Request For Proposals For Legal Compliance Consultant Digital Health Platform Closing Date: 12 Jun 2025 Type: Consultancy Position Title: Legal Compliance Consultant Digital Health Platform Project: Meeting Targets And Maintaining Epidemic Control (Epic) Contract Type: Deliverable-Based Consultancy Period Of Performance: June August 2025 About Fhi 360: Fhi 360 Is A Global Development Organization Operating In Over 70 Countries. Under The Usaid-Funded Epic Project, Fhi 360 Supports The Scale-Up Of Innovative, Client-Centered Hiv Services In Thailand. Epic Project: Meeting Targets And Maintaining Epidemic Control (Epic) Project, Implemented By Fhi 360, Funded By The U.S. Agency For International Development (Usaid), Is Dedicated To Achieving And Maintaining Hiv Epidemic Control. Epic Is Led By Fhi 360 And Draws Upon Local, Regional, And International Resource Partners To Provide Technical Assistance, As Well As Global Resource Partners Who Bring Unique Capacities. As Part Of This Effort, A Nationwide Digital Platform (Testmenow.Net) Is Being Redesigned To Improve Access To Hiv Services, Including Appointment Booking, Home Delivery Of Hiv Self-Test Kits, And Digital Linkage To Care. To Ensure The Platform Operates Legally And Ethically In Thailand, Fhi 360 Seeks A Qualified Legal Consultant To Assess Applicable Laws And Policies, Develop Legal Documentation, And Provide Risk Mitigation Guidance. Objectives Of The Rfp The Consultant Will Support Epic Thailand Project In Ensuring That The Digital Platform Complies With Thai Legal Frameworks And Operates Ethically As An Intermediary Platform. Objectives Include: Ensure That The Online Portal Testmenow.Net Complies With Thai Laws And Regulations As An Intermediary Platform Facilitating Connections Between Patients And Medical Providers. Develop Robust Terms And Conditions (T&Cs), Privacy Policies, And Related Legal Frameworks. Evaluate The Roles And Responsibilities Of Partner Clinics And Ensure Their Participation Is Legally Compliant. Identify Any Legal Risks And Provide Recommendations To Mitigate Them, Ensuring Smooth Collaboration With Partner Clinics. Key Components Legal Compliance: Addressing Regulations Such As The Personal Data Protection Act (Pdpa), Electronic Transactions Act, Intermediary Platform Obligations And Other Relevant Laws And Regulations. Data Handling: Legal Guidance On The Secure Exchange Of Personal And Medical Data Via Apis Between The Portal And Partner Clinics. Expected Outcomes Fully Compliant Online Portal Aligned With Thai Legal Standards For Intermediary Platforms. Comprehensive And Transparent T&Cs And Privacy Policies That Define The PortalS Role And Responsibilities. Risk Mitigation Strategies For Operational And Data Privacy Concerns. Strengthened Legal Framework For Collaboration Between The Portal And Partner Clinics. Required Services The Legal Consultant Will Provide The Following: 1. Legal Compliance Assessment Review The PlatformS Operations And Conduct A Legal Risk Assessment Focusing On The PlatformS Role As An Intermediary In The Digital Health Ecosystem To Ensure Alignment With Thai Laws And Regulations, Including But Not Limited To The Personal Data Protection Act (Pdpa), Electronic Transactions Act, And Intermediary Platform Obligations. Identify The License, Permits, Or Regulatory Notifications Required To Ensure Full Compliance And Operate A Digital Health Platform In Thailand. 2. Data Handling Compliance Provide Legal Guidance On The Secure Exchange Of Personal And Medical Data Between The Platform And Partner Clinics Via Apis. Review Data Flow Processes And Advise On Consent Mechanisms, Data Retention, And User Rights In Accordance With Pdpa And Other Relevant Regulations. Recommend Improvements To Align With International Best Practices For Digital Health Data Protection. 3. Terms And Conditions & Privacy Policy Development Draft Clear And Comprehensive Terms And Conditions (T&Cs) And Privacy Policies That Define The PlatformS Role As An Intermediary, Not A Healthcare Provider. Ensure These Documents Outline User Rights, Responsibilities, And Data Usage Policies In A Legally Sound And User-Friendly Manner. Tailor The Documents To The PlatformS Operational Model And Target Audience. 