Roskomnadzor and all-all-all
Earlier, we already wrote that Roskomnadzor threatened to block Facebook and about the results of checks on the fulfillment of requirements related to the localization of personal data . The past month, the department has not been inactive, so today we would like to focus the attention of the community on a few news.
On November 1, amendments to the Federal Law “On Information, Information Technologies and Information Protection” come into force in Russia, which define obligations for owners of VPN services, “anonymizers” and search system operators to restrict access to information, which is distributed in Russia prohibited.
The execution of the new norms of the Federal Law is carried out on the basis of an appeal to the Roskomnadzor of the federal executive body carrying out operational investigative activities or ensuring the security of the Russian Federation, i.e. MIA and FSB.
')
The responsibilities of the owners of VPN services and "anonymizers" include restricting access to Internet resources prohibited in the Russian Federation. This provision also applies to search engine operators.
The requirements of the law do not apply to operators of state information systems, state bodies and local governments, as well as to the use of “anonymizers” and VPN services, provided that the range of users is predetermined by their owners and the use of such software is carried out for the technological purposes of ensuring the activities of a person carrying out their use, for example, in banking or other corporate networks.
Roskomnadzor creates a registry containing a list of resources, access to which is limited, and its operation by anonymizers, VPN services and search engine operators, and also approves the procedure for monitoring the implementation of the law.
In case of revealing the fact of non-compliance with duties, Roskomnadzor may decide to restrict access to an information resource owned by the anonymizer owner and / or the VPN service.
In preparation for the entry into force of the new requirements, Roskomnadzor held a series of meetings with market participants, during which he explained the new norms and requirements of the legislation, the specifics of their application to different types of services. According to RBC , earlier the European Business Association (AEB) expressed concern over the adoption and entry into force in Russia on November 1 of a law restricting the work of anonymizers. "The law, in case of its extended interpretation, can be applied to intra-corporate IT systems and processes operating on the basis of VPN technologies and proxy servers and used exclusively for internal production purposes, not involving, in particular, obtaining information that is restricted to Russia ", Said AEB CEO Frank Schauff in a letter to Roskomnadzor and the Ministry of Communications and Mass Media.
According to Izvestia , Roskomnadzor banned the FSUE Russian Post from requiring citizens to indicate passport data when receiving items from foreign online stores. The decision was made by representatives of the supervisory authority on the results of checks of the postal operator. Attempts by the Federal State Unitary Enterprise to appeal the Roskomnadzor order in the courts have failed. Nevertheless, postal workers continue to require citizens to indicate personal data on notices.
Roskomnadzor received a number of complaints that employees of the Post of Russia refused to issue the ordered items if the recipient did not indicate his passport data on the notice. After checking, the specialists of the supervisory authority drew up several protocols on administrative offenses. Pochta Rossii tried to appeal against these decisions, but the arbitration courts of St. Petersburg and the Leningrad Region, as well as the Tambov Region, took the side of Roskomnadzor and declared the actions of FSUE employees illegal.
Nevertheless, in the "Post of Russia" with the arguments of the courts and the supervisory authority do not agree.
“The fixation and confirmation of the presentation of the document is stipulated by the regulations of FSUE Russian Post in the form of an indication on the notification of the recipient’s details (number, series, by whom and when the passport was issued), the organization’s press service said.
According to representatives of the Federal State Unitary Enterprise, the passport details entered in the notice allow us to identify the person who actually received the postal item. These data are postal officers submit to supervisory or law enforcement agencies in the event of a complaint that the shipment was issued to an "inappropriate person." The notices filled out by citizens serve as evidence in court and are used by law enforcement agencies in the course of operational investigative activities.
According to the legislation, the procedure for rendering services of the Post of Russia is governed by the rules approved by the Ministry of Communications and Mass Media. "The delivery of simple mail items addressed to demand, registered mail items, as well as the payment of mail transfers to recipients (authorized representatives) are carried out upon presentation of an identity document," says paragraph 33 of the current rules. Simple items can be letters, postcards, parcels and “small packages” (weighing up to 2 kg). Registered items can be of any type (some types, for example parcels, can only be such). According to the head of the National Association of Distance Trade (NADT), Alexander Ivanov, 97% of purchases that Russians order in foreign online stores are sent as “small packages”.
