Quick navigation
English Deutsch
HomePrivate individualsHealth, Prevention & CareElectronic health dossierData protection notice

Data protection information on the processing of personal data in the electronic health dossier

The following explanations provide you with further information regarding the data processing of your personal data, in addition to your master data, in particular your health data and genetic data from medical treatments in the context of the operation and use of the electronic health record.

The electronic health dossier is operated by the Office of Public Health and made available for use to certain health care providers working in Liechtenstein and to you. The exact tasks of the Office of Public Health in this regard are derived from the Electronic Health Dossier Act as well as the associated ordinance.

The health service providers are legally obliged to use it. You, as the person concerned, on the other hand, can object to the use of the electronic health dossier.

To do so, read the following detailed information on your rights under data protection  in the context of the processing of your personal data in the electronic health dossier.

Information obligations pursuant to Art. 13 in conjunction with Art. 12 of the General Data Protection Regulation (GDPR)

Responsible:

The Office of Public Health is responsible for the electronic health dossier and the processing of your personal data there.
The contact details are:
Office for Health
Äulestrasse 51
P.O. Box 684
FL-9490 Vaduz
Phone: +423 236 73 46
E-mail: info.ag@llv.li
Internet: www.ag.llv.li

Privacy Officer:

Appointed as the data protection officer for the Office of Public Health is the Data Protection Specialist whose
Contact details are:
Data Protection Office 
Government Building
Peter-Kaiser-Platz 1
FL-9490 Vaduz
Telephone: +423 236 73 08
E-mail: datenschutz@regierung.li
Internet: www.fds.llv.li

Commissioned Processor:

The Office of Public Health uses the cloud-computing-based system of Siemens Healthineers International AG (Siemens), headquartered in Zurich, Switzerland, for the electronic health dossier. As an external system supplier, Siemens is thus the contract processor for the Office of Public Health, which provides the eHealth platform for the electronic health dossier. Siemens has been commissioned by the Office of Public Health, among other things, to ensure secure data transmission and data storage, secure operation and maintenance of the software functionalities. Siemens can access the data for support purposes through its service center in Fürth, Germany. However, no data is stored in Germany.
The contact details are:
Siemens Healthineers International AG
Freilagerstrasse 40
8047 Zurich
Switzerland
Phone: +41 (0) 581 99 11 99
E-mail: contact.ch@siemens-healthineers.com

Subprocessor:

Siemens has contracted MTF Solutions AG (MTF), based in Worblaufen, Switzerland, to support the support process for the electronic health record. MTF will also provide the IT infrastructure for hosting the eHealth platform. The data centers are located in Switzerland in both Lupfig and Glattbrugg.
MTF's contact details are:
MTF Solutions AG
Old Tiefenaustrasse 6
CH-3048 Worblaufen
Phone: +41 62 205 97 07
E-mail: info@mtf.ch
Internet: www.mtf.ch

Data processing operations:

Your personal data, master data as well as health data and genetic data, are collected, stored and processed in the electronic health record. The processing includes, but is not limited to, the completion of reports and findings in the course of your medical or health care treatment, as well as access and inspection by those health care providers who are involved in your medical treatment and care and to whom you have granted access for inspection.

Purpose of processing:

The purposes of the data processing are in particular an improved, faster availability of medical information on the one hand for yourself, but also for health care providers on the other hand, which ultimately leads to an increase in the quality of diagnostic and therapeutic decisions, with a positive impact on your treatments and care.

Legal basis for data processing:

The legal basis for data processing in the electronic health dossier results from Art. 6 para. 1 let. e and Art. 9 para. 2 let. g, h and i DSGVO in conjunction with the Electronic Health Dossier Act (EGDG) and the associated Electronic Health Dossier Ordinance (EGDV).

People Affected:

You are affected by the processing of your personal data when using the electronic health dossier, provided you have health insurance in Liechtenstein.

