Last week the Commission launched its new eHealth Plan (EHAP). It was announced under the header “Putting patients in the driving seat: A digital future for healthcare”. A nice rundown of the relevant documents is here and a good summary by MedTech Europe (Eucomed and EDMA) is here. Then there is the convenient overview and roadmap over here giving an overview of actions to be implemented in 2012 – 2020. You might want to take a look at this Commission presentation on eHealth of last month giving you the short and comprehensive version of what they then expected to be in EHAP.

These developments are important for the medical devices industry, for several reasons. First, more and more medical devices are standalone software and provides as service. Those are now explicitly regulated under the proposed Medical Devices Regulation and proposed In Vitro Diagnostic Devices Regulation. Secondly, more and more medical devices will connect to the internet as part of healthcare services in the internet of things. Thirdly, these devices, both software/service devices and physical ones, need degrees of interoperability to function together.

However, the EU has no direct competence to regulate healthcare or it financing. However, it has competence to regulate the internal market for medicines, medical technology and related services. Therefore, it must resort to regulating the conditions for eHealth services by removing barriers and creating conditions for the uptake, for example by means of the eHealth infrastructure established under article 14 of the Cross Border Patient Rights Directive. Indeed, access to and the conditions under which citizens can receive eHealth services differ wildly between member states. Denmark, for example, is the eHealth champion of Europe while other countries lag far behind.

The goal of the EHAP is

“to improve healthcare for the benefit of patients, give patients more control of their care and bring down costs. While patients and health professionals are enthusiastically using telehealth solutions and millions of Europeans have downloaded smartphone apps to keep track of their health and wellbeing, digital healthcare has yet to reap its great potential to improve healthcare and generate efficiency savings.”

To put this into perspective Commission Vice President for the Digital Agenda Neelie Kroes said at the EHAP launch: “Europe’s healthcare systems aren’t yet broken, but the cracks are beginning to show. It’s time to give this 20th Century model a health check. The new European eHealth Action Plan sets out how we can bring digital benefits to healthcare, and lift the barriers to smarter, safer, patient-centred health services.”

At the same time, the newly appointed Commissioner for Health and Consumer Policy, Tonio Borg, added: “eHealth solutions can deliver high quality, patient-centric, healthcare to our citizens. eHealth brings healthcare closer to people and improves health systems’ efficiency. Today’s Action Plan will help turn the eHealth potential into better care for our citizens. The eHealth Network under the Cross-Border Healthcare Directive channels our joint commitment to find interoperable solutions at EU level.”

With this in mind we would not be exaggerating if we paraphrase as follows: the EU’s healthcare systems are skirting the abyss but eHealth can save the day, if only the Member States can cooperate under the EU’s banner. This, of course is where all the trouble starts for lack of competence of the EU to regulate healthcare directly. Responsibility to define the way to organise and deliver health services and medical care lies within the Member States. In several other areas supporting action from the Commission would be possible, notably under Articles 168, 173, 179 or 114 TFUE (Treaty on Functioning of the EU). As a result you get an EU that harbors absolute eHealth champs like Denmark and absolute laggards. And nobody can agree on joint standards because there aren’t any mandatory ones. Denmark has now put its money on the Continua standards for interoperability of devices, which I think is a very good sign. They have actually issued the first tender for Continua compliant telemedicine services.

The Commission Staff Working Document on Telemedicine that is part of the EHAP package does a great job of summarising the legal and regulatory questions for a typical cross border eHealth service:

Licensing: Does the telemedicine provider also need to be licensed/registered in the Member State of the patient? –  this is harmonised to an extent by the Cross Border Patient Rights Directive that imposes home country control for the service (just like the e-commerce directive does). As eHealth services are sold online more and more, I expect that there will be more friction between the e-Commerce directive and national law, as you can read in my post about the Ker-Optika case. The Ker-Optika judgement has also found its way into the Commission’s recent thinking about telemedince set out in the Staff Working Paper on Telemedicine. The Commission, in order to maximise potential reliance on the Ker-Optika theory of free movement of information society services, states that

“It is important to underline that telemedicine is not a new medical act and does not intend to replace traditional methods of care delivery, such as face-to-face consultations. It rather represents an innovative way of providing health and care services, which, can complement and potentially increase the quality and efficiency of traditional healthcare delivery.”

