Digital service platforms for family physicians (PADI)
Three companies offer digital service platforms that meet the requirements of the Health Insurance Fund: (1) Certific OÜ – www.perearst24.ee; (2) Terviseagentuur OÜ – www.minudoc.ee/Eelvisiit; (3) and Industry62 OÜ – www.eperearstikeskus.ee. Contact them, familiarise yourself with their products, choose the most suitable one for your family medicine centre, sign a contract, and start using it.
The contract is concluded between the family medicine centre and the company. The Health Insurance Fund does not enter into contracts with any party.
The companies providing digital service platforms provide information on the family physicians who use their product to the Health Insurance Fund on a monthly basis. Based on this information, the Health Insurance Fund makes the payments. The family medicine centre does not have to separately notify the Health Insurance Fund of the conclusion of the contract.
The purpose of the requirements is to ensure consistency and reliability among the digital platforms in use. The aim of the Health Insurance Fund is to ensure that the products in use are safe and user-friendly. The service provision contract is concluded between the health care provider and the service provider, and the Health Insurance Fund does not intervene in this process. Contractual obligations are assumed voluntarily by both parties, which means that the contract must be acceptable to both parties. Therefore, if family physicians see a need to implement additional requirements, such as E-ITS, then they have the right to ask the companies to do so.
The requirements set and audited for the digital service platforms for family physicians are not related to E-ITS or ISO/IEC 27001. E-ITS/ISO regulates the work processes of the service provider as a whole and is not regulated by the requirements of the Health Insurance Fund. The compliance assessment of the digital service platforms is primarily based on the software developed by the companies, not on their overall information security compliance with any specific information security standard. The companies must have implemented the relevant information security standard and undergone an audit. The result of the audit will prove whether the company complies with the standard or not. This responsibility lies with the company
No, because this is not a classic audit that validates compliance with a standard (such as E-ITS or ISO 27001). Instead, it is a verification of compliance with the requirements established by the Health Insurance Fund with the help of an external partner who has the relevant competencies to assess them. The audit result is a prerequisite for receiving funding from the Health Insurance Fund.
The retention periods for logs depend primarily on the laws, regulations, and agreements (e.g. contracts) applicable to the institution. In some cases, it may be one year, in other cases, five years. Activity logs are generally retained for a minimum of one year. Data processing (content of data processing, details of the data processor, date and time of data processing) is logged in the information system of the health care provider. The information system logs of the health care provider are retained for five years. The provision is necessary to ensure the lawfulness of data processing. The prescribed retention period is based on the Law of Obligations Act.