HealthManagement, Volume 15 - Issue 2, 2015

Critical  Success Factors Related to Legislation, Regulation and Security

The MOMENTUM thematic network was a European Commission funded initiative aimed at encouraging the sharing of knowledge about introducing telemedicine services into routine care ( The people involved in the network were telemedicine practitioners or “doers”: health authority personnel, decision-makers in healthcare payer organisations eg, insurance funds; hospital and clinical administrators; clinicians; business executives, and managers. 

MOMENTUM has confirmed that a set of critical success factors is extremely important to guaranteeing the success and growth of such initiatives. One area on which to concentrate is the legal, regulatory and security issues relevant to telemedicine. 


During 2012-2013, MOMENTUM undertook an analysis of telemedicine- related legal, regulator y and security issues. The study was based on an in-depth assessment of almost 3 0 telemedicine services integrated into routine care in different regions in Europe. MOMENTUM was able to describe the work of services up-and-running in a variety of regions around Europe. All the service owners responded to a detailed questionnaire survey on the work undertaken on their site. From an overview of the sites, it quickly became evident that 18 critical success factors have been of prime importance to the deployment activities on the sites. These factors were validated and fine-tuned with numerous stakeholders during 2014- 2015 ( In February 2015, they materialised in a blueprint of telemedicine guidelines ( 

Critical success factors relating to legal, regulatory and security issues

Four critical success factors were identified in the legal, regulatory and security field.

• Assess the conditions under which the service is legal.

• Identify and apply relevant legal and security guidelines.

• Involve legal and security experts.

• Ensure that telemedicine doers and users are “privacy aware”. 

These critical success factors were validated against the descriptions of seven telemedicine cases, which offered a representative set of the diversity of telemedicine applications. The cases range over telemedicine initiatives in Denmark, Sweden, germany, Israel, Norway, and Spain. The site leading the work on legal, regulatory and security matters was the National Centre for Telemedicine (NST), which had particularly good connections with their Norwegian colleagues ( /wp-content /uploads/2014/09/D6.2_MOMENTUM_SIG3_v12.pdf

All the cases reported certain similar observations. At different stages of deployment, they all investigated the circumstances under which the service could be legally established. They all took into account and applied some form of guidelines – they mentioned both clinical guidelines and legal and security guidelines. Legal and security expertise was drawn on in at least four of the cases for various purposes and at diverse stages of the development and implementation process. Training in “privacy awareness” and various aspects of patient consent were important areas of concern. 

Important Challenges


A wide range of stakeholders undertake deployment initiatives in the telemedicine field. These stakeholders include clinicians, hospital managers, entrepreneurs, vendors, and public administrators. 


Competence in legal and security matters is not always easily available to them when it is needed during the process of setting up and deploying a telemedicine service. 

The whole process

It is, however, critical for those involved in the successful deployment of a telemedicine service to pay attention to legal, ethical and security issues throughout the whole telemedicine deployment process. This is necessary whenever a new telemedicine service is developed, implemented, scaledup, or put into operation. Sound, legal services f ounded o n t he l egislation and regulations in the field are a prerequisite for the development of highquality health services that are fit for large-scale implementation. 

Codes of conduct and practice

Considerations in the legal and security field also involve discussions about codes of professional conduct and about ethical principles. 

Privacy awareness

When it comes to legal and security issues, it is important to bear in mind that initiatives in this area are intended for the benefit of both patients and telemedicine doers. Hence, concerns with regard to the privacy of patients lie in the focus of both health professionals and patients. Privacy awareness is therefore often discussed when legal and security matters are on the agenda. 

Discussion and Conclusions

The first three of the MOMENTUM critical success factors on legal, regulatory and security issues are closely related:

• Assessment of the conditions under which the service is legal;

• Identification and application of relevant legal and security guidelines;

• Involvement of legal and security experts in the legal, regulatory and security fields. 

Giving a high level of attention to these factors could help telemedicine doers to take all the relevant legal and security aspects into consideration when deploying and scaling-up their initiatives. 

When applied together, the critical success factors contribute to create soundand sustainable telemedicine services. They offer guidance that helps to make sure that the services under development are legal, safe and secure. 

All of these issues are to be borne in mind in an era in which there is growing awareness of public health needs, gathered through open data, big data and the cloud, and their implications for telemedicine and beyond.

Key Points

  • Assess the conditions under which the service is legal.
  • Identify and apply relevant legal and security guidelines.
  • Involve legal and security experts.
  • Ensure that telemedicine doers and users are “privacy aware”.
  • Help make services under development legal, safe and secure.

The MOMENTUM Blueprint is available at: EHTEL is a multi-stakeholder platform, described as the eHealth focal point in Europe: