This article is relevant to healthcare businesses and providers as it explains the new Ministry of Health (“MOH”) Guideline on Online Healthcare Services 2025 (“the Guideline”), which regulates how new business models in the medical industry such as virtual clinics and digital health platforms should operate. The Guideline emphasises patient safety, accountability, privacy, and compliance.
Background
The demand for online healthcare accelerated rapidly during the COVID-19 pandemic and has since become a major growth driver in Malaysia’s healthcare sector. “Online Healthcare Services” are defined as healthcare services provided to a patient by a healthcare professional for valuable consideration, in which the arrangement, booking and/or delivery of such services is made or provided remotely and intermediated through a platform.
However, these services must continue to comply with Malaysia’s existing healthcare laws, including but not limited to:
- Private Healthcare Facilities and Services Act 1998
- Medical Act 1971 (and Medical Regulations 2017)
- Dangerous Drugs Act 1952
- Poisons Act 1952
- Medicines (Advertisement and Sale) Act 1956
- Allied Health Professions Act 2016
- Personal Data Protection Act 2010
- Medical Device Act 2012
Scope of the Guideline
The Guideline sets out minimum standards and requirements for Platform Providers who are defined as companies that are involved in the business of online healthcare services.
Key Points from the Guideline
i) Requirements for Platform Providers:
- Must be registered in Malaysia and maintain a physical place of business in Malaysia.
- At least one member of the senior management team or board of directors must be a registered medical practitioner in Malaysia holding a valid practising certificate.
ii) Requirements for Platform Operations:
Platform Providers must:
- Implement robust processes to register and verify both patients and healthcare professionals.
- Maintain secure medical records, provide secure communication channels, and establish complaint-handling mechanisms.
- Ensure compliance with data protection obligations under the Personal Data Protection Act 2010, the Code of Professional Conduct, and the Malaysian Medical Council Guideline on Consent for Treatment of Patients by Registered Medical Practitioners.
- Ensure all advertisements comply with the Medicines (Advertisement and Sale) Act 1956 and related regulations.
- Provide comprehensive training programmes for healthcare professionals on online healthcare services.
- Clearly disclose in the platform’s terms and conditions if healthcare professionals are not directly employed by the platform providers.
- Meet the platform technical standards prescribed under the Guideline.
iii) Scope of Online Healthcare Services:
Permitted for:
- Non-emergency cases
- Follow-up management for stable cases
- Group counselling (e.g., psychology, nutrition, rehabilitation)
- Referrals or secondary care programmes by specialists or consultants
- Support services such as the supply of medication, laboratory tests, and imaging services
Prohibited for:
- Emergency cases
- Psychiatric cases requiring in-person care
- Intermediate or complex treatments
- Prescription of drugs under the Dangerous Drugs Act 1952 or psychotropic drugs
iv) Requirements for healthcare professionals:
Healthcare professionals providing Online Healthcare Services must:
- Be fully registered, hold a valid practising certificate, and have appropriate insurance.
- Adhere to the same ethical and professional standards applicable to in-person consultations.
- Obtain informed consent before each consultation.
- Use only the official communication channels provided on the platform (not WhatsApp, Telegram, or other social media apps).
- Safeguard patient privacy and confidentiality at all times.
Implications for Online Healthcare Services
- Physical Presence: Platform Providers must maintain a physical place of business in Malaysia, fully virtual operations or unregistered foreign companies cannot operate.
- Board & Management Oversight: At least one senior management or director must be a registered medical practitioner, creating medical oversight in decision-making. Hence, medical ethics and professional standards are tied directly to business operations. Non-medical founders may need to partner with medical professionals.
- Compliance Investments: Businesses must invest in secure technology, verification processes, and governance systems to meet MOH standards.
- Investor Confidence: Clearer regulations reduce legal uncertainty, making the sector more attractive to healthcare investors.
Conclusion
The 2025 Guideline on Online Healthcare Services creates both opportunities and responsibilities. Malaysians can expect safer and more reliable virtual healthcare, while online healthcare businesses must carefully follow the relevant legislations and rules on ethics, safety, and data protection. Done right, this Guidelines will boost public confidence and support the sustainable growth of Malaysia’s digital healthcare industry.
***
This article was written by Low Rui Thong (Associate) from Donovan & Ho’s corporate practice.
Our corporate practice group advises on corporate acquisitions, restructuring exercises, joint venture arrangements, shareholder agreements, employee share options and franchise businesses, Malaysia start-up founders and can assist with venture capital funds in Seed, Series A & B funding rounds. Feel free to contact us if you have any queries.