“The rules for the provision of postal services, approved by the order of the Ministry of Communications and Mass Media of Russia, do not provide for the inclusion of passport data of citizens in the Notification upon receipt of registered mailings of the“ registered letters ”category. This is an excessive requirement of the Federal State Unitary Enterprise “Post of Russia” and contradicts the above Rules and the Federal Law “On Personal Data”.
In accordance with the violations found, Roskomnadzor specialists have drawn up protocols on an administrative offense against the FSUE “Russian Post”.
Roskomnadzor, as a body that carries out control and supervisory activities in relation to the FSUE “Russian Post”, recommends adjusting internal regulations and strictly following the approved Rules for the provision of postal services.
The issues of changing the legislative framework in the field of communications are within the competence of the Ministry of Communications and Mass Media of Russia, ” noted Roskomnadzor .
It has been quite a long time since the entry into force of the FZ-152 in most regions of the Russian Federation has already developed its practice of protecting patient data in medical organizations. Of course, in many respects the state program for the modernization of health care helped to build documents in the medical field. Many medical organizations have acquired protective equipment that allows them to fulfill the requirements of FZ-152 to ensure the safety of personal data of patients.
However, all previously used security tools made it possible to provide either data protection directly at workplaces or protection of communication channels directly between medical organizations. With the advent of new technologies, in particular telemedicine, new requirements for information security tools have emerged.
With the adoption of a government decree PP-1119, the security requirements for medical systems were significantly reduced compared to the “three-headed” order on the ISPDN classification (order of the FSTEC of the Russian Federation, the Federal Security Service of the Russian Federation and the Ministry of Communications and Mass Media of the Russian Federation of February 13, 2008 No. 55/86/20) and the order FSTEC №58. The downgraded classification (according to modern requirements, the level of protection) allows medical organizations with a small financial participation to organize an acceptable level of implementation of the required protection measures. However, the Russian government, concerned about the availability of medical services to citizens, adopted the Federal Law of July 29, 2017 N 242- “On Amendments to Certain Legislative Acts of the Russian Federation on the Use of Information Technologies in the Field of Health Protection”.
base.garant.ru/71732844
So what does this law allow us? This legislation, unlike most of the previous bills of the State Duma of the Russian Federation, is not prohibitive. Federal Law of July 29, 2017 N 242-FZ “On Amendments to Certain Legislative Acts of the Russian Federation on the Use of Information Technologies in the Field of Health Protection” allowed citizens to legally receive modern telemedicine consultation services.
Image source
Today I would like to talk about telemedicine technologies from the point of view of the law. To begin with, I will quote one of the points.
Article 3
So, we finally finally have telemedicine technologies. What do they carry us? Look again at the law.
Let's see what it gives doctors and patients?
The law is based on the Unified State Health Information System. Services will have to be provided on its basis. Authorization must be done through the ESIA. By-laws specifying the parameters for the provision of services should be developed by the Ministry of Health. Waiting for details.
In the meantime, there are questions, in particular, many doctors insist that the doctor needs personal contact with the patient, on some Skype you can not notice much. Proponents of the same remote reception, want more freedom in the ways of working with patients. The law in this case is strict, no “Internet clinics” in which unknown persons give consultations. All telemedicine consultations are available only at the doctor who diagnosed and prescribed treatment in person. As it will be in fact, we will see soon, because many questions remain open, including in the organizational plan.
Sources:
base.garant.ru/71732844
rg.ru/2017/08/09/chto-daet-pacientam-zakon-o-telemedicine.html
In Russia, the law on anonymizers came into force
On November 1, amendments to the Federal Law “On Information, Information Technologies and Information Protection” come into force in Russia, which define obligations for owners of VPN services, “anonymizers” and search system operators to restrict access to information, which is distributed in Russia prohibited.
The execution of the new norms of the Federal Law is carried out on the basis of an appeal to the Roskomnadzor of the federal executive body carrying out operational investigative activities or ensuring the security of the Russian Federation, i.e. MIA and FSB.
