Czech Healthcare Providers in 2026: NIS2, Digitalisation and Compliance

The year 2026 brings healthcare providers the simultaneous application of several key regulations in the areas of digitalisation, cybersecurity, and healthcare law in the Czech Republic. This article analyses the actual legal landscape, obligations regarding payment transparency, and the protection of patients’ rights, all of which have a fundamental impact on the day-to-day operations of hospitals. We focus on the practical implications of the NIS2 Directive as well as the ongoing digitalisation of healthcare.

Legal framework for the provision of healthcare services in 2026 (Czech Republic)

2026 is a milestone primarily for digital transformation and transparency. Czech legislation focuses on clarifying relationships between providers and patients, especially in the area of reimbursements and data handling. Supervisory authorities and health insurance funds are placing greater emphasis on monitoring existing obligations that have often been overlooked in the past. This is not only about new regulations, but also about consistent enforcement of Act No. 48/1997 Coll., on Public Health Insurance, and Act No. 372/2011 Coll., on Health Services.

The legislator is responding to the need for harmonisation and modernisation. Administrative burdens are moving into the digital sphere and communication standards are being unified. At the same time, pressure is increasing on the availability of care and the protection of patients’ rights, which is reflected in stricter assessment of complaints handling and the set-up of internal processes in healthcare facilities. Within our practice, we encounter these requirements on a daily basis.

Ban on unlawful fees and transparent price lists

One of the key topics that supervisory authorities and health insurance funds focus on is strict compliance with the ban on direct payments for care covered by public health insurance in the Czech Republic. This principle, enshrined in Section 11(1)(d) of Act No. 48/1997 Coll., is subject to increased oversight in 2026. This is not a new legislative change, but rather a change in enforcement practice and the intensity of inspections.

The ban applies to various forms of “registration fees” or fees for “acceptance into care” if they are not linked to a genuine above-standard administrative service that the patient has voluntarily chosen and that is not part of insured care. Making the provision of insured care conditional on any payment (a sponsorship donation, an annual fee without clear consideration) is contrary to Czech law.

Sanctions and risks for providers

Breaches of obligations in the area of reimbursements and price lists may be sanctioned under the Act on Health Services and Act No. 526/1990 Coll., on Prices. Providers face administrative fines which, depending on the seriousness and type of breach, may range from tens to hundreds of thousands of Czech crowns.

In extreme cases involving systemic failures, sanctions may reach up to CZK 1 million under the general sanction provisions of Act No. 372/2011 Coll.

Additional services that increase patient comfort (e.g., above-standard rooms, specific meals) remain permissible, but they must be clearly separated from healthcare covered by insurance. The provider is obliged to make the price list for these services transparently available under Section 45(2) of the Act on Health Services.

Obligation to publish price lists and inform patients

Each healthcare provider has a statutory obligation under Czech legislation to prepare and make publicly available (typically in the waiting room and on the website) a price list of healthcare services not covered by public health insurance. The price list must be clear and up to date. The patient must be demonstrably informed of the price in advance.

Failure to comply with this obligation is a frequent target of inspections by regional authorities in the Czech Republic. It is important to emphasise that the price list must also cover procedures that are only partially reimbursed, or services provided to self-paying patients. Transparency is the best prevention against complaints and sanctions.

microFAQ – Legal tips on fees

1. Which fees are compliant with the law? Payments for services not covered by insurance (e.g., aesthetic medicine, certain dental procedures), administrative acts unrelated to the treatment process (extracts issued upon the patient’s request), or above-standard accommodation. Patient consent and a price list are always required.

2. What if the patient is not insured in the Czech Republic? For self-paying patients (e.g., foreigners without an EHIC or local insurance), the provider charges contractual prices according to its price list. In the case of urgent care, however, care must not be refused even if immediate payment is not available.

3. How are payment disputes handled? The patient may contact their health insurance fund, which will verify whether the payment was requested lawfully, or the relevant regional authority.

Protection of patients’ rights and effective complaint handling

Although the Act on Health Services does not introduce a blanket obligation in 2026 to establish a role titled “hospital ombudsman” for all facilities, Czech legislation strictly requires the implementation of a functional mechanism for submitting and handling complaints. The ombudsman concept therefore becomes a recommended standard (“best practice”), especially for inpatient facilities.

The task of the person appointed to handle complaints (or the ombudsman) is to independently investigate submissions and mediate between the patient, the family, and the healthcare team. The aim is to de-escalate conflicts directly within the facility, which often prevents subsequent court disputes or complaints to the regulator.

Practical role within a hospital

The complaints handler should have direct access to hospital management and the authority to review medical records (to the extent necessary to resolve the complaint and in compliance with GDPR). Although their opinion is not legally binding on management in the sense of a court judgment, it serves as a key basis for remedial measures.

The existence of this role, whether internal or external, signals quality of care. In practice, these positions are well suited to individuals with a combination of medical and legal education, or experienced healthcare professionals with communication training.

microFAQ – Dispute resolution

1. Is the ombudsman’s recommendation binding? Internally, it depends on the hospital’s internal rules; legally, it is not. Final responsibility lies with the provider’s statutory body.

2. Who can file a complaint? The patient, their legal representative, a close person (if the patient is unable), or a person authorised by the patient.

3. What are the time limits? The provider must handle the complaint within 30 days; in justified cases, the time limit may be extended.

Organisation of emergency/out-of-hours services

The organisation of the Medical Out-of-Hours Service (LSPP) remains a shared responsibility in 2026. The Act on Health Services (Section 110) entrusts organisation to the regions, while health insurance funds are obliged to ensure the availability of reimbursed services. There is increasing pressure to improve network efficiency and to secure services contractually.

The backbone of the system consists of hospital emergency departments, supplemented by outpatient out-of-hours services. Funding is provided through the reimbursement decree and regional subsidies. This is not a one-off transfer of responsibility, but a continuous process of optimising the urgent care network in the Czech Republic.

Pharmacy out-of-hours service

Access to pharmacy services outside working hours is ensured in connection with the network of hospital emergency departments. The regions, in cooperation with the Czech Chamber of Pharmacists, define regional needs. The obligation to ensure the dispensing of medicines in acute cases primarily falls on hospital pharmacies in facilities with 24/7 operations.

Specific health services and their legal framework

Legislation is gradually refining the definitions of specific types of care. Palliative and hospice care has a firmly established place in the Act on Health Services, with an emphasis on a multidisciplinary approach. Mental health centres are developing as part of the psychiatric care reform in the Czech Republic, linking healthcare and social services.

Obligations for inpatient facilities

Inpatient care providers must have standard nursing procedures and internal rules in place. An important component is also the provision of spiritual care, which the law (Section 28(3)) guarantees as a patient’s right under Czech law. Hospitals do not have to employ a chaplain directly, but they must allow the chaplain access to the patient.

Interruption of the provision of health services

The Act on Health Services (Section 26) regulates the options for interrupting the provision of services. The provider is obliged to notify the competent administrative authority of any interruption. A long-term interruption without a serious reason may lead to withdrawal of the authorisation. In 2026, emphasis is placed on ensuring that any interruption does not jeopardise the availability of care in the region in the Czech Republic.

Digitalisation of healthcare: Statutory obligations

2026 is a key year for the implementation of Act No. 325/2021 Coll., on the digitalisation of healthcare. Obligations related to the use of core registers and sectoral systems are being phased in.

The foundation is identification and authentication within the Integrated Data Interface. Providers must ensure that their information systems are compatible with the standards issued by the Ministry of Health and the National Centre for Electronic Healthcare (NCEZ) in the Czech Republic.

e-Requests and data sharing

The electronic request (eŽádanka) is becoming the standard for ordering examinations. Although full nationwide enforceability is being introduced gradually, systems must be ready for it. The aim is to eliminate paper referral forms. Patients gain an overview of their data via the portal and the EZKarta application, which serves as a gateway to the Ministry’s electronic services.

Sharing medical documentation (i.e., the emergency data set) is tied to technical readiness and consent mechanisms in line with GDPR and the Act on the digitalisation of healthcare.

Contact our experts

Mgr. MUDr. Veronika Králíková, Ph.D.

Consultant

• kralikova@arws.cz

Mgr. Dita Zbožínková, LL.M.

associate

• zbozinkova@arws.cz

Core registers

Providers’ operations increasingly rely on data from the Core Register of Providers and the Core Register of Healthcare Professionals. The accuracy of data in these registers is essential for reporting care and for e-prescribing in the Czech Republic.

microFAQ – Digitalisation

1. Are e-Requests mandatory? Legislation is moving towards mandatory use; in 2026 this system is already in live operation for selected segments of care.

2. Who is responsible for data security? The healthcare provider is the controller of personal data and bears full responsibility for securing its information system under Czech law.

Cybersecurity (NIS2)

With the entry into force of the new Cybersecurity Act (transposition of the NIS2 Directive), many hospitals (especially providers with more than 50 employees and a certain turnover, or facilities critical to the region) fall under the regime of a regulated entity in the Czech Republic.

Hospital management (the statutory body) bears direct responsibility for managing cyber risks. This includes the obligation to implement technical and organisational measures, report incidents to NÚKIB (the Czech National Cyber and Information Security Agency), and ensure business continuity. Cybersecurity is no longer just an IT department matter and becomes a legal obligation for management under Czech legislation.

Preventive check-ups and screening programmes

The system of preventive check-ups is regulated by Decree No. 70/2012 Coll., on preventive check-ups. In 2026, the trend of expanding screening programmes reimbursed from public health insurance continues in the Czech Republic.

Colorectal cancer screening

Based on professional recommendations and bulletins of the Czech Ministry of Health, the screening programme is being gradually optimised. The target group is expanding (often from age 50, and for some indications even earlier), while patients can choose between a faecal occult blood test (TOKS) and screening colonoscopy at defined intervals.