I am not sure if this theory can be maintained in all scenarios, as it would seem to be based on a concept of telemedicine as monitoring of an already diagnosed disease. However, in practice telemedicine is capable of much more as it becomes more and more autonomous, like new diagnosis and subsequent automatic follow-up. This would mean that the last medical act by a human operator might actually be the prescription or recommendation of a particular expert or clinical decision support system, as already happens with apps that tell people what dose of a medicinal product to take and that are recommended by a physician.

Data Protection: What are the conditions for the legitimate processing of personal data related to health? Processing of data concerning health is harmonised under the Data Protection Directive which provides for regulatory one-stop-shopping but does not provide for full harmonization. However, as the Article 29 Working Party’s opinion on epSOS shows, things get really complex very quickly and it is very difficult to set up a eHealth services structure that stands up to scrutiny. And then the Data Protection Directive is currently being replaced by something a lot more stricter in the field of health data, the General Data Protection Regulation.

Reimbursement: Will the cross-border telemedicine service be reimbursed? This is where things get really complex as Regulation (EC) No 883/2004 on the coordination of social security systems is not applicable to telemedicine services because it expressly requires the physical presence of the patient in the Member State of treatment (the one of the healthcare provider). This means you have to fall back the Directive on the application of patients’ rights in cross-border healthcare that sets as a general rule that the Member State of affiliation shall ensure that the costs incurred by any insured person receiving cross-border healthcare are reimbursed, if the healthcare in question is among the benefits to which the insured person is entitled in the Member State of affiliation. Of course the question is if cross-border healthcare is among the things reimbursed in the patient’s member state. And – although there are some conditions – Member States may still require prior permission.

Liability: What is the liability regime applicable in case damage arises? Again, difficult as EU harmonises product liability, it does not harmonise professional liability for medical treatment and member states even diverge in how they treat professional liability for malfunctioning devices used for provision of medical services. Furthermore, as I have recently researched, Member States tend to think quite differently about whether software is a ‘product’ in the meaning of the product liability directive.

Relevant jurisdiction and applicable law in case of damage: What are the relevant jurisdiction and the law applicable in case damage arises? Well, as the case study on this point in the Staff Working Document on Telemedicine shows, things can get very complex even though EU law harmonises jurisdiction to an extent.

What will this mean for the devices sector? Promotion of interoperability all around as party line. Actually the new Medical Devices Regulation proposal already has that modestly vectored in the new essential requirements (no 11.5, which provides that devices that are intended to be operated together with other devices or products shall be designed and manufactured in such as way that the interoperability is reliable and safe). Now that the Commission proposes to be able to change the essential requirements by delegated act (convenient) or issue Common Technical Specification by implementing act, the Commission has the tools to force interoperability from a safety policy perspective. You can expect tenders for devices enabling eHealth to include interoperability requirements, because these systems are useless if they can’t scale and interoperate. The Commission is further planning to issue (see the roadmap):

• Guidance on how to apply EU data protection law in the area of health data (following adoption of the General Data Protection Regulation – this may take a while with the potential watering down and the financial industry, Facebook, Google and their friends ganging up on the Commission to come to a friendlier proposal); and
• A Green Paper on Legal Framework applicable to Health & Wellbeing Apps by 2014 (given my earlier question on whether these are ‘medical’ further to the EU court’s recent judgment this would be highly relevant, because the FDA may regulate such apps but still hasn’t decided while in the EU it’s a medical device or not)

And the Commission will continue the international harmonisation efforts under the Memorandum of Understanding with the US on eHealth on interoperable eHealth systems and ICT skills. Remember that international harmonisation is one of the explicit goals under the proposals for the Medical Devices Regulation and the In Vitro Diagnostic Devices Regulation, and that the EU and US are in the IMDRF (former GHTF) together.

So, we aren’t there yet. As the SWP on Telemedicine concludes:

This Staff Working Paper underlines the importance of legal clarity in cultivating trust and acceptability of telemedicine. Furthermore, it is intended to serve as guidance to Member States, raising awareness on what telemedicine is and what they are committing to when they adopt it as a type of medical act, or reimbursable health service.

Finally, this paper shall serve as a starting point for discussion with Member States on the opportunity to tackle at EU level remaining legal uncertainties created by divergent national regimes such as the issue of medical liability.

That’s exactly what this is: the start of the discussion about an opportunity. Rome wasn’t built in a day either but if the EU – and most importantly the Member States – really want to leverage Moore’s law into eHealth, all involved will need to up their game (except Denmark) and start acting more like Denmark to the 27th power. At least we have such a good blueprint available, now we just have roll it out to other member states and be ready to not re-invent the wheel.

There is also a lot more to say about the subject, so this post is by no means comprehensive. It’s just a start!