Telemedicine or simply a gadget to keep fit addicts? Mobile Health Apps and also the law


Mobile health (mHealth) apps are becoming a lot more popular. In 2013, greater than 97,000 health apps were already available on the market.[1] Based on the European Commission (EC), this figure now comes down to around 100,000 globally.[2] Application developers have produced health apps for nearly everything: Through mHealth apps, user of smartphones can nowadays measure vital signs for example their heartbeat, bloodstream glucose level or brain activities, access medical communication and motivation tools or collect physiological data from ingestible sensors to be able to monitor medication adherence, simply to name a couple of.[3] It’s expected that by 2017 mHealth apps could be deployed on roughly 50 percent of cellular devices.[4] The influence of mHealth apps for that daily schedule of mobile phone users will therefore increase considerably within the next couple of years. mHealth apps and various other types of telemedicine might also play a huge role in initiatives aimed to mitigate the possible lack of readily available health care in geographical areas without residing doctors, an undeniable fact that is of accelerating concern for instance in a few areas in Germany.[5] The growing need for mHealth apps and also the diversity of the usability result in various stakeholders playing important roles within the development, commercialization and employ of mHealth apps and, most particularly, the consumer generated data. Unsurprisingly, the interests of those stakeholders vary from one another. This brings about a number of legal questions. This short article aims to provide a summary concerning the regulatory framework within the EU that mHealth apps might have to adhere to in addition to data protection topics associated with using mHealth apps. Other interesting areas not addressed in the following paragraphs include (product) liability questions and bonus schemes provided by medical health insurance companies or funds.

EU Regulatory Framework

With regards to identifying the relevant regime, two groups of mHealth apps may broadly be distinguished: (a) apps created for the prevention, diagnosis, and management of illnesses (medical apps), and (b) apps encouraging lifestyle, fitness and well-being (nonmedical apps). It’s apparent this distinction isn’t necessarily simple to make within an area that is in flux because of the quickly altering technological atmosphere.

mHealth apps require a “medical purpose” to come under EU legislation for medical devices

In principle, mHealth apps may come under the EU regulatory framework for medical devices. Medical products are susceptible to the ecu Medical Devices Directive (93/42/EEC – MDD)[6] or even the European In Vitro Diagnostic Medical Devices Directive (98/79/EC – IVDD) (the “Directives”). The present regime is under revision and can, pending legislative approval, prospectively get replaced by two European rules.[7] Neither the current nor the suggested legislation offer an explicit meaning of mHealth or medical apps. Whether mHealth apps fall inside the scope from the Directives must therefore be determined in line with the general meaning of medical devices. Unlike software embedded or integrated into medical hardware (e.g. software controlling radiation devices), mobile health apps as “standalone software” don’t by itself fall inside the remit from the Directives, unless of course they are made to fulfill a clinical purpose.[8] Accordingly, mHealth apps really are a medical device when the apps are particularly designed to carry out a medical task inside a medical setting (e “medical apps”). By comparison, apps created for general or domestic purposes (e “nonmedical apps”) aren’t susceptible to the Directives, while they may be utilized in a healthcare setting or perhaps a medical context. Whether an application is considered to become particularly designed to carry out a medical task inside a medical setting depends, generally, around the manufacturer’s (i.e., within an application context, the provider’s) intended purpose such purpose is deduced in the data provided around the device’s labelling, or perhaps in the device’s instructions and/or marketing materials (e.g. brochures, webpages).[9]

As healthcare models be patient-centric, there might be some uncertainty regarding the qualifying criterion from the “intended medical use”. For instance, the excellence between general “wellness” apps and “medical” apps can become somewhat unclear, as “wellness” apps supporting preventive and self-monitoring fitness or nutritional activities or calculating vital signs for wellness purposes might also considerably improve health outcomes.

Soft law assistance with medical devices classification

The EC offers guidance regarding the classification of standalone healthcare software, including mHealth apps, in the guidelines around the qualification and classification of stand-alone software printed in The month of january 2012.[10] As the Guidelines provide a useful framework, national government bodies have frequently adopted a stricter/broader interpretation from the medical device classification with regards to mHealth apps. The EC has additionally confirmed the Guidelines might need to be updated. Nevertheless, the rules presently constitute a code of practice that companies launching mHealth apps are very well advised to take into consideration.

The Guidelines’ decisive qualifying criterion for any medical device classification is whether or not the program is supposed to interpret (in order to facilitate the interpretation of) data by modifying or representing medical individual information.[11] Altering the representation of information purely for embellishment purposes is really a non-medical task.[12] Accordingly, a mHealth application isn’t a medical device whether it just performs an action restricted to storing, archiving, compressing or transferring medical data, without interpreting/altering it. Exactly the same pertains to an application restricted to collecting and transmitting medical data from the(n) (in vitro) diagnostic medical device in your home atmosphere to some physician, without modifying its content. However, based on the Guidelines, the Directives do affect tools mixing medical understanding with patient-specific physiological parameters. Additionally, apps supplying immediate decision-triggering information, or altering the representation of information in a manner that plays a role in the interpretative or perceptual tasks done by doctors, generally pose a danger for that patient’s health insurance and are susceptible to the Directives.[13] Likewise, apps meant to provide more information that includes to diagnosis and/or treatment (e.g. generate alarms) are qualified as medical devices.

Regarding apps around the threshold between domestic and medical purposes, stakeholders may consult the Manual on Borderline and Classification within the Regulatory Framework from the ecu Working Group on Borderline and Classification.[14]

Data Protection

In the Eco-friendly Paper on mHealth (“Eco-friendly Paper”),[15] the EC underlined the function of mHealth in increasing the quality and efficiency of healthcare delivery. Based on the EC, mHealth enables the gathering of considerable medical, physiological, lifestyle, daily activity and ecological data, which could help as the groundwork for evidence-driven care practice and research activities, while facilitating patients’ use of their own health information anywhere and anytime.[16] Research into the big data that mHealth generates may boost innovation which help improve healthcare effectiveness and disease prevention.[17]

Medical data can also be valuable for medical health insurance companies or funds. Included in its campaign to bolster “digital prevention”, a regional German social medical health insurance fund lately announced its intends to subsidize wearable devices enabling users to trace physiological parameters.[18] Its offer to lead 50 euros towards wearable devices for example wristbands or smart watches converges with projects promoted by other German social medical health insurance funds who award premiums for collecting bonuses by utilizing mHealth apps[19] or registering for fitness courses etc. To date, German social medical health insurance funds have abstained from collecting private data transmitted by mHealth apps.

Presently, data analysis and processing inside the EU is controlled by the information Protection Directive (95/46/EC). Ongoing negotiations in regards to a uniform European General Data Protection Regulation[20] also have fueled the controversy on health data. Like a particularly sensible group of data, health details are susceptible to stricter legislation than general private data. Under Art. 8 para. one of the Data Protection Directive, processing health information is in principle prohibited, unless of course the best applies. The narrow examples put down in Art. 8 para. 2 from the Data Protection Directive reflect the specific sensitivity of health data. Misuse of medical data might have irreversible ramifications for that individual too for their social or work atmosphere.

Because the Data Protection Directive doesn’t define the course of health data, the EC consulted the content 29 Working Party[21] on the idea of health data regarding apps and devices, including lifestyle and wellbeing apps. As a result of the request, the content 29 Working Party offered assistance with the meaning and stressed the qualification as health data doesn’t rely on if the software collecting the information is recognized as a clinical device.[22] The Significant Party clarified that it is not only data that is inherently or clearly medical data, i.e. data concerning the physical or mental health status of the data subject that is generated inside a professional, medical context,[23] that is considered health data. Actually, also raw sensor data you can use by itself or in conjunction with other data to attract conclusions concerning the actual health status or chance of an individual, and private data that according to which conclusions are attracted in regards to a person’s health status or health risks (regardless of whether these conclusions are inaccurate, illegitimate or perhaps in-sufficient) are considered health data.[24] Thus, while as a result, an application, e.g. counting steps throughout a single walk for domestic purposes, might not be of great substance regarding an individual’s health, it might showcase a physical disease when associated with additional information, processed for further purposes or used in organizations.[25] Consequently, the information generated with this application might be considered health data and, susceptible to Art. 8 para. three of the Data Protection Directive, the specific consent from the user pursuant to Art. 8 para. 2 from the Data Protection Directive thus remains needed.

