and care.
Their use is also subject to compliance with any legal and regulatory provisions relating to the protection of personal data, respect for privacy and the security of information systems that may be applicable.
It is specified that these general terms and conditions cannot presume the terms of application of the DSP that are defined in the Specific Terms and Conditions concerned and the Grand-Ducal Regulation of 6 December 2019 specifying the terms and conditions for setting up the shared care file.
- Terms of use
Each User undertakes, from his/her first access to the eSanté Platform, and by way of his/her first use of the eSanté Service, to behave unconditionally in compliance with all the rules and legal, regulatory and ethical provisions that would be applicable to him/her in his position of Patient, Healthcare Professional or Health Worker.
Thus, any action by a Healthcare Professional User in the eSanté Platform and eSanté services is presumed to occur in the exercise of his/her health profession in compliance with all applicable legal, regulatory and ethical provisions.
Likewise, any action by a Health Worker User is presumed to intervene in the exercise of his/her mission in compliance with all legal, regulatory or contractual provisions that would be applicable to him/her.
Finally, any action by a Patient within his/her DSP, or concerning access to the latter, is presumed to take place within the framework of the coordination of his/her healthcare in compliance with all applicable legal and regulatory provisions.
Moreover, each User, from his/her first access to the eSanté Platform, and by way of his/her first use of the eSanté Service, commits to the following, without this list being exhaustive:
- To use the eSanté Platform, the eSanté Services and the accessible data in accordance with the purposes defined in the Rules of Use in force, as well as the provisions relating to the protection of personal data;
- To exchange and share within the eSanté Platform and the eSanté Services data that is exclusively adequate, relevant and of high quality, with only legitimate Users;
- To keep the confidentiality of all documents, information, data, whatever the form and type, which were communicated during the use of the eSanté Platform and an eSanté Service, without prejudice to any sharing authorisation with authorised Users within the eSanté Service or by application of the applicable legal, regulatory or ethical provisions;
- To respect the privacy of Users and the protection of their personal data that they may become aware of while using the eSanté Service;
- To safely store the personal connection information to the eSanté Platform and prevent their use by any other person regardless of their status, and alert the eSanté Agency as soon as possible of the loss or theft of this information so as to enable it to take any appropriate action.
Each User is fully aware in this context:
- That his/her right of access to the eSanté Platform and to the eSanté Services is strictly personal and cannot be granted to a third party;
- That he/she is responsible for all data and information concerning him/her that he/she communicates or decides not to communicate within the eSanté Services;
- That he/she is responsible for the integrity, accuracy, veracity and relevance of all data, information and documents that he/she communicates within the eSanté Services.
The Agency has implemented various technical mechanisms for identifying or even preventing any misuse and any violation of the Rules of Use and other provisions applicable to Users, in agreement with the latter, in particular those concerning the respect of privacy and professional secrecy.
- Prohibited uses
In general, every User is formally prohibited from carrying out any act, or from engaging in any behaviour that would promote the performance of any act that would directly or indirectly undermine the integrity of the eSanté Platform, the eSanté Services and the data included therein, as well as any act that could cause harm to any other User, to the eSanté Agency or to a third party, in addition to any violation of applicable legal, regulatory and ethical provisions.
The following are therefore particularly prohibited, without this list being considered exhaustive:
- The use of the eSanté Platform and the eSanté Services for purposes other than those expressly defined in the Rules of Use, articles 60ter and 60quater of the SSC, particularly including uses for commercial and advertising purposes;
- Access, extraction, use, reproduction, destruction or modification of the data accessible through the eSanté Platform and eSanté Services without any express authorisation;
- The publication and dissemination of any content that is illegal and/or infringing the rights of third parties, whatever its type, format and medium, in the eSanté Platform and the eSanté Services;
- Any action whatsoever that would have the impact or intention of causing a malfunction of the eSanté Platform and the eSanté Services, including but not limited to their unavailability, modification and malfunction of features;
- Any circumvention, modification or deletion, including attempts to do so, of any security measure implemented on the eSanté Platform and/or the eSanté Services, whether carried out alone or in a group, with or without the assistance of any device whatsoever, except when proof is provided that the equipment was used as a “zombie machine” and that minimum security precautions had been taken by the User.
