Legally regulated teleradiology: implementation of data protection legal requirements

With the introduction of the Radiation Protection Act (StrlSchG) and the Radiation Protection Regulations (StrlSchV), which replaced the Roentgen Regulations (RoV) on 31 December 2018, there has been little change regarding teleradiology-specific requirements. Nevertheless, the data protection requirements of the General Data Protection Regulations (GDPR) also apply to teleradiology. Primarily, any processing of healthcare data is prohibited if there is no legal basis for permission. Thereafter, the established principles laid down in Art.5GDPR must be demonstrably fulfilled, patients must be informed and the security of the data must be guaranteed, etc.It is fundamentally necessary to clarify on what legal basis the cooperation between the treating hospital and the teleradiologist takes place: is it an independent treatment by the teleradiologist alone or is it more ajoint processing in the sense of Art.26GDPR? If teleradiology is using new technologies, e.g. the distribution via acloud solution, adata protection impact assessment may have to be carried out.Even though many requirements of the GDPR are already addressed by the teleradiological requirements alone and they are already implemented in an approved teleradiology, there are still some points that should be looked at more closely.