Healthcare Regulation 2024 in Turkey - Part 2

5. Regulation of healthcare services

• • Licensing authority and process
    • Which authorities are charged with licensing and regulating patient care facilities and healthcare professionals? What licensing processes apply?

The Ministry of Health (MoH) is the main body in charge of health services in Türkiye. It regulates all healthcare institutions in the country, which includes patient care facilities such as hospitals, clinics and diagnostic centres and the practice of medical and other health professions.

The Turkish Medicines and Medical Devices Agency (Agency) is a regulatory agency of the government that acts as the highest sanitary authority in terms of medical safety on medicines, health products, cosmetics and personal care products.

The licensing process of healthcare facilities involves an application to the MoH. The specifics can vary depending on the type of facility; but, the applicant needs to demonstrate that the facility meets the MoH’s standards for staffing, equipment, and physical infrastructure. This usually involves an inspection of the facility. Once licensed, the facility will be subject to regular inspections to ensure it continues to meet the standards.

For healthcare professionals, the licensing process depends on the specific profession. For physicians, it involves completing a medical degree from a recognised university, followed by a period of internship, and passing a national licensing examination. Other health professions have similar requirements. Once licensed healthcare professionals are required to participate in ongoing professional development to maintain their licence.

• Cross-border regulation
  • What requirements and restrictions govern the mobility of licensed health professionals across borders?

Requirements and restrictions regarding the mobility of licensed health professionals are regulated under the Regulation on the Procedures and Principles of Foreign Health Professionals Working in Private Health Institutions. The application of the person to work in a private health institution shall be submitted to the Provincial Directorate of Health by the responsible manager of the private health institution.

A work permit and residence permit shall be obtained within the scope of the Law on Foreigners and International Protection and an application shall be made to the Provincial Directorate of Health for the issuance of a personnel work certificate and the certificate issued by the Ministry of Health. The foreign healthcare professional may work in a private healthcare organisation as of the date the personnel work certificate is approved by the Directorate.

• Collaboration between healthcare professionals
  • What authorisations are required for collaboration between healthcare professionals? How is this regulated?

Collaboration between healthcare professionals is managed within the context of specific healthcare settings, such as hospitals, clinics or other health service providers, with various levels of oversight from government bodies such as the MoH. The precise procedures can vary significantly, based on factors such as the specific health professions involved, the nature of the collaboration, and the context in which the collaboration is occurring. The Regulation on Ethical Principles of Conduct and Procedure and Principles of Application shall also apply to a healthcare professional who is a public official.

• Collaboration between patient care facilities and healthcare professionals
  • What authorisations are required for collaboration between patient care facilities and healthcare professionals? How is this regulated?

Pursuant to the Regulation on the Provision of Home Health Services by the Ministry of Health (MoH), the MoH provide home health care services to individuals in need in order to carry out examinations, analyses, treatment, medical care and rehabilitation at home. Home health care services are mainly provided through training and research hospitals, general hospitals or branch hospitals within the MoH.

The responsible physician, dentist and other personnel for the home care services are assigned by the director of the health institution which establishes the home care services. The personnel assigned to the team shall not be assigned other duties except in cases of necessity.

The responsible physician or dentist is the head of the team and carries out the visits with the team and makes a comprehensive medical assessment of the patient, prepares the home health service plan by taking into account the information and recommendations of the attending physician who makes the diagnosis and performs the treatment. In the absence of the opinions and recommendations of the attending physician, if necessary, it receives support from the relevant branch specialist.

• Training of healthcare professionals
  • What educational and training requirements must physicians and healthcare professionals satisfy to obtain the right to practise in your jurisdiction?

Regulation on Speciality Training in Medicine and Dentistry governs the principles and procedures of speciality training in the fields of medicine and dentistry, the issuance of speciality certificates and the working procedures and principles of the Board of Medical Specialities.

Accordingly, a prospective physician must first complete a six-year undergraduate medical education programme to obtain a Doctor of Medicine degree from a recognised university.

The physicians are required to pass the Medical Specialty Exam to enter a residency programme. A residency programme typically lasts for three to six years, depending on the specialty.

A prospective dentist, on the other hand, must first complete a five-year undergraduate medical education program to obtain a degree from a recognised university. Dentists are required to pass the Dentistry Specialty Exam to enter a residency programme. A residency programme typically lasts for three to four years, depending on the specialty.

Other healthcare professionals may practise their professions after graduating from the departments of higher education institutions related to their fields.

• Discipline and enforcement
  • What civil, administrative or criminal sanctions, penalties, corrective measures and related tools may be imposed on patient care facilities and healthcare professionals for regulatory noncompliance?

The Patient Rights Regulation sets the rules for the sanctions to be applied in case of any violation of patients' rights by civil servants or other public officials and during their duties. These are mainly, disciplinary penalties, criminal complaints, civil or administrative lawsuits.

The authorities of health institutions – are obliged and authorised to take all necessary measures, including making a list, signboard or brochure of the ‘patient rights’ specified in the Patient Rights Regulation and other legislation, and placing them in appropriate places of the health institution and establishment where they can be easily accessed and read by patients, staff and visitors, in order to help patients exercise their rights in accordance with the letter and spirit of this Regulation and other legislation.

• Patient complaints
  • How are patient complaints processed and adjudicated?

The patients can make a complaint to the health institutions on wrongful acts of their employee healthcare professionals. The Patients’ Rights Regulation regulates the procedure for determining the responsibility of public servants in this regard. Accordingly, when the acts and behaviours of the personnel working in public institutions and organisations that violate patients’ rights are detected in case of a complaint or by the administration itself, an inspector or an investigator shall be appointed directly by the governorships or by the Ministry or the institutions where the personnel are employed in order to follow up, investigate and, if necessary, sanction the incident.