Each User undertakes to alert the eSanté Agency of any misuse or prohibited use that he/she may become aware of.
VI.I.Commitments of the eSanté Agency
The eSanté Agency undertakes to do everything possible under Articles 60ter and 60quater of the SSC, without however being bound by an obligation of result, to:
- Provide the eSanté Platform and the eSanté Services complying with the conditions and commitments of the legal and regulatory provisions in force;
- Provide guarantees regarding the implementation of any measure and any device ensuring a high level of security, User identification, confidentiality and data protection required to allow any exchange and sharing of health data in accordance with the legislation;
- Offer Users a high level of availability of the provided eSanté Platform and the eSanté Services, subject to any event beyond its reasonable control leading to a significant deterioration in the level of security or leading to unreasonable maintenance costs.
It is particularly specified in this context that:
- The eSanté Platform and the eSanté Services are designed and made available to Users with regard to various applicable and internationally proven norms and standards, concerning security based on the standards of the ISO27001 group et seq., as well as the exchange of health data in compliance with the IHE and HL7 standards;
- The identification and authentication of Users are carried out through recognized secure tools and devices, including the application of the principles of Identity-vigilance concerning the identification of Patients within the framework of the use of eSanté Services;
- The eSanté Platform, including all the eSanté Services and data processed by them, is hosted in the Grand Duchy of Luxembourg with a Tier IV-certified host complying with PCI/DSS standards;
- Each eSanté Service in its operation is strictly partitioned in a logical manner from the other eSanté Services and Platform features, thus ensuring their integrity without preventing any authorised and tracked communication;
- Any connection to the eSanté Platform and to all or part of the provided eSanté Services, including the DSP, by an information system of a Healthcare Establishment or through business software, will be authorised by the eSanté Agency by issuing a certificate of conformity guaranteeing compliance with the technical and security rules defined by the eSanté Agency;
- All access to the eSanté Platform and all use of the eSanté Services is tracked by technical devices for the purpose of identifying and dealing with any malfunction, misuse, malicious action and external attack, however excluding any systematic monitoring of the exchanged content and of the Users.
The eSanté Agency takes the necessary measures to meet the commitments and missions assigned to it under Articles 60ter and 60quater of the SSC.
VII.Protection of personal data
The eSanté Platform and the eSanté Services have the common purpose of public interest, within the meaning of Articles 60ter and 60quater of the SSC, of allowing Users to exchange and share health data in a dematerialised and secure manner in order to optimise the continuity, coordination and safety of the care provided to Patients as well as a better use of this data processed within the healthcare system.
Note that certain eSanté Services that are made available on the eSanté Platform may be developed and operated by legitimate third-party organisations (see definition in Article II), which have delegated the technical and functional administration to the eSanté Agency, as the processor.
The eSanté Agency is responsible for ensuring compliance with the General Data Protection Regulation ((EU) 2016/679) on the protection of individuals with regard to the processing of personal data and on free movement of this data, applicable from 25 May 2018, (hereinafter referred to as the General Data Protection Regulation), also as regards the third party organisations in charge of the eSanté Services.
The purpose of this article is to present, in general, the commitments made to respect and ensure the respect of the privacy of Users and data subjects within the meaning of the General Data Protection Regulation, without calling into question the public health objective pursued by the eSanté Platform and the eSanté Services.
This article may be supplemented by the Special Terms and Conditions of the eSanté Services specifying the actions taken specifically for the processing of data carried out by the third party responsible for the eSanté Service concerned, without prejudice to any applicable regulatory provision.
The eSanté Agency also reserves the right to publish, with the collaboration of third-party organisations responsible for an eSanté Service, any document dedicated to the protection of personal data that may be processed within the eSanté Platform.
