Accelerating telehealth with ISO 13131:2021

One area of digitalisation that has seen a marked increase since the start of the pandemic is that of online healthcare, or telehealth.  

According to statistics cited in the article Why telemedicine is here to stay, published by the BMJ in October 2020, nearly half of healthcare users in the US are now using telemedicine, up from one in 10 users in 2019. The same report noted that a survey by the Royal College of General Practitioners across the UK revealed that six in 10 appointments in mid-July 2020 were conducted by telephone.  

Healthcare is a broad area and is covered by around 1,400 ISO standards that are applied in areas ranging from medical devices, laboratories and health organisation management to traditional medicines and health informatics.  

However, until relatively recently, there has been little, if any, regulation of telehealth care provision, although an international code was launched in 2013, having been developed by the National Institute for Health and Clinical Excellence (NICE) to give guidance. ISO 13131:2014 set the first standard for telehealth care, and this was superseded in 2021 by ISO 13131:2021 Health informatics – Telehealth services – Quality planning guidelines.   

Accelerating online care

While telehealth is not a new concept, there is no denying that its wide acceptance has been massively accelerated by the strictures of the pandemic.  

John Sweeney is CEO of the Ireland- and UK-based Health Care Informed (HCI), an organisation that provides professional support and services in the development and provision of patient safety, regulatory compliance and quality improvement intelligence to health and social care providers. He has seen a marked increase recently in organisations seeking support in becoming certified in the updated ISO 13131:2021.  

Unlike a face-to-face consultation with your primary physician, telehealth has risks that don’t exist in the normal sense.

“The standard is exceptionally timely; when ISO started to look at this, little did they know the explosion in telehealth that was going to happen,” he says. “There have not been huge changes between the 2014 version and the most recent, but like all standards, it has been evolving.”  

Key areas covered by ISO 13131:2021 include the management of:  

• telehealth quality processes by the healthcare organisation; 
• strategic and operational processes relating to regulations, knowledge management and guidelines; 
• healthcare processes relating to healthcare activities, planning and responsibilities; 
• financial resources to support telehealth services; 
• information management and security used in telehealth services; 
• processes related to the planning and provision of human resources, infrastructure, facilities and technology resources for use in telehealth services.  

Regulating care 

The need for regulation in this area is clear, as Sweeney points out: “So much of telehealth is done through a platform which is usually linked to an electronic health record. The responsibility for security and data management then has to lie with the platform. I don’t think our healthcare providers are currently asking enough questions when they buy something like that.  

“What is the clinical governance if you are providing a service that has any bearing on a patient’s health? Whether it is an individual giving advice, who ensures that individual is appropriate, ensures the protocols and escalation points? That is where the standard is very specific with regards to the risk management and the scope of practice, and with regards to the clinical protocols.  

“Like any good standard, it asks you to stop and think for a minute – how are you going to control this and how are you going to minimise the risk? Unlike a face-to-face consultation with your primary physician, telehealth has risks that don’t exist in the normal sense.  

“This standard has very specific aspects covering risk management, governance and control and quality planning. It doesn’t have all the answers, but it will make people consider the quality of the advice that is coming through, if is there a protocol and, if there is, is it a based on an algorithm.  

“I’ve come across some telehealth that used algorithms but had no basis for them. The software provider said ‘this is what we thought would be the right thing’, but where is the evidence-based best practice for it?  

“That is at its most basic, but now we are getting into more technically advanced areas. Although devices have CE marks themselves, what about the analysis on that data? Where is that data stored? These are the questions that need to be looked at.” 

Looking to the future 

Unsurprisingly, Sweeney has seen a marked increase in companies seeking certification to ISO 13131:2021.  

“We have seen the activity increase, but where we have seen it driven is by the likes of the big health insurers, and they are only just getting their heads around it too.  

“The way we are approaching it, we carry out a baseline analysis gap and then around 12 months later, you should be having your quality system in line. Some of them might have some of the core aspects of ISO 9001:2015 in place and that can speed things up, but usually you are talking a minimum of 9-12 months.  

“All medical standards ask one question – how are you assuring the quality and safety of care for that patient? Whether you are asking about technology, data or supervision and the clinical oversight, it is the same question. What is good about this standard is that it is asking in very specific ways around the whole of telehealth.”