INTRODUCTION Contributed by: Sarah-Jane Dobson and Katrin Ruhl, Ashurst
ple, within the EU, the framework is only par- tially harmonised, with regulations such as the In Vitro Diagnostic Medical Devices Regulation (EU) 2017/746 (IVDR) and the Medical Device Regulation (EU) 2017/745 (MDR) providing some level of consistency in respect of the regulatory framework. Key regulatory frameworks generally include requirements for healthcare providers, cost coverage by health insurers, data protec- tion laws, and health data and technology rules, such as HIPAA and HITECH in the United States. Policymakers and lawmakers strive to stay up to date with technological developments and to set up working groups for specific topics. Busi- ness lobby groups also play a significant role in influencing the development of new guidelines, regulations and liability laws. The regulatory (and liability) framework is critical in supporting or hindering digital innovation hubs and the role of domestic enterprises in the global market. The basis for the development of new guidelines or regulatory laws often starts with regulatory sand- boxes and pilot projects. In addition to the usual purpose of ensuring safety and regulatory compliance, adherence to technical standards in the field of digital health particularly addresses unique issues of interop- erability that are increasingly prevalent (with the use of connected devices being on the rise). On the other hand, the rapid technological develop- ments in digital health may not yet be captured by existing technical standards. Instead, they provide the opportunity to set new ones. Issue-specific legal framework Software as a Medical Device (SaMD) is regu- lated in several jurisdictions, under frameworks such as the EU’s MDR and IVDR, Australia’s Therapeutic Goods Act, the US FDA’s guidelines and South Korea’s Digital Medical Products Act
(DMPA), all of which establish specific require- ments for the classification, approval and moni- toring of SaMD, fitting alongside broader digital healthcare regulations to ensure safety, efficacy and compliance. Self-care, wellness and fitness IT products These include IoT and wearables, and have seen rapid growth; they are intended to encourage and monitor health and wellbeing. Nonetheless, there is usually no applicable specific regulato- ry framework, and manufacturers will generally seek to produce products that do not fall under the classification of medical devices. However, the distinction between wellness/healthcare products and medical devices can be very diffi- cult to discern and fluid in nature, potentially trig- gering conformity assessment and label require- ments (eg, CE marking) for products ostensibly intended to be wellness/healthcare products. Cybersecurity and data protection These issues are critical to digital healthcare due to the high sensitivity of collected data (health data in particular). Data protections laws all over the world address related risks for individuals by demanding high protection standards. The approach varies by legislation. Comprehensive models, as the General Data Protection Regula- tion (GDPR) in Europe, provide data protection rules for all personal data, with a particularly high level of protection for health data. Secto- ral approaches, such as in the USA, provide sector-specific data protection. This includes, for example, HIPAA and particular cybersecu- rity regulatory frameworks being introduced in several jurisdictions (eg, the NIS2 Directive and Cyber Resilience Act in the EU).
7
CHAMBERS.COM
Powered by FlippingBook