Notice Issuing the Measures for the Administration of Internet Diagnosis and Treatment (Trial) and Two Related Documents

Promulgated by: National Health Commission of the People’s Republic of China; National Administration of Traditional Chinese Medicine. Document No.: 国卫医发〔2018〕25号. Adopted July 17, 2018. Effective July 17, 2018.

Measures for the Administration of Internet Diagnosis and Treatment (Trial)

(Annex 1 to the Notice — full translation)

Chapter I General Provisions

Article 1. These Measures are formulated in order to implement the Opinions of the General Office of the State Council on Promoting the Development of “Internet Plus Medical and Health Services,” to regulate internet diagnosis and treatment activities, to promote the healthy and rapid development of internet medical services, and to safeguard medical quality and medical safety, in accordance with the Law on Practising Physicians, the Regulations on the Administration of Medical Institutions, and other laws and regulations.

Article 2. For the purposes of these Measures, “internet diagnosis and treatment” refers to medical activities in which a medical institution, using physicians registered at that institution, conducts, through the internet and other information technologies, follow-up consultations for certain common diseases and chronic diseases, and provides “Internet Plus” family-doctor contracted services.

Article 3. The State shall implement access-control administration over internet diagnosis and treatment activities.

Article 4. The health administration department of the State Council and the competent department for traditional Chinese medicine shall be responsible for the supervision and administration of internet diagnosis and treatment activities nationwide. Local health administration departments at all levels (including competent departments for traditional Chinese medicine; the same applies below) shall be responsible for the supervision and administration of internet diagnosis and treatment activities within their respective jurisdictions.

Chapter II Access to Internet Diagnosis and Treatment Activities

Article 5. Internet diagnosis and treatment activities shall be provided by medical institutions that have obtained a Medical Institution Practice Licence.

Article 6. A medical institution newly applying to establish operations that intends to carry out internet diagnosis and treatment activities shall indicate this in its establishment application and shall describe, in the feasibility study report for the establishment, matters relating to the conduct of internet diagnosis and treatment activities. If it cooperates with a third-party institution to establish an information system for internet diagnosis and treatment services, it shall submit a cooperation agreement.

Article 7. After accepting an application, the health administration department shall review it in accordance with the relevant provisions of the Regulations on the Administration of Medical Institutions and the Rules for the Implementation of the Regulations on the Administration of Medical Institutions, and shall issue a written reply of approval or non-approval within the prescribed time. If the establishment is approved and the conduct of internet diagnosis and treatment is consented to, that consent shall be noted in the Letter of Approval for the Establishment of a Medical Institution. The medical institution shall apply for practice registration in accordance with the relevant laws, regulations, and rules.

Article 8. A medical institution that has already obtained a Medical Institution Practice Licence and intends to carry out internet diagnosis and treatment activities shall submit to the licence-issuing authority an application for practice registration to conduct internet diagnosis and treatment activities, together with the following materials:

(1) an application letter signed with consent by the legal representative or principal responsible person of the medical institution, stating the reasons and grounds for applying to carry out internet diagnosis and treatment activities;

(2) if cooperating with a third-party institution to establish an information system for internet diagnosis and treatment services, the cooperation agreement; and

(3) other materials required to be submitted by the registration authority.

Article 9. The practice registration authority shall review the application materials for medical institution registration in accordance with the relevant laws, regulations, and rules. Those that pass review shall be registered, and “internet diagnosis and treatment” shall be added under the service modalities in the duplicate of the Medical Institution Practice Licence. Those that fail review shall be notified of the review results in writing.

Article 10. The cooperation agreement between a medical institution and a third-party institution shall clearly specify the rights, responsibilities, and obligations of each party with respect to medical services, information security, and privacy protection.

Article 11. The internet diagnosis and treatment activities carried out by a medical institution shall be consistent with its approved diagnostic and treatment subjects. A medical institution may not conduct the corresponding internet diagnosis and treatment activities for diagnostic and treatment subjects not approved by the health administration department.

Chapter III Practice Rules

Article 12. Internet diagnosis and treatment activities carried out by a medical institution shall comply with medical administration requirements, and the medical institution shall establish rules and regulations on medical quality and medical safety.

Article 13. A medical institution carrying out internet diagnosis and treatment activities shall possess equipment, facilities, information systems, technical personnel, and information security systems that satisfy the requirements of internet technology, and shall implement Cybersecurity Multi-Level Protection Scheme Level 3 protection.

Article 14. Physicians and nurses who carry out internet diagnosis and treatment activities shall be searchable through the national electronic registration system for physicians and nurses. Medical institutions shall conduct electronic real-name authentication of medical personnel who carry out internet diagnosis and treatment activities, and are encouraged, where conditions permit, to strengthen the management of medical personnel through facial recognition and other biometric identification technologies.

Article 15. Where a primary-level medical and health institution implements “Internet Plus” family-doctor contracted services, it shall inform patients of the service content, procedures, the rights and responsibilities of both parties, and risks that may arise, in the agreement, and shall execute an informed consent document.

Article 16. When a medical institution conducts online follow-up consultations for certain common diseases and chronic diseases, the physician shall have access to the patient’s medical records and shall confirm that the patient has received a definitive diagnosis of one or more common diseases or chronic diseases at a physical medical institution before conducting follow-up consultations for the same diagnosis. When a change in a patient’s condition requires in-person examination by medical personnel, the medical institution and its medical personnel shall immediately terminate the internet diagnosis and treatment activity and guide the patient to a physical medical institution for consultation. Internet diagnosis and treatment activities may not be conducted for first-visit patients.

Article 17. A medical institution carrying out internet diagnosis and treatment activities shall, in accordance with the requirements of the Provisions on the Administration of Medical Institution Medical Records, the Basic Standards for Electronic Medical Records (Trial), and other relevant documents, establish electronic medical records for patients and administer them in accordance with the prescribed requirements.

Article 18. A medical institution carrying out internet diagnosis and treatment activities shall strictly comply with the Administrative Measures for Prescriptions and other prescription administration regulations. After obtaining access to a patient’s medical records, a physician may issue prescriptions online for certain patients with common diseases or chronic diseases. Prescriptions issued online must bear the physician’s electronic signature; after review by a pharmacist, medical institutions and pharmaceutical business enterprises may entrust eligible third-party institutions to make deliveries.

Article 19. When carrying out internet diagnosis and treatment activities, medical institutions may not issue prescriptions for narcotic drugs, psychotropic drugs, or other specially administered drugs. When issuing internet prescriptions for paediatric medication for young children (under 6 years of age), it shall be confirmed that the child patient has a guardian and a qualified specialist physician present.

Article 20. Medical institutions shall strictly enforce the laws and regulations concerning information security and the confidentiality of medical data, shall properly safeguard patient information, and may not illegally purchase, sell, or disclose patient information. Following a leak of patient information or medical data, the medical institution shall promptly report to the competent health administration department and shall immediately take effective response measures.

Article 21. Internet diagnosis and treatment activities carried out by medical institutions shall comply with the relevant tiered-diagnosis-and-treatment regulations and shall be adapted to the institution’s functional orientation.

Article 22. The use of internet technology within medical consortiums is encouraged to accelerate the realisation of up-and-down interconnection of medical resources, improve the capacity and efficiency of primary-level medical services, and advance the establishment of an orderly tiered-diagnosis-and-treatment pattern. Tertiary hospitals are encouraged to refer patients downward within medical consortiums through internet diagnosis and treatment information systems.

Article 23. Tertiary hospitals shall prioritise the development of internet medical services with secondary hospitals and primary-level medical and health institutions, and shall provide technical support for internet diagnosis and treatment activities carried out by primary-level medical and health institutions.

Chapter IV Supervision and Administration

Article 24. Medical institutions shall strengthen the administration of internet diagnosis and treatment activities, establish and improve relevant management systems and service procedures, ensure that the entire process of internet diagnosis and treatment activities is recorded and traceable, and open data interfaces to supervisory authorities.

Article 25. A physician who carries out internet diagnosis and treatment activities shall have lawfully obtained the corresponding practice qualifications, have three or more years of independent clinical work experience, and have obtained the consent of the medical institution at which the physician is registered.

Article 26. Internet diagnosis and treatment activities carried out by medical institutions shall be supervised and administered by county-level and above local health administration departments, in accordance with the principle of territorial administration.

Article 27. County-level and above local health administration departments shall publicly disclose the list of medical institutions permitted to carry out internet diagnosis and treatment activities, disclose supervision telephone numbers or other supervision methods, and promptly accept and handle reports of unlawful or non-compliant internet diagnosis and treatment services. Where non-compliance with the provisions of these Measures is discovered, relevant competent departments shall be notified in a timely manner.

Article 28. Where a lower-level health administration department fails to administer internet diagnosis and treatment activities in accordance with the Regulations on the Administration of Medical Institutions and these Measures, the higher-level health administration department shall make corrections in a timely manner.

