Driven by the pandemic, internet healthcare was destined to become a buzzword in 2020. The recent surge in the establishment of internet hospitals and the rapid expansion of medical insurance coverage have significantly advanced the industry.
Nevertheless, the industry still faces numerous boundaries that need to be broken through, with restrictions on initial consultations being one of them. A recent implementation plan issued by the National Development and Reform Commission (NDRC) and other ministries proposed “exploring the advancement of a medical insurance system for initial consultations and an appointment-based triage system in the healthcare sector.” Although the term “initial consultation” mentioned here may not carry the same meaning as “initial consultation” in the context of internet-based healthcare, it has nonetheless sparked heated discussions within the industry.
No industry develops overnight, especially in a heavily regulated field like healthcare. The restriction of online consultations to follow-up visits is precisely due to multifaceted safety and regulatory considerations. So, what are the core elements of internet healthcare safety regulation? How far have policy standardization and implementation progressed? Answering these questions is the prerequisite for discussing future development.
During the pandemic, internet-based medical consultations became a vital component of healthcare services. Driven by epidemic prevention and control requirements, the volume of online consultations surged across various regions, while new internet hospitals and internet-based diagnosis and treatment platforms were rapidly launched.
According to incomplete statistics, since January 2020, more than 100 internet hospitals have been approved or launched. Meanwhile, health insurance reimbursement has been rapidly implemented.
On March 2, the National Healthcare Security Administration and the National Health Commission issued the “Guiding Opinions on Promoting ‘Internet+’ Healthcare Services Covered by Medical Insurance During the Prevention and Control of COVID-19.” Internet hospitals established with approval from health administrative departments, or designated medical insurance institutions approved to conduct online diagnosis and treatment activities, may include their online follow-up consultation services within the scope of medical insurance reimbursement upon voluntary signing of supplementary agreements with medical insurance authorities.
Healthcare security departments and medical institutions in multiple regions have rapidly upgraded their information systems to enable online settlement. Public records indicate that dozens of internet hospitals have recently integrated with the healthcare security system, while others are still in the process of integration.

Selected Medical Institutions with Integrated Health Insurance Payment, Source: Public Reports, Chart by VCBeat
In other words, driven by the pandemic, internet-based medical services have made significant progress in both breadth and depth. On one hand, an increasing number of physical hospitals are placing greater emphasis on online services; on the other hand, the integration with medical insurance has further completed the closed loop of online consultations.
There has also been a significant breakthrough in patient usage data recently. According to the National Health Commission, as of March 20, the volume of internet-based diagnosis and treatment services at hospitals directly under or administered by the Commission increased 17-fold compared to the same period last year; some third-party internet healthcare service platforms saw a more than 20-fold year-on-year increase in consultation volumes and a nearly 10-fold growth in prescription volumes.
The integration of online follow-up consultations, prescription issuance, medical insurance payments, and medication delivery has facilitated prescription refills for patients with chronic diseases. However, as the industry expands in breadth and depth—with rising volumes of online consultations and medication orders, along with broader medical insurance coverage—regulatory oversight has become increasingly critical and complex.
A review of policies related to internet healthcare reveals that the unique nature of online consultation channels necessitates three core safety components: medical safety, information security, and the security of medical insurance funds. Current national policies have established specific requirements for each of these three safety components.

Three Core Security Elements and Requirements for Internet-Based Healthcare, Source: Relevant Documents from the National Health Commission
Regardless of the type of medical institution, ensuring medical safety is the fundamental baseline. As online consultations are non-face-to-face services, controlling medical safety is more challenging than in offline settings. The National Health Commission primarily addresses this through strict access standards. For instance, for clinical departments established by an internet hospital, the corresponding clinical departments of its affiliated physical medical institution must have at least one licensed physician with a senior professional title and one with an associate senior professional title registered at that institution (multi-site practice is permitted). Furthermore, physicians conducting internet-based diagnosis and treatment must possess at least three years of independent clinical work experience.
Meanwhile, online consultation prescriptions must be strictly administered in accordance with the requirements of the Measures for the Administration of Prescriptions, the Provisions on the Management of Medical Records in Medical Institutions, and the Basic Specifications for Electronic Medical Records (Trial), and it must be ensured that dedicated pharmacists are responsible for reviewing online prescriptions.
