The progressive development of new technologies is also leading to new fields of application and innovations in the healthcare industry. In the third quarter of 2020, nearly 49,000 medical health apps were available for download from the Apple App Store worldwide. In addition, the global sales in this sector are forecast to increase fivefold to approximately €246.8 billion by 2025.
With all these rapid developments, legal hurdles cannot be ignored. Marco Degginger and Moritz Schmitz provide an overview of the regulatory classification of health apps and the associated data protection and liability issues.
What are health apps?
Health apps are applications to promote physical and mental well-being. These include apps concerning healthy eating, fitness or wellness. They are aimed at maintaining or improving the health of the respective user and can have a preventive or even health-promoting effect.
Classification as a medical device
From a legal perspective, it is relevant whether a health app is classed as a medical device. This is the case if the app has a "medical purpose." It has such medical purpose if the software provides independent diagnostic or therapeutic services. This can be affirmed, for example, if it analyses or interprets data, performs calculations or measurements, or has a monitoring function.
However, this presupposes individual influence through the generation of data or information, or support with decisions, or dosage assistance or the monitoring of a therapy. Monitoring through the collection of data is also conceivable. Pure lifestyle, fitness or wellness applications whose purpose is primary prevention generally cannot be classified as medical devices. If an application pursues multiple purposes or provides multiple functions, a more detailed analysis is necessary.
Important: CE mark for health apps
If a health app is considered to be a medical device, it is subject to regulatory requirements arising inter alia from the European Medical Device Regulation (MDR). According to the MDR, such apps must be CE-marked if they are intended to be distributed in the European Economic Area. For this, a conformity assessment procedure must be conducted.
In addition, the manufacturer of a health app classified as a medical device is subject to many other obligations: for example, the required establishment and maintenance of a risk and quality management system, the provision of instructions for use, the correct marking and the designation of a so-called responsible person, as well as the guarantee of financial coverage for potential liability cases.
Who is liable for damages caused by health apps?
What happens if a user suffers harm through the use of health apps? Civil liability initially depends on the particular constellation in which the app is used.
A contractual liability claim (Section 280 German Civil Code [Bürgerliches Gesetzbuch - BGB]) against the seller may exist if a user purchases the app from a store and uses it independently. This results from the underlying purchase agreement. The seller does not necessarily have to be legally identical with the manufacturer. A further claim can arise from tort (Section 823 BGB) against the manufacturer. Both claim bases presuppose, among other things, a presumed or provable fault on the part of the opponent as a hurdle. This would especially be the case if the required care was disregarded during the programming of the app. A comparatively lower hurdle would be by a no-fault claim by the user, which arises from the German Product Liability Act (Produkthaftungsgesetz – ProdHaftG) and is directed against the manufacturer.
If the user uses the app because his doctor has prescribed it, the patient may - at least theoretically - also have claims against the doctor arising from the treatment contract (Section 630a BGB). However, such claims presuppose fault on the part of the doctor. This would be the case, for example, if the doctor had not convinced himself before using the app that it was suitable for the intended purpose and was also recognisably safe.
It is also possible that a doctor uses a health app to fulfil his duties in the (treatment) contractual relationship with his patient. This only changes the claimant of the contractual claim (doctor as opposed to the patient) vis-à-vis the seller of the app.
Health apps: data protection and data security
The function of health apps is based on the processing of personal data. This data is often sensitive health data. Appropriate data protection standards and mature data security concepts are therefore of great importance to supervisory authorities and users. Everything you need to know about data protection and data security in health apps can be found here.