')
The responsibilities of the owners of VPN services and "anonymizers" include restricting access to Internet resources prohibited in the Russian Federation. This provision also applies to search engine operators.
The requirements of the law do not apply to operators of state information systems, state bodies and local governments, as well as to the use of “anonymizers” and VPN services, provided that the range of users is predetermined by their owners and the use of such software is carried out for the technological purposes of ensuring the activities of a person carrying out their use, for example, in banking or other corporate networks.
Roskomnadzor creates a registry containing a list of resources, access to which is limited, and its operation by anonymizers, VPN services and search engine operators, and also approves the procedure for monitoring the implementation of the law.
In case of revealing the fact of non-compliance with duties, Roskomnadzor may decide to restrict access to an information resource owned by the anonymizer owner and / or the VPN service.
In preparation for the entry into force of the new requirements, Roskomnadzor held a series of meetings with market participants, during which he explained the new norms and requirements of the legislation, the specifics of their application to different types of services. According to RBC , earlier the European Business Association (AEB) expressed concern over the adoption and entry into force in Russia on November 1 of a law restricting the work of anonymizers. "The law, in case of its extended interpretation, can be applied to intra-corporate IT systems and processes operating on the basis of VPN technologies and proxy servers and used exclusively for internal production purposes, not involving, in particular, obtaining information that is restricted to Russia ", Said AEB CEO Frank Schauff in a letter to Roskomnadzor and the Ministry of Communications and Mass Media.
Roskomnadzor prohibited mail collection of passport data in certain cases
According to Izvestia , Roskomnadzor banned the FSUE Russian Post from requiring citizens to indicate passport data when receiving items from foreign online stores. The decision was made by representatives of the supervisory authority on the results of checks of the postal operator. Attempts by the Federal State Unitary Enterprise to appeal the Roskomnadzor order in the courts have failed. Nevertheless, postal workers continue to require citizens to indicate personal data on notices.
Roskomnadzor received a number of complaints that employees of the Post of Russia refused to issue the ordered items if the recipient did not indicate his passport data on the notice. After checking, the specialists of the supervisory authority drew up several protocols on administrative offenses. Pochta Rossii tried to appeal against these decisions, but the arbitration courts of St. Petersburg and the Leningrad Region, as well as the Tambov Region, took the side of Roskomnadzor and declared the actions of FSUE employees illegal.
Nevertheless, in the "Post of Russia" with the arguments of the courts and the supervisory authority do not agree.
“The fixation and confirmation of the presentation of the document is stipulated by the regulations of FSUE Russian Post in the form of an indication on the notification of the recipient’s details (number, series, by whom and when the passport was issued), the organization’s press service said.
According to representatives of the Federal State Unitary Enterprise, the passport details entered in the notice allow us to identify the person who actually received the postal item. These data are postal officers submit to supervisory or law enforcement agencies in the event of a complaint that the shipment was issued to an "inappropriate person." The notices filled out by citizens serve as evidence in court and are used by law enforcement agencies in the course of operational investigative activities.
According to the legislation, the procedure for rendering services of the Post of Russia is governed by the rules approved by the Ministry of Communications and Mass Media. "The delivery of simple mail items addressed to demand, registered mail items, as well as the payment of mail transfers to recipients (authorized representatives) are carried out upon presentation of an identity document," says paragraph 33 of the current rules. Simple items can be letters, postcards, parcels and “small packages” (weighing up to 2 kg). Registered items can be of any type (some types, for example parcels, can only be such). According to the head of the National Association of Distance Trade (NADT), Alexander Ivanov, 97% of purchases that Russians order in foreign online stores are sent as “small packages”.
Roskomnadzor explains the rules for the provision of postal services in terms of collecting personal data of citizens
“The rules for the provision of postal services, approved by the order of the Ministry of Communications and Mass Media of Russia, do not provide for the inclusion of passport data of citizens in the Notification upon receipt of registered mailings of the“ registered letters ”category. This is an excessive requirement of the Federal State Unitary Enterprise “Post of Russia” and contradicts the above Rules and the Federal Law “On Personal Data”.
In accordance with the violations found, Roskomnadzor specialists have drawn up protocols on an administrative offense against the FSUE “Russian Post”.
Roskomnadzor, as a body that carries out control and supervisory activities in relation to the FSUE “Russian Post”, recommends adjusting internal regulations and strictly following the approved Rules for the provision of postal services.
The issues of changing the legislative framework in the field of communications are within the competence of the Ministry of Communications and Mass Media of Russia, ” noted Roskomnadzor .
On Telemedicine Legislation
It has been quite a long time since the entry into force of the FZ-152 in most regions of the Russian Federation has already developed its practice of protecting patient data in medical organizations. Of course, in many respects the state program for the modernization of health care helped to build documents in the medical field. Many medical organizations have acquired protective equipment that allows them to fulfill the requirements of FZ-152 to ensure the safety of personal data of patients.
However, all previously used security tools made it possible to provide either data protection directly at workplaces or protection of communication channels directly between medical organizations. With the advent of new technologies, in particular telemedicine, new requirements for information security tools have emerged.
With the adoption of a government decree PP-1119, the security requirements for medical systems were significantly reduced compared to the “three-headed” order on the ISPDN classification (order of the FSTEC of the Russian Federation, the Federal Security Service of the Russian Federation and the Ministry of Communications and Mass Media of the Russian Federation of February 13, 2008 No. 55/86/20) and the order FSTEC №58. The downgraded classification (according to modern requirements, the level of protection) allows medical organizations with a small financial participation to organize an acceptable level of implementation of the required protection measures. However, the Russian government, concerned about the availability of medical services to citizens, adopted the Federal Law of July 29, 2017 N 242- “On Amendments to Certain Legislative Acts of the Russian Federation on the Use of Information Technologies in the Field of Health Protection”.
base.garant.ru/71732844
So what does this law allow us? This legislation, unlike most of the previous bills of the State Duma of the Russian Federation, is not prohibitive. Federal Law of July 29, 2017 N 242-FZ “On Amendments to Certain Legislative Acts of the Russian Federation on the Use of Information Technologies in the Field of Health Protection” allowed citizens to legally receive modern telemedicine consultation services.
Image source
Today I would like to talk about telemedicine technologies from the point of view of the law. To begin with, I will quote one of the points.
Article 3
To introduce to the Federal Law of November 21, 2011 No. 323-F3 “On the Principles of Health Protection of Citizens in the Russian Federation” (Collected Legislation of the Russian Federation, 2011, N 48, Art. 6724; 2012, N 26, Art. 3446; 2013, N 27, Article 3477; N 39, Article 4883; N 48, Article 6165; 2014, N 30, Article 4257; N 43, Article 5798; N 49, Article 6927, 6928; 2015, N 1, 85, N 10, article 1425, N 27, article 3951, N 29, article 4397, 2016, N 1, article 9, 28, N 15, article 2055, N 18, article 2488; N 27, art. 4219; 2017, N 18, art. 2663) the following changes:
1) Article 2 shall be supplemented with clause 22 as follows:
"22) telemedicine technologies - information technologies that provide for remote interaction of medical workers among themselves, with patients and (or) their legal representatives, identify and authenticate specified persons, document their actions during consultations, consultations, and remote medical monitoring of the patient's state of health . "
So, we finally finally have telemedicine technologies. What do they carry us? Look again at the law.
That's what is written in it.
Article 36.2. Features of medical care provided using telemedicine technologies
1. Medical assistance with the use of telemedicine technologies is organized and rendered in the manner established by the authorized federal executive body, as well as in accordance with the procedures for providing medical care and on the basis of standards of medical care.
2. Consultations of the patient or his legal representative by a medical professional using telemedicine technologies are carried out in order to:
1) prevention, collection, analysis of patient complaints and anamnesis, evaluation of the effectiveness of therapeutic and diagnostic measures, medical monitoring of the patient's state of health;
2) making a decision on the need for face-to-face reception (examination, consultation).
3. When consulting with the use of telemedicine technologies, the attending physician may carry out the correction of the previously prescribed treatment, provided that they are diagnosed and prescribed treatment on a full-time appointment (examination, consultation).
