UK Law and Practice Contributed by: Amélie Chollet, Hannah Curtis and David Dennis, CMS
4.3 Defences There is no absolute immunity from the liability discussed previously, but several methods can be taken to mitigate potential exposure. Defenc- es and mechanisms to mitigate liability include the following. Compliance With Regulatory Standards Demonstrating adherence to applicable regula- tory requirements and standards can provide a defence or mitigate liability. For example, using a UKCA/CE‑marked medical device approved by the MHRA, and following all MHRA guidelines, strengthens the defence in a product liability or negligence case. Statutory Defences Under the CPA These include that: • the defect is due to compliance with legal requirements; • the product was not supplied in the course of business; • the defect did not exist at the time of supply; or • the state of scientific knowledge at the time did not allow the defect to be discovered. Contribution Claims If a healthcare professional is found liable due to reliance on defective software, they may seek contribution from the software producer. Contractual Limitations Where permitted, contractual terms may limit or exclude certain liabilities, subject to statutory controls. Data Safeguards Risk can be mitigated by implementing strong data protection measures (encryption, access controls, privacy impact assessments, multi-fac-
Statutory Product Liability Many liabilities are covered by statute. For defec- tive devices, the Consumer Protection Act 1987 implements the EU Product Liability Directive, imposing strict liability on producers. The MDR (GB) (via the MMD Act 2021) creates offences for marketing non-compliant devices (enforced by the MHRA) and enables notice powers. The MHRA in NI investigates similar offences under the EU MDR and has the same enforcement powers as included in the MMD Act 2021. The DPA 2018 (and the UK GDPR) provides reg- ulatory penalties and a right of action for data breaches. The Health and Social Care Act 2008 (Regulated Activities) Regulations 2014 include criminal offences (eg, Regulation 12 on safety) enforceable by the CQC. The Pharmacy Order and Medicines Act constrain online prescribing and advertising. Consumer protection laws (the Consumer Rights Act 2015, Unfair Terms, Digi- tal Content Regulations) give statutory rights to individuals using digital health products. Negligence Common law tort principles apply where harm results from a breach of duty of care, including by healthcare professionals or software devel- opers. Contract Law Where a direct contract exists with the user (eg, patient’s subscription terms, or a healthcare organisation’s agreement with an IT vendor), lia- bility may arise for misrepresentation or breach of express or implied terms. Regulatory Sanctions Breaches of medical device or data protection regulations can result in regulatory enforcement, including fines and criminal penalties.
135 CHAMBERS.COM
Powered by FlippingBook