The following information provides you with further details on the processing of your personal data, including in particular your health data and genetic data arising from medical treatment, in connection with the operation and use of the electronic health dossier, in addition to your master data.

The electronic health dossier is operated by the Office of Public Health and is made available for use to certain healthcare providers operating in Liechtenstein as well as to you. The specific responsibilities of the Office of Public Health are set out in the Act on the Electronic Health Dossier and the corresponding Ordinance.

Healthcare providers are legally required to use the electronic health dossier. As a data subject, however, you have the right to object to its use.

Please refer to the following detailed information regarding your data protection rights in relation to the processing of your personal data within the electronic health dossier.

Responsibility:

The Office of Public Health is responsible for the electronic health dossier and the processing of your personal data there. The contact details are:

Office of Public Health
Äulestrasse 51
P.O. Box 684
FL-9490 Vaduz
Phone: +423 236 73 46
Email: info.ag@llv.li
Web: www.ag.llv.li

Privacy Officer:

Appointed as the data protection officer for the Office of Public Health is the Data Protection Specialist whose contact details are:

Data Protection Office
Government Building
Peter-Kaiser-Platz 1
FL-9490 Vaduz
Phone: +423 236 73 08
Email: datenschutz@regierung.li
Web: www.fds.llv.li

Processor:

The Office of Public Health uses the cloud-based system of Siemens Healthcare AG (Siemens), based in Zurich, Switzerland, for the electronic health dossier. Siemens acts as an external service provider and data processor for the Office of Public Health, providing the eHealth platform for the electronic health dossier. Siemens has been commissioned by the Office of Public Health, among other things, to ensure secure data transmission and storage, the secure operation of the system, and the maintenance of software functionalities. For support purposes, Siemens may access the data via its service centre in Fürth, Germany. However, no data are stored in Germany. Data are stored exclusively in Switzerland.

In addition, Siemens provides a standardised smartphone application, the so-called eGD app. This additional service merely enables participants to access the electronic health dossier via a mobile app in addition to the web version. Use of the app is voluntary. The login requirements remain the same as for the web version. Likewise, no new or additional data are processed compared to the web version. The contact details are:

Siemens Healthineers International AG
Freilagerstrasse 40
8047 Zurich
Switzerland
Phone: +41 (0) 581 99 11 99
Email: contact.ch@siemens-healthineers.com

Sub-processor:

Siemens has engaged MTF Solutions AG (MTF), based in Worblaufen, Switzerland, to support the service and support processes for the electronic health dossier. MTF also provides the IT infrastructure for hosting the eHealth platform. The data centres are located in Switzerland, in Lupfig and Glattbrugg. MTF's contact details are:

MTF Solutions AG
Old Tiefenaustrasse 6
CH-3048 Worblaufen
Phone: +41 62 205 97 07
Email: info@mtf.ch
Web: www.mtf.ch

Data Processing Activities:

Your personal data, including master data, as well as health data and genetic data, are collected, stored, and further processed within the electronic health dossier. Processing also includes, among other things, the addition of reports and medical findings during the course of your medical treatment, as well as access to and viewing by those healthcare providers who are involved in your medical treatment and care and to whom you have granted access rights.

Purpose of Processing:

The purposes of data processing include, in particular, improving the availability of medical information both for you and for healthcare providers. This enables faster access to relevant information and ultimately contributes to improved quality of diagnostic and therapeutic decisions, with a positive impact on your medical treatment and care.

Legal Basis for Data Processing:

The legal basis for the processing of personal data within the electronic health dossier is provided by Article 6(1)(e) and Article 9(2)(g), (h) and (i) of the General Data Protection Regulation (GDPR), in conjunction with the Act on the Electronic Health Dossier (EGDG) and the corresponding Ordinance on the Electronic Health Dossier (EGDV).

Data Subjects:

You are affected by the processing of your personal data in connection with the use of the electronic health dossier if you are insured for health purposes in Liechtenstein.

Obligation for Healthcare Providers:

The Act on the Electronic Health Dossier defines which healthcare providers are required, as of 1 July 2023, to record and store your health data and genetic data in the electronic health dossier in the context of medical treatment. This includes, for example, physicians, medical staff of the Liechtensteinisches Landesspital and the Liechtensteinische Alters- und Krankenhilfe, pharmacists, chiropractors, dentists, as well as other healthcare institutions within the meaning of the Health Act, such as medical laboratories, etc.

