-Automatic translation
Under Article 6 of the Medical Director of Health and Public Health Act, planned operations and/or planned changes to healthcare services must be reported to the Directorate of Health. The Directorate of Health must confirm that the operation meets professional requirements and any other conditions set out in health legislation. Because the same professional requirements apply to the provision of telehealth services as to traditional healthcare services, such operations must also be reported to the Directorate.
Healthcare service providers must meet minimum professional requirements to commence activities in the field of healthcare services, and confirmation from the Directorate of Health to this effect must be obtained before the activities begin. This is in accordance with Chapter IV of the Regulation on the Directorate of Health's supervision of healthcare services and minimum professional requirements (Icelandic). Additionally, any instructions that the Directorate of Health may issue under the authority of Article 12 of Chapter IV of the Regulation must be followed.
The information in the notification of planned healthcare service operations and/or changes to healthcare service operations forms the basis for the Directorate of Health's assessment of whether the operations meet the minimum professional requirements.
A health service operator can be a healthcare professional or a company they own.
You can find your operator number (RA number) in the Register of Licensed Healthcare Facilities on our website. Please note that you need to click the “i” to access more detailed information, e.g. the RA number.
The responsible party is the one who is responsible for the healthcare service provided.
In the Health Services Act (Icelandic), health services are classified and defined as follows:
Primary health care: Health care, health protection and prevention, emergency and accident reception, and other health services provided by primary health care. Services and care in nursing homes, residential facilities, and in daycare.
Secondary health care: Health care provided in hospitals, health care institutions, and premises of self-employed healthcare professionals. Other services that are normally not provided at health centers.
Tertiary health care: Health care provided in a hospital that requires special skills, advanced technology, expensive and problematic drugs, and access to intensive care.
There is strong emphasis on each healthcare professional familiarizing themselves with the Patients' Rights Act. The aim of the Act is to ensure patients have specific rights in accordance with general human rights and the sanctity of life, thereby strengthening their position in relation to the health service and supporting the relationship of trust that should exist between patients and healthcare professionals.
A healthcare practitioner who intends to provide health service must describe how the activity will be carried out and what special treatment the person intends to provide.
Under the Health Records Act, all healthcare professionals are obliged to keep medical records; see the more detailed list of items to be recorded in Article 6 of the Act. Only healthcare professionals and students in health sciences internships who have undertaken a duty of confidentiality and secrecy comparable to that of healthcare professionals are permitted to enter medical record information into a medical record. Medical records shall be stored securely so that medical record information is not lost and is accessible in accordance with the provisions of Chapter IV.
There are two types of medical record-keeping: digital and paper. According to the Health Records Act, all recording must be digital from 1 December 2026.
Digital recording involves using software to store and process medical records, cf. the Health Records Act.
If there is uncertainty about whether a medical record system that a healthcare professional intends to use for recording medical information complies with the Directorate of Health's instructions on the security and quality of medical records, an enquiry should be sent to Digital Health at sh@hrn.is.
Medical records on paper shall be stored in an access-controlled space to ensure they are not lost and that unauthorised persons cannot access them. They must be protected against the main risk factors, such as fire, water, humidity and sunlight. Please note that all registrations must be digital from 1 December 2026.
It is worth noting that under the Health Records Act No. 55/2009, a patient has the right to receive a copy of their medical records, provided that doing so serves the patient's interests.
According to the Health Records Act, it is not permitted to delete original data from medical records. If personally identifiable data is deleted, it must be described how this will be done.
It is always necessary to inform who is the central host of the medical record system. Examples: Sensa and TM Software.
If the operation of the medical records system is entrusted to a third party, it must be ensured that the host has either a certified quality system or meets the requirements of ISO ÍST 27001. All operations must meet the requirements according to the Act on Personal Protection and Processing of Personal Information (Icelandic) in addition to the rules no. 299/2001 on the security of personal information. If a third party is asked to handle the processing of personal information from the medical record, this shall be done in accordance with Article 13 of the Act on Personal Protection and Processing of Personal Information.