- General commitments
In accordance with its Privacy Policy, the eSanté Agency:
- Ensures that the eSanté Platform complies with the provisions of the General Data Protection Regulation with regard to Articles 60ter and 60quater of the SSC, particularly by Users;
- Prohibits the provision of any eSanté Service that does not comply with the General Data Protection Regulation and, where applicable, for which it has not carried out the required actions with the CNPD;
- Imposes the respect and application of its privacy policy commitments to each third party responsible for any eSanté Service.
The privacy policy of the eSanté Agency particularly mentions that, with regard to all applicable legal provisions relating in particular to the provision of healthcare and relations between stakeholders in the health sector:
- The legitimacy and purpose of the processing of personal data under the General Data Protection Regulation is guaranteed;
- Any controller and processor, as defined in the General Data Protection Regulation, is clearly identified and forced to comply with the provisions of the General Data Protection Regulation, as well as the recipients, as defined in the General Data Protection Regulation, which cannot be different from the Users defined herein;
- The conditions for processing personal data comply with the principles of data quality, the proportionality of the data processed and their retention and security period, and ensure that consent has been sought with the exception of any applicable legal provisions to the contrary;
- The exercise of the rights of access, rectification and opposition of the data subjects is ensured, as well as any system for submitting questions and complaints is implemented without prejudice to any existing legal system;
- The information for the data subjects is clear, explicit, accessible and specific;
- Any action will be taken to check, on a recurring basis, that the previous points are respected and, if necessary, to take the appropriate corrective measures.
It is also specified that all notices and references relating to actions carried out with the CNPD under the applicable regulatory provisions will be communicated.
- Processing conditions concerning the eSanté Platform
The eSanté Agency is responsible for the eSanté Platform as described in Article IV.a. hereof and therefore for the processing of personal data carried out for the management and centralised administration of the eSanté Platform through identification reference directories and the security directory mentioned in Article IV b. (Grand-Ducal Regulation of 6 December 2019 specifying the methods for managing the identification of persons and the categories of data contained in the reference directories for the identification of patients and service providers).
The provisions below describe the commitments made by the eSanté Agency regarding this processing carried out, in application of the above notices. In this context, note that all the details concerning the processing carried out by the eSanté Services are described in the applicable Special Terms and Conditions.
Description of the processing: identification, management and administration of Users of the eSanté Platform:
Article 60ter of the SSC gives the eSanté Agency the mission to create the eSanté Platform with the objective of promoting the exchange and sharing of health data between the stakeholders of the healthcare system.
In this context, the eSanté Platform processes the identification data of Users in repository and security directories (see IV b) allowing granular management of access rights by eSanté Service and by User exclusively to the relevant data to ensure the operation of the eSanté Service concerned in accordance with its intended purpose.
In this context, a "Single Sign On" (SSO) IT security feature is used, which allows centralised management by the eSanté Agency and limits the transmission of identification data in the context of the use of the eSanté Services. The eSanté Agency therefore determines, with the third-party organisations responsible for the eSanté Services, the rules for accessing User data when using the eSanté Service.
It verifies the identification data viewing requirements by Users of an eSanté Service in accordance with its intended purpose and the obligation to identify a data subject in response to public health and safety requirements.
Data controller, processor and recipients (according to the definitions of the General Data Protection Regulation):
The eSanté Agency is the data controller for the processing carried out by the directories. As such, it is in charge of the proper application of the security measures required under the General Data Protection Regulation, by its employees and processors.
The Agency called on a Consortium made up of the companies eBRC and Maincare, intervening in the rights of IDO-In, which have the status of processor under the General Data Protection Regulation. The latter act strictly according to the instructions sent by the eSanté Agency.
In this context, the data is hosted and processed by the eSanté Agency in the territory of the Grand Duchy of Luxembourg. The data will under no circumstances be disclosed, transferred and processed outside the European Union without the consent of the Patient concerned, a regulatory provision or authorisation from the CNPD.