Your Right to Object:

You may object to the processing of your health data and genetic data within the framework of the electronic health dossier. Your objection does not affect your entitlement to receive medical treatment. 

Your objection results in the suspension or termnation of the obligation for healthcare providers to enter and manage your health data in the electronic health dossier. This applies for as long as you maintain your objection. 

No disadvantages will arise for you in terms of access to medical care as a result of your objection.

Scope of the Objection:

You may object to the processing of your health data and genetic data at any time. However, your objection does not apply to your master data, which will remain stored in the electronic health dossier for as long as you are insured for health purposes in Liechtenstein.

Exercise of the Right to Object:

You may exercise your right to object at any time and via various channels.

You may exercise your right to object independently by accessing your electronic health dossier via the access portal or the eGD app. Further information on how access to and use of your electronic health dossier works is available here.

Alternatively, you may also contact the Office of Public Health to exercise your right to object. This is done by submitting an electronic application. A pre-formulated application form is available on the website www.gesundheitsdossier.li, which you may complete online and submit electronically to the Office of Public Health, or print out, complete, and send by post to the Office.

If you do not have the necessary technical equipment (e.g. no PC, laptop, printer, or other mobile device) or if you consider yourself not sufficiently technically skilled, the Office of Public Health can also provide you with a paper form upon request. You may then complete and sign the form and return it by post together with any required attachments, or submit it in person at the Office. Alternatively, you may complete, sign, and submit the paper form directly at the Office. If you choose to complete the form in person, please bring a valid official photo identification document for identification purposes.

Information regarding the exercise of your right to object is available from the Office of Public Health hotline at +423 230 43 33 (Monday to Friday, 08:30–16:30) or via email at gesundheitsdossier@llv.li. 

You may withdraw your objection at any time. The withdrawal may also be submitted via the alternative channels described above.

Restriction of Processing Without Exercising the Right to Object and Right of Access to log Data:

Even if you do not wish to exercise your right to object, or have not yet done so, you may determine the restriction of processing of your personal data.

You have the right and the possibility to define access permissions to your dossier, to hide or delete health data and genetic data, and to obtain information on the stored data as well as log data at any time.

These rights may be exercised either independently via the access portal or the eGD app, or alternatively by instructing the Office of Public Health through an electronic application. You can access the FAQs here.

If you do not wish to exercise the described rights independently via the access portal or the eGD app, a corresponding pre-formulated application form is also available on the website www.gesundheitsdossier.li. You may complete it online and submit it electronically to the Office of Public Health, or print it out, complete it, and send it by post to the Office.

As with the exercise of the right to object, if you do not have the necessary technical equipment or lack the required technical skills, the Office of Public Health can also provide you with the paper form upon request. You may then complete and sign it and return it by post together with any required attachments, or submit it in person at the Office. Alternatively, you may complete, sign, and submit the paper form directly at the Office. If you choose to complete the form in person, please bring a valid official photo identification document for identification purposes.

Information regarding the exercise of your rights in connection with the electronic health dossier is available from the Office of Public Health hotline at +423 230 43 33 (Monday to Friday, 08:30–16:30) or via email at gesundheitsdossier@llv.li.

Category of Personal Data:

The electronic health dossier collects and stores the following personal data, referred to as master data, for every person insured for health purposes in Liechtenstein:

First and last name, address, date of birth, as well as the unique identifier used in the healthcare sector (IDN). These master and administrative data are not subject to your right to object. Please refer in this regard to the section above entitled “Scope of the objection”.

If you do not object, your health data and genetic data, such as medical reports and laboratory findings, etc., will be collected and stored in the electronic health dossier. It is your decision whether to authorise healthcare providers to access the data in your health dossier. Without your explicit consent, they are not permitted to access your dossier.

When accessing the system via the web portal, data subjects are provided with access to their dossier via a URL on a computer or mobile device using their eID. No user-identifying information is stored in this process. The use of SSL/TLS-based transport encryption ensures that no user-identifying information is processed at the network communication level. Users are only identified once they log in to the application (patient portal/physician portal).