The guardian and supervisor for the recording of health records must be specified. The guardian need not be a licensed healthcare professional; the same does not apply to the supervisor.
Article 3 of the Act on Medical Records No. 55/2009 states that […] The guardian of health records: Healthcare facility or premises of a self-employed healthcare practitioner where health records are entered. Should the health records systems of two or more healthcare facilities or premises of self-employed healthcare practitioner have been joined, cf. Section VI, the guardian of health records in the system is deemed to be the party on whom the healthcare facilities or premises of self-employed healthcare practitioners have agreed
The Act clearly states that the supervisor must always be a licensed healthcare professional. Article 3 of the Health Records Act No. 55/2009 states that the supervisor of health records is a physician, or other healthcare practitioner if no physician is available, appointed by the guardian to supervise the entry and handling of information in health records, and to ensure that they are consistent with the provisions of this Act. A healthcare practitioner who works alone on his/her premises is deemed to be the supervisor of health records he/she enters
A healthcare professional working alone in a practice is considered the supervisor of the medical records they maintain.
Access to sensitive information in an electronic health record system shall be in accordance with the institution's defined procedures. Access to health records is managed in accordance with the fundamental principles of data protection, confidentiality and privacy, cf. Act on Data Protection and the Processing of Personal Data No. 90/2018.
Healthcare professionals shall have access to the health record data necessary for their work. An employee shall seek information about a patient only if it is needed for their work, for the patient's benefit, or for other legitimate purposes, and only where it is established that this is permitted by law.
It must always be ensured that all staff sign a confidentiality declaration and that they are aware of the rules governing access to information in health records.
Self-employed specialists must submit information on their activities (Icelandic) to monitor the service, ensure its quality, and evaluate its effectiveness. The Register of Contacts with Medical Specialists in Private Practice is useful for monitoring the extent and use of the service, and the frequency of diseases and treatments.
In accordance with the Healthcare Practitioners Act 34/2012, regulations apply to each healthcare profession regarding education, rights, and obligations. Information on each healthcare profession can be found in the collection of regulations (Icelandic).
When providing a specific type of healthcare service, ensure that only licensed healthcare professionals provide it. The number of healthcare professionals shall be determined by the scope and nature of the service and the circumstances at any given time.
Premises where healthcare services are provided must meet minimum requirements for patient access and facilities, including a waiting room, toilets and sanitary facilities, treatment rooms, and, where applicable, a recovery room, as well as facilities for staff, in accordance with the type of healthcare service that is provided or planned to be provided there.
A copy of the holder's operating license from the municipal health inspectorate, including its validity period, must be submitted.
Equipment shall be in accordance with the needs of the healthcare service being provided or planned. Medical devices used must meet the requirements of the Act on Medical Devices and the regulations issued thereunder.
Furthermore, the infection control procedures and the work processes for internal and external monitoring of sterilisation equipment must be described in accordance with the requirements for the disinfection and sterilisation of instruments used in healthcare services.
When providing services, the Health Service Act No. 40/2007, the Patients' Rights Act No. 74/1997, the Health Practitioners Act, the Directorate of Health's Guidelines on Good Medical Practice, and other applicable laws and administrative directives must be respected.
Quality indicators are numerical measures, e.g. ratios or percentages, that can indicate the quality and safety of processes, organisation and outcomes in healthcare services, cf. the Plan for Quality Development in Healthcare Services 2019-2030 and the list of quality indicators, cf. Regulation No. 1148/2008.
Under the law, healthcare institutions, self-employed healthcare practitioners and others who provide healthcare services must regularly send the Director of Health an overview of all unexpected and serious incidents, as further determined by the Director of Health. Recording incidents and attitudes towards them is a significant factor in promoting safety in healthcare institutions, as it is estimated that around 10% of patients in hospitals in Western countries experience some form of accident or error classified as an unexpected incident.
It is therefore important that healthcare practitioners familiarise themselves with their duties and are aware of the process that takes place and which forms need to be submitted.
The forms can be found at the Directorate of Health's web.
Service provider
Directorate of Health