According to the description of the processing above, the processed data is accessible to only the identified persons in charge of the management and administration of the directories.
However, it can be viewed by Users as mentioned above to identify a data subject in the context of the use of an eSanté Service, including the identification of a Patient to ensure the safety of care, the viewing right being granted only to Users having the necessary rights for the eSanté Service concerned with regard to its intended purpose according to the Special Terms and Conditions.
Conditions for carrying out the processing:
Pursuant to Article 60ter of the SSC, the data processed in the repository directories is the identification data entered in the official national registers as specified in Article IV.b. hereof, allowing the strong identification of Patients and Healthcare Professionals. (see: Grand-Ducal Regulation of 6 December 2019 specifying the methods for managing the identification of persons and the categories of data contained in the reference directories for the identification of patients and service providers).
The Health Workers’ data is collected from them through the organisations for which they work, regardless of their status with the latter, in order to enable them to carry out their mission through the eSanté Services concerned.
The centralisation of the management and administration of Users through the security directory helps to ensure the identification and authentication of Users by the eSanté Services without data transfer.
Consequently, the identification data of Patients and Healthcare Professionals is used and kept for the duration required to ensure the management, administration and identification of the latter, corresponding to the duration of their registration in the official national registers, in accordance with the legal and regulatory retention requirements requiring identification of Users, in particular with regard to the nature and purpose of the eSanté Services used.
The identification data of Health Workers is kept for the entire period for which they meet the definition in Article 2 hereinabove and for a maximum period of 12 months without prejudice to longer retention periods required by any legal provision and regulations particularly applicable to eSanté Services developed by third-party organisations.
It is specified that the technical logs of the Users in their use of the eSanté Platform and the eSanté Services are kept for a maximum period of 13 months.
The directories are integrated within the eSanté Platform, which is hosted by eBRC in Luxembourg, applying Tier IV standards and specifications ensuring the implementation of adequate and relevant security measures.
Only the employees of the eSanté Agency in charge of the management and administration of directories and administration of the eSanté Services can have access to User data, after personal authentication on the Platform and in compliance with strict procedures, it being understood that only the Identity-vigilance division administers the Patient repository directory.
Exercise of rights by data subjects (as defined in the General Data Protection Regulation):
The eSanté Agency will take all the necessary measures to provide information on the processing of identification data to the Users concerned. The information will be provided by any means and any medium, individually and in general.
Each User may exercise their right of access to the data processed with the eSanté Agency according to the instructions mentioned below, and where applicable through their eSanté account if it is activated.
Pursuant to Articles 60ter and 60quater of the SSC, as well as the legal provisions referenced in the definitions of Article 2 hereof, the Agency is entitled to process the identification data of Patients and Healthcare Professionals present in the national official registers. The rights of opposition and rectification of these Users must therefore be ensured in accordance with the provisions of the Grand-Ducal Regulation of 6 December 2019 specifying the methods for managing the identification of persons and the categories of data contained in the reference directories for the identification of patients and service providers. However, the eSanté Agency, at the request of the Users, may make means available on the eSanté Platform allowing these actions to be carried out online. In any case, the eSanté Agency will forward to the officer concerned any request for access / rectification / opposition that it receives directly via the eSanté Platform.
Health Workers will be able to exercise their rights with their organisation or directly with the eSanté Agency, according to the procedure that will have been given to them when they are granted the right of access to the eSanté Platform according to the conditions of article 3 hereof.
“Data protection” officer
The eSanté Agency has a “Data Protection” officer whose role is particularly to ensure the compliance of the processing of personal data with the applicable regulatory provisions.
This point of contact is in charge of receiving any request for the exercise of rights by Users and data subjects, as well as any questions and any complaints.
He/she can be contacted by letter at the eSanté Agency address for the attention of the “Data Protection Unit”, or by email at the following address: privacy@esante.lu.
An acknowledgment of receipt of the request will be issued, and all data exchanged in this context will be protected as part of private correspondence.
