Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

eHealth and mhealth presentation


Published on

Presentation in the eHealth and mHealth session at the DIA Euromeeting on 6 March 2013 in Amsterdam

Published in: Health & Medicine
  • Login to see the comments

eHealth and mhealth presentation

  1. 1. How to Manage IT,TelecommunicationsPersonal Data Rules andSoftware RegulatoryRequirements in the EU andGlobal Environment,including Case StudiesErik Vollebregt 25th AnnualPartner EuroMeeting 4-6 March 2013Axon Lawyers RAI, Amsterdam Netherlands
  2. 2. DisclaimerThe views and opinions expressed in the following PowerPoint slides arethose of the individual presenter and should not be attributed to DrugInformation Association, Inc. (“DIA”), its directors, officers, employees,volunteers, members, chapters, councils, Special Interest AreaCommunities or affiliates, or any organization with which the presenter isemployed or affiliated.These PowerPoint slides are the intellectual property of the individualpresenter and are protected under the copyright laws of the UnitedStates of America and other countries. Used by permission. All rightsreserved. Drug Information Association, DIA and DIA logo are registeredtrademarks or trademarks of Drug Information Association Inc. All othertrademarks are the property of their respective owners. 2
  3. 3. Introduction• EU political and regulatory context• (health) data protection regulation developments• Regulation of software as medical device• Reimbursement, licensing• Liability• Case studies 3
  4. 4. EU political background• eHealth Action Plan 2012 – 2020 – struggles with Lisbon competences (“EU action shall respect the responsibilities of the Member States for the definition of their health policy and for the organisation and delivery of health services and medical care.”)• Pretty big changes in – regulation of medicinal products and medical devices / IVDs – regulation of collection and processing of health data 4
  5. 5. Health data protection• Currently in flux with General Data Protection Regulation proposal• Horizontal approach to all data causes excessive collateral damage in healthcare sector – What we hate in marketing and social media, we actually want in healthcare (e.g. monitoring, profiling, further processing, traceability) 5
  6. 6. General Data Protection Regulation• Data protection as fundamental right • EU approaches data protection from the angle of fundamental right – this means less attention to pure internal market interests and more to data subject interests• Definitions & scope • Implementation of Art 29 WP opinions on scope (“singling out”, unique identifiers, pseudomisation, “reasonably likely means”)• Consent requirements • New disqualifiers: imbalance and consent to process data and necessary for execution of the contract• Impact assessment • Mandatory sign-off national authorities prior to processing but no methodology / standards and no deadlines • Impact assessment for each individual instance of processing 6
  7. 7. General Data Protection Regulation• Privacy by design • Prior approval of impact assessment of each act of processing • Literally – Parliament proposes that software and devices have to be designed and built as to enable GDPR and data subject’s rights by default • Intelligible explanation of automated processing logic• Exemptions for processing of health data without consent • With uncertainties around concept of ‘consent’ derogations for “public health” and “scientific purposes” become crucial • Exemptions not suited for outsourced processing in eHealth / mHealth services and not drafted for regulatory clinical data obligations• Technical standards • Commission can issue technical standards related to implementation of GDPR requirements 7
  8. 8. General Data Protection Regulation• Data subject’s rights • Right to correct, information, be forgotten and of erasure problematic in clinical context • Right to request interoperable and open source format copy of processed data• Company burden • Mandatory privacy officer • Large fines• Many open ends still that are subject to implementation by implementing act or regulation by delegated act • Commission is not obliged to use these powers and EU legislator may change the scope or revoke power, which increases uncertainty 8
  9. 9. Regulation of software as MD / IVD• MEDDEV 2.1/6 on standalone software, currently under revision• Differences in interpretation of what software constitutes a medical device• EN 62304 standard• Lack of harmonised interoperability standards 9
  10. 10. Reimbursement• Directive 2011/24/EU on the application of patients rights in cross-border healthcare – Member State of affiliation shall ensure that the costs incurred by any insured person receiving cross-border healthcare are reimbursed, if the healthcare in question is among the benefits to which the insured person is entitled in the Member State of affiliation (Article 7(1) of the Directive) 10
  11. 11. Licensing• Directive 2005/36/EC28 on the recognition of professional qualifications does not apply to healthcare professionals providing cross-border telemedicine• if the service provider complies with the legislation applicable to the taking up and exercise of an information society service in his Member State of establishment, he will in principle be free to provide its services in other Member States (Cross-Border Patient Rights Directive and e-Commerce directive) 11
  12. 12. Liability• Professional liability• Contractual liability• Defective product – Member states differ in whether e/mHealth software is a “product” under EU Product Liability Directive (85/374)• Network outages? 12
  13. 13. Case study 13
  14. 14. Case study 14