Therefore, application providers are very well advised to obviously define the scope and reason for a potential data analysis and processing. Such obvious definition must then properly be implemented within the necessary contractual relationships, like the relation to utilisation of the particular application, to prevent legal pitfalls. Pointless to state, it’s of likewise importance for that confidence of finish users, and therefore for that realization of the potential for mHealth to enhance the standard and efficiency of healthcare delivery, the controller meets its obligations established in Art. 17 para. one of the Data Protection Directive to apply sufficient and efficient technical and business measures to safeguard the information against, among other activities, unauthorized disclosure or access.


Because of the speed of technological developments and the introduction of mobile solutions inside a health context, the regulatory landscape is presently in flux. To make sure compliance, medical devices/pharmaceutical companies frequently choose a broad interpretation from the term “medical device” or “medical purpose” – which leads to a proportion of the mHealth apps falling underneath the Medical Devices Directives. However, it may be contended that this type of conservative approach could hamper innovation, and, consequently, the conclusion from the benefits that mHealth could provide healthcare in Europe. Updated guidance through the Commission would therefore be beneficial to any or all stakeholders involved. Throughout the ongoing negotiations concerning the General Data Protection Regulation, it remains seen when the Commission is constantly on the evaluate possible actions to deal with the information protection concerns as outlined in the Eco-friendly Paper.

[1] Cf. “Europe’s Mobile Health Sector is Booming”, press release by the European Health Forum (last accessed: 18 August 2015).
[2] Cf. (last accessed: 18 August 2015).
[3] Cf. (last accessed: 18 August 2015).
[4] Cf. endnote 1 above.
[5] To tackle this concern, the German government recently issued a draft legislation for secure digital communication and applications in the health care sector; this draft is available in German language. please click here.  (last accessed: 18 August 2015).
[6] As amended by Directive 2007/47/EC. The Directives set out procedures for harmonized certification and inspection of medical devices, as well as standards of performance, safety, and health protection.
[7] On 26 September 2012, the EC adopted two regulation proposals for: a) medical devices; and b) in vitro diagnostic medical devices. In order to become EU law, the Parliament and the Council need to adopt the texts by ordinary legislative procedure. The proposals are available here. (last accessed: 18 August 2015).
[8] Cf. recital 6 Medical Devices Directive “[…] software in its own right, when specifically intended by the manufacturer to be used for one or more of the medical purposes set out in the definition of a medical device, is a medical device. Standalone software for general purposes when used in a healthcare setting is not a medical device.”
[9] Article 1 (2) (g) Medical Devices Directive. Only if drafted to circumvent the application of the regulatory scheme may objective criteria replace the manufacturer’s stated intention on the labelling, instructions etc. (see AG Opinion in Case C-219/11 Brain Products GmbH v BioSemi VOF, ECLI:EU:C:2012:742, para. 50).
[10] European Commission, Guidelines on the Qualification and Classification of Stand Alone Software Used in Healthcare within the Regulatory Framework of Medical Devices, MEDDEV 2.1/6, January 2012 (the “Guidelines”).
[11] See the Guidelines decision making step plan on pages 10 et seq.
[12] Guidelines, Decision step 3, page 10.
[13] Guidelines, Decision step 3, page 11.
[14] Version 1.16, 07-2014. Section 9 contains guidance as to apps for (i) processing ECGs, (ii) the communication between patient and caregivers while giving birth, and (iii) viewing the anatomy of the human body.
[15] The Green Paper was published in April 2014 and is available here (last accessed: 18 August 2015).
[16] Cf. Green Paper, p. 3.
[17] Cf. Green Paper, p. 5, 9 et seq.
[18] Cf. (last accessed: 18 August 2015).
[19] Cf. e.g. (last accessed: 18 August 2015). Such bonus schemes are under scrutiny by the German regulator because any bonus payments are only lawful if the insured person takes part in sporting activities with ensured quality. The autonomous performance of sporting activities by an app user may however not fulfil such quality requirements simply because the user does not comply with the instructions given by the app. Cf.–geldsegen-fuer-gesundheitsbewusste,1472780,31386592.html (last accessed: 18 August 2015).
[20] Information on the reform of the data protection legal framework is available here (last accessed: 18 August 2015).
[21] The Article 29 Working Party is an advisory body consisting of the European Commission and representatives of the data protection authority in each Member State.
[22] The annex to the Working Party’s response is available here (last accessed: 18 August 2015).
[23] Cf. the Annex to the Working Party’s response, p. 2.
[24] Cf. the Annex to the Working Party’s response, p. 5.
[25] Cf. the Annex to the Working Party’s response, p. 3.



Please enter your comment!
Please enter your name here