- Processing conditions concerning the Helpdesk service
The eSanté Agency, in application of Article 60ter of the SSC, provides a Helpdesk assistance service to Users of the eSanté Platform and eSanté Services, as well as to the general public.
The eSanté Agency is therefore responsible for the processing of personal data carried out for the provision and management of this Helpdesk service.
The provisions below describe the commitments made by the eSanté Agency regarding this processing carried out, in application of the above notices. In this context, note that all the details concerning the processing carried out by the eSanté Services are described in the applicable Special Terms and Conditions.
Description of the processing: provision and management of the Helpdesk service:
The eSanté Agency provides the Users of the eSanté Platform and the eSanté Services with the necessary assistance and support to enable them to use it properly. It also informs the general public about its activities and services.
It therefore records all requests received and processes them to provide each data subject with the assistance and support required. It also performs analyses, studies and statistics of anonymised requests for the purposes of assessing requests and the Helpdesk service.
Data controller, processor and recipients (according to the definitions of the General Data Protection Regulation):
The eSanté Agency is the data controller for the processing carried out by the Helpdesk service. As such, it is in charge of the proper application of the security measures required under the General Data Protection Regulation, by its employees and processors.
In this context, the data is hosted and processed by the eSanté Agency in the territory of the Grand Duchy of Luxembourg. The data will under no circumstances be disclosed, transferred or processed outside the European Union without the consent of the Patient concerned, a regulatory provision or authorisation from the CNPD.
According to the description of the processing above, the processed data is accessible to only the employees of the eSanté Agency working as part of the Helpdesk service.
Conditions for carrying out the processing:
The data of users or members of the general public is collected when they contact the Helpdesk service by telephone, email (including the eSanté Portal contact form) or post.
Only data allowing the proper processing of a request is gathered and collected, to the exclusion of all health data. In this context, the identification and contact data of the data subjects is requested for communication, as well as the data specific to the request to process it.
As a result, the data collected in this way is kept for up to 3 years after the request is closed with the Helpdesk service.
Only employees of the eSanté Agency working as part of the Helpdesk service can access the collected data.
Exercise of rights by data subjects (as defined in the General Data Protection Regulation):
The eSanté Agency will take all the necessary measures to provide information on the processing of data to the data subjects when they contact the Helpdesk Service. The information will be provided by any means and any medium, individually and in general.
Each User may exercise their right of access to the data processed with the eSanté Agency according to the instructions mentioned below.
“Data protection” officer
The eSanté Agency has a “Data Protection” officer whose role is particularly to ensure the compliance of the processing of personal data with the applicable regulatory provisions.
This point of contact is in charge of receiving any request for the exercise of rights by Users and data subjects, as well as any questions and any complaints.
He/she can be contacted by letter at the eSanté Agency address for the attention of the “Data Protection Unit”, or by email at the following address: privacy@esante.lu.
An acknowledgment of receipt of the request will be issued, and all data exchanged in this context will be protected as part of private correspondence.
VIII.Intellectual property
- General provisions
All of the information and components of the eSanté Platform, including any object or source code, text, image, sound, video or logo, are protected under intellectual property rights and at the very least as intellectual assets. The eSanté Agency is the sole owner of these rights, where applicable the holder of any right of use in the exercise of its activity, unless otherwise stated in the Special Terms and Conditions of the eSanté Services.
Any decompilation of the eSanté Platform and the eSanté Services is strictly prohibited for any reason whatsoever. Any User encountering problems must alert the eSanté Agency, which will take the necessary actions to resolve the problem, if necessary in concert with the User and/or the other third-party organisation responsible for the eSanté Service.
Any reproduction and/or even partial use of the eSanté Platform and/or the eSanté Services, regardless of the parts concerned, is also prohibited, except in case of the existence of a feature within the eSanté Service concerned that constitutes prior authorisation, within the limit of its use in accordance with the Special Terms and Conditions.
Otherwise, the User may be held liable for violation of intellectual property rights, and will be liable to any sanction provided for in the penal code.
Each User is responsible for all documents and information that he/she publishes and disseminates on the eSanté Platform and the eSanté Services. It is therefore his/her responsibility to ensure that its content is lawful, relevant and adequate with regard to this document, intellectual property law and generally all legal provisions applicable to his/her position.
Every User is requested to alert the eSanté Agency to any published content that they believe does not meet the requirements of relevance, adequacy and legality, in particular in the presence of a violation of copyright or privacy.
Upon receipt, the eSanté Agency will take all measures it deems necessary with regard to the transmitted information and within the limits of what the law permits.
- The eSanté tools
The eSanté Agency may, in application of Article 60ter of the SSC, offer certain Users various software tools intended for Healthcare Professionals and Healthcare Establishments that can meet some of their needs in the management of their activity. Depending on the case, this software can benefit from the eSanté Platform as a hosting base as well as a secure and specific connection with all or part of the eSanté Services.
These tools are neither developed nor operated by the eSanté Agency, which however can act as a partner to support their development and use, in execution of its legal mission under article 60ter of the SSC, of promoting the interoperability and security of health information systems.
The conditions for downloading and using these tools will be specifically set out in a license agreement accessible online or on request from the eSanté Agency, which will identify the publisher of these tools and their responsibility, as well as that of the Agency in terms of availability, accessibility, configuration and maintenance. Under no circumstances will the ability to download one of these tools result in the transfer of the ownership of copyright or other intellectual property rights to the User.
However, these General Terms and Conditions will apply to any access by the User to the eSanté Platform and/or eSanté Services in accordance with the provisions mentioned herein.
IX.Liability
The eSanté Agency cannot be held liable for obligations greater than those resulting from the application of Articles 60ter and 60quater of the SSC, and those mentioned among others herein.
In this context, the eSanté Agency cannot even be held liable:
- For any direct or indirect damage due to a violation or a breach by a User of the Rules of Use and any provision that would be applicable to him/her in the use of the eSanté Platform and the eSanté Service concerned;
- In the event of a malfunction or unavailability of the eSanté Platform and the eSanté Services that could be caused by the occurrence of an event or a case of force majeure;
- For any damage caused to a User or to a third party by another User by the distribution or publication of documents and information for which he/she did not have authorisation and/or infringing the rights of the third party or the other User, in particular in violation of his/her privacy and/or violation of any confidentiality agreement;
- For any communication of personal data to a Luxembourg judicial authority at the order of the latter, after prior notification to the User, within the strict limit of the court order in question, and provided that the law requires it despite the legislation on the protection of personal data and professional secrecy which Healthcare Professionals are responsible for.
The Agency cannot also be held liable for any unavailability of the Platform and the Services for maintenance reasons or in the event of an emergency (e.g. in case of an event that, by its nature and/or its possible impact, may undermine the integrity and security of the eSanté Platform, the eSanté services and the associated data), it being understood that the maintenance will be carried out mainly at times that disrupt their use as little as possible and for a limited period of time. A maintenance operation is always notified in advance and within a reasonable timeframe, allowing the user establishment to bear and above all to anticipate any inconvenience likely to impact the continuity of service.
Each User must, under penalty of being held liable and, if applicable, the application of sanctions as provided for by his professional order:
- Possess and update any computer equipment and information system belonging to him/her in accordance with the rules of good practice and of the manager responsible for the system, to ensure his/her access and connection to the eSanté Platform and to the eSanté Services;
- Take all the necessary measures at his/her level to ensure the security and confidentiality of his/her use of the eSanté Platform and the eSanté Services, including the connection and identification information;
- Enforce compliance with the Rules of Use on any data subject within his/her organisation, and if necessary provide information and training sessions.
In general, any misuse, intrusion, illegitimate access and attempted misuse, intrusion and illegitimate access are punishable under articles 509-1 et seq. of the penal code. The Agency reserves the right in this context to lodge a complaint and initiate a civil action.
In the presence of a case of force majeure as defined by law and case law, the liability of the eSanté Agency and the Users cannot be sought.