4. Remote monitoring of the patient's state of health is prescribed by the attending physician after a full-time reception (examination, consultation). Remote surveillance is carried out on the basis of patient data registered with the use of medical devices intended for monitoring the state of the human body, and (or) on the basis of data entered into the unified state health information system, or the state health information system of the Russian Federation or medical information system or information systems specified in Part 5 of Article 91 of this Federal Law.
5. The use of telemedicine technologies in the provision of medical care is carried out in compliance with the requirements established by the legislation of the Russian Federation in the field of personal data and medical confidentiality.
6. In order to identify and authenticate participants of remote interaction when providing medical care using telemedicine technologies, a unified system of identification and authentication is used.
7. Documenting information about the provision of medical care to a patient using telemedicine technologies, including entering information in his medical records, is carried out using a strengthened qualified electronic signature of a medical worker. ".
1. Medical assistance with the use of telemedicine technologies is organized and rendered in the manner established by the authorized federal executive body, as well as in accordance with the procedures for providing medical care and on the basis of standards of medical care.
2. Consultations of the patient or his legal representative by a medical professional using telemedicine technologies are carried out in order to:
1) prevention, collection, analysis of patient complaints and anamnesis, evaluation of the effectiveness of therapeutic and diagnostic measures, medical monitoring of the patient's state of health;
2) making a decision on the need for face-to-face reception (examination, consultation).
3. When consulting with the use of telemedicine technologies, the attending physician may carry out the correction of the previously prescribed treatment, provided that they are diagnosed and prescribed treatment on a full-time appointment (examination, consultation).
4. Remote monitoring of the patient's state of health is prescribed by the attending physician after a full-time reception (examination, consultation). Remote surveillance is carried out on the basis of patient data registered with the use of medical devices intended for monitoring the state of the human body, and (or) on the basis of data entered into the unified state health information system, or the state health information system of the Russian Federation or medical information system or information systems specified in Part 5 of Article 91 of this Federal Law.
5. The use of telemedicine technologies in the provision of medical care is carried out in compliance with the requirements established by the legislation of the Russian Federation in the field of personal data and medical confidentiality.
6. In order to identify and authenticate participants of remote interaction when providing medical care using telemedicine technologies, a unified system of identification and authentication is used.
7. Documenting information about the provision of medical care to a patient using telemedicine technologies, including entering information in his medical records, is carried out using a strengthened qualified electronic signature of a medical worker. ".
Let's see what it gives doctors and patients?
- The doctor will be able to prescribe, and the patient will receive a prescription for the right medicine in electronic form. Moreover, the new order applies to narcotic and potent psychotropic drugs.
- Doctors will be able to advise patients remotely, hold consultations and consultations using medical documents, research results obtained by e-mail.
- Informed voluntary consent for medical intervention will be available online in electronic form.
- The patient or his legal representative will be able to send a request to the medical institution and obtain medical documents, certificates, medical records, etc. (their copies) in electronic form.
- Remotely allowed to advise patients on prevention, collect and analyze complaints and anamnesis data, evaluate the effectiveness of diagnosis and treatment of citizens. Also, the doctor may remotely decide on the need for in-person reception, examination and consultation.
- As for the treatment itself, the new law allows for remote consultations in order to monitor the progress of previously prescribed therapy. First of all it concerns chronic diseases. If necessary, the doctor will be able to adjust the appointment. At the same time, the diagnosis and primary treatment recommendations, according to the law, must be established on internal admission.
The law is based on the Unified State Health Information System. Services will have to be provided on its basis. Authorization must be done through the ESIA. By-laws specifying the parameters for the provision of services should be developed by the Ministry of Health. Waiting for details.
In the meantime, there are questions, in particular, many doctors insist that the doctor needs personal contact with the patient, on some Skype you can not notice much. Proponents of the same remote reception, want more freedom in the ways of working with patients. The law in this case is strict, no “Internet clinics” in which unknown persons give consultations. All telemedicine consultations are available only at the doctor who diagnosed and prescribed treatment in person. As it will be in fact, we will see soon, because many questions remain open, including in the organizational plan.
Sources:
base.garant.ru/71732844
rg.ru/2017/08/09/chto-daet-pacientam-zakon-o-telemedicine.html
Source: https://habr.com/ru/post/341440/
All Articles