Digital health technologies have seen an uptake since the COVID pandemic but both patients and market players can sometimes feel that developments and investments are not moving forward quickly enough. One reason for that is the still fragmented legal landscape across the EU and elsewhere, but also strict regulations when it comes to use of health data. 2024 could be a breakthrough year so what can we expect?
In recent years, the healthcare and life sciences sectors have been subject to numerous legislative and regulatory proposals. These aim to further reform an industry which can lag behind on digital transformation. The vision for Health Tech is an AI-enabled environment with safe solutions which improve patient outcomes. The use cases span from big data algorithms in the clinical study context, the use of machine learning to support healthcare professionals, helping patients via robotics, or creating efficiencies by implementing AI-based tools in hospitals. At the same time, there are hopes for a regulatory landscape that reduces burdens and supports access to patient data. With the European Health Data Space the EU’s draft AI Act, and some recent national initiatives, Health Tech could see a real boost in 2024.
The AI Act will have a significant impact on digital health in the EU…
The AI Act (AIA), expected (although not certain) to enter into force in 2024, will affect medical device companies with machine learning capabilities but also the healthcare and life sciences sectors more generally. The hope is that it will give EU citizens confidence to embrace AI-based solutions, including AI-enabled medical technologies.
All products which fall under the definition of an “AI system” will be in scope of the AIA. For example, AI-based medical software systems will be regulated. The AIA takes a risk-based approach - similar to the GDPR and the Medical Devices Regulation. Compliance obligations around development and use are directly related to the potential level of risk posed by the AI system - whether unacceptable, high risk, low risk, or minimal risk.
AI applications in the healthcare or life sciences sectors may be classified as "high-risk AI systems" in which case, the most stringent obligations will apply, including a requirement to implement a quality and risk management system, to have detailed technical documentation, and to carry out a conformity assessment (similar to ones for CE markings). This would place a considerable burden on in-scope healthcare companies and would require meticulous implementation.
The AIA has entered its final stretch with negotiations between the EU’s main bodies progressing. On 6 December 2023, a supposedly final meeting is scheduled. The co-legislators hope to adopt the Act in 2024, in which case it would apply from 2026. Recently there have been reports of stumbling blocks but there remains cautious optimism that this schedule will not be disrupted, which is particularly important in light of the upcoming European Parliament elections next year.
….as will the AI Liability Act
The EU's AI Liability Act (ALA) is intended to fill a gap in AI regulation. Given the AIA's lack of direct protective rights for individuals, the ALA aims to provide individuals who are adversely affected by an AI system with a direct right of action by lowering the threshold to bring claims. Consequently, it introduces a new liability regime which starts with the premise that there is an assumption of causality where liability is caused by AI. This mean that the person affected does not have to prove the link between the damage caused and the use or output of the AI system. The ALA is not yet at trilogue stage and may be some way off enactment let alone application, but in the longer term, healthcare providers using AI may find they are facing an increase in litigation and should take that into account when developing or using AI.
The European Health Data Space will move forward
The European Health Data Space (EHDS) was the first common European Data Space proposed by the EU as part of a wider initiative to create shared data spaces for other sectors. This is a key pillar of the EU's data strategy. As discussed in more detail here, the EHDS aims to establish a legal framework for data access and exchange, ensure high quality health data and interoperability. Individuals will have access to their own patient data, and Member State healthcare professionals will be able to access electronic health records cross-border.
Crucially for digital healthcare, the EHDS will enable anonymised health data to be downloaded and used for a variety of purposes, including training AI applications in the healthcare sector subject to specified conditions. The EU is not alone in trying to facilitate sharing of health data in this way. The UK, for example, is currently testing Secure Data Environments for accessing NHS data for research purposes and other external uses, with a wider rollout planned.
The EHDS is progressing through the regulatory process. The European Parliament and the Council are expected to adopt their compromise proposals imminently – potentially by the end of 2023, after which trilogues can begin. Depending on how these proceed, the EHDS may well be finalised next year although it is unlikely to be fully operational before 2025.
Germany will continue to be a leader in regulating digital health
In Germany, several legislative initiatives are underway to create a coherent and legally secure framework for accessing and sharing health data. The most important of these are the Digital Act and the Health Data Use Act which are expected to take effect in February 2024.
German Digital Act
The goal of the Digital Act (Digital-Gesetz or DiG) is to make everyday medical care easier for doctors and patients by introducing digital solutions such as the electronic patient application (ePA) and electronic prescriptions, used and managed via German health insurance company apps.
The ePA stores all relevant patient information on medical findings and information from previous medical examinations and treatments in a central location. The information and documents will be available to all treating physicians, hospitals and pharmacies via a central IT infrastructure. The technically required data interoperability will be established to enable sharing. An opt-out procedure will be introduced for patients who do not wish to use the ePA.
From 1 January 2024, electronic prescriptions will become the mandatory standard for the supply of pharmaceuticals, and the ePA's functionality will then be further expanded to cover functions including medication reminders, medication plans and side effect checks.
The Digital Act also promotes the establishment of video consultations and telemedicine by facilitating the use of video consultations and enabling pharmacies to offer assisted telemedicine.
Health Data Use Act
The Health Data Use Act (Gesundheitsdatennutzungsgesetz or GDNG) allows, among other things, health data from the ePA to be used for research purposes. For the first time, data from different data sources can be combined and analysed.
The data will be made available to public and private researchers on request at a newly established data access and coordination center. The decisive factor for eligibility is no longer who applies to access the data, but for what purpose. Permitted purposes include improving the quality of patient care, resource planning, scientific analysis of the effectiveness of healthcare, scientific research, the development and improvement of medicinal products and medical devices, monitoring the safety of medicinal products and medical devices and the testing and training of AI systems (see Section 363 of the German Social Act V).
The health data in the ePA is provided in pseudonymised and encrypted form by the German health insurance companies to the Research Data Center, an institution of the Federal Institute for Drugs and Medical Devices (Bundesinstitut für Arzneimittel und Medizinprodukte). On request, the Research Data Center makes the data available to EU-based recipients within the legislative framework of the GDNG.
Two opt-out procedures will be introduced for patients who do not wish to provide their data: they can opt out of ePA use in general, or opt out of GDNG usage. There is no opt-out for use by certain types of individuals and institutions.
The concept is similar to that of the EHDS but is limited to Germany. The infrastructure and procedures of the data sharing concept under the GDNG will be used when the EU Health Data Space is implemented in a few years' time.
2024 is looking good for digital health in the EU
To answer our question posed in the title, 2024 may not see the full culmination of the various legislative initiatives likely to impact digital health in the EU, but as the legislation passes, even if it does not yet apply, 2024 does look set to be a breakthrough year.
