Wondering What It Takes to Be OTN-Approved Telemedicine Vendor? – Here Is a Checklist
4 years ago
The Ontario Telemedicine Network (OTN) is the largest network of telemedicine in the world.
It has nearly 600 members that include all public hospitals, family health teams, clinics, physician offices, nursing stations, medical and nursing schools, professional organizations, community care access centres, LHIN offices, first nations communities, long-term care homes, and educational facilities.
The following is what OTN has achieved in 2018-2019.
The OTN has listed out some basic technical, privacy and security requirements for all telemedicine solutions or apps.
For telemedicine vendors like you, it is advisable to be OTN-approved to work with the members of the OTN. This will eventually help your product gain more visibility in the market.
But the question is, how to be OTN-approved?
Well, you simply need to ensure that your telemedicine app is adhering to all requirements listed out by Ontario Telemedicine Network.
Our other useful resources you should check out:
- How do we measure the security of healthcare apps?
- Why should healthcare startups invest in mobile apps?
- How to start a digital pharmacy startup-like Capsule?
- Why should you hire a healthcare compliance consultant?
Be Ontario Telemedicine Network (OTN) - Approved Telemedicine Vendor: A Checklist
1) General Virtual Visits Requirements
❏ Provide patients and their caregivers with secure access to virtual visit services.
❏ Allow clinical users to determine when a virtual visit is complete.
❏ To meet clinical, record keeping or reporting obligations, capture details about a televisit. That details should include event ID, start & end date and time, clinical documentation or notes, and any image shared by patients during the call.
❏ Transfer virtual visit information electronically to a medical or hospital record.
❏ Provide technical support to healthcare centres using your platform.
❏ Enable authorized users to access and extract data for reporting purposes.
❏ Notify the patient when the service is unavailable.
❏ Provide integration with Point of Service systems.
❏ Verify patients’ health card numbers automatically.
❏ It should support Canadian English and Canadian French languages.
2) Privacy and Security Requirements
❏ Document the common practices you are following to handle and protect the personal and health information of patients.
❏ You should have a dedicated Chief Privacy Officer in place to ensure privacy on a large scale.
❏ You should be equipped with a privacy and security program that includes policies and procedures.
❏ The privacy policy must include rules governing the data collection, usage, disclosure, disposal, breach management, disaster recovery and business continuity.
❏ There should be mechanisms to encrypt and safeguard personal health information.
❏ Carry out a Privacy Impact Assessment (PIA) and provide its summary.
❏ Carry out a Threat Risk Assessment (TRA) and provide its summary.
❏ Carry out periodic vulnerability assessment scans.
❏ Carry out periodic penetration tests.
❏ The vendor should ensure physical security to the data.
❏ The vendor should control and monitor access to data and identity.
❏ Make sure the data is stored by all systems located in Canada only.
❏ Notify the users if the data is being transferred outside Canada.
3) Video Visit Solution Requirements
❏ The telemedicine solution must allocate a new unique event ID to each video visit.
❏ The telemedicine solution must facilitate the users to schedule the video visit on any future date and time.
❏ The telemedicine solution must facilitate the users to talk to a doctor on an immediate basis without scheduling an appointment.
❏ The telemedicine solution must enable one-on-one meetings between the doctor and patient and multi-point visits between a doctor and more than one patient.
❏ At a minimum, the telemedicine platform must support a minimum resolution of 448p and a minimum frame rate of 15fps.
❏ There should be features for clinical users to manage virtual visits. These features should include initiating visits, managing participant access, disabling features such as video recording, transcripts, and file transfer.
❏ There should be a feature for clinical users that lets them invite a guest user into a video visit.
❏ There should be a feature that allows clinical users to share files and documents.
❏ There should be a mechanism that prevents unauthorized entry into the ongoing video call.
❏ Recommended encryption standards include H323 (H.235 for H.323 media encryption, AES), SIP (DTLS SRTP, TLS 1.2 or higher) and WebRTC (DTLS SRTP).
❏ There should be a feature called ‘virtual waiting room’ that allows clinical users to create a waiting list of the patients for video visits.
❏ The solution should provide a visual indicator to all participants in case of poor video quality.
❏ There should be an audio-only option as well for communication.
4) Secure Messaging Requirements
❏ There should be security measures in place to protect the messages exchanged between the patient and doctor.
❏ The telemedicine app should assign a unique ID to all secure messaging transactions.
❏ The solution must make sure that a secure messaging service is only accessible by authorized users.
❏ The telehealth solution must provide notifications for new visit requests, accepted visits, cancelled visits and completed visits.
❏ Both caregivers and patients should be able to send files and documents to the users through the chat window.
❏ The clinical users or doctors should also be able to initiate the chat.
❏ Other clinical users can read and reply in an already initialized secure messaging.
❏ There should be a feature for clinical users to flag the user messages as urgent.
5) Virtual Visits Data Requirements
Telemedicine solutions must capture the following information.
❏ Event ID
❏ Organizations ID
❏ Telemedicine Solution ID
❏ Event Details such as event start date, event start time, event end date, event end time.
❏ Event Type
❏ Clinical User Information (first name, last name)
❏ Clinical User Location (postal code)
❏ Patient Location (postal code)
You can explore more about these requirements in this official PDF published by OTN.
There are 50+ requirements. And 20 hours for each costs 1000 Hours. We can do it for you within 200 hours!
Yes, within 200 hours! And we are claiming this so confidently as we’ve already achieved it in less than 200 hours for our own telemedicine platform.
We are a healthcare-focused IT company and with technical experts and legal consultants, we are bridging the gap between healthcare products and healthcare compliances.
Be it federal law such as PIPEDA and HIPAA, provincial law such as PHIPA, or any requirements suggested by individual regulatory bodies, we ease assessment, implementation and audit.
On a concluding note, we would like to share a case study that describes how we helped a development firm to fill 47 security gaps in a healthcare app to be HIPAA compliant.