In terms of information security, internet healthcare providers must implement Level 3 Classified Protection of Cybersecurity. Database servers and application system servers must be segregated. Servers storing medical data are prohibited from being located overseas, and full-process logging with traceability is required for all services.
Could the inclusion of internet-based healthcare services in medical insurance coverage lead to fraudulent activities such as overutilization of services or fabrication of services? This is also an issue that regulatory authorities must consider. When the national policy on medical insurance coverage for internet-based healthcare was issued on August 30, 2019, the National Healthcare Security Administration stated that designated medical institutions engaging in price-related breaches of trust, insurance fraud, and other misconduct would be deemed in breach of their agreements and handled in accordance with relevant regulations.
On March 2, 2020, the National Healthcare Security Administration and the National Health Commission issued the "Guiding Opinions on Promoting 'Internet+' Healthcare Services During the Prevention and Control of the COVID-19 Epidemic," which stipulated the technical measures and procedures for ensuring the security supervision of healthcare insurance funds. Specifically, designated medical institutions and pharmacies are required to establish and properly maintain electronic medical records, online electronic prescriptions, medication purchase records, and other relevant information for patients, thereby achieving full traceability across the entire process of diagnosis and treatment, prescription issuance, transactions, and delivery, and enabling comprehensive monitoring of information flows, capital flows, and logistics.
Meanwhile, in accordance with the aforementioned regulations, internet-based medical consultations must implement real-name registration for online patients, establish supporting systems for online prescription review and oversight of medical service practices, ensure the rationality of diagnosis, treatment, and medication, prevent fraudulent medical services, and safeguard the security of medical insurance funds.
Current policies require follow-up visits for prescription issuance, aiming to minimize the safety risks in the aforementioned three areas.
Even if risks materialize, the liable party should be clearly defined. In accordance with regulations, an internet hospital that has obtained a "Medical Institution Practice License" shall independently serve as the legal entity bearing liability; where a physical medical institution uses an internet hospital as its secondary name, the physical medical institution shall be the legal entity bearing liability. All parties collaborating in the internet hospital shall assume corresponding legal liabilities in accordance with the cooperation agreement.
However, certain irregular practices in reality have created safety hazards within the industry. According to media reports, there have been cases where patients provided false information, uploaded forged prescriptions, or failed to present an initial consultation prescription, yet physicians still issued “follow-up” prescriptions. In some instances, prescriptions were generated in under a minute, without even undergoing a proper medical consultation. Furthermore, some doctors engaged in overtreatment and indiscriminately prescribed excessive medications to boost drug sales.
As the volume of online consultations increases, pharmaceutical orders rise, and medical insurance payment coverage expands, failure to promptly mitigate these risks may lead to severe consequences across multiple dimensions.
First, patients lack medical knowledge. If they obtain prescription drugs through fraudulent prescriptions or even without a prescription, and subsequently take medications that are not indicated for their condition or overdose on them, the consequences could be dire, potentially life-threatening.
Secondly, in the event of such safety incidents as described above, who is at fault among the patient, the physician, and the healthcare institution? Or what is the degree of liability for each party? Although policies clearly designate physical institutions as the primary entities bearing legal liability, how can the respective responsibilities of patients, physicians, and even pharmacies be delineated during the medical process? If safety incidents occur and trigger significant social repercussions, it would also hinder the overall development of the internet healthcare industry.
Finally, the intentional exploitation of loopholes to commit insurance fraud—such as dispensing medications via fraudulent prescriptions, selling drugs without prescriptions, or issuing excessively large prescriptions—directly threatens the security of the medical insurance fund and results in fund wastage.
After a detailed review of these regulatory violations and safety hazards, it becomes evident that they are all prescription-related. The most critical measure to circumvent these issues is to ensure the authenticity of prescriptions. However, this remains an unresolved challenge for many commercial internet platforms.
