Skip to main content
Category

News

Ahmet Esad Berktas
In News

Regulation on Health Information Management Systems

regulation-on-health-information-management-systems-sbys

Turkish Regulation on Health Information Management Systems was published in the Official Gazette and entered into force.

The Regulation on Health Information Management Systems (HIMS Regulation) was published in the Official Gazette numbered 31934 and dated 25/8/2022, and entered into force.

Read Regulation

The matters regulated by the Regulation were previously arranged by the General Directorate of Health Information Systems of the Turkish Ministry of Health (MoH) through a Circular No. 2015/17.

Introduction

Health Information Management System Regulation (HIMS Regulation) sets out the procedures and principles related to the rules that service providers must comply with, the procurement processes of health information management systems, their standards, and the determination of registration procedures. HIMS Regulation includes provisions related to the rules that must be complied with by health information management system service providers and those who benefit from this service.

Integrations and standards that HIMS service providers must provide, provisions for imaging service providers, data model, delivery and transfer of data between HIMS service providers, data backup and archiving are regulated.

Administrative and technical measures to ensure the confidentiality and security of personal health data are mentioned. How the log records will be kept, how and on which parameters the inspections will be carried out by the MoH are also among the issues included in the Regulation.

Key Definitions and Concepts

Public institutions and managements of public health facilities receiving HIMS service

AdministrationArt. 4/1-ı

Software known as Health Information Management Systems, utilized by health service providers for clinical, administrative, or managerial purposes, capable of exchanging data with other information management systems, when necessary

Health information management system (HIMS)Art. 4/1-n

Administrations and health service providers receiving HIMS service

HIMS service recipientArt. 4/1-o

The natural or legal person registered and authorized in the Registration of Registry System to provide HIMS service

HIMS service providerArt. 4/1-ö

Minimum Data Model used in HIMS changes and other data transfer processes of recipients, developed by the General Directorate with the aim of ensuring that the tables and fields of the data kept in local databases by health service providers comply with national standards, minimize data losses, facilitate citizens' access to historical data by accelerating adaptation, and ensure the uninterrupted progress of the process

VEMArt. 4/1-t

KTS Application

1

Authorisation Certificate

The HIMS service provider shall designate a personnel possessing an e-Government password to oversee the registration processes, pursuant to the completion of the form delineated in Annex-1.
2

Official Letter

The official letter and the documents requested in the attachment as set forth in Annex-2 shall be prepared by the HIMS service provider. These shall be submitted, either by hand or by post, to the General Document Unit of the Ministry of Health, and a date and reference number shall be procured for the cover letter.
3

Confidentiality Agreement

The "Confidentiality Agreement" as described in Annex-3 shall be executed with the authorized representative of the HIMS service provider whose information and documents are found to be complete, thereby initiating a passive registration on the Portal. The HIMS service provider's authorized representative shall access the Portal using an e-Government password and shall upload the documents as detailed in Annex-4, and update them as and when required.
4

Software Access Test Code

Subsequent to this stage, tests for compliance with data transmission and health informatics standards shall be administered. A "Software Access Test Code" shall be provided for the purpose of the data transmission test. Upon successful completion of the tests, the registration procedures for the HIMS service providers within KTS shall be finalized, and a “Software Access Code” shall be furnished for the purpose of data transmission in the live environment.
5

TSE ISO/IEC 27001

HIMS service provider seeking new registration shall submit the TSE ISO/IEC 27001 certificate, together with the documents necessary for registration.
6

KTS Active List

HIMS service providers registered with KTS shall be publicly announced on the official web page of the Ministry.

KTS Documents

Registry of Registration System (KTS) is managed by the Ministry of Health (MoH), General Directorate of Health Information Systems (SBSGM) in order to be able to operate in health service providers.

The application process is carried out electronically, transactions can be made via Registered Electronic Mail or e-Government. Authorization certificates are issued to HIMS service providers on the active list at KTS.

Original Document List

Official Letter for Application

Click to download the official letter in order to apply for KTS registration.

Copy of Trade Registry Gazette

First and latest copy of the corporate from Turkish Trade Registry Gazette.

Workplace Reg. Number

Document Indicating the Social Security Institution Workplace Registration Number.

Balance Sheet For Three Years

Approved balance sheet for the last 3 years from a tax office or a certified public accountant.

Signature Circular

In order to confirm whether relevant person is authorised to sign or not.

Apostilled Document

This is only needed if the software produced abroad.

17021 Certificate of the Firm

Certificate for Conformity Assessment of the firm issues ISO 27001.

TS ISO/IEC 15504

Certificate for SPICE level 2 (min) or CMMI level 3 (min).

Certificate for Programs

Certificate that could be obtained from the Ministry of Culture and Tourism.

TS ISO/IEC 27001 Certificate

Certificate for Information Security Management.

Non-Disclosure Agreement

You could reach the NDA by clicking to the icon above.

List of Produced Software

Which software would be registered to the KTS?

Information of User

Share information about your software's user(s) such as general practitioner or dentist.

