Insights on United4Health Regulatory Framework

Trends & Updates

Wed. 15 April 2015

conHIT, Berlin (Germany)

Nicole Denjoy

COCIR Secretary General

page 2

Global landscape Proliferation of initiatives, lack of harmonisation compared to the fast

development of technologies

FDA guidance on mobile medical apps

Towards Global Harmonisation

- EU Medical Devices Directive

-EU guidelines on standalone software (+ national initiatives) -EU data protection Directive

-Under discussions: -EU Medical Device Regulation -EU General Data Protection Regulation -Green Paper on mHealth - consultation

EU

page 3

EU political agenda on eHealth

2004 2007 2008 2010 2012 2009 2011 2013 2014

page 4

page 5

Green paper on mHealth

1. The Green Paper:

– https://ec.europa.eu/digital-agenda/en/public-consultation-green-paper-mobile-health

– Launched on 10 April 2014 is a wide public consultation to collect ideas to unlock mHealth potential in Europe .

– Consultation will close on 3 July 2014

2. This consultation is accompanied with a Staff Working Document which clarifies the current legal framework applicable to lifestyle and wellbeing apps

page 6

2. Staff Working Paper - Structure

• Introduction

• EU Safety and performance requirements

• App Users’ Rights

–Right to privacy and to data protection

–Other rights

• Consumers’ Rights Dirctive

• Rights enshrined in eCommerce Directive

• Rights enshrined in unfair commercial practice Directive

Most Important One

page 7

2. Important References

1. Medical Device Directive 93/42 & 47/2007

If mHealth apps fall under the definition of a medical devices, or of an in-vitro diagnostic medical device: they have to comply with Dir. 93/42 & 47/2007.

page 8

A-Safety & performance requirements

2. MEDDEV 2012

EC guidance to determine whether an app qualifies as a medical device (decision tree).

page 9

A-Safety & performance requirements

3. General Products Safety Directive & Directive on Liability for Defective Products

It is not clear whether these Directives apply to health apps.

page 10

A-Safety & performance requirements

Other initiatives:

• IMDRF

• Canada

• Japan

• USA

page 11

A-Safety & performance requirements

IMDRF work item « SaMD: Software As a medical Device »

Objective to achieve global regulatory convergence on medical software by determining:

1. Common key criteria whether software is a MD or not,

2. Risk stratification framework for generic types of SaMD on their unique risks

3. Corresponding controls for the different SaMD types

page 12

B – Privacy &Data Protection

• Data Protection Directive (95/46/EC)

• ePrivacy Directive (2002/58/EC)

Health data cannot be processed, with a few exceptions: •Explicit consent of data subject •Vital interest of data subject •For purposes of preventive medicine, medical diagnosis, provision of care, or the management of HC services, where these data are managed by a HC professional with a professional obligation of secrecy •Data controllers must notify dataprotection authorities before processing personal data.

page 13

B – Privacy &Data Protection

• Article 29 Working Party opinion on apps on smart devices

• Article 29 Working Party opinion on cloud computing

page 14

B – Privacy &Data Protection

Timeline

• 1995 Directive

• 2012 EC adopted Draft Regulation

• 2013 Vote in EP committee

• 2014 Vote in EP plenary

• 2015 Adoption … if Council reaches consensus

page 15

B- Privacy & Data Protection

• Draft regulation intends to regulate how to collect, store, process and share health data:

– Art 4: Any data related directy or indirectly to the patient will be considered medical data, incl. a device identifier

– Art 81: Only health professionals can access health data

– Art 33 : Important data protection impact assessment obligations

– Joint liability with data controller (healthcare provider)

• Can negatively impact the benefits of data driven healthcare

page 16

B – Privacy & Data Protection

Healthcare Coalition on Data protection informs decision-makers on the health aspects in the Regulation.

page 17

C - Standardisation initiatives

• Standards play an important role, complementing the existing regulatory framework and brining consistency

• 3 Key International Committees:

– ISO TC 210

– ISO TC 215

– IEC TC 62

reference: IEC 62304 and 82304-1

page 18

COCIR recommendations

1. Build a supportive, predictable, and cost efficient regulatory system, to consolidate the EU’s leadership in MD innovation and maintain patients rapide acces to healthcare

2. Provide clear & simple guidance on what is a medical device

3. Promote the adoption of market-driven standards, while avoiding strict technology mandates

4. Adopt clear, workable data protection regime that allows data sharing in healthcare

5. Integrate health data from consumer/personal apps in EPRs and healthcare system

6. Strengthen IT skills in healthcare workforce

Thank you for your attention!