Circular No. 53/2014/TT-BYT stipulates the conditions for conducting healthcare activities on online platforms, applicable to entities participating in building and implementing such activities. This circular focuses on technical infrastructure requirements for information technology, ensuring information security and safety, human resources, and the application of information technology.
适用范围
Entities, organizations, and individuals participating in building and implementing healthcare activities on online platforms within the territory of Vietnam.
要点
- The entity must ensure that its technical infrastructure for information technology has sufficient capacity, performance, and data processing speed; server systems have high availability and are installed with licensed software.
- There must be policies on information security and confidentiality in accordance with state regulations, including technical measures to control access, prevent intrusion, and update system patches.
- The entity must ensure dedicated human resources for information technology that meet the requirements for conducting healthcare activities on online platforms, with appropriate quantity and qualifications.
- Standardized procedures must be formalized and national and international standards applied during the development of healthcare information technology applications.
- The entity must comply with regulations regarding the establishment, storage, and exploitation of electronic medical records, as well as the use of digital signatures as prescribed by law.
🌐 本文件的社会影响
- Positive impact: Enhance the effectiveness of health information management, improve the quality of healthcare services, and protect patient privacy.
- Negative impact: Initial investment costs for information technology infrastructure may significantly increase for small and medium-sized agencies.
❓ 常见问题
What conditions must an entity meet to conduct healthcare activities on online platforms?
The entity must ensure technical infrastructure for information technology, have policies on information security and confidentiality, dedicated human resources for information technology, and standardize procedural operations.
What conditions must personnel participating in healthcare activities on online platforms meet?
Special-grade and Grade 1 public institutions must have an information technology department with at least five people, of whom 60% must have a college degree or higher in information technology. Grade 2 and Grade 3 public institutions must have an information technology team with at least three people who have a secondary vocational education degree or higher in information technology.
What conditions must databases used for healthcare activities on online platforms meet?
Databases must be stable, capable of processing and storing required volumes of data; database management systems must have clear origins or use open-source systems.
Which international standards are applied in healthcare activities on online platforms?
International standards such as HL7, CDA, DICOM, ISO/IEEE 11073, and SDMX-HD are applied.
Must entities comply with regulations on the use of digital signatures in healthcare activities on online platforms?
Yes, entities must comply with the regulations stipulated in Decree No. 26/2007/NĐ-CP and Decree No. 170/2013/NĐ-CP regarding the use of digital signatures in electronic transactions.
全文
|
MINISTRY OF HEALTH |
SOCIALIST REPUBLIC OF VIET NAM |
|
Number: 53/2014/TT-BYT |
Hanoi, December 29, 2014 |
CIRCULAR
Regulations on Conditions for Medical Activities on Online Platforms
Pursuant to the Law on Information Technology dated June 29, 2006;
This Circular prescribes procedures for receiving, providing health care for domestic violence victims and statistical reports on domestic violence victims at medical facilities.
At the proposal of the Director of the Department of Information Technology;
The Minister of Health issues this Circular to stipulate conditions for medical activities on online platforms.
Article 1. Scope of Regulation and Applicability
1. This Circular sets forth conditions for conducting medical activities on online platforms concerning technical infrastructure, information technology security, personnel, and application of information technology.
2. This Circular applies to agencies, organizations, and individuals involved in building and implementing medical activities on online platforms within the territory of Vietnam (hereinafter referred to collectively as "agencies").
Article 2. Interpretation of Terms
In this Circular, the following terms are understood as follows:
1. Medical activities include activities to protect, care for, and improve public health in the fields of preventive medicine; diagnosis, treatment, and rehabilitation; forensic medical, legal, and psychiatric examinations; traditional medicine; reproductive health; medical equipment; pharmaceuticals; cosmetics; food safety; health insurance; population and family planning.
2. Medical activities on online platforms refer to the provision, transmission, collection, processing, storage, and exchange of medical information through an information infrastructure.
3. HL7 standard (Health Level 7) is an international standard providing protocols for managing, exchanging, and integrating healthcare data among healthcare information systems to support medical activities.