When using the eGD app as an access option, it should be noted that it merely provides a view of the web-based patient portal application and does not store any personal data. However, when using the app, Siemens Healthineers may process the following categories of personal data via the patient portal and request access to, or permission for, certain device functions:Identifiers and device data: Encrypted and signed authentication token for a specific user (OAuth token):

• Camera and microphone: when using eHealth Virtual Visit (currently not in use in the EGD)
• Push notifications: notifications for new documents
• Apple Health / Google Connect: option to read data from the device and store it in the eHealth health data repository
• Photo/file access: upload and download of documents and images, and upload of profile pictures

Source and Origin of Personal Data:

A unique identification number (IDN) is already generated for every person insured for health purposes in Liechtenstein. This IDN is used across the healthcare system and is also recorded and stored as master data in the electronic health dossier.

The issuer and therefore the source of this IDN is SASIS AG (SASIS), based in Solothurn, Switzerland. SASIS provides the Office of Public Health on a weekly basis with information on all persons newly insured for health purposes in Liechtenstein. This information includes first and last name, address, and date of birth.

The sources of your health data and genetic data are the healthcare providers who carry out your medical treatment, such as physicians, dentists, chiropractors, and laboratories. These providers are legally obliged to store such data in the electronic health dossier, provided you have not exercised your right to object.

Recipients of Your Personal Data / Third Country Transfers:

Your personal data are not processed exclusively in Liechtenstein or within the European Union (EU) or the European Economic Area (EEA).

The data centres and servers used for the collection, storage, and further processing of your personal data in connection with the electronic health dossier are located in Switzerland, in Lupfig and Glattbrugg.

With regard to Switzerland, an adequacy decision of the European Commission pursuant to Article 45 of the General Data Protection Regulation (GDPR) applies, under which Switzerland is recognised as providing an adequate level of data protection equivalent to that of the EU.

For support purposes, Siemens may access the data via its service centre in Fürth, Germany. However, no data are stored in Germany.

Retention Period in the Electronic Health Dossier:

The retention period depends, among other things, on the type of your personal data.

Your master data, also referred to as administrative data, as well as log data, remain stored in your electronic health dossier for as long as you are insured for health purposes in Liechtenstein and subject to the applicable statutory insurance obligation. Earlier deletion is not предусмотрed and is not possible prior to that point in time.

Your health data and/or genetic data stored in the electronic health dossier may be deleted by you at any time. Alternatively, you may request support from the Office of Public Health for deletion of such data as described. Any deletion results in the irrevocable erasure of the respective personal data from the electronic health dossier.

The same applies if your dossier already contains health data and/or genetic data at the time you exercise your right to object. In such cases, the stored health data and genetic data will also be irrevocably removed from the electronic health dossier - either in full or in part, depending on your selection.

If you do not exercise either your right to deletion or your right to object, your entire electronic dossier - including all stored health data, genetic data, master data (administrative data), and log data - will be irrevocably deleted ten years after the end of your insurance obligation in Liechtenstein, pursuant to Article 10 of the EGDG.

Your Rights as a Data Subject:

Right of Access:

You have the right at any time to obtain, without formality and without providing justification, information on the personal data stored about you. This also includes information on the origin of the data, the recipients, and the purpose of the processing. This information is provided free of charge (Article 15 GDPR). Requests for access to your stored data should be addressed directly to the respective competent public authority or to the Data Protection Office.

Rectification, restriction of processing, erasure, complaint, withdrawal of consent, data portability

In addition, you have further rights, including the right to rectification of inaccurate data, restriction of processing, and erasure of your personal data (Articles 16, 17 and 18 GDPR), as well as the right to data portability, where the applicable conditions are met (Article 20 GDPR)..

In the event that you believe your data are being processed unlawfully, you may at any time lodge a complaint with the competent supervisory authority, the Data Protection Office (DSS), at www.datenschutzstelle.li.

Right to Object:

The right to object is subject to specific statutory provisions in relation to the electronic health dossier. Relevant details are set out above in this data protection information.

Information on the Supervisory Authority:

The competent supervisory authority for data protection in Liechtenstein is the Data Protection Office (Datenschutzstelle) of the Principality of Liechtenstein, with the following contact details:

Data Protection Office 
of the Principality of Liechtenstein
Städtle 38
P.O. Box 684
FL-9490 Vaduz
Phone: +423 236 60 90
Email: info.dss@llv.li
Web: www.datenschutzstelle.li