Thông tư 53/2014/TT-BYT

Circular No. 53/2014/TT-BYT dated December 29, 2014 on requirements for provision of online healthcare services

Nội dung toàn văn Circular 53/2014/TT-BYT on requirements for provision of online healthcare services


MINISTRY OF HEALTH
--------

THE SOCIALIST REPUBLIC OF VIETNAM
Independence - Freedom - Happiness
----------------

No. 53/2014/TT-BYT

Hanoi, December 29, 2014

 

CIRCULAR

ON REQUIREMENTS FOR PROVISION OF ONLINE HEALTHCARE SERVICES

Pursuant to the Law on Information Technology dated June 29, 2006;

Pursuant to the Government’s Decree No. 63/2012/ND-CP dated August 31, 2012 defining functions, tasks, entitlements and organizational structure of the Ministry of Finance;

At the request of the Director of Department of Information Technology;

The Minister of Health promulgates a Circular on requirements for provision of online healthcare services.

Article 1. Scope and regulated entities

1. This Circular deals with requirements for provision of online healthcare services in terms of information technology infrastructure, information security assurance, human resources and application of information technology.

2. This Circular applies to organizations and individuals involved in development and provision of online healthcare services in the territory of Vietnam (hereinafter referred to as “providers”).

Article 2. Definitions

For the purposes of this Circular, the terms below shall be construed as follows:

1. “health activities” include citizens’ health protection, improvement, and care in terms of preventive healthcare; medical examination and treatment and functional rehabilitation; medical survey, forensic medicine, forensic psychiatry; traditional medicine; reproductive health; medical devices; pharmacy; cosmetics; food safety; health insurance; population - family planning.

2. “online healthcare services” mean provision, transmission, collection, processing, storage and exchange of health information using information technology.

3. “HL 7 standard (Health Level 7)” means a set of international standards that provides a protocol for the management, exchange and integration of health data between health information systems to serve health activities.

4. “HL7 CDA standard (Health Level 7 Clinical Document Architecture)” means a document that specifies the structure and semantics of clinical data for the purpose of data exchange between interested parties.

5. “DICOM - Digital Imaging and Communications in Medicine” means an international standard for exchanging, storing, receiving, printing and sharing digital imaging between medical devices and health information system.

6. “ISO/IEEE 11073” means a family of ISO (International Organization for Standardization), IEEE (Institute of Electrical and Electronics Engineers), and CEN (European Committee for Standardization) joint standards to determine a protocol for connection, communication and exchange of data between applications and medical devices.

7. “SDMX” means an ISO/TS 17369:2005 standard for exchanging statistical data and metadata between units and organizations.

8. “SD MX-HD” means a standard that is established by the World Health Organization according to SDMX standard /TS 17369:2005 to assist health facilities in exchanging and sharing medical indicators and statistical metadata.

Article 3. Requirements for information technology infrastructure

1. Services provided using server and system software:

a) Ensure server infrastructure and associated equipment deliver sufficient performance and efficiency, and data processing and retrieval speed to satisfy requirements for provision of online healthcare services;

b) Ensure the server system operates in a highly available manner and provides a flexible backup for continuous operation.

c) Ensure the operating system and system software installed on servers are legit or have clear origin.

2. Network system:

a) Network system (telecommunications network, internet, wide area network, local area network, other connections) is designed and implemented in an appropriate manner, and includes bandwidth. In case of using telecommunications network, all rights and obligations prescribed in Article 16 of the Law on Telecommunications must be exercised and fulfilled.

b) Network equipment and network monitoring and analysis software must be legit or have clear origin;

c) Backup plan must be available to ensure operation of the network system.

3. Database:

a) Database used for provision of online healthcare services must be stable and be able to process and necessary data;

b) Database management system shall have clear origin or use open-source database widely used in the country and the world.

4. Workstation: there must be enough workstation with appropriate configuration suitable for online healthcare services.

Article 4. Requirements for information security assurance

1. Policies on information security must be formulated in accordance with regulations on ensuring security of State and the provider’s own information technology system.

2. Network system security:

a) Technical measures must be available to control access to the network system;

b) Measures for intrusion detection and prevention, and malicious code prevention must be available;

c) System patches and equipment’s configuration must be updated on a periodic basis;

d) Information security must be ensured when workstations are connected to network resources.

dd) Physical security at the location of the server systems must be ensured;

e) Network equipment, security equipment, antivirus software, network monitoring and analysis tools that are installed within the provider’s network must have clear origin.

3. Application software security

a) There must be regulations on error logging and error handling process, especially errors in assurance of security in checking and testing application software;

b) There must be software versions, including the source program that needs to be managed in a centralized manner, stored and secured. There must be regulations on granting privileges to each user to manipulate files;

c) Periodic plan for source code verification must be formulated to prevent malicious codes and vulnerabilities;

d) The application software vendor must undertake that its product contains no malicious code.

4. Data security:

a) There must be regulations on protecting and granting privileges to access database resources;

b) Access to database and actions performed on database configuration must be logged;

c) Where necessary, backup and data recovery plan must be formulated;

b) Proper encryption algorithms must be used to ensure security and processing capacity of the system;

dd) Database management system patches must be reviewed and updated on a periodic basis and according to the manufacturer’s recommendations;

e) Database attack prevention measures must be available.