4. HL7 CDA standard (Health Level 7 Clinical Document Architecture) is a standard document defining the structure and semantics of clinical data for the purpose of data exchange between related parties.
5. DICOM standard (Digital Imaging and Communications in Medicine) is an international standard specifying protocols for exchanging, storing, processing, acquiring, printing, and sharing digital image data between medical devices and healthcare information systems.
6. ISO/IEEE 11073 standard is a set of standards combined from international standards: ISO (International Organization for Standardization), IEEE (Institute of Electrical and Electronics Engineers), and CEN (European Committee for Standardization) to define connection, interoperability, and data exchange protocols between medical applications and devices.
7. SDMX standard is the international standard ISO/TS 17369:2005 supporting the exchange and sharing of statistical data and metadata between units and organizations.
8. SDMX-HD standard is a standard developed by the World Health Organization based on the SDMX standard to facilitate the exchange and sharing of indicators and statistical metadata in the healthcare sector.
Article 3. Conditions for Technical Infrastructure of Information Technology
1. For activities using servers and system software:
a) Ensuring that server infrastructure and accompanying devices have sufficient capacity, performance, data processing speed, and meet the requirements for deploying medical activities on online platforms;
b) Ensuring that the server system has high availability and flexible backup mechanisms to ensure continuous operation;
c) Ensuring that the operating system and system software installed on servers have valid licenses or clear origins and sources.
2. Network System:
a) The network system (telecommunication networks, Internet, wide area networks, internal networks, other connections) must be designed and implemented appropriately with bandwidth meeting usage purposes; in cases where telecommunication networks are used, all rights and obligations stipulated in Article 16 of the Telecommunications Law must be fully complied with.
b) Network equipment and software for network analysis and management monitoring must have valid licenses or clear origins and sources;
c) There must be comprehensive backup plans to ensure the operation of the network system.
3. Database:
a) Databases used for medical activities on online platforms must be stable and capable of processing and storing data volumes according to business requirements;
b) Database management systems must have clear origins and sources or use widely adopted open-source database management systems both domestically and internationally.
4. Workstations: Adequate workstations with appropriate configurations must be available for medical activities on online platforms.
Article 4. Conditions for Ensuring Information Security and Safety
1. Having policies on information security and confidentiality that comply with state regulations on the safety and confidentiality of information technology systems and the information security rules of the agency.
2. Network system safety and security:
a) Ensuring technical measures to control access to network systems.
b) Implementing measures to detect and prevent intrusions and the spread of harmful malware within the system.
c) Establishing a policy for regularly updating system patches and configuring devices.
d) Ensuring information security for workstations when connected to the network environment.
đ) Ensuring physical safety at locations where server systems are placed.
e) All network equipment, security, confidentiality, antivirus software, and network analysis and management tools installed in the agency's network must have clear origins and sources.
3. Information security for application software:
a) Recording errors and error handling processes, particularly those related to security and confidentiality during testing and trial of application software.
b) Managing, storing, securing, and implementing permission mechanisms for each member regarding file operations for all versions of software, including source code programs.
c) Regularly reviewing source code to eliminate harmful code segments and security vulnerabilities.
d) The software application provider must commit to not having harmful code segments in their products.
4. Data security:
a) Ensuring mechanisms for protecting and controlling access to database resources.
b) Logging database accesses and configuration operations on databases.
c) Having data backup plans to ensure data recovery when necessary.
d) Ensuring appropriate encryption algorithms to meet confidentiality requirements and system processing capabilities.
đ) Regularly reviewing and updating database management system patches and bug fixes according to periodic schedules and recommendations from suppliers.
e) Implementing solutions to prevent various forms of database attacks.
5. Incident Management:
a) Having an incident management process that clearly defines the responsibilities of relevant departments, detailing steps including notifying users and IT system operation departments; if the IT infrastructure is outsourced, the service provider must provide the incident handling process.
b) Periodically reviewing and updating incidents and handling procedures for the incident management process.
c) Applying technical solutions to promptly detect and handle attacks on network systems.
d) Implementing systematic measures to prevent IT risks and disasters to minimize risks in healthcare activities on the network environment.
Article 5. Conditions for Human Resources
1. Ensuring dedicated IT human resources (in terms of quantity and quality) to meet the requirements of healthcare activities on the network environment of the agency.
2. For special category public institutions, category 1 public institutions, and universities in the health sector, there must be an IT department with a minimum of 5 people, of which at least 60% of the total number of personnel in the department must have a degree in IT from a college level or higher.
3. For category 2 and category 3 public institutions in the health sector, ensuring an IT team with a minimum of 3 personnel who have an IT degree from a secondary vocational school level or higher.
4. Developing plans and organizing training to enhance the IT skills of personnel involved in healthcare activities on the network environment.
5. In cases of outsourcing human resources, personnel participating in healthcare activities on the network environment from the contracted unit must meet professional requirements; the contract must include a clause clearly stating the commitment to comply with the provisions of Clause 5, Article 6 of this Circular.
Article 6. Conditions for the application of information technology
1. Ensuring technical infrastructure in accordance with the provisions of Article 3 of this Circular.
2. Standardizing business processes to ensure the effective application of information technology in healthcare activities on a networked environment.
3. Applying national and international standards during the development of health information technology applications:
a) HL7 standard (HL7 message version 2.x, HL7 message version 3, Clinical Document Architecture (CDA));
b) Digital imaging and communication standards in healthcare: DICOM;
c) Connection, interoperability, and data exchange standards between healthcare applications and devices: ISO/IEEE 11073;
d) Standards for exchanging and sharing statistical indicators and metadata in the healthcare sector: SDMX-HD;
đ) Standards issued pursuant to Circular No. 22/2013/TT-BTTTT dated December 23, 2013 of the Minister of Information and Communications.
4. Having regulations governing the management and operation of information technology applications at the agency.
5. The exploitation and use of medical information data related to patients must ensure the right to respect patient privacy in accordance with the provisions of the Law on Medical Examination and Treatment.
6. Being permitted to use digital signatures and certificates in accordance with the provisions of Government Decree No. 26/2007/NĐ-CP dated February 15, 2006 regarding detailed implementation of the Law on Electronic Transactions concerning digital signatures and certification services, Government Decree No. 106/2011/NĐ-CP dated November 23, 2011 amending and supplementing certain articles of Government Decree No. 26/2007/NĐ-CP, Government Decree No. 170/2013/NĐ-CP dated November 13, 2013 amending and supplementing certain articles of Government Decrees No. 26/2007/NĐ-CP and No. 106/2011/NĐ-CP dated November 23, 2011 amending and supplementing certain articles of Government Decree No. 26/2007/NĐ-CP.
7. The establishment, storage, and exploitation of electronic medical records must comply with the provisions of Article 59 of the Law on Medical Examination and Treatment.
8. In cases where external information technology services are hired, there must be a contract with clauses stipulating the commitment to lawful ownership of information and the responsibilities of each party in case of incidents.
Article 7. Effective Date
This Circular takes effect from March 1, 2015.
Article 8. Transitional Provisions
Agencies that have implemented healthcare activities on a networked environment before the date this Circular takes effect must fulfill the conditions stipulated in this Circular by January 1, 2017.
Article 9. Cross-References
In cases where the referenced documents in this Circular are replaced or amended, the replacement or amended document shall apply.
Article 10. Implementation Organization
1. The Department of Information Technology - Ministry of Health shall be responsible for directing, guiding, and inspecting the implementation of this Circular nationwide.
2. Provincial Health Departments shall be responsible for directing, guiding, inspecting, and auditing the implementation of this Circular within their jurisdiction.
3. Relevant agencies shall be responsible for developing and standardizing business processes serving healthcare activities on a networked environment at their respective agencies.
During the implementation process, if there are any difficulties, they should be promptly reported to the Ministry of Health (Department of Information Technology) for research and resolution./.
| DEPUTY MINISTER DEPUTY MINISTER Le Quang Cuong |
原始文件(PDF)
关系图
点击文件即可打开。红色边框=改变效力的关系。