Certification of video consultations with new transitional regulations

Video service providers who wish to offer their service officially must prove that their video service fulfils certain requirements with regard to technical security and data protection in accordance with Annex 31b to the BMV-Ä. These are set out in the "Agreement on the requirements for technical procedures for video consultations" (Annex 31b BMV-Ä). This was recently revised by the National Association of Statutory Health Insurance Physicians and the National Association of Statutory Health Insurance Funds and is now available in an updated version. Changes relate in particular to the previous deadlines for the (re-)certification of video consultations. However, there are also two changes to the content. 
 

The deadline extensions at a glance

• Deadline extension for re-certifications until 31 March 2022:
  
  Video service providers that were certified before the new agreement came into force and are listed on this basis in the directory of the National Association of Statutory Health Insurance Funds and the National Association of Statutory Health Insurance Physicians will continue to be listed until 31 March 2021 at the latest.

  If providers wish to continue to be used by panel doctors after this date, they must be certified in accordance with the new requirements.
   

• Extension of the transitional regulation until 30 June 2022:
  
  The extension of the transitional regulation for certification bodies is relevant for video service providers who wish to be certified for the first time. This has been extended from 31 December 2021 to 30 June 2022.

  This means that proof of the information technology security and data protection of a video service may also be provided until 30 June 2022 by certification bodies that already have accreditation in accordance with ISO/IEC 17065 and are still in the accreditation process for the area of information technology security and/or the area of data protection.

  Certificates issued accordingly are labelled with a transfer note indicating the application number at the German Accreditation Body. As soon as the certification body is accredited, the official certificates are issued.

  TÜViT fulfils all the necessary requirements to offer both required certifications - subject to the special regulation until 30 June 2022.

Changes to the content:

• Update of the OWASP Top 10 catalogue from 2017 to 2021:
  
  In the section "Provisions on information technology security" under §2 paragraph 5, reference was previously made to the fact that the video service must not have any serious security risks described in the Open Web Application Security Project (OWASP) TOP 10 catalogue in the 2017 version. In the updated annex, this requirement now refers to the OWASP TOP 10 catalogue from 2021.
   
• Query on the feasibility of video conferences with more than two participants:
  
  A further query has been added to the self-declaration by the video service provider. From now on, it must also be stated whether the video service enables video conferences to be held with more than two participants (including the initiating panel doctor/contract psychotherapist).