As the research is quite detailed, the work has been split into three parts. This first part aims to answer the question of what regulations affect the development, sale and usage of health-related apps and, in particular, when an app is a medical device. Note however that even when a health-related app is not a medical device, important regulations still apply. I would stress that this is only an overview and I am not a lawyer – readers should consult their legal advisor before relying on any of the following.
Health-related apps are currently covered by three separate sets of regulation:
• The Medical Devices Directive 93/42EC (“MDD”) and In Vitro Devices Directive 98/79EC (“IVDD” – applies where a sample of bodily tissue or fluid is taken) cover the definition of what is a medical device; if it is, then these regulations further classify the class of device which in turn affects how it is assessed before it can be given a CE marking. Currently the detail of MDD/IVDD legislation varies across the EU, however it is shortly expected that an EU-wide regulation will be approved by the EU Parliament/Council of Ministers to harmonise the law across all EU member states. Type Approvals are not listed today across an EU wide database or in a single directory. DG Sanco leads on these matters.
• The Data Protection Directive 95/46EC, expected now in 2015 to become an EU-wide regulation for the same reason. The directive places significant restrictions on the storage and use of personal data, including health data. Current versions of the draft regulation strengthen these further. DG Justice leads on these matters.
• EU consumer protection legislation, notably the Misleading & Comparative Advertising Directive 2006/114EC, requires that any product or service making a health or wellbeing claim must be able to support that claim with good evidence. DG Justice leads on these matters.
Finally it is worth mentioning the EU R&TTE Directive which originally covered various aspects of hardware that use radio waves. However as smartphones, peripherals using Bluetooth, wireless sensors and such like have increasingly complex embedded software there is obvious potential for overlap with the above. The principal concern of the directive is to minimise interference for legitimate users. It is in the process ofbeing revised to reflect the vast increase in radio device usage since it was established in 1999. DG Enterprise and Industry leads on this.
So what is a medical device?
Whilst the precise definition of a medical device could cover many pages and is very much the province of an expert legal advisor, it is perhaps just worth rehearsing that Article 1 (2) of the MDD defines a Medical Device as:
“…means any instrument, apparatus, appliance, software, material or other article, whether used alone or in combination, including the software intended by its manufacturer to be used specifically for diagnostic and/or therapeutic purposes and necessary for its proper application, intended by the manufacturer to be used for human beings for the purpose of:
• diagnosis, prevention, monitoring, treatment or alleviation of disease,
• diagnosis, monitoring, treatment, alleviation of or compensation for an injury or handicap,
• investigation, replacement or modification of the anatomy or of a physiological process,
• control of conception,
…and which does not achieve its principal intended action in or on the human body by pharmacological, immunological or metabolic means, but which may be assisted in its function by such means;”
Health-related apps are considered to be standalone software that can be covered by the above if they meet the definition; more detail on whether an app is a medical device is given by the EU’s Medical Devices Expert Group in MEDEV 2.1/6 on Standalone Software.
There is also much more detail available, particularly on issues like whether the app is an accessory, and/or an active medical device, which affect which risk class (I being the lowest, progressing through IIa & IIb to III, the highest) the device fall into. Risk class in turn affects the degree of scrutiny before a CE mark can be applied.
Clearly a sense of proportion is important as the vast majority of fitness and wellbeing apps do not fall within the definition of medical device. However it is important that those that do are recognised and treated as such.
As mentioned earlier, it is important also to recognise that even if a health-related app is not a medical device, both the EU’s data privacy and consumer protection legislation still apply.
I would particularly like to thank Julian Hitchcock of Lawford Davies Denoon whose wealth of kind advice I have attempted to summarise.
– Charles Lowe
Next: 2. The Challenges