Also with regard to the constraints and limits specific to the Internet network, the eSanté Agency cannot be held liable for any transmission of viruses, malicious codes or disclosure of data, provided that it has taken appropriate security measures with regard to the state of the art.
X.Other provisions
If any part hereof should prove to be illegal, invalid or inapplicable for any reason whatsoever, the term or terms in question will be declared non-existent without this being able to impact the balance of the General Terms and Conditions and Rules of Use, and does not call into question the application of the remaining terms. Any required modification would however be made as soon as possible.
Any tolerance relating to a violation of the Rules of Use by the eSanté Agency and/or a User does not constitute a waiver by the injured Party to subsequently avail itself of its rights, including public action.
All rights to access and use the eSanté Platform and the eSanté Services are assigned by name under the conditions defined in Article 4 hereof. It may not, under any circumstances, be assigned, transferred or licensed to a third party by any means whatsoever and for any reason whatsoever.
In the event that a User loses his/her right under these terms and conditions, he/she remains bound by all the obligations he/she owes hereunder and by virtue of any legal provision that was applicable to him/her according to his/her position.
In the event that there is a contradiction between the various provisions making up the Rules of Use, the Special Terms and Conditions shall prevail over the General Terms and Conditions.
Any translation of these General Terms and Conditions is made for the information of Users. In the event of a problem of interpretation and/or conflict, only the documents drafted in French will prevail.
These General Terms and Conditions are governed by Luxembourg law. If there is any conflict, the court of relevant jurisdiction will be the court of Luxembourg city.
General terms and conditions of use - eSanté Platform - version 5.0 July 2021
Appendix 1 - eSanté Services
Secure Messaging:
Manager of the eSanté Service: eSanté Agency
Users authorised to use this eSanté Service: Healthcare Professionals
Description: Online messaging service dedicated to Healthcare Professionals to enable them to exchange electronic mail that meets the confidentiality requirements of their profession. The use of this service requires a strong authentication mechanism (e.g. Luxtrust product).
Healthcare Professionals can identify their Healthcare Professional correspondents through the eSanté Platform identification repository directory (see article IV b.).
The identification data present in the Patient and Health Worker directories is not used by the Secure Messaging eSanté Service devices.
Special Terms and Conditions of the Service:
https://www.esante.lu/portal/fr/service_project/doc_manager/download.php?&vars=DyzND2KP_cI68SkKm%2A5_e6BPH3373OgNgQc2_otsloA
Shared Healthcare File – DSP (Dossier de Soins Partagé):
Manager of the eSanté Service: eSanté Agency
Users authorised to use this eSanté Service: Healthcare Professionals and Patients concerned, namely Patients affiliated to Luxembourg health insurance.
Description: Service made available to the Healthcare Professionals and Patients concerned in application of article 60quater of the SSC and the Grand-Ducal Regulation of 6 December 2019 specifying the terms and conditions for setting up the shared care file, which expressly defines the public interest purpose of the processing carried out within the framework of the DSP Service: the exchange and sharing of health data in a dematerialised and secure manner to optimise the continuity, coordination and safety of the care provided to the Patient as well as better use of the data processed within the healthcare system.
Healthcare Professionals will be able to identify their counterparts and the Patient(s) concerned that they are treating, for the purposes of exchanging and sharing within the DSP all data and information useful and relevant for the medical monitoring of the patient.
The Patients concerned will be able to identify the Healthcare Professionals treating them and accessing their DSP in accordance with the authorisation rules in place. The Patients concerned will also be able to identify, under certain conditions, the Patients they wish to declare as a DSP Assistant.
The identification data present in the Healthcare Professional repository directory and the Patient repository directory respectively is used for the purpose of assigning access rights to the DSP.
Each Patient concerned personally receives all of the required information regarding the activation of their eSanté account and connection to their DSP.
Healthcare Professionals are informed directly by the eSanté Agency or through the Healthcare Establishment in which they perform their services, regarding the activation of their eSanté account and connection to the service.