4. Partner Clinic Compliance And Risk Analysis Identify Potential Legal Exposures, Including: Breaches Of Personal Data Under The Pdpa. Liability Arising From Miscommunication Or Misinformation Between Users And Partner Clinics. Risks Associated With Cross-Border Data Transfers, If Applicable. Non-Compliance With Telemedicine And Online Healthcare Service Regulations. Evaluate Contractual Risks In Agreements With Partner Clinics, Especially Regarding Data Sharing, Service Delivery, And Dispute Resolution. Develop A Risk Mitigation Framework To Ensure Clinic Participation Does Not Compromise The PlatformS Compliance Or Expose It To Avoidable Legal Risk Including: Legal Safeguards In Contracts And User Agreements. Internal Compliance Protocols And Standard Operating Procedures (Sops). Recommendations For Insurance Or Indemnity Clauses, If Necessary. Deliverables The Deliverables Will Include Materials Of The Following Types Legal Review Report Comprehensive Report Detailing Findings Of Relevant Laws And Regulation Regarding Online Intermediary Platform, Medical Service Operation, Telemedicine, And Marketing Obligations. Legal And Regulatory Compliance Checklist List Of Licenses, Permits In Correspond To The Relevant Laws And Regulations Finalize Term And Conditions And Privacy Policies Team And Conditions, And Privacy Policies For: Website Usage (Required). Accessing And Sharing Medical Information Between Network Partners (Required). Accessing Users Device Data Such As Gps (Optional). Accessing Data To Improve Services And Support Research (Optional) Online Medical Service Operation And Telemedicine Other Materials To Support Intermediary Platform, And Medical Provider Compliance. Evaluation Criteria Proposed Approach: 40% Relevant Experience: 50% Total Cost: 10% Qualifications Licensed Legal Professional In Thailand With Experience In Digital Health, Data Privacy, Or Technology Law. Demonstrated Knowledge Of Thai Laws Relevant To Digital Platforms, Health Services, And Data Protection. Experience Drafting Legal Documents For Online Platforms Or Health-Related Services. Strong Communication Skills And Ability To Work Independently And Remotely. Fluency In Thai And English (Written And Spoken) Confidentiality And Compliance The Consultant Must Adhere To Fhi 360S Confidentiality Policies And Ensure That All Deliverables Comply With Applicable Data Protection And Ethical Standards. Disclaimers And Fhi 360 Protection Clauses: Fhi 360 Will Not Compensate Offerors For Preparation Of Their Response To This Solicitation. Issuing This Solicitation Is Not A Guarantee That Fhi 360 Will Award A Subcontract. Fhi 360 Reserves The Right To Issue A Subcontract Based On The Initial Evaluation Of Offers Without Discussion. Fhi 360 May Choose To Award A Subcontract For Part Of The Activities In The Solicitation. Fhi 360 May Choose To Award Subcontracts To More Than One Offeror For Specific Parts Of The Activities In The Solicitation. Fhi 360 May Request From ShortListed Offerors A Second Or Third Round Of Either Oral Presentation Or Written Response To A More Specific And Detailed Scope Of Work That Is Based On A General Scope Of Work In The Original Solicitation. Fhi 360 Has The Right To Rescind A Solicitation Or Rescind An Award Prior To The Signing Of A Subcontract Due To Any Unforeseen Changes In The Direction Of Fhi 360S Client, Be It Funding Or Programmatic. Fhi 360 Reserves The Right To Waive Any Deviations By Offerors From The Requirements Of This Solicitation That In Fhi 360S Opinion Are Considered Not To Be Material Defects Requiring Rejection Or Disqualification; Or Where Such A Waiver Will Promote Increased Competition. Data Produced Under This Solicitation Belongs To Fhi 360. Any Distribution Of Data Must First Have Written Authorization From Fhi 360 Or Its Designated Representative. How To Apply Submission Requirements: Interested Vendors Must Submit The Following: Proposal Detailing The Approach And Timeline For The Handover Deliverables. Background And Experience Budget Estimate, Budget Breakdown, Including Consultant Fees, Other Relevant Costs, And Final Total Fixed Cost Including Vat. Submission Deadline: Proposals Must Be Submitted No Later Than June 12, 2025, To The Following Email Address: Procurement.Epic.Th@Fhi360.Org Tender Link : Https://Reliefweb.Int/Job/4156010/Request-Proposal-Legal-Compliance-Consultant-Digital-Health-Platform