5. Breakdown management:

a) There must be procedures for breakdown management, specifying responsibilities of relevant departments and steps and informing users and information technology system operators. In case the information technology infrastructure is outsourced, the service provider must offer breakdown handling procedures.

b) Breakdown and remedial measures for breakdown handling procedures must be reviewed and updated on a periodic basis;

c) Technical solutions must be adopted to promptly detect and deal with network system attacks.

d) There must be measures for preventing technology risks and disasters in a systematic manner to minimize risks in provision of online healthcare services.

Article 5. Requirements for human resources

1. Information technology personnel must be sufficient (in terms of quantity and qualification) to provide online healthcare services.

2. Regarding health facilities of special grade or grade 1 and medical universities, there must be an information technology department at least 5 persons, at least 60% of whom have an associate degree in information technology or higher.

3. Regarding health facilities of grade 2 or grade 3, there must be an information technology team at least 3 persons of whom has an intermediate professional education diploma in information technology or higher.

4. Advanced IT training must be provided for personnel involved in provision of online healthcare services.

5. In case of personnel outsourcing, the outsourced personnel must satisfy qualification requirements. The contract must contain their commitment to comply with Clause 5, Article 6 of this Circular.

Article 6. Requirements for information technology application

1. Requirements for information technology infrastructure specified in Article 3 of this Circular shall be satisfied.

2. Professional procedures shall be standardized to ensure effective application of information technology to provision of online healthcare services.

3. National and international standards shall be applied during design of information technology applications:

a) HL7 standard (HL7 version 2.x messaging, HL7 version 3 messaging, clinical documentation architecture (CDA);

b) DICOM;

c) ISO/IEEE 11073;

d) SDMX-HD;

dd) Standards issued together with the Circular No. 22/2013/BTTTT dated December 23, 2013 of the Minister of Information and Communications.

4. There must be regulations on management and application of information technology by the provider.

5. Patient data must be used in a manner that ensures patient's privacy in accordance with regulations of the Law on Medical Examination and Treatment.

6. Digital signature and digital certificate shall be used in accordance with regulations of the Government’s Decree No. 26/2007/ND-CP Government's Decree No.106/2011/ND-CP and Government’s Decree No. 170/2013/ND-CP.

7. Electronic medical records shall be made, retained and used as prescribed in Article 59 of the Law on Medical Examination and Treatment.

8. In case of outsourcing information technology application services, there must be a contract containing each party’s commitment to legally use information and responsibilities for breakdown occurrence.

Article 7. Effect

This Circular comes into force from March 01, 2015.

Article 8. Transitional clause

The entities that started to provide online healthcare services before the effective date of this Circular must fulfill the requirements specified in this Circular before January 01, 2017.

Article 9. Reference clause

In the cases where any of the legislative documents referred to in this Circular is amended or replaced, the newest one shall apply.

Article 10. Implementation

1. The Department of Information Technology - the Ministry of Health shall direct, provide guidance and inspect implementation of this Circular nationwide.

2. The Department of Health shall direct, provide guidance and inspect implementation of this Circular within its area.

3. Relevant entities shall establish and standardize professional procedures for provision of online healthcare services at the entities.

Difficulties that arise during implementation should be promptly reported to the Ministry of Health (the Department of Information Technology)./.

 

 

PP. THE MINISTER
THE DEPUTY MINISTER




Le Quang Cuong

 


------------------------------------------------------------------------------------------------------
This translation is made by LawSoft and for reference purposes only. Its copyright is owned by LawSoft and protected under Clause 2, Article 14 of the Law on Intellectual Property.Your comments are always welcomed

Thuộc tính Văn bản pháp luật 53/2014/TT-BYT

Loại văn bảnThông tư
Số hiệu53/2014/TT-BYT
Cơ quan ban hành
Người ký
Ngày ban hành29/12/2014
Ngày hiệu lực01/03/2015
Ngày công báo...
Số công báo
Lĩnh vựcThể thao - Y tế, Công nghệ thông tin
Tình trạng hiệu lựcCòn hiệu lực
Cập nhậtnăm ngoái
Yêu cầu cập nhật văn bản này

Download Văn bản pháp luật 53/2014/TT-BYT

Lược đồ Circular 53/2014/TT-BYT on requirements for provision of online healthcare services


Văn bản bị sửa đổi, bổ sung

    Văn bản sửa đổi, bổ sung

      Văn bản bị đính chính

        Văn bản đính chính

          Văn bản bị thay thế

            Văn bản hiện thời

            Circular 53/2014/TT-BYT on requirements for provision of online healthcare services
            Loại văn bảnThông tư
            Số hiệu53/2014/TT-BYT
            Cơ quan ban hànhBộ Y tế
            Người kýLê Quang Cường
            Ngày ban hành29/12/2014
            Ngày hiệu lực01/03/2015
            Ngày công báo...
            Số công báo
            Lĩnh vựcThể thao - Y tế, Công nghệ thông tin
            Tình trạng hiệu lựcCòn hiệu lực
            Cập nhậtnăm ngoái

            Văn bản thay thế

              Văn bản được căn cứ

                Văn bản hợp nhất

                  Văn bản gốc Circular 53/2014/TT-BYT on requirements for provision of online healthcare services

                  Lịch sử hiệu lực Circular 53/2014/TT-BYT on requirements for provision of online healthcare services

                  • 29/12/2014

                    Văn bản được ban hành

                    Trạng thái: Chưa có hiệu lực

                  • 01/03/2015

                    Văn bản có hiệu lực

                    Trạng thái: Có hiệu lực