Certification
Data protection & information technology security objectively proven
If you would like to become a certified video service provider and have your service officially listed on the KBV website, you must prove that you fulfil the requirements for confidentiality, integrity and availability of personal data as well as other information technology security requirements.
To ensure that patients can use video consultations safely and that patient data is processed in compliance with data protection regulations, the legislator has commissioned the National Association of Statutory Health Insurance Physicians (KBV) and the National Association of Statutory Health Insurance Funds (GKV-Spitzenverband) to define the necessary technical requirements. The result of this elaboration is set out in Annex 31b to the Bundesmantelvertrag-Ärzte (BMV-Ä). It makes the certification of a video service a necessary prerequisite in order to be officially authorised to offer it.
Therefore, in order to be listed as a certified video service provider, providers of video consultation solutions must provide appropriate evidence of the data protection and information technology security of their service.
Video consultations make it possible to consult medical specialists online. However, only systems from certified video service providers may be used. With our range of comprehensive certifications, you create trust, fulfil all relevant requirements of the KBV and the GKV-Spitzenverband and increase the security of your video service solution.
What TÜVIT can do for you
Together with you, we can already start the certification process for data protection in accordance with Article 42 GDPR for the scope of the technical provision of video services to doctors for conducting video consultations in accordance with Section 365 (1) SGB V.
Background: We already have accreditation in accordance with ISO/IEC 17065 and are currently in the accreditation process for data protection certification in accordance with Article 42 GDPR. This allows us to issue a certificate for the area of data protection before accreditation in view of the transitional solution until 31 December 2025 and to mark it with a transfer note indicating the application number at the German Accreditation Body.
Information technology security
With our Trusted Site Video Consultation (TSVC) testing and certification procedure, you can provide the required proof of the information technology security of your video consultation solution. As part of the certification process, our IT security experts check the relevant IT infrastructure of your video service with regard to the "provisions on information technology security" in accordance with Annex 31b BMV-Ä. The procedure developed by TÜVIT is approved by the German Accreditation Body (DAkkS).
In order to provide you with a quote for the certification of your video consultation solution, we first need some information from you. Please complete the enquiry form below and send it by e-mail to info@tuvit.de.
The effort and costs for the two certificates Trusted Site Data Privacy and Trusted Site Video Consulation and the associated evaluations depend in particular on how comprehensive the object to be checked is. For example, the data protection-relevant functions of the portal, the video consultation and the IT and operating environment are decisive here. On this page you will find an application formwhich you must complete to the best of your knowledge and belief and send to us before commissioning. On this basis, we will calculate an offer for you and contact you. This application is non-binding and does not involve any costs for you.
In the event of changes in factual or legal circumstances that are capable of changing the conformity assessment of the test object after the certificate has already been issued as part of a certification or recertification, the certification body or the customer are obliged to inform the other party immediately of the occurrence of the respective circumstance.
On the part of the certification body, this category includes changes to the law and supreme court decisions. The head of the certification department decides which measures are necessary in order to be able to maintain certification in view of the changes.
As a result of this decision, a re-evaluation, assessment, decision or preparation of revised formal certification documentation may be deemed necessary. In addition, the head of the certification department may also decide to extend or restrict the scope of the certification. If maintenance of the certificate requires the implementation of certain measures, these must be implemented by the customer within three months.
Both certificates are valid for a period of 3 years. At least two surveillance audits must be carried out during the 3-year validity period of the certification.
The timing of a surveillance audit depends on the date of the certificate. The surveillance audit must always be completed at the latest on the day one or two years after the certificate date. The earliest start date for the surveillance audit is six months before this date. Similarly, the recertification audit may not begin earlier than six months before the end of the certificate term. In the event of anomalies that give rise to fears of non-compliance with the certification requirements, an ad hoc surveillance audit including a site inspection will be carried out.
Good reasons that speak in our favour