Article 29. County-level and above local health administration departments shall give full play to the role of social organisations and strengthen industry supervision and self-discipline with respect to internet diagnosis and treatment activities.

Chapter V Supplementary Provisions

Article 30. Medical institutions that had already been carrying out internet diagnosis and treatment activities before the implementation of these Measures shall resubmit practice registration applications in accordance with the requirements of these Measures within 30 days of the date of implementation.

Article 31. Telemedicine services shall be administered in accordance with the Telemedicine Service Management Norms (Trial) and other relevant documents. Internet hospitals shall be administered in accordance with the Internet Hospital Management Measures (Trial).

Article 32. These Measures shall take effect on the date of promulgation.

Companion Documents

Internet Hospital Management Measures (Trial) — Structured Summary

(Annex 2 to the Notice)

Scope and definition. An “internet hospital” is either: (a) a second name used by a physical medical institution, or (b) an internet hospital independently established in reliance on a physical medical institution. The State applies access-control administration in accordance with the Regulations on the Administration of Medical Institutions.

Chapter I — General Provisions (Articles 1–4). The Measures aim to promote healthy development of internet hospitals, regulate their administration, improve service efficiency, and safeguard medical quality and safety. Supervisory authority rests with health administration departments at the State Council level (nationwide) and at all local levels (within their respective jurisdictions).

Chapter II — Internet Hospital Access (Articles 5–13). A physical medical institution that establishes an internet hospital — whether alone or with a third party — must apply to register the internet hospital as a second name. Before internet hospital access applications are processed, provincial health administration departments must establish a provincial internet medical services supervision platform linked in real time to the internet hospital’s information platform (Article 6). Application materials include an establishment application, a feasibility study, the address of the relying physical institution, and the signed cooperation agreement (Article 7). The information system shall implement Cybersecurity Multi-Level Protection Scheme Level 3 (Article 15). Naming conventions are specified: the institution’s own name plus “Internet Hospital,” optionally with the cooperative partner’s identifier (Article 12).

Chapter III — Practice Rules (Articles 14–26).

Real-name authentication. Physicians and nurses must be queryable in the national electronic registration system; the internet hospital shall conduct electronic real-name authentication of all medical personnel, and is encouraged to use facial recognition or other biometric technologies (Article 16).
Patient-facing rules. The internet hospital must give risk disclosures and obtain the patient’s informed consent (Article 18). If the patient has not been seen at a physical institution, the physician may only provide follow-up consultation services for certain common diseases or chronic diseases; first-visit online diagnosis is prohibited. Family-doctor contracted services are permitted (Article 19).
Prescriptions. All online diagnoses and prescriptions must bear the physician’s electronic signature. Prescriptions must be reviewed and approved by a pharmacist before taking effect. Narcotic drugs, psychotropic drugs, and other drugs subject to special administration may not be prescribed online. Prescriptions for paediatric patients under 6 years require confirmation that a guardian and a specialist physician are present (Article 20).
Electronic medical records. Patients may query their test results, diagnosis and treatment plans, prescriptions, and medical orders online. Records must be established and managed in accordance with the Provisions on the Administration of Medical Institution Medical Records (Article 21).
Patient information protection. Medical institutions shall strictly enforce information security and medical data confidentiality laws. They may not illegally purchase, sell, or disclose patient information. Upon a patient information or medical data leak, the medical institution shall promptly report to the competent health administration department and immediately take effective response measures (Article 23).
Medical liability insurance. The physical institution or third-party applicant must purchase medical liability insurance for physicians (Article 24).

Chapter IV — Supervision and Administration (Articles 27–34). Provincial health administration departments and internet hospital registration authorities jointly supervise internet hospitals through the provincial supervision platform, focusing on personnel, prescriptions, diagnosis and treatment conduct, patient privacy protection, and information security (Article 30). Internet hospitals are integrated into local medical quality control systems and evaluated in the same institutional-assessment framework as physical hospitals. Legal liability rests with the internet hospital if it holds a separate Medical Institution Practice Licence, or with the physical medical institution if the internet hospital is a second name (Article 32).

Chapter V — Supplementary Provisions (Articles 35–36). Internet hospitals already approved or filed before implementation must resubmit establishment and practice registration applications within 30 days of the effective date.

