Key contacts
In May 2026, the Bulgarian Ministry of Health published Ordinance № 5 of 28 April 2026 on the Remote provision of medical assistance, establishing a detailed regulatory framework for telemedicine in Bulgaria. The Ordinance sets out the conditions for medical professionals and health care establishments to deliver remote medical services, the technical and data protection requirements for digital platforms and the restrictions on the performance of remote medical activities. For companies looking to develop telemedicine capabilities in Bulgaria, the Ordinance provides long-awaited legal certainty and imposes compliance obligations.
Background
The Ordinance was based on the Health Establishments Act. It applies to all remote medical activities involving patients, including remote consultations between medical specialists where patient data is processed. Consultations between specialists not involving personal-data processing fall outside its scope.
Who is authorised to provide telemedicine services
Only health-care facilities established under the Health Establishments Act, and the medical specialists employed by them, are permitted to deliver telemedicine services. Certain categories of health-care facilities (e.g. transfusion hematology centres and tissue banks) are excluded.
Health-care facilities may also collaborate to create functional “Centres for remote medical assistance” under a cooperation agreement, pooling resources and personnel to deliver telemedicine jointly. The cooperation agreements must address governance, the scope of services offered, shared digital systems, data protection responsibilities (including joint controller arrangements under Article 26 of the GDPR) and mechanisms for ensuring quality, traceability and liability.
Activities excluded from telemedicine
The Ordinance prohibits remote medical assistance where:
- this could endanger the patient's life or health;
- the required quality, safety or effectiveness of care cannot be guaranteed remotely;
- direct physical contact with the patient is requiredbased on the nature of medical activity;
- the patient's identity cannot be reliably verified.
Dental medicine is largely excluded, except for remote consultations between dental professionals and remote interpretation of diagnostic imaging. Conducting deliveries and certifying death are explicitly prohibited from being performed remotely.
Clinical responsibility and professional standards
The decision to provide remote medical care must be taken case-by-case by the treating medical specialist, based on clinical assessment. The specialist retains full professional responsibility for the decision and the care provided, including when there is the use of digital tools or clinical decision-support systems. Where multiple specialists are involved, responsibilities are allocated according to applicable medical standards and the internal rules of the health-care facility. Where digital tools for clinical decision support, automated documentation or health-data processing are used, health-care facilities must ensure transparency of the relevant processes and human control over medical decisions.
Patient’s duty to provide complete and accurate information.
The Ordinance places an onus on the patient (or persons under Art. 87 of the Health Act) to supply accurate anamnesis, information on prior treatments and medications, comorbidities and available records, imaging and device data. The Ordinance requires that the patient be informed completeness and accuracy are essential to a correct medical assessment.
Informed consent
Remote medical assistance can only be provided after the patient has given informed consent per the Health Act and the Health Establishments Act. This must be obtained before treatment begins in a format that allows the patient to make a free and informed choice.
Patient requests and public information
Planned telemedicine services must be requested through an electronic form available through an information system, telemedicine platform or other digital channel determined by the health-care facility or relevant medical specialist at that facility. There are specific and detailed requirements as to the form’s content and specifically for patients’ consent.
Health-care facilities must also make accessible public information on the remote medical services they provide, the relevant medical specialties, the medical specialists who provide those services and the available routes for requesting telemedicine under the facility’s internal rules or announced digital-channel rules.
Synchronous and asynchronous services
The Ordinance provides for two modes of service delivery:
- Synchronous: real-time communication between patient and specialist (e.g. real-time video consultations);
- Asynchronous: exchange and evaluation of medical data, images or monitoring results without simultaneous interaction (e.g. remote review of diagnostic data).
Both planned and emergency telemedicine are permitted. Emergency remote care, however, is limited to consultative medical assistance provided by a health-care facility and its medical specialists at the request of another health-care facility or medical specialist in an emergency, under an inter-facility agreement.
Technology and platform requirements
Digital systems used for telemedicine must ensure reliable identification of participants, data protection, traceability of actions, and quality of transmitted medical information. They must also meet applicable cybersecurity, interoperability and health-data protection requirements, including the requirements of Ordinance № Н-6 of 2022 on the National Health Information System. To ensure quality and safety, digital solutions must be integrated with the National Health Information System, remote monitoring devices, diagnostic equipment and other technology.
Medical devices and medical software used in telemedicine must hold a valid CE marking. Health-care facilities must also ensure technical resilience, including backup power supplies, system redundancy and procedures for managing disruptions. If remote care cannot safely continue, the medical specialist must refer the patient to an appropriate in-person form of care or an alternative communication channel. Where third-party digital service providers or platforms are used, the health-care facility must put in place contractual and technical safeguards to guarantee the security, availability and integrity of health data.
Documentation and recordkeeping
Telemedicine consultations must be documented through an electronic health record entered in the patient’s electronic health dossier in the National Health Information System according to the following deadlines:
- Planned care – by 4pm the next working day;
- Complex cases – within two working days;
- Emergency care – within 30 minutes (or 120 minutes for complex cases involving extensive image processing).
Documents must be authenticated by a qualified electronic signature or other recognised electronic identification method. Where digital tools, remote monitoring systems or clinical decision-support systems are used, this must be reflected in the medical documentation.
Health-care professionals providing remote care have the right to access the patient’s electronic health records in the NHIS to assess the patient’s condition and ensure quality and safe care. This access must observe the principles of necessity, proportionality, data protection and traceability under Ordinance № Н‑6 of 2022 and applicable law. Access to the e‑health dossier is limited to the specific remote service. Health-care establishments must inform the patient in advance of the type, scope and purpose of the data to be processed, and of the consequences of not providing it.
Data protection
Health-care facilities providing telemedicine are data controllers and must implement appropriate technical and organisational measures in line with the GDPR, conduct data protection impact assessments and apply the data-minimisation principle. They must publish a data subject notice containing the categories of processed data, the purposes and legal bases for the processing, recipient categories, retention periods and data subject rights. The notice must identify processors and joint controllers and be provided to patients at the point-of-service request.
Audio, video or other digital recordings of telemedicine sessions are permitted only with prior written or electronic informed consent. Recordings may also be made for documentation, continuity of care, training or expert consultations, provided the patient has been informed and appropriate safeguards are in place.
Regulatory oversight
Supervision of telemedicine activities is carried out by the Executive agency “Medical supervision”.
Comment
The Ordinance provides a clear legal basis for delivering telemedicine services in Bulgaria. Companies looking to develop telemedicine capabilities should note several practical implications:
- Technology providers are not directly regulated – the Ordinance places compliance obligations on health-care facilities rather than on platform developers. In practice, health-care facilities will require their technology partners to meet the detailed technical, security, interoperability and documentation standards set out in the Ordinance. Platform developers should expect contractual requirements flowing from these provisions, particularly around CE marking for medical software, cybersecurity standards, and integration with the National Health Information System and other medical technologies to ensure quality and safe care.
- Cooperation models offer opportunities – the Centres for remote medical assistance model allows multiple health-care facilities to pool resources and deliver telemedicine jointly, potentially creating a market for platforms that facilitate such collaboration.
- Data protection compliance is central – GDPR obligations are woven throughout the Ordinance, including joint controller agreements, data protection impact assessments and transparency notices. Companies building telemedicine platforms should design for privacy by default.
- Scope limitations matter for product design – platform design should accommodate the restrictions for services that can be delivered remotely (e.g. no dental care except limited consultations, no deliveries) and in each case a medical specialist must make the clinical decision whether remote care is appropriate.
- Operational workflows will need to be designed carefully – health-care facilities and their technology partners will need intake forms that capture the required information and consents, public-facing information on available services and specialists, and fallback protocols for redirecting patients to in-person care or alternative communication channels where remote care cannot safely continue.
- The use of AI in telemedicine platforms – the use of AI integrated in a telemedicine platform is not specifically addressed by the Ordinance and will be subject to conformity assessment to determine whether the requirements of the Artificial Intelligence Act have been fulfilled.
The Ordinance is silent on reimbursement for telemedicine and on cross-border provision of services, which should be assessed according to the wider national and EU legal framework and the specific jurisdictions where telemedicine platforms operate.
For further information, contact your CMS client partner or the CMS experts who contributed to this article: Anna Tanova, Partner; Antonia Spassova, Senior Associate, Andrea Andreev, Associate, or your usual CMS contact.