6. Data protection, privacy and digital health

• • Responsible authorities and applicable legislation
    • Which authorities are responsible for compliance with data protection and privacy, and what is the applicable legislation?

On 7 April 2016, Data Protection Law No. 6698 (DPL) came into force. The DPL regulates the protection of personal data and created new obligations that persons or entities dealing with personal data must comply with.

The DPL has been prepared in line with EU Directive 95/46/EC on data protection (EU Data Protection Directive). However, the DPL is not identical to the EU Directive.

The Turkish Data Protection Authority (TDPA) was granted the power to implement the DPL. Accordingly, the TDPA has investigative powers to ascertain whether data controllers and data processors are in compliance with the provisions of the DPL and, if deemed necessary, it may implement temporary preventative measures.

Pursuant to article 6 of the DPL, personal data relating to health, sexual life, biometric and genetic data are deemed sensitive personal data. While sensitive personal data other than data relating to health and sexual life may be processed without seeking explicit consent of the data subject in the cases provided for by other laws, personal data relating to health and sexual life may only be processed without seeking explicit consent of the data subject, by persons or authorised public institutions and organisations that have a confidentiality obligation explicitly for the purposes of:

• protecting public health;
• the facilitation of preventive medicine;
• medical diagnosis;
• treatment and nursing services; and
• the planning and management of healthcare services, including their financing.
• Requirements
  • What basic requirements are placed on healthcare providers when it comes to data protection and privacy? Is there a regular need for qualified personnel?

On 30 December 2017, the Turkish Data Protection Authority issued the Regulation on Data Controllers’ Registry that provides details of the obligations that data controllers must comply with. Data controllers must appoint either a contact person or an authorised representative, depending on whether the data controller is based inside or outside Turkey. This person’s name and contact details shall be published online and they shall be responsible for establishing the communication between the data subjects and the data controllers. However, this person is not a data protection officer as defined by EU Regulation No. 2016/679.

• Regulatory guidance
  • Have the authorities issued specific guidance or rules for data protection and privacy in the healthcare sector?

Restrictions brought under the Turkish Data Protection Law leave limited room for processing health data without explicit consent. Unfortunately, to date, the Turkish Data Protection Authority has issued no specific guidance or rules focusing on data protection in the healthcare sector.

On the other hand, the Ministry of Health (MoH) issued Personal Health Data Regulation No. 30808, published in the Official Gazette on 21 June 2019, which aims to regulate the procedures and principles to be followed in the processes and practices carried out by the central and provincial organisational units of the MoH and the health service providers operating in conjunction with them.

• Common infringements
  • What are the most common data protection and privacy infringements committed by healthcare providers?

The Turkish Data Protection Authority investigates and issues decisions on matters brought to the authority’s attention and on matters examined ex officio.

In practice, both patients and companies notice that healthcare providers do not convey information to their patients according to the obligations set by the Communiqué on the Obligation of Information. Even if they do, this information lacks important provisions and fails to inform data subjects in a transparent manner. The recent Turkish Data Protection Authority decisions on the healthcare providers including both healthcare institutions and healthcare professionals are on usage, transfer or process of the data of the patient without the consent of the patient.

• Digital health services
  • Which authorities regulate the provision of digital health services and what is the applicable legislation? (Give details.) What basic requirements are placed on healthcare providers when it comes to digital health services? (Give details.)

The MoH established a system named E-Nabız, for the patients to track their personal health data. The MoH Personal Health Data Regulation No. 30808, published in the Official Gazette on 21 June 2019, and Circular No. 2016/6 on the E-Nabız Personal Health System are the legal basis governing E-Nabız. The Circular mentions that the fundamental aim of E-Nabız is to ensure a citizen’s right to access and manage their personal health records pursuant to article 20 of the Constitution on personal data. The system is accessible 24 hours a day, seven days a week and free of charge through computers, mobile phones and wearable technology.

The MoH prepared the Regulation on the Presentation of Remote Health Services and published it in the Official Gazette dated 10 February 2022 and No. 31,746.

Within the scope of the Regulation on the Provision of Remote Healthcare Services, a remote healthcare information system infrastructure will be developed or authorised by the MoH and healthcare institutions will use this healthcare information system to ensure written, oral or video communication. The developed remote healthcare information system infrastructure will be registered in the database of the MoH.

These services may include many activities such as examination, counselling, prescription writing, clinical parameters such as blood sugar and blood pressure monitoring, providing services that support healthy life and psychological health, performing interventional or surgical operations upon the activity permit obtained from the MoH, protecting the health of people in endemic and epidemic epidemics, monitoring the health status of the elderly and people in high risk groups and people who want their health status to be controlled through wearable technologies.

7. Update and trends

• • Key developments
    • Are there any current or foreseeable legislative initiatives, court cases, laws or other rules that affect the regulation of healthcare? What has recently changed (or will likely change), and what steps need to be taken in preparation?

The Turkish Medicines and Medical Devices Agency continuously work on alignment of the legal framework on medicines and medical devices with the EU legislation. For the medicines, legal framework on licencing, named patient program and alternative reimbursement has been recently updated. Therefore, we may expect further amendments on the legal framework regulation promotional activities as well.

As for the medical devices, EU MDR led to several amendments on local regulations regarding medical devices and it is ‘highly expected’ that there will be further amendments.