Information of Firm Officials

Use the document to share information about your officials.

HIMS Audit

The Ministry may audit or have the HIMS service provider audited, ex officio or upon complaint. Nevertheless, the Regulation foresees that the audit cannot go beyond the scope of the service provided by the responsibility of the HIMS service provider.

In the remote or on-site audits, audits are conducted on the following matters:

If the deficiencies identified during these audits are not remedied within a certain period of time, relevant HIMS service provider will be placed on the passive list and this process may ultimately result in complete removal from the list.

Existence

Existence and uniqueness of HIMS in order to avoid legal complications.

Workflows

Conformity with the workflows and business rules as determined by the SBSGM.

Integration

Data transmission with integration into MoH's central data systems.

Standards

Compliance with the standards as determined by the SBSGM.

VEM Version

Compatibility with the current VEM version and data transfer capability.

Registration

The registration status of the HIMS service provider to KTS.

Data Protection

Compliance with personal data protection legislation and information security regulations.

Security

If deemed necessary, security and penetration tests conducted for HIMS.

Enforcement

Except for Articles 17 and 20, the provisions of the Regulation have come into effect on the date of 25/8/2022, when the Regulation was published in the Official Gazette. On the other hand, Article 17 (Event and trace logs) is on effect from 25/8/2023 and Article 20 (Competency score) is on effect from 25/4/2024.

Dates

25/8/2022
HIMS Regulation entered into force
25/8/2023
Article 17 (Event and trace logs)
25/4/2024
Article 20 (Competency Score)

Article 17 (Event and trace logs)

1- HIMS service recipients shall be obliged to retain their SAMILOG records for no less than five years, and all other records for no less than two years, within their proprietary servers.

2- SAMILOG records pertaining to AHBS shall be conserved within the database in such a manner as to preclude alteration via AHBS.

3- All modifications effected by users at the database level, inclusive of data addition, data deletion, data modification, and all transformations enacted upon database objects, shall be preserved.

4- All systems engendering event and trace logs shall be synchronized by means of a time server to be furnished by the HIMS service recipient, for the express purpose of engendering uniform time information throughout the system.

5- Event and trace logs shall be safeguarded against unauthorized access, erasure, and modification. The event and trace logs so generated shall be retained by affixing a signature through a qualified time stamp, as provided by either resident qualified electronic certificate service providers within Türkiye or by SBSGM.

HIMS Regulation

Unofficial English Translation of HIMS Regulation

Download
Ahmet Esad Berktas
In News

Medical Tourism Market in Türkiye Exceeds 2 Billion USD

medical-tourism-market-in-turkiye

In the first half of 2023, the number of tourists coming to Türkiye for medical purposes rose to 745.000.

There are significant changes in the profile of foreigners visiting Türkiye. 10 years ago, one out of every 100 tourists visited Turkiye for health and medical reasons, but thanks to the momentum gained during the pandemic, this number has reached 5 today. The development in health tourism in Türkiye, especially after the pandemic, was also reflected in the data of the Turkish Statistical Institute. According to the data, 10 years ago, one out of every 100 tourists visited Türkiye for health and medical reasons, but thanks to the momentum gained during the pandemic, this number has reached 5 today. According to the research based on TÜİK data, while the ratio of health tourists to the total number of visitors was below 1% in 2012, this rate reached 2.45% in 2022. In the first three months of this year, the ratio of health tourists to total visitors made a significant leap, reaching 5.03%. The research stated that if this rate increases positively in the future and rises to 5-10% throughout the year, there will be a significant increase in foreign currency entering the country for tourism purposes.

2 Billion USD Revenue

According to the research, tourists who came for health and medical reasons in 2022 spent over 2 billion dollars. In the first 3 months of this year, revenue of 453 million dollars was generated. The per capita expenditure of those coming for health tourism was 1103 dollars, and it was determined that they spent twice as much as those coming for visit purposes.

Revenues from health expenditures of foreign nationals was $638 million in 2015, when the number of health tourists stood at a little more than 395,000. Health tourism revenues and the number of foreigners arriving in Türkiye to receive health services increased steadily in the following four years. Revenues climbed to $715 million in 2016, rising further to $827 million in 2017 and $863 million in 2019.

745 Thousand Patients in 6 Months

According to the data, the number of visitors coming for health tourism was at the level of 240 thousand in 2012, while this number reached 1 million 258 thousand in 2022. The number of tourists coming for medical purposes in the first 6 months of this year was 745 thousand. It was stated, “Especially in the last 3 years, the number of foreign visitors coming to our country for health and medical reasons has increased. In 2023 and the coming years, serious foreign currency contributions will be provided from serious health tourism with new investments, incentives, advertisements, and promotions.”

2906 Facilities Have Authorisation Certificates

In Türkiye; there are 615 hospitals, 162 medical centers, 810 health facilities, and 1309 outpatient clinics that have earned the right to receive health tourism authorization certificates. Explaining that a total of 2906 facilities are authorized being said, “With the growth of the health tourism sector in Türkiye, it is anticipated that there will be needs for new health facilities and hotels, especially with the increase in the number of foreign visitors coming from abroad.”

TUIK Tourism Statistics, April - June 2023

Read Report
Ahmet Esad Berktas
In News

Best G-20 InfraTech Practice on Privacy: e-Nabiz

best-practice-on-privacy-enabiz

In the report announced by the G-20 initiative Stocktake, e-Nabiz was cited as a case study in the field of cyber security and privacy measures.

What is Stocktake?

The Stocktake of Approaches for Scaling Up InfraTech (“Stocktake”) is a deliverable under Priority 3 of the Infrastructure Working Group’s (“IWG”) 2022 Work Plan. The Stocktake is the joint work of the Global Infrastructure Hub (“GI Hub”) and the Asian Infrastructure Investment Bank (“AIIB”). It supports the G20 Blueprint for scaling up InfraTech financing and development (“Blueprint”) by providing evidence (through case studies) of effective approaches that attracted financing for InfraTech development and implementation and that could be scaled and replicated across sectors and jurisdictions.

This Stocktake, as a supporting document for the Blueprint, advances the G20 InfraTech Agenda which was delivered under the Saudi Arabian Presidency and endorsed by the G20 Finance Ministers and Central Bank Governors in July 2020. InfraTech is defined in this agenda as the integration of digital and non-digital technologies with physical infrastructure to deliver efficient, connected and resilient assets. The Stocktake also continues the GI Hub’s work on the Stocktake of InfraTech Use Cases (a Reference Note to the InfraTech Agenda) and the GI Hub’s InfraChallenge – an innovation competition was delivered under the Italian G20 Presidency in 2021.

About Blueprint for InfraTech

To ensure that the Blueprint represents a diverse range of effective approaches across different sectors and jurisdictions, all IWG members were invited, on a voluntary basis, to submit case studies of InfraTech development and financing. To supplement this, the GI Hub launched a global call for submissions in March 2022 to gather approaches from the broader industry. 38 case studies (spanning 16 sectors, 27 countries, and a range of long-term infrastructure priorities ) were gathered through this process and 15 effective approaches to scale up InfraTech investment were derived through the analysis.

In this Blueprint, eight of these effective approaches were highlighted as opportunity areas for the G20 moving forward. These were selected by taking the most common approach (i.e. the approach that featured most in the case studies) and the most emerging approach (i.e. the approach that featured least in the case studies) under each of the four pillars.

Opportunity Areas and Pillars

Eight opportunity areas to scale up InfraTech investment are:

  1. Policy Pillar:
    • National or sectoral InfraTech strategy
    • Innovative procurement tools and policy
  2. Commercial Pillar:
    • Innovative delivery models
    • New platform for InfraTech ecosystem
  3. Technology Pillar:
    • Data platform or digital twin
    • Cybersecurity and privacy measures
  4. Finance Pillar:
    • Public investment
    • Innovative funds, platforms and de-risking mechanisms

Opportunity Area of Cybersecurity and privacy measures on Technology Pillar

Actions to progress this opportunity could include: Facilitate collaboration with relevant national institutions to work towards a roadmap to develop data privacy and ethics / AI guidance for the built environment (including infrastructure)

Expected outcomes: Start to progress a collaboration with the relevant national institutions who can offer guidance to policymakers and practitioners on addressing cybersecurity and privacy- related issues.

Case study example (e-Nabiz / Turkiye): e-Nabiz system was developed by the Ministry of Health to create an integrated system for the electronic collection of citizens’ health data produced by health institutions. Citizens can access all their health information digitally using e-Nabiz.

Legal Infrastructure of e-Nabiz

After appointed as Health Informatics Law Consultant on World Bank Project at March 2016, Ahmet Esad Berktas established Data Protection Unit at Ministry of Health, Republic of Turkiye. Many circulars and regulations in relation to processing of personal health data were prepared and put into effect during his five (5) years term into office are as follows (amended legislation are not included):

  • Circular No. 2016/6
  • Regulation on Processing and Ensuring Privacy of Personal Health Data
  • Regulation on Personal Health Data
  • Regulation on the Provision of Remote Health Services
  • Regulation on Health Information Management Systems

e-Nabiz is based on this legislation as well as many other documents prepared in accordance with Law No. 6698 of Protection of Personal Data. Furthermore, there are several organisational and technical measures that have been taken in order to provide required security and privacy level.

G-20 Blueprint for Scaling Up InfraTech Financing and Development

Read Blueprint

About Us

Berktas Legal is based in Istanbul and providing state-of-the-art counselling services on the intersection of law, information technology and health domains, specifically on protection of personal health data.

Address

FSM Mah. Poligon Cad.

Buyaka 2 Sitesi Kule: 3

No:8C/1, Umraniye

Istanbul, Turkiye

Contact

T: +90 (216) 2259483

E: [email protected]

© 2025 | Berktas Legal

Legal Notices

Privacy Policy

Cookie Policy