The use of health apps and other IT programmes in medical care is increasing. In Germany and other EU Member States there are lively discussions regarding how to regulate the use of these new digital products in healthcare.

MS – 12/2016

The public consultation on the Green Paper on mobile health services, which the German Social Insurance commented on, has strongly put the focus on the debate over health apps and digital healthcare applications at European level.  


The discussion concerns testing the safety of digital products in medical care and their placement on the market as well as how they are reimbursed under health insurance. The focus at European level is (still) on harmonising quality and data protection standards for health apps across Europe. 


Currently, at the initiative of the EU Commission, a working group, that includes the European Social Insurance Platform, is working on quality criteria for assessing the reliability of apps in the areas of health and social affairs. The aim is to have these voluntary guidelines available by the start of 2017; they are aimed at all stakeholders in digital care. They are explicitly for apps which are not classified as medical devices and serve as a suitable reference for the qualitative assessment of apps. Criteria such as safety, transparency and evidence of their benefit act as a benchmark. This will establish a unified, transnational framework that can be used by national organisations. An initial step to establishing common, European-wide standards, albeit non-binding. 


A further initiative of the EU Commission, under the aegis of the Directorate General for Communications Networks, Content and Technology, is a voluntary commitment from manufacturers of health apps to comply with data protection regulations. The aim of the Code of Conduct is to strengthen citizens’ trust in health apps. At the core of the Code of Conduct are aspects for developers such as explaining the app, securing user consent or the principle of data minimisation, which aims to improve security. Following a review by the Article 29 Working Group, one of the EU Commission’s independent European working groups and which deals with issues related to personal data and its processing, the Code of Conduct is expected to be published in the near future.  


It is to be welcomed that the EU institutions have recognised many of the problems associated with health apps. Current EU legislative procedures such as the Medical Device Directive and the General Data Protection Regulation address mHealth issues. Non-binding standards such as the Code of Conduct supplement the need for regulation. However, regulation itself is a challenge. The right balance must be found between patient security and the potential for innovation in health care. Over-regulation, in particular, would damage the rapidly growing start-up scene in the health sector. 


However, a roadmap for digital health in the EU is still missing. Furthermore, it is not clear whether the guidelines can flow into a binding regulation at a later date. It is also important not to underestimate the role played by national design and regulation, particularly when it comes to issues related to financing and reimbursement. This is where the opinions of the Member States differ widely, which makes it difficult to define and implement policy measures at EU level.  

In January 2017, the Commission intends to launch its Free Flow of Data Initiative which aims to encourage the free exchange of data in the EU, including health data. This will be accompanied by the European Cloud Initiative which will focus more on the certification of clouds.  


Current initiatives on mobile health in Europe:  


Free Flow of Data Initiative: