I had the privilege to preside a session about eHealth and mHealth at the DIA Euromeeting in Amsterdam last week, joined by Mr Tapani Piha, Head of Unit for eHealth, Health Technology Assessment and Science of DG SANCO of the European Commission and Mrs Marianne Fournier of Voisin Consulting.
In a lively session we took the audience through a tour d’horizon of EU future and present mHealth regulation.
Mr. Piha discussed the EU policy angle for eHealth, focusing on the draft EU proposals for a Regulation on eIdentification, a Regulation on data protection (GDPR), and the Green paper on mHealth (the latter being in the pipeline, slated for 2013). He confirmed that the recently proposed NIS Directive will also impact on eHealth and mHealth. Mr. Piha further provided insight in the use of the Directive on patients’ rights in cross-border care. He spoke about the upcoming implementing act on prescriptions that harmonizes minimum data to be shared across borders and thus paving the way to ePrescription. He further addressed the eHealth Network under article 14, which provides for
- Common identification (eID) for electronic transferring of health data
- Guidelines on semantic and technical interoperability
- Guidelines on non- exhaustive list of data to be included in patient’s summary
Finally he addressed the eHealth Action Plan and its relation to the EU strategic eHealth network, as well the Regulation on European Standardisation, an important instrument for achieving interoperability in eHealth.
Mrs. Fournier spoke about software and e/mHealth services as regulated medical device in the EU and provided a large amount of examples and case studies to show the possible permutations of regulation of hardware and software.
I myself discussed mainly the possible consequences of the proposed General Data Protection Regulation (GDPR) for the EU eHealth and mHealth industry, which may have an enormous impact on eHealth and mHealth. Since this regulation proposal a horizontal instrument, it treats all categories of services for which personal data are processed the same. I showed how this for example leads to the unintended consequence that the things you want in eHealth and mHealth like monitoring, are made very difficult because they are subject to the same restrictions as profiling by online advertising companies.
The exemptions in the regulation for processing of health data have been watered down in the last proposed changes by the rapporteur of the ENVI committee to the point that – in my view – they will severely impede viable eHealth and mHealth business models. This impediment is worsened by the fact that the criterion for consent to processing of personal data has also been made so complex that I would be hesitant to provide a legal opinion on whether consent has been validly given in a specific situation. In other words, the GDPR creates a large amount of collateral damage in sectors we would normally want to enable. DG SANCO and DG Connect have set up elaborate policies for eHealth and mHealth, but these may not achieve their objectives if processing of health data is made prohibitively difficult. in addition, medical devices companies are faced with additional difficulties to collect the additional clinical data required for meeting regulatory obligations under the proposed new medical devices regulation and IVD regulation. This way DG Justice will also negatively impact on DG SANCO’s policy in medical devices and IVDs.
Even though this session was one of the graveyard sessions of the DIA program we almost had a full house, evidence of the importance of this subject for the marketplace.