Annex — Internet Hospital Basic Standards (Trial). The appendix specifies minimum infrastructure requirements: at least 2 servers (database and application servers separated; no servers storing medical data may be located outside China); at least 2 audio-video communication systems; network bandwidth of at least 10 Mbps from at least 2 internet service providers; real-time data exchange with the relying physical institution’s HIS, PACS/RIS, and LIS systems; and Cybersecurity Multi-Level Protection Scheme Level 3 implementation.

Telemedicine Service Management Norms (Trial) — Structured Summary

(Annex 3 to the Notice)

Preamble and scope. The Norms are issued pursuant to the State Council General Office’s Opinions on Promoting “Internet Plus Medical and Health Services” (Guo Ban Fa [2018] No. 26). “Telemedicine services” cover two scenarios: (a) direct institution-to-institution telemedicine where an inviting institution requests a responding institution to use information technology to support diagnosis and treatment of the inviting institution’s patients, with rights and responsibilities clarified by agreement; and (b) platform-based telemedicine where an inviting institution or third party operates a platform, the responding institution registers on the platform, and patient-care support is provided by matched responding institutions. A critical demarcation: if the inviting institution directly engages individual medical personnel through an information platform to provide online medical services, it must apply to establish an internet hospital under the Internet Hospital Measures.

Section II — Basic Conditions. Medical institutions must hold health administration department approval for the relevant diagnostic and treatment subjects, have qualified personnel registered at the institution, and maintain adequate telemedicine management systems, quality-and-safety controls, and information technology safeguards. Personnel requirements specify that the inviting institution must have at least one licensed physician present (or, for primary-level institutions, a licensed assistant physician or rural doctor may attend); the responding institution must have at least one licensed physician with three or more years of independent clinical experience.

Section III — Service Procedures and Requirements.

Cooperation agreement. Both direct and platform-based telemedicine requires a written or electronic cooperation agreement specifying purpose, conditions, scope, procedures, rights, obligations, and risk allocation (including medical-damage risk-sharing).
Informed consent. The inviting institution must, according to the patient’s condition and wishes, inform the patient of the telemedicine service content and fees and obtain the patient’s written consent by having the patient sign a telemedicine informed consent document. Where informing the patient directly is inappropriate, the guardian’s or close relative’s written consent must be obtained.
Remote consultation (远程会诊). The responding institution provides diagnostic and treatment opinions; the inviting institution determines the diagnosis and treatment plan. The responding institution issues a written diagnostic opinion report signed by the relevant physician. Within medical consortiums, standing mechanisms for remote electrocardiogram, imaging, and pathology diagnosis may be established.
Remote diagnosis (远程诊断). Where inviting and responding institutions have established a paired-support or consortium relationship, the inviting institution performs medical imaging, pathology, electrocardiogram, or ultrasound examinations and the responding (superior) institution renders the diagnosis; the specific procedure is determined by agreement.
Records retention. Both institutions must jointly complete the medical record documentation in accordance with medical record writing and preservation requirements; originals are filed separately by each institution. Telemedicine-related documents may be transmitted by fax, scanned copy, or electronically signed electronic file. After providing consultation services, medical personnel must record the consultation information.

Section IV — Management Requirements.

Institution management. Institutions must implement management rules, execute quality-control systems, respond to emergencies, and ensure continuous normal operation of telemedicine information systems. All participating parties must strengthen information security and patient privacy protection, prevent unauthorised transmission or modification, prevent data loss, establish data security management procedures, and ensure network security, operational security, data security, and privacy security. Cooperation agreements with third-party institutions must clearly specify the rights, obligations, and legal responsibilities of each party.
Patient personal information and real-name management. The Norms specifically require institutions to implement real-name (实名制) management of patients and to continuously improve medical quality as part of quality-management systems. They must establish sound patient communication mechanisms, protect patients’ right to informed consent, and safeguard patients’ lawful rights and interests.
Quality management. Institutions must apply nationally issued or recognised clinical technical standards, implement a medical quality management system, and accept business guidance and supervision from health administration departments and quality control centres.

Section V — Strengthened Supervision. Local health administration departments at all levels must supervise telemedicine services and integrate them into local medical quality control systems. In the event of a medical dispute arising from telemedicine: for remote consultation, the inviting institution bears the corresponding legal responsibility; for remote diagnosis, the inviting and responding institutions jointly bear legal responsibility. Where a third-party platform is involved, liability is allocated among the inviting institution, responding institution, and platform operator pursuant to the applicable laws and the agreement among the parties.

Notice Issuing the Measures for the Administration of Internet Diagnosis and Treatment (Trial) and Two Related Documents.