When prescriptions are authentic, patient medication safety is ensured. Follow-up visits based on genuine prescriptions prevent physicians from prescribing medications in violation of regulations, as any non-compliance will be recorded. Only by ensuring such comprehensive authenticity can the reimbursement of internet-based medical consultations by medical insurance be considered a precise and effective use of funds.
Taking the “Internet + Medical Insurance” service model recently launched by the Qingdao Municipal Healthcare Security Administration as an example, this model was jointly established with Yifuzhen, a third-party prescription circulation service platform, with its core focus on ensuring the authenticity of prescriptions. Currently, this model has been implemented at the Internet Hospital of Qingdao Municipal Hospital.
This approach leverages the Yifuzhen third-party prescription circulation service platform to break down information silos among healthcare providers, pharmaceutical suppliers, and medical insurance systems. While ensuring medication safety for patients, it achieves end-to-end traceability of information flow, logistics, and financial transactions, thereby safeguarding the secure use of medical insurance funds. Specifically, this is ensured through the following steps:
Authentic Prescriptions—The platform integrates with the Hospital Information System (HIS) of physical hospitals’ internet hospital divisions, ensuring the authenticity of prescription sources throughout the circulation process;
Prescription-Based Follow-Up Visit—During online consultations, physicians review patients’ medical histories and verify their follow-up visit eligibility before issuing a follow-up prescription;
Prescription-Based Dispensing—Patients purchase medications based on prescriptions pushed by the platform, and pharmacy pharmacists complete the sale after verifying the prescriptions without error.
Reimbursement Based on Prescription—Patients confirm online pooled fund reimbursement after receiving the medication.
In addition to Qingdao, similar practices have been adopted in internet-based medical consultations in Guangzhou, Quzhou, and other regions. For instance, the prescription circulation platform of the Second People’s Hospital of Guangdong Province and the chronic disease prescription circulation platform of Quzhou City have both integrated with healthcare institutions’ Hospital Information Systems (HIS) to ensure the authenticity of prescriptions during the circulation process.
From this perspective, real prescriptions issued by physical medical institutions are key to mitigating risks. This series of steps is also highly consistent with the requirements for the safety supervision of medical insurance funds outlined in the “Guiding Opinions on Promoting ‘Internet+’ Medical Insurance Services During the Prevention and Control of COVID-19,” jointly issued by the National Healthcare Security Administration and the National Health Commission. It not only promotes compliance in the process of internet-based diagnosis and treatment but also provides regulatory authorities with a basis for oversight through full-process traceability.
The formulation cycle of a healthcare policy involves seven steps: identification of the policy issue, analysis of the root causes of the issue, development of policy options, policy implementation, policy evaluation, and determination of the policy’s future direction. These steps form a closed loop that cycles sequentially.
Through the above analysis, it can be observed that current policies regulating internet healthcare are generally in the implementation phase. The next step in their evolution will depend on the effectiveness of current implementation and existing issues, which will determine how adjustments should be made moving forward.
Meanwhile, if internet healthcare is to be further liberalized to allow for initial consultations, clear regulatory conditions must be established at each relevant stage, and the sector must undergo an inevitable cycle of policy formulation and development through the concerted efforts of multiple stakeholders.
Ma Guanglei, General Manager of Yi Fuzhen, believes that a particularly critical aspect for internet healthcare is the principle of consistency between online and offline services. Offline medical institutions boast mature management systems and decades of historical accumulation. Applying some of these established management practices to online platforms, rather than rebuilding them from scratch, would be highly beneficial to the development of online healthcare.
Currently, the internet healthcare industry as a whole remains in its nascent stage. While a definitive resolution to the issue of “initial consultations” may not be reached in the short term, it is certain that every industry undergoes a gradual, step-by-step development process. By continuously identifying and addressing emerging challenges, the industry will keep moving forward.
Just as in the early days of the internet, when the online world was perceived as virtual and untrustworthy, or in the infancy of e-commerce, when online purchases were often seen as not matching their descriptions, perceptions have shifted. As enterprises continue to innovate, regulatory policies and methods have also been continuously refined and evolved. The industry has become increasingly standardized and flourished, even becoming a part of social infrastructure, with e-commerce now an inseparable part of daily life.
Internet healthcare may be no different.