Changes in dental care

In dentistry, in line with EU Regulation 2017/852 (on mercury), the use of dental amalgam is being gradually phased down, especially for vulnerable groups. Reimbursements from health insurance are being adjusted to reflect new materials; however, full reimbursement of premium photocomposite fillings for adults is limited.

Table of key risks and recommended solutions

Medical documentation and telemedicine

New legislation (an amendment to the Act on Health Services effective already from 2024/2025) has explicitly enshrined telemedicine under Czech law. The provision of healthcare services remotely is possible if it is medically appropriate and safe.

The healthcare provider must use secure communication channels, and a proper record of the telemedicine service must be kept in the medical documentation.

The patient has the right to electronic access to extracts from their medical records, which will be gradually implemented through patient portals connected to the national infrastructure in the Czech Republic.

Changes in the reimbursement system (DRG)

For 2026, inpatient care reimbursement continues to be governed by the CZ-DRG system (diagnosis-related payment) in the Czech Republic. The 2026 Reimbursement Decree reflects the cost of care and supports one-day surgery/day-case medicine where it is safe. Hospitals must optimise reporting and diagnosis coding so that reimbursements correspond to the reality of the care provided.

Executive summary for management

• Reimbursement compliance: Immediately review your price lists and fee-collection practices. Eliminate “entry fees” with no real consideration/service provided. High penalties and reputational risk may follow.
• Complaints agenda: Even without an explicit statutory title of “ombudsman”, strengthen capacity for handling complaints. This is the cheapest prevention of litigation in Czech courts.
• Digitalisation is mandatory: Investment in IT and compliance with  are unavoidable. e-Referrals and connections to registers must work.
• Cybersecurity: Hospital management bears responsibility. NIS2 requires active risk management, not merely the passive purchase of software.
• Telemedicine: Use it, but only via secure and approved channels with proper documentation.

Conclusion

2026 represents a period of stabilisation of new digital processes and more consistent enforcement of existing rules for Czech healthcare. This is not a legislative earthquake caused by a single act, but rather a complex mosaic of obligations arising from the Act on Health Services, e-health/electronic healthcare, and cybersecurity rules under Czech legislation.

For healthcare facility management, this means the need to abandon a reactive approach and actively manage compliance risks. Transparency towards patients and data security are the new currency that determines the provider’s trust and stability. We recommend regular legal audits of internal policies and processes so that the facility can withstand inspections by supervisory authorities as well as patients’ claims in the Czech Republic.

FAQ – Legal questions on obligations in 2026

1. Do we have to have an ombudsman from 2026?
The Act on Health Services does not directly impose an obligation to establish a position titled “ombudsman”. However, it does impose an obligation to have a system in place for submitting and handling complaints (Section 261). Establishing an ombudsman is a recommended way to fulfil this obligation properly.

2. What sanctions apply for incorrectly maintained price lists?
For breaches of obligations related to pricing and consumer (patient) information, fines may be imposed under the Czech Act on Prices and the Act on Health Services, which in serious cases may reach up to CZK 1,000,000, especially where there is systematic non-compliance.

3. Is telemedicine a fully-fledged health service?
Yes, the amendment to the Act on Health Services has placed it on an equal footing with in-person care, provided the nature of the patient’s health condition allows such an approach. The technical requirements for security and record-keeping must be met.

4. What does NIS2 mean for our hospital?
If you meet the criteria (size, importance for the healthcare sector), you must implement an information security management system, report incidents, and have business continuity/recovery plans. Responsibility for this lies directly with the statutory body.

5. Where can we find the current standards for digitalisation?
Technical standards and methodologies are issued by the Ministry of Health and published on the website of the National Centre for Electronic Healthcare (NCEZ) in the Czech Republic.

6. Can we charge a fee for registering a new patient?
If the care is covered by public health insurance in the Czech Republic, making registration conditional on a fee is unlawful. A fee may be charged only for administrative acts that are not covered by insurance and that the patient requests beyond standard care—not for access to care itself.

Notice: The information contained in this article is of a general informational nature only and is intended for basic orientation in the topic. Although we take the utmost care to ensure accuracy, legal regulations and their interpretation evolve over time. To verify the current wording of the regulations and their application to your specific situation, it is therefore necessary to contact ARROWS advokátní kancelář directly (office@arws.cz). We accept no liability for any damages or complications arising from the independent use of the information in this article without our prior individual legal consultation and professional assessment. Each case requires a tailored solution, so please do not hesitate to contact us.

Read also:

• Protecting Healthcare Know-How and IP in the Czech Republic: Key Steps
• Legal Liability and Statutory Duties of Healthcare Management in Czechia
• EU Pay Transparency Directive: Legal Risks and Compliance in the Czech Republic
• New EU Pay Transparency Directive: Key Obligations for Czech Employers by 2026
• Legal Validity and Risks of Simple Electronic Signatures in Czech Law