10 May 2014
The European Commission (the "Commission") has launched a public consultation on the Green Paper on mobile health, inviting comments on the barriers and issues related to the use of mobile health ("mHealth"). The Commission has also published a Staff Working Document on the existing EU legal framework applicable to lifestyle and wellbeing applications ("apps"), aimed at providing simple guidance to app developers on EU legislation in the field. The period of consultation ends on 3 July 2014.
mHealth as understood by the Commission, covers medical and public health practice supported by mobile devices, such as mobile phones, patient monitoring devices, personal digital assistants, and other wireless devices. It also includes apps such as lifestyle and wellbeing apps that may connect to medical devices or sensors (e.g. bracelets or watches) as well as personal guidance systems, health information and medication reminders provided by sms and telemedicine provided wirelessly.
mHealth is an emerging and rapidly developing field which has the potential to play a part in the transformation of healthcare and increase its quality and efficiency. mHealth covers various technological solutions, that among others measure vital signs such as heart rate, blood glucose level, blood pressure, body temperature and brain activities. Prominent examples of mHealth apps are communication, information and motivation tools, such as medication reminders or tools offering fitness and dietary recommendations.
The healthcare systems in Europe are facing new challenges such as the ageing of the population, and increased budgetary pressure. In this context, mHealth could be one of the tools to tackle these challenges by contributing to a more patient-focused healthcare, and supporting the shift towards prevention while at the same time improving the efficiency of the system.
Issues such as the safety of mHealth apps, concerns over the use of data, the lack of interoperability among available solutions and the lack of stakeholder knowledge of the legal requirements applicable to lifestyle and wellbeing apps all need to be addressed. This includes compliance with data protection rules and whether these apps are medical devices and need to obtain CE marking.
According to the European Commission, the rapid development of the mHealth sector raises concerns about the appropriate processing of the data collected through apps or solutions since mHealth solutions and devices can collect large quantities of information (e.g. data stored by the user on the device and data from different sensors, including location) and process them, also in third countries outside the European Economic Area, potentially in order to provide new and innovative services to the end user. This information will be in many instances personal data since it is information relating to a natural person who is directly or indirectly identified or identifiable. In addition, the processing of data concerning health is particularly sensitive and therefore requires special protection. Personal data protection is a fundamental right in Europe, enshrined in Article 8 of the Charter of Fundamental Rights of the European Union, as well as in Article 16(1) of the Treaty on the Functioning of the European Union. Compliance with personal data protection rules, with information of the data subject, data security, and the lawful processing of personal data, including health and medical data, is therefore vital for building trust in mHealth solutions.
Guidance already exists on data protection requirements for "apps" with the Opinion 2/2013 of the Article 29 Working Party of 27 February 2013 on apps on smart devices. In the EU, the currently applicable Personal Data Protection Directive is being revised in order to better respond to challenges posed by the rapid development of new technologies and globalisation while ensuring that individuals retain effective control over their personal data. The Commission's proposal for a General Data Protection Regulation will provide further harmonisation of data protection rules in the EU, ensuring legal certainty for businesses and increasing trust on eHealth services with a consistent and high level of protection of individuals. The proposal also introduces inter alia the principles of "data minimisation", "data protection by design", and "data protection by default" to make sure that data protection safeguards are taken into account at the planning stage of procedures and systems.
The eHealth Action Plan 2012-2020 indicated that the rise of mHealth is blurring the distinction between the traditional provision of clinical care and self-administration of care and wellbeing. In the EU, there are no binding rules as to the delimitation between lifestyle and wellbeing apps and a medical device or in vitro diagnostic medical device. Since January 2012, in order to help software developers and manufacturers identify whether their products fall or not under the Medical Devices Directive or the in vitro diagnostic medical devices Directive, the Commission's services have issued some guidance on this issue (see MEDDEV 2.1/6 dated January 2012 on guidelines on the qualification and classification of stand-alone software; and Commission staff working document on the existing EU legal framework applicable to lifestyle and wellbeing apps dated 10 April 2014 - COM(2014) 219 final). According to this guidance, depending on their intended purpose, apps may fall under the definitions of a medical device or an in vitro diagnostic medical device and consequently will have to comply with the relevant provisions of the aforementioned directives. In contrast, in the United States the Food and Drug Administration ("FDA") published in September 2013 a document called Guidance on Mobile Medical Applications to tablet with floating blank appsinform app manufacturers and distributors about how it intends to apply its regulatory authority to apps intended for use on mobile platforms. The FDA approach calls for oversight of only those mobile apps that are medical devices and whose functionality could pose a risk to patients' safety if the app does not function as intended. However, since this delimitation is not yet clarified within the EU through binding rules, when the Medical Devices Directives does not apply to apps, clarity is required as to the rules with which they must comply. The fact that Union legislation cannot yet address the latest developments in this sector and that the Court has not had the opportunity to clarify the applicability of existing legislation on these newly developed apps, still leaves room for interpretation.
The safety of mHealth solutions and lifestyle and wellbeing apps is a cause for concern. Reports underline that some solutions do not function as expected, may not have been properly tested or in some cases may even endanger people's safety (see The New England Center for Investigative Reporting, Boston University, "Lacking regulation, many medical apps questionable at best", 18 November 2012). The Commission, therefore, is thinking about the demonstration of safety by using user safety standards, specific quality labels or certification schemes. According to the Commission, certification schemes could be reliable indicators for healthcare professionals and citizens as they could verify whether the app or mHealth solution delivers credible content, contains safeguards for user data, and functions as intended. App certification programmes are already emerging like the National Health Service online Health Apps library in the United Kingdom, where all apps have passed a review to prove their safety and compliance with data protection rules. Other examples exist where apps are certified and sold on specialised app stores, such as Happtique in the US.
xray and heart rate monitorThe Commission staff working document on the existing EU legal framework applicable to lifestyle and wellbeing apps purports to give a non-exhaustive description of the EU legislation, which is applicable to lifestyle and wellbeing apps. The aim of the document is to provide simple guidance as to the EU applicable legislation since some mHealth apps may fall under the definition of a medical device or of an in-vitro diagnostic medical device and therefore may have to comply with the safety and performance requirements of Directive 93/42/EEC concerning medical devices or Directive 98/79/EC on in vitro diagnostic medical devices respectively.