IoT & AI

Top 5 legal issues of eHealth and Telemedicine

Here are my top 5 legal issues of telemedicine and eHealth as discussed during my last Internet of Things webinar.

Updated on 16.02.16

As part of our series of Internet of Things webinars, we ran a webinar on eHealth whose slides are available here and from which interesting insights arose.

The size of the Internet of Things in the healthcare sector is expected to reach $ 313 billion by 2018 with over 7 million patients that will be treated through such technologies. Therefore it is a massive opportunity. I already touched the data protection and medical device regulation issues of eHealth in this post, but below is my “very” personal top 5 list of main legal issues of telemedicine and eHealth:

1. What is a medical device?

When it comes to an eHealth project we usually have 3 different components and the question is whether any of those is a medical device which requires to comply with stringent regulatory obligations:

  1. Hardware (i.e. the device that is used to collect data from patients) – If the device does not have features specifically addressing a “medical purpose” (e.g. your smartphone), it is likely not to be qualified as a medical device. On the contrary, a device specifically manufactured to provide a medical treatment is likely to be considered a medical device.
  2. Software  – The qualification of software and apps as medical devices has been recently covered in a Green Paper issued by the European Commission on mHealth. Also in this case it is necessary to assess the “medical purpose” of the software. And the assessment shall take into account whether the software is performing a mere collection and storage of data or whether it is carrying out an “interpretation” of the data. This interpretation is meant to occur when the software not only collects data, but performs for instance a diagnosis on the basis of collected data combining medical knowledge with patient specific parameters. Therefore a mobile application that not only collects that, but also performs some monitoring of patient’s parameters and as a consequence of such monitoring affects the patient’s treatment is likely to be considered a medical device.
  3. Cloud Platform – A cloud platform itself might be medical device if it performs an analysis of collected data and triggers for instance some alerts messages comparing the collected data against parameters.

The tendency is to expand the scope of medical devices in order to grant additional protections. But this has the implication of delaying the launch of new products and of future updates and upgrades as the regulatory steps to be passed are more time consuming. I hope that after such transitional phase a more open minded approach will be followed by authorities.

2. Licensing and reimbursement

Telemedicine and eHealth are an information society service for the purposes of the EU eCommerce Directive which prescribes for

  • The so called “country of origin” principle i.e. a telemedicine service provider shall only comply with the laws of its country of establishment and
  • Prohibits Member States of countries that are different from the providers’ country of origin from requiring these providers to obtain a prior local authorization to the offering of such services in their jurisdiction.

In relation to reimbursement of eHealth services, the EU Directive 2011/24/EU provides the legal framework allowing patients to have their telemedicine services reimbursed even if provided in a country different from their country of residence. This is provided that they fall within the scope of reimbursed services in their country of residence and provided that (in some circumstances) they obtained a prior authorization from their country of residence.

Reimbursement of eHealth services has been amongst the topics covered in the recent Italian guidelines on telemedicine that set out inter alia the criteria and authorizations required to obtain reimbursement of services in Italy.  Such guidelines, and in general European laws, raise issues on whether eHealth providers are required to obtain an additional local license/authorization if they want to “target” a jurisdiction rather than just assisting their patients when they move to a different EU Member State.  

Likewise, there is an issue in relation to the types of telemedicine services that are not listed among the reimbursed services just because they are an innovation made possible as a consequence of the development of telemedicine services.

3. Data protection

I have already covered the data protection issues relating to eHealth in this post.  In addition to such issues, the security measures required by data protection laws (that in the case of Italy are extremely stringent) in order to protect personal data (for instance those stored in a cloud database) represent a major issue whose breach can trigger relevant fines.

In particular the upcoming EU Data Protection Regulation will provide, among others, for

  1. A notification obligation in case of data breaches to the competent regulator and the affected individuals;
  2. An increase of fines up to 4% of the global turnover of the previous financial year; and
  3. The obligation to implement a privacy and security by design approach.

Also it should be considered that eHealth and wellness Apps are being investigated by the Italian privacy authority. Therefore such market is subject to a strict scrutiny.

4. Product liability

European regulations on product liability are very stringent and set out a regime of strict/objective liability i.e. in case of malfunctioning patients shall prove only the defect to support their claim for damages and the burden of proof shall be on manufactures to prove that the damages were not caused by the alleged defect.  

The matter is even more complex in the case of telemedicine and eHealth services since an erroneous treatment might for instance be due to a delay in the communication of data by the telecom carrier and therefore data provided to doctors might not be fully reliable.  This would increase the risk exposure for both doctors that shall rely on inaccurate data and manufacturers of telemedicine services whose liability might be linked to circumstances out of their control.

5. Information to patients

Since telemedicine and eHealth services often rely on data generated by devices used by patients themselves, in order to make such data reliable and useful for the provision of treatments, the information and instructions provided to patients are crucial.  And indeed this is one of the main topics covered by the Italian guidelines on telemedicine.

The Italian guidelines on telemedicine also prescribe instructions on the requirements to be met in terms of service levels between telemedicine providers and hospitals as well as on ethical principles to be complied with. This is a topic that will become more and more relevant in the coming months/years.


Don't miss our weekly insights

Show More

Giulio Coraggio

I am the location head of the Italian Intellectual Property & Technology department and the global co-head of the IoT and Gaming and Gambling groups at the world-leading law firm DLA Piper. IoT and artificial intelligence influencer and FinTech and blockchain expert, finding solutions to what's next for our client's success.

Related Articles

Back to top button