In early October, an amendment to the Health Services Act came into force, which brought a completely new definition of telemedicine – i.e. the provision of health services via information technology. The Ministry of Health has submitted a long-awaited decree to lay down more precise rules for the provision of telemedicine services. Currently undergoing consultation procedure, the draft decree promises clearer boundaries for this form of tele-health care. What rules for telemedicine provision are going to apply?
In practice, telemedicine – be it video consultations with a physician, or telemonitoring – is nothing new, but it has only become enshrined in law in the amendment to the Health Services Act, effective from 1 October 2024 (which we wrote about HERE). The draft decree is expected to set out more precise rules for its provision. We summarise its key points below.
Communication quality and security
The technical requirements for the quality and security of communication between the patient and the provider will have to comply with the e-health standard under the Act on the Electronic Healthcare, which is yet to be issued by the Ministry of Health. The basic parameters will be determined in accordance with the general requirements for cybersecurity and the transposition of the NIS2 Directive into the Czech system of laws.
Communication channel encryption
The decree establishes the requirement to encrypt all communication channels that will be used in the provision of telemedicine services. In the case of a telephone consultation, the method of encryption is determined by the telecommunications service provider. When using other means of communication, such as video calls, the decree does not specify the method of encryption to allow for greater flexibility in the light of rapid technological developments. However, the communication channel must always be encrypted whenever health services are provided.
Specific requirements are set for telemonitoring, where the patient’s health data is monitored and evaluated remotely. Telemonitoring will have to comply with the requirements of the as yet unpublished e-health standard, which will be interconnected with certified medical devices regulation.
Verification of patient’s and provider’s identity
The decree also requires secure verification of the identity of the communicating parties – it sets different rules for identification based on whether the person is a patient or a healthcare professional. The basic principle is a method of identification agreed in advance between the patient and the healthcare provider. Thus, the decree does not lay down a specific way to verify the identity of the parties, but allows providers and patients to set the rules based to their needs and preferences. The agreed method of identification – e.g. answering a control question or showing an ID card during a video call – is then recorded in the patient’s medical record.
Alternatively, patients can prove their identity through electronic identification in accordance with the Electronic Identification Act, while the health care professional can use the access data to the health care provider’s information system in accordance with the requirements of the Health Care Digitisation Act.
Consent to the recording of communications
The provider may, with the patient’s consent, record the communication while providing telemedicine services. The recording is not mandatory, but if the patient does not consent, the provider has the right to refuse to provide telemedicine services. According to the decree, consent to the recording may be given explicitly or in any other manner that does not raise any doubts about the patient’s manifestation of will. The decree is therefore flexible in this respect and the method of giving consent will vary according to the communication and technical methods used – it may be granted, for example, via an online portal or a mobile application. The evidence of consent should be guaranteed through a record in the medical record, which should also contain the method of giving consent.
When will the decree become effective?
The draft decree is now in the consultation procedure, which will last until 15 November 2024. The decree will come into force the day after its promulgation, which will depend on the speed of the law-making process – it is expected to be approved by the end of the year. The requirements on the quality and security of communications will become effective starting from January 2025. However, the final wording of the decree and the effective date may still change as a result of the consultation procedure.