François Maartens Heynike, partner at the international law firm Ashurst, explains in an interview who can be held legally responsible if the app on prescription or the AI therapy does not work.
From online consultation hours to AI-based therapies to prescription apps: if the plans of the Federal Ministry of Health go according to plan, all of this should soon be part of Germany’s medical range – as far as the theory goes. With the Digital Supply Act, which came into force in December 2019, the project is now to be put into practice. Then there is the corona pandemic, which has given the digitization of our health system a real boost. But with all the enthusiasm, one question remains: Who is actually liable if something goes wrong with a digital healing method? Together with François Maartens Heynike, partner at the international law firm Ashurst, we got to the bottom of this question. He specializes in all legal aspects relating to IP and IT, new technologies and data protection and increasingly supports his clients in long-term and strategic partnerships for the implementation of their digitization projects and therefore knows exactly what is legally important when introducing digital medical care across the board. Mr. Heynike, do you think digital healing methods will soon be part of everyday life?
Partly definitely. Health related apps – Fitness tracker or calorie counter for example – are already widespread. The digital patient file is also quite common in its simple form. In my opinion, however, it will take a while before the existing technical possibilities are widely used. On the one hand, there is still insufficient infrastructure and the necessary networking to achieve comprehensive market penetration and corresponding further development, and on the other hand, high investment costs can be expected for those involved, especially with regard to secure and modern IT security.
And what about the legal framework? In your opinion, have they already been sufficiently clarified and is everything important in the Digital Supply Act?
The digital supply law is a first big step. With the promotion of the IT infrastructure, major hurdles are overcome. The continuation of the innovation fund and the promotion of the digitalization of administration in the health sector (for example the e-prescription) are also going in the right direction. However, it will be important to continuously adapt the legal framework to the rapid technical developments.
At what point has there been a problem so far that Germany is lagging behind when it comes to digital healing methods?
There was hardly any networking between the various service providers and many processes in the healthcare system, including, for example, prescriptions and referrals, are still designed purely analogously. Media breaks between the various service providers are standard. Even the simple digital patient file could only be used by a few doctors, hospitals or other parties involved. In addition, new offers such as telemedicine often had to overcome a lot of resistance or legal hurdles. All of this led to sluggish acceptance and slow data acquisition and, of course, to reluctance to invest and slowed down development.
What must be done now to change that?
It is crucial to get as many stakeholders as possible in the healthcare system to the existing one quickly Telematics infrastructure to create the basic requirements for digital solutions. Further efforts are required from all those involved in order to open up the structures in the healthcare system to digitization. This includes, for example, the introduction of standardized interfaces and binding security standards. Precisely because of the strong cost pressure in the healthcare system, the legislature should also provide support in this regard in order to create the conditions for further developments as efficiently as possible.
Is an app or a therapy procedure created by AI subject to the same legal provisions as traditional remedies?
Video: Amazing data: Much less cancer through HPV vaccination (inFranken.de)
Medical apps that will be taken over by health insurers in accordance with the Digital Supply Act in the future should not be classified as medicinal products, but as digital health applications or as medical products of risk class I or IIa (low-risk area / non-medical digital health application). Therefore, the apps should go through a simplified approval process. Such medical apps will only include applications that are not purely a lifestyle product (e.g. fitness apps, step or calorie counters), but are aimed at patients, relatives or healers and are intended to facilitate treatment or help cope with the disease . This means, among other things, symptom diaries or reference works on dosage or possible interactions. According to the EU Medical Device Regulation, this will also include apps that independently provide a forecast.
The approval and the requirements that such a digital health application must meet as a medical product are regulated in the new Digital Health Application Ordinance. This includes security, quality, data protection and data security, but also requirements for proving the necessary positive supply effects and so on.
Even if it is technically possible to plan or recommend therapies using an AI, this will not be the area of application of the current medical apps. The corresponding responsibility and decision-making authority still rests with the doctor and the patient.
One hears again and again of medical failure or medical botch-up. Is there, from a legal point of view, such a thing as a “digital failure”?
No technical process is absolutely flawless. Even after going through the approval process, including checking for security, functionality and quality, it cannot be guaranteed that an app will work properly and always fulfill its purpose. From a legal point of view, the decisive factor is whether this malfunction falls within the specific area of responsibility of a participant. This can be, for example, an application error on the part of the patient, but also a faulty explanation by the treating doctor or an insufficient check for malware by the developer.
Who is liable if something goes wrong with the digital healing method?
Apps as “medicine” will raise a multitude of new questions of liability in the future, especially if apps give independent recommendations or forecasts. Until then, as with other medical products, liability on the part of the manufacturer or developer and the doctor is conceivable. The doctor’s liability comes into play with regard to inadequate information about possible risks, since the patient must be fully informed about the risks of new methods such as apps. However, liability on the part of the doctor in the event of a malfunction of the app is rather remote, as a doctor cannot expect such an unknown malfunction. The doctor cannot be blamed for fault in such cases. If, for example, the strict safety requirements for medical products were not observed during development, the manufacturer can be at fault and therefore liable. Liability is also conceivable if the app has not been adequately tested or defects have been overlooked through gross negligence.
To avoid this: What do doctors have to consider, for example, with the “App on prescription”?
As with any other medical device, it is important that the prescribing doctor first deals with the product and the exact application in order to use the apps in a targeted manner and to ensure that the app is suitable and safe for the intended purpose. For this purpose, the app developers often offer extensive information such as instructions for use, checklists, purpose specification and other assistance. The health insurance companies can also provide further information on the practical use of the app. Using this information, the patient can be informed accordingly about possible risks. The use and results of the apps should also be checked for plausibility, especially at the beginning of the test phase. Basically, of course, it is also important to ensure that the patient does not have any problems using the app and is sufficiently safe with the operation.
And is there something that patients must also observe from a legal point of view?
What potential do you see in digital alternatives in the long term? Will they have a similar status in medicine in the future or will they even establish themselves in comparison to traditional healing methods? Or what has to happen so that this can actually become a reality?
The potential is huge, especially medicine based on data and experience can benefit enormously from digitization. The automatic and lightning-fast analysis of immense amounts of data in combination with AI-supported processes are irreplaceable, especially in the field of research. Digitization will support and complement the existing healthcare system rather than replace it. There may be areas in which purely digital products appear as an alternative to the previous systems, but there are still some legal hurdles to be overcome, such as liability for independent treatment recommendations through software.
In the future, it will be important that the data exchange between the various systems does not lead to any detrimental media disruptions. Therefore, efforts should be made to ensure that open and standardized interfaces are used and promoted. For research, it will be essential to be able to use the data obtained as quickly as possible. Here, the existing conditions should be further expanded and promoted, in particular to enable an anonymous exchange between health insurance companies and research. In the area of social data protection in particular, we need clear rules and specifications for the use and transfer of relevant data. In order to achieve a high level of acceptance both in the medical profession and among patients, we also need binding IT security standards and must support and promote the medical profession in implementing them accordingly.
For further reading: