Digital health: a European legal framework

There are many definitions of ‘digital health’, from very simple ones (basically everything which combines human healthcare and a surrounding IT system) to very complex and comprehensive ones.

In our perspective digital health covers at least:

• Healthcare processes, including clinician support software (whereby a link with telemedicine), healthcare institution management tools, patient records, and remote patient interaction and monitoring
• Life sciences processes, including big data analytics for drug discovery, clinical trial management, and disease population purposes, and
• Complementary patient-centric tools, including condition, treatment or wellness-related apps or social media and medication adherence tools. The phrase ‘digital health collaborations’ refers to commercial arrangements or corporate ventures between distinct organisations with the objective of realising an opportunity related to digital health

In definitions of digital health, the provision of healthcare seems usually to be the core aspect, as being the ultimate purpose, with an emphasize on diagnostics, treatment and wellbeing. The use of technology is obviously the other key element of the definition, with mobile technology being frequently used (mHealth) and the processing of health-related data being a significant aspect.

Various tools have been developed to be used for digital health purposes, which can be classified based on the technology, including (by alphabetical order):

• 3D Printing, which is for instance used for manufacturing tailor-made medical products (like implants) or even, for the most advanced technology, for printing biological material
• Augmented and virtual reality, for advertisement, education (for patients and healthcare professionals) or therapeutic purposes
• Artificial intelligence (‘AI’), which is a broad concept, now defined by the European Commission as a ‘software that is developed with one or more of the techniques and approaches (…) and which can, for a given set of human-defined objectives, generate outputs such as content, predictions, recommendations, or decisions influencing the environments they interact with’ (Commission Proposal of 21 April 2021 for a Regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) and amending certain union legislative acts – ‘AI Regulation Proposal’) ; AI is now often used in the medical sector for data mining purposes and most often, for diagnostic purposes. AI can also be used to identify new drug candidates or biomarkers, by processing large quantities of data ; To some extent, it is even used in a trial phase, in order to identify ideal trial candidates
• Blockchain, which is a very reliable traceability technology, used among others in the setting up of supply chain for medical products and in clinical trial management
• Drones, which are now a promising technology to transport medicinal products and biological material, including organs
• Internet of things (IoT), which is used for remote patient monitoring or remote surgery ; One can link this to the use of medical (and in particular surgical) robots
• Software (and in particular Apps) which are used for various patient-centric purposes, including for instance self-diagnostic purposes, medical education of patients (for self-administration of a treatment for instance) or medication adherence, but also to help scientific research (clinical studies and clinical trials) or assist healthcare professionals (in very diverse ways).

On an EU level, the Digital health’s legal environment is very diverse:

• A necessary step is the qualification and classification of the technology as regards to the Medical Devices Regulations 2017/745 (“MDR”) and 2017/746 (“IVDR”); Is the technology a (in-vitro diagnostic) medical device? In such case, in which category does it fall ; This preliminary step is key to determine how the technology must be CE marked and what are the legal obligations of the economic operators involved in the production and distribution of said devices and (to some extent) how this technology can be used. Where applicable, a similar classification exercise will be necessary as regards to the new rules laid down in the AI Regulation Proposal should this proposal be adopted.
• Technical specifications must be considered, as provided in Directive 2006/42 (on machinery) and Regulation 1025/2012 (on harmonized standards), as well as in the Euratom Directive 2013/59 (for devices emitting ionizing radiation).
• Directive 2005/36 (recognition of HCP’s qualifications) and Directive 2011/24 (Patients’ rights in cross-border healthcare) include important principles when considering the legal environment applicable to telemedicine (even though local legislations define most of what is - or not - permitted in that respect).
• Liabilities and risks control are contemplated in several European legislations, including Directive 85/374 (liability for defective products, which is currently reassessed by the European Commission in light of new technologies), Directive 2001/95 (general product safety), Directive 2016/1148 (measures for a high common level of security of network and information systems across the Union) and more recently Regulation 2019/1020 (market surveillance and compliance products, which applies among others to medical devices, as a ‘lex generalis’ for what is not yet covered in the MDR).
• Obviously, a key aspect of Digital Health is the use of patients’ personal data which poses a number of questions from a legal perspective, from data protection and privacy (with as a key guideline the General Data Protection Regulation - 2016/679 - “GDPR”), to the protection of IP generated in exploiting said data: Berne Convention for the protection of literary and artistic works, the European Patent Convention (EPC), Directive 96/9 EC (legal protection of databases), Directive 2016/943 (protection of trade secrets) and Directive 2019/790 (copyright and related rights in the Digital Single Market).

It appears from all European rules referred to above that a consistent legal framework emerges in Europe for ruling Digital Health related activities, even though this framework remains very fragmented.

There is even more of a legal complexity when considering local rules, which complement the European landscape for all maters which are not harmonized, for instance the applicable tax rules (to be identified, for instance, in case of the provision of medical services online) or reimbursement of new medical technologies (which remains a national prerogative). One can also think that, aside from product liability, which is to a large extent harmonized on an EU level, other liabilities (civil and criminal) are regulated differently among the EU Member States. A good knowledge of the healthcare and life sciences sector, combined with a strong legal (also local) specialism in the relevant legal areas, is therefore critical to navigate the Digital Health’s legal framework.

There are obviously other aspects to consider when speaking about digitalisation of the healthcare industry, which exceed the concept of ‘digital health’ in the strictest meaning of the word but which are also important for the healthcare and life sciences industry:

a. In that respect:

• One can see an increasing role for online distribution of medical products. In addition to specific rules applicable to pharmaceuticals (see in particular art. 85c of Directive 2001/83 - Community code relating to medicinal products for human use) and medical devices, one should consider in that regard: Directive 2000/31 (E-Commerce), Regulation (EU) 2014/910 (electronic identification and trust services for electronic transactions in the internal market) and Directive 2015/1535 (Distance Sales)). Pharmacists themselves are increasingly involved in the use of technology and online sales.
• Nowadays, and depending to some extent on the local legal landscape (and codes of conduct), technology is more and more used for advertising medical products, including through social media, but also, more recently, thanks to (healthcare) influencers.
• Technology is also used for reporting purposes, including for vigilance purposes (as for instance with Eudamed) and for transparency purposes (EFPIA Disclosure Code).

b. If we stretch the boundaries of the concept even further, one could consider ways legal departments of healthcare companies improve their functioning through digital tools, which includes obviously the automation of the contracting process, but also more recently the use of ‘legal design’ or other relevant tools to improve their interaction with the business.