The need for a homogenised global legal framework in healthtech

Francisco Javier García Pérez - lawyer (Uría Menéndez Abogados, S.L.P.), discusses the kind of legal framework that may be needed for healthtech.

The implementation of digital disruptive technologies (such as artificial intelligence and big data) to the health sector entails a transversal change in the paradigm of life sciences. The widespread use of healthtech allows a constant march towards fields that were unthinkable only a few years ago such as fully personalised medicine, using artificial intelligence in the field of medical research and, among many others, using apps to monitor patients in real life through devices such as smartphones and smartwatches. The truth is that healthtech has by many been considered a nebulous distant goal —closer to science fiction than having a tangible issue—far out in the time horizon. However, healthtech’s light-speed evolution and implementation in recent years, accompanied by the support of investors and pharmaceutical companies as well as by a surprisingly fast and natural technology adoption by the users, has confirmed that healthtech is already a reality and that it is here to stay.

In light of the patent advantages that the implementation of healthtech entails for the health sector, it is urgent that a thorough public discussion be started regarding a new regulatory framework that would afford legal certainty to all market players and that would, simultaneously, give the final boost to the digitalisation of health systems worldwide. This new global framework should come on the basis of dual-pronged strategy: (i) regulatory classification of the products; and (ii) public initiatives supporting healthtech. Such a global basic framework is essential not only under the current context of a global pandemic but also to ensure in the years to come that operators worldwide can implement their innovative solutions globally without having to face unreasonable national or regional legal barriers

Firstly, healthtech solutions are usually global in scope as they are usually easily scalable and, in many cases, are offered as SaaS solutions. The disparate regulatory frameworks worldwide (particularly in the fields of privacy and medical devices) is in many occasions an obstacle for healthtech developers whenever they seek to commercialise their products on a worldwide basis (usually entailing high clearance costs on a country-by-country basis that many companies cannot afford at their earlier stages of development thereby slowing, if not frustrating, its consolidation).

In relation to privacy, healthtech applications usually entail the processing of health data and, thus, compliance with privacy regulations is essential for any solution in this field. The great disparity of protections among countries on data protection regulation, is well known, with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (known as General Data Protection Regulation or GDPR), considered an international standard of privacy, as it represents one of the most developed regulations on this subject matter worldwide (thus, compliance with the GDPR is likely to imply compliance with other less rigorous regulations, although localisation and clearance are still required).

Another element to be consider involves the differences in the regulation of medical devices around the world. The current regulatory framework may in fact entail that a healthtech solution is classified from a regulatory perspective distinctly in each jurisdiction. This is highly important given that the classification of a programme as a medical device implies the necessity of complying with the sanitary guarantees legally imposed on such products, the placement of compulsory markings (e.g. CE marking in the case of the European Union), restrictions on their advertising and, among many other regulatory obligations, submitting the software to inspection procedures, security controls and applicable health-protection measures.

Therefore, it is essential to determine when an application can be considered as a medical device (or “software as a device”). In this regard, the entry into force of Regulation (EU) 2017/745 of the European Parliament and of the Council, of April 5, 2017, on medical devices (known as “MDR”) —initially scheduled to enter into force on May 21, 2020, but delayed until May 21, May 2021 as a result of the health crisis caused by COVID-19 by virtue of Regulation (EU) 2020/561 of the European Parliament and of the Council of April 23, 2020— will entail a shift at the regulatory level in the healthtech sector, since it is expected that we will move from a system in which it is estimated that about 80% of healthtech solutions do not require certification to a scenario in which practically any healthtech application will require it, as a result of many software solutions most likely being considered (at least) class IIa medical devices under the new regulatory framework (i.e., medical devices considered less dangerous than those that require control by the “notified bodies”).

MDR is a positive step towards homogenisation in the legal framework of healthtech at a European Union level (already homogenised by specific Directives in the field of medical devices), although there remains work to do to try to close the gap between the regulatory frameworks of the European Union, United States and other international key players in order to set common criteria that may boost the global implementation of healthtech.

Secondly, it is important to globally implement harmonised public policies supporting the development and progressive implementation of healthtech. Indeed, if there exists a global consensus that technology can both improve patients’ lives, but also generate efficiencies in healthcare systems, it seems logical that public authorities would support the implementation of these technologies. This policies range from granting public subsidies for research in the healthtech field (or similar initiatives such as generating public networking hubs or facilitating the proliferation of private hubs) to directly analysing more ambitious initiatives such as including healthtech solutions that have proven to be beneficial for health in the reimbursement system of a country or to activate national plans for the public implementation of healthtech in order to boost the efficiency of the public health sector.

Some countries have already undertaken important steps in this field, such as Germany with the Gesetz für eine bessere Versorgung durch Digitalisierung und Innovation (Digitale-Versorgung-Gesetz-DGV), and France, with LOI n° 2019-774 du 24 juillet 2019 relative à l'organisation et à la transformation du système de santé. Nevertheless, we are still far from having a global legal framework that could regulated—in a homogenised way—this global trend. This disparity in the regulation of public initiatives for the support of healthtech will most likely imply some countries lagging behind in the effective and generalised implementation of healthtech, generating significant inequalities among countries in relation to the quality and modernisation of health systems.

It would not be audacious to conclude that healthtech will be one of the leading trends in the field of life sciences over the next decade. However, the speed of its evolution will significantly depend on the applicable regulatory framework, therefore creating urgency to agree on a basic common international legal framework ensuring patients’ security as well as legal certainty for operators.