200 likes | 203 Views
Enabling mHealth – A Lack of Progress on the Legal Front. Prof. Dr. Paul Quinn Brussels Free University (Vrije Universiteit Brussel), Belgium. A little bit about me. I am a member of LSTS at Brussels Free University (VUB) My areas of research include Data protection in Health Care
E N D
Enabling mHealth – A Lack of Progress on the Legal Front Prof. Dr. Paul Quinn Brussels Free University (Vrije Universiteit Brussel), Belgium
A little bit about me.. • I am a member of LSTS at Brussels Free University (VUB) • My areas of research include • Data protection in Health Care • Legal issues related to eHealth and mHealth • Stigmatisation and Discrimination • I have worked on a number of EU projects that involved aspects related to mHealth • e.g MOVING LIFE (FP7), REACTION (FP7), PICASO (H2020)
What I am going to talk about… • Legal issues relevant to the increased deployment of mHealth • 1. Data Protection Issues • 2. Issues Related to the Medical Device Framework • 3. Changes (from the perspective of mHealth)
mHealth Raises a Number of DP Issues • mHealth will make more use of personal health data than conventional forms of medicine. • Personal data may be collected continuously. • Questions about modality of consent. • How is data transmitted and stored. • Who has access? • .
Health data as personal data • Health data is recognised as sensitive data under the data protection framework. • Directive 95/46/EC is still in force – Little harmonisation • The new Regulation will come this year, hopefully ?!? • It will result in a harmonisation of many elements of data protection (but not all).
Key Data Protection Requirements • Must have a legal basis for processing. • The legal grounds for the processing of health data are outlined in article 8 95/46/EC. • Processing must occur in accordance with data processing principles. This include • Minimisation, securely stored, data must be of sufficient quality etc.
mHealth and Sensitive Data • The processing of sensitive data is forbidden unless…. (Article 8 of 95/46) • Explicit consent is secured • The processing is in the context of an ongoing treatment relationship. • The nature of mHealth processes raises issues with these exceptions.
Explicit Consent Raises Difficulties for mHealth • Explicit consent must be informed consent • May be difficult in the absence of a physician to explain things • Can not be general • May have to conform to local legal requirements pertaining to form (may be addressed with new regulation).
Meeting the conditions of an on-going treatment relationship may be difficult for many mHealth processes • Directly connected to the provision of medical treatment • i.e. does not cover other purposes e.g. billing, scientific research, administration. • With a physician or similar individual subject to an obligation of secrecy • At present unlikely to apply to technical or administrative staff… • Difficulties in transfering data between insitutions and transfering to third party institutions.
Effects of the GDPR • -Harmonization of form for consent • Does not need to be written (Art 8) • Need to keep evidence (Art 7(1)) • A Broader range of exceptions for the processing of administrative data in the overall context of health care (e.g. Art 9(2)(h). • The possibility for member states to add further protections in the area of health (Art 9(4))
Effects of the GDPR • Harmonisation (especially with consent requirements) • A right to be forgotten (Art 17) • Rights to data portability (Art 18) • Breach Notification (Art 31, 32) • A new or strengthened duty (highlighted in EU Com green paper of; – data minimisation; • data protection by design; • data protection by default.
Issues Related to Medical Device Regulation • Many mHealth solutions depend upon the use of software capable of running on diverse devices and operating systems • Many mHealth apps seem to meet the definition of 'medical devices’ • i.e. any … software, … intended for one or more of the specific medical purposes of (inter alia): diagnosis, prevention, monitoring, treatment alleviation of disease or diagnosis, monitoring, treatment, alleviation of or compensation for an injury or disability, For more on intended use see: Case C-219/11 Brain Products GmbH -v- BioSemi VOF and others
Less Clarity in the US than in Europe • The FDA has adopted a more honest approach – reserving discretion to dispense MD requirements for low risk devices • In Europe the EU Commission has released guidance on the application the directive to mHealth apps. • A strong focus is placed on intended medical use It is however often difficult to make this call with mHealth apps.. • The dividing line between wellness and medical use is still very much blurred….
Medical Device Regulation • Most relevant directive is The Medical Device Directive (Council Directive 93/42/EEC) • Subject to revision (expected in the form of a regulation) • Represents an onerous set of of regulatory requirements that may be time consuming and costly to comply with. • May be difficult for apps to comply with given that they often operate under a low cost/low profit business model.
Problematic areas for medical device regulation • Practical Issues • Instructions • CE Markings • Requirement to continuously review is problematic • May be difficult to reconcile with low-cost model • Onerous requirements and potential liability for online vendors e.g. 'app stores’.
Problems of testing software with all possible devices/software platforms. • The MDD requires that software be tested with all devices that it is to be used with. • This may be problematic for software that is designed to operate on common operating systems e.g. on smartphones. • Not feasible to test on all possible devices • Wide range of smartphones • Can be linked to third devices • Operating systems are constantly under revision
Progress of lack of in recent years…. • Legally speaking very little has changed… • The revision of both the Medical Device Directive and the Data Protection Directive has been much slower than was expected. • This has allowed an environment on legal uncertainty to continue. • The proposed new regulations will not however remedy the situation described completely.
Harmonization is on the way • The formalities surrounding explicit consent should be harmonized • The complex requirements of the the MDD should be harmonized • Such measures should provide legal certainty and aid development.
Thank you for listening! • Paul Quinn • Paul.quinn@vub.ac.be • Twitter @paulquinnbxl