Teresa Huang and Hannah Kuo
In order to strengthen the security of the electronic medical record information system, deregulate the use of cloud services for medical institutions to process electronic medical record data, and further promote the paperless operation of medical institutions, the Ministry of Health and Welfare announced on July 18, 2022 the Amendments to the Regulations Governing the Creation and Management of Electronic Medical Records by Medical Institutions. The Amendments are highlighted below:
1. Enhancement to the management mechanisms of the electronic medical record information system: It is additionally stipulated that an ISO transmission encryption mechanism should be used for the electronic medical record information system, and matters such as the prevention, reporting, and contingency measures to cope with system invasion and data leakage, destruction, or other security incidents are added to enhance system security.
2. Enhancement to the management of the outsourcing of the electronic medical record information system: It is additionally stipulated that a medical institution entrusting the deployment or management of the electronic medical record information system is required to specifically stipulate the rights and obligations of both parties through a written contract, and that the entrusted institution should pass the cybersecurity standard verification recognized by the central competent authority.
3. Addition of the provisions on the use of cloud services: The provisions related to the use of cloud services by medical institutions to collect, process, and use the data in the electronic medical record system and use the databases of such a system are added. It is specifically provided that cloud service data should be basically stored in the territories of Taiwan.
4. Addition of the provisions on the creation and signature of electronic medical records and the establishment of an electronic medical record exchange platform: The compliance matters for the creation of electronic medical records by medical institutions and the provisions on the signatures of medical personnel are specifically stipulated. It is additionally stipulated that an organization and institution recognized by the central competent authority may set up an electronic medical record exchange platform, and the central competent authority is authorized to announce the format, signature, and time stamp for the electronic medical record exchange and other related matters to ensure the consistency of electronic medical record exchange by medical institutions.
5. Promotion of paperless medical records: It is specifically stipulated that the documents, materials, and paper medical records of medical institutions that are required by law to be kept with written consent along with medical records may be electronically converted into electronic files. In the future, documents that should be kept with written consent along with medical records may be kept electronically in accordance with the provisions of the Electronic Signatures Act.
The above provisions have been implemented on the announcement date. Relevant operators are advised to pay special attention.