UK Law and Practice Contributed by: Amélie Chollet, Hannah Curtis and David Dennis, CMS
3.2 Non-Healthcare Regulatory Bodies Certain aspects of digital healthcare fall within the remit of non-healthcare regulatory bodies, primarily due to the cross-sectoral nature of digi- tal health technologies: The Information Commissioner’s Office (ICO) The ICO regulates data protection and privacy, which is highly relevant to digital health apps and telemedicine services that process personal and health data. The UK GDPR, Data Protection Act 2018, and the Privacy and Electronic Commu- nications Regulations (PECR) all apply. Personal health data is “special category” data under the UK GDPR/DPA 2018, so the ICO enforces strict privacy and security requirements. Advertising Standards (ASA/CAP Code) The UK Advertising Standards Authority (ASA) enforces the CAP Code for all marketing. Health and medical claims made by digital health apps, devices or services must be truthful, evidence- based and approved. Advertisements for unli- censed medicines or treatments to consumers are prohibited, whether online or offline. Competition and Consumer Regulation The Competition and Markets Authority (CMA) and local Trading Standards can apply general competition and consumer law to digital health. For example, the CMA’s unfair commercial prac- tices provisions (now updated by the 2024 Digi- tal Markets, Competition and Consumers Act) underpin consumer protection rules enforced by the ASA. Digital health companies must also comply with consumer legislation (eg, the Con- sumer Rights Act 2015) when contracting with patients or buyers (contracts with consumers). General Pharmaceutical Council (GPhC) For digital health services involving the provi- sion of pharmacy services or remote prescribing,
The General Medical Council (GMC) The GMC regulates individual medical practition- ers, ensuring that doctors (including those utilis- ing digital health and telemedicine) are appro- priately qualified, fit to practise, and adhere to professional standards such as “Good Medical Practice”. The Care Quality Commission (CQC) In England, the CQC registers and inspects healthcare and social care providers, including providers of telehealth/telemedicine services, when they provide regulated activities such as remote triage and medical advice. The CQC has powers to grant or withdraw registration and to inspect services, and can enforce conditions or sanctions. Healthcare Inspectorate Wales (HIW) HIW is the independent inspectorate and regula- tor of healthcare in Wales, including oversight of independent medical agencies providing digital health services. Healthcare Improvement Scotland (HIS) HIS regulates and inspects health and social care facilities in Scotland, including independ- ent healthcare services that may involve digital healthcare provision. The Regulation and Quality Improvement Authority (RQIA) The RQIA is responsible for inspecting registered health and social care services in NI, including independent medical agencies providing digital
health services. Other Agencies
Agencies such as NICE do not “regulate” like the above bodies, but they provide evidence stand- ards (eg, NICE’s digital health framework) and NHS bodies develop digital policies.
132 CHAMBERS.COM
Powered by FlippingBook