Commitment for health care providers:

The law on the electronic health dossier defines which specific health service providers are obliged from July 1, 2023, to record and store your health data and genetic data in the electronic health dossier in the event of treatment. This includes, for example, doctors, the medical staff of the Liechtenstein National Hospital as well as the Liechtenstein Old Age and Sickness Assistance, pharmacists, chiropractors, dentists as well as other health care institutions as defined by the Health Act, such as a medical laboratory, etc.

Your right to object:

You may object to the processing of your health information and genetic data in the electronic health record. Your objection will have no effect on your entitlement to medical treatment.

Your objection has the effect of removing or terminating the requirement for health care providers to enter and manage your health information in the electronic health record. This will continue for as long as you maintain the objection.

You will not be adversely affected in your access to health care as a result of the objection you have filed.

Scope of the opt-out

You can object to the processing of your health data and genetic data at any time.
However, your objection does not include your master data, which means that these are and will remain in the electronic health record as long as you have health insurance in Liechtenstein.

Exercise of the right to object:

You can file an objection at any time and via various options.

You can independently exercise your right to object. To do so, access your electronic health record through the access portal. You can find out exactly how accessing and using your electronic health dossier works here.

You may also contact the Office of Public Health to exercise your right to appeal. This takes the form of an electronic request made by you. For this purpose, a pre-formulated application form is available on the website www.gesundheitsdossier.li, which you can either fill out directly online and return to the Office of Public Health electronically, or you can print out the completed application form and send it to the Office of Public Health by mail. 

If you either lack the necessary technical equipment (e.g. you do not have a PC, laptop, printer or other mobile device) or if you consider yourself to be too technically unskilled, it is also possible for the Office of Public Health to send you the application form in paper form upon request. You can then complete, sign and return this form by post with any necessary enclosures or hand it in at the local office. Alternatively, you can complete, sign and hand in the paper application form directly at the office. If you wish to fill out the form at the office, please bring a valid official photo ID for clear identification.

You can obtain information on questions concerning the exercise of your right of objection via the hotline number +423 230 43 33 of the Office of Public Health, as well as via the e-mail address gesundheitsdossier@llv.li

The objection raised by you can be revoked by you at any time. You can also revoke the objection you have raised via the alternative options or channels described above.
 

Restriction of processing without exercise of the right to object and right of access to log data:

Even if you do not wish to make use of the right to object, or do not yet wish to do so, you can determine the restriction of the processing of your personal data yourself.

You have the right and the possibility to determine the access authorizations to your dossier, to hide or delete health data and genetic data, and also to obtain information about the stored data and log data at any time.

You can also either carry out these rights yourself electronically via the access portal of your electronic health dossier or, alternatively, instruct the Office of Public Health to do so via an electronic application. Instructions for the access portal can be found here.

In the event that you do not wish to exercise the rights described independently via the access portal, an appropriately pre-formulated application form is also available to you in this case on the website www.gesundheitsdossier.li, which you can either fill out directly online and return to the Office of Public Health electronically, or you can print out the completed application form and send it to the Office of Public Health by mail. 

As with the exercise of the right to object, in the event of a lack of the necessary technical equipment or a lack of technical application knowledge, it is also possible for the Office of Public Health to send you the desired application form in paper form upon request. You can then complete, sign and return this form by post with any necessary enclosures or hand it in at the local office. Alternatively, you can complete, sign and hand in the paper application form directly at the office. If you would like to fill out the form on site at the office, please bring a valid official photo ID for the purpose of clear identification

The hotline number +423 230 43 33 from the Office of Public Health will provide you with information on how to exercise your rights under the electronic health record or via the e-mail address gesundheitsdossier@llv.li

Category of personal data

In the electronic health dossier, the following personal data, so-called master data, are collected and stored from each person with health insurance in Liechtenstein: 

First and last name, address, date of birth and the unique identification number IDN used in the health care system. This master data or administrative data is not subject to your right to object. Please read the information provided above under the title "Scope to Object".

In the electronic health record, unless you object, your health data and genetic data, such as medical reports and laboratory findings, etc.  will be collected and stored. It is your decision whether to authorize health care providers to view your health record data. They are not allowed to view your dossier without your express consent.

Source and origin of peson related data:

Already today, a unique identification number (IDN) is generated for each person with health insurance in Liechtenstein, which is used throughout the health care system and is also recorded and stored in the electronic health dossier as a so-called master data.

The issuer and thus source of this IDN is the company SASIS AG (SASIS), based in Solothurn, Switzerland. SASIS provides the Office of Health with weekly information on all persons newly insured in Liechtenstein. The information includes first and last name, address and date of birth

The sources of your health data and genetic data are those healthcare providers, for example doctors, dentists, chiropractors, laboratories, who provide medical treatment to you and who are legally obliged to store this data in the electronic health dossier, unless you have objected to this.

Recipients of your personal data/third country:

Your personal data will not be processed exclusively in Liechtenstein or in the European Union (EU) or the European Economic Area.

The data centers or servers for the collection, storage and further processing of your personal data in the context of the use of the electronic health record are located in Switzerland, in Lupfig and Glattbrugg, and in Fürth Germany.

For Switzerland, there is an adequacy decision of the EU Commission pursuant to Article 45 of the General Data Protection Regulation (GDPR), according to which Switzerland is certified as having a level of data protection equivalent to that of the EU.

The company Siemens can access the data for support purposes via its service center in Fürth, Germany. However, no data is stored in Germany.

Duration of storage in the electronic health record:

The duration of the storage depends, among other things, on which of your personal data it is.

Your master data, also known as administrative data, as well as log data, will remain in your electronic health dossier for as long as you have health insurance in Liechtenstein and are subject to the legal obligation to provide insurance here. A prior deletion is not provided for and is not possible until the aforementioned date.

Your health data stored in the electronic health dossier and/or your genetic data can be deleted independently from the electronic health dossier at any time or you can seek the assistance of the Office of Public Health for the deletion of this data as described. Deletions will result in the irrevocable destruction of this personal data in the electronic health record.

The same applies in the event that your dossier already contains health data and/or genetic data prior to the date of your raised objection. In this case, too, the deletion will irrevocably remove the health data and genetic data contained therein - all or only some of them, depending on your choice - from the electronic health record.

If you do not exercise your right to delete or your right to object, based on Art. 10 EGDG your entire electronic dossier with all the health data, genetic data, master data (administrative data) and protocol data  stored therein will be irrevocably deleted ten years after you cease to be subject to compulsory insurance in Liechtenstein.

Your rights as a data subject:

Right of access:

You have the right at any time, informally and without justification, to receive information about the data stored regarding your person. This also applies to their origin as well as recipients and furthermore to the purpose of the storage. You will receive this information free of charge (Art. 15 DSGVO). Requests for information about your stored data should be addressed directly to the relevant public body or to the data protection office.

Correction, restriction of processing, deletion, complaint, revocation of consent, data portability:

In addition, you have other rights, such as the right to correct inaccurate data, restriction of processing and deletion of your personal data (Art. 16 GDPR, Art. 17 GDPR, Art. 18 GDPR), as well as data portability, provided the conditions for this are met (Art. 20 GDPR).

In the event of the assumption of unlawful data processing, you can file a complaint at any time with the supervisory authority responsible for us, the Data Protection Service (DSS), www.datenschutzstelle.li.

Right of Objection:

The right to object is subject to a special legal regulation with regard to the electronic health record. Corresponding explanations can be found in this data protection information as described above.

Supervisory Authority Information:

The supervisory authority responsible for data protection in Liechtenstein is the Data Protection Authority with contact details:
Data Protection Authority Principality of Liechtenstein
Städtle 38
P.O. Box 684
FL-9490 Vaduz
Tel: +423/ 236 60 90
E-mail: info.dss@llv.li
Web: www.datenschutzstelle.li

Link Website: https://www.llv.li/en/individuals/health-care-and-care/electronic-health-dossier/privacy-notice