A complete and detailed description of the DSP Service and the DSP can be found in the User Charters accessible at the following links:
For the Patients concerned:
https://www.esante.lu/portal/fr/service_project/doc_manager/download.php?&vars=YKmLNxhGtI2aRVfjNCLB8U1QzxGw4XAV2o8u6t3kSCc
For Healthcare Professionals:
https://www.esante.lu/portal/de/service_project/doc_manager/download.php?&vars=bPgwOvkPBDM6Ugqc501VB36ZG4bA8%2AYXVQ_NP0zPzw8
Do you have any questions on the medical contents of the DSP? Contact the identity-vigilance division of the eSanté Agency at the following address: confidentiel.sante@esante.lu
Legal processing of personal data of public interest expressly provided for in Article 60quater of the SSC – Data Protection Officer (privacy@esante.lu)
Referring Physician system as described in Appendix V of the AMMD-CNS agreement in the version published on 21 October 2015[1] and in application of:
Joint data controllers in the context of the Referring Physician system:
the National Health Fund
the eSanté Agency
Users concerned: General practitioners and paediatricians who have been declared as Referring Physicians by their Patient in accordance with Article 1 of the agreement, and the patient himself/herself holding an active DSP.
More details on the Referring Physician system:
For the patient: https://cns.public.lu/en/assure/vie-privee/sante-prevention/prestations-medicales/medecin-referent.html
For the Doctor: https://cns.public.lu/fr/professionnels-sante/medecins/medecin-referent.html
Description of the processing:
Application of the Referring Physician system processes as defined in the agreement, including:
The identification data present in the Healthcare Professional repository directory and the Patient repository directory respectively is used for the purpose of assigning access rights to the DSP, as well as for the referring physician for the features allowing him/her to carry out the actions incumbent on him/her under the agreement.
The Patient and the doctor can contact the CNS and the eSanté Agency as follows:
[1] http://www.legilux.public.lu/leg/a/archives/2015/0201/a201.pdf
Appendix 2 - Information
References
Information on the eSanté Agency: https://www.esante.lu/portal/fr/je-m-informe/l-agence-esante-194-212.html
Articles 60ter and 60quater of the Social Security Code:
http://www.secu.lu/assurance-maladie/livre-i/chapitre-v-relations-avec-les-prestataires-de-soins/
Grand-Ducal Regulation of 6 December 2019 specifying the terms and conditions for setting up the shared care file:
http://legilux.public.lu/eli/etat/leg/rgd/2019/12/06/a909/jo
Grand-Ducal Regulation of 6 December 2019 specifying the methods for managing the identification of persons and the categories of data contained in the reference directories for the identification of patients and service providers:
http://legilux.public.lu/eli/etat/leg/rgd/2019/12/06/a910/jo
Law of 19 June 2013 relating to the identification of natural persons: https://www.legilux.public.lu/eli/etat/leg/loi/2013/06/19/n3/jo
Useful links
eSanté Portal: www.esante.lu- “Patient Section”, where you will find the information leaflet, explanatory videos, a list of the most frequently asked questions and answers, user manuals, etc.
santé.lu Portal: http://www.sante.public.lu/fr/legislation/
CNPD website: https://cnpd.public.lu/fr/legislation/droit-lux.html
LuxTrust website: https://www.luxtrust.lu/
III. Useful contacts
Multilingual Helpdesk:
- by telephone: +352 27 12 50 18 33
- by email: helpdesk@esante.lu
- by appointment made online via eHelpdesk, our virtual counter: https://helpdesk.esante.lu
confidentiel.sante@esante.lu for any request relating to the medical content of the DSP Service, and the use of data in the treatment.
privacy@esante.lu for any request concerning the protection of personal data.
LuxTrust Assistance: helpdesk@luxtrust.lu / +352 24 550 550 for any question on your SmartCard or Luxtrust token.
These general terms and conditions of use are available in English, German and French, the French test prevailing in case of discrepancies between the texts.