Digital Health Laws And Regulations 2022

• Published date: 04 March 2022
• Subject Matter: Intellectual Property, Food, Drugs, Healthcare, Life Sciences, Privacy, Data Protection, Patent, Biotechnology & Nanotechnology
• Law Firm: Arthur Cox
• Author: Mr Colin Kavanagh, Colin Rooney, Bridget McGrath and Caoimhe Stafford

1. Digital Health

1.1 What is the general definition of 'digital health' in your jurisdiction?

There is no definition of 'digital health' in Irish legislation. Digital health is generally accepted as referring to standalone software, health technologies and apps used in the healthcare sector, or those used in combination with other products.

1.2 What are the key emerging digital health technologies in your jurisdiction?

Some of the key emerging technologies are as follows:

1. Telemedicine - the delivery of healthcare by registered healthcare practitioners to patients using online platforms or health apps
2. Artificial Intelligence (AI) - the use of advanced computer technologies, predictive analysis and machine learning is ever-increasing in the life sciences and healthcare sectors.
3. Health Apps - apps hosted on connected wearables and mobile devices which aim to monitor and improve health/wellbeing.

1.3 What are the core legal issues in digital health for your jurisdiction?

Some of the core legal issues in healthcare are as follows:

1. Product Classification - the convergence of medical devices, medicinal products and software requires that product classification is carefully considered to ensure regulatory compliance.
2. Data Protection and Cybersecurity - patient data must be collected and handled in compliance with data protection law.
3. Product Safety - in order to ensure patient safety, all products must comply with applicable product safety legislation.

1.4 What is the digital health market size for your jurisdiction?

Although this is difficult to quantify in the Irish context, based on Ireland's significant presence in the life sciences, technology and social media sectors, the ever-evolving digital health market in Ireland is on track to hold a significant share of the estimated $100 billion global digital health market.

1.5 What are the five largest (by revenue) digital health companies in your jurisdiction?

This information is not currently available.

2. Regulatory

2.1 What are the core healthcare regulatory schemes related to digital health in your jurisdiction?

1. Healthcare Framework

The Health Act 1970 (as amended) sets out the statutory basis for the structure of the national healthcare system. The Department of Health determines healthcare policy and expenditure. This is implemented by the national health provider, the Health Service Executive (HSE). The Health Information and Quality Authority (HIQA) is a statutory body responsible for regulating and accrediting public hospitals, implementing quality assurance programmes, and evaluating the clinical and cost effectiveness of health technologies.

2. Healthcare Professionals

Healthcare professionals are regulated as follows:

• The Medical Practitioners Act 2007 - registered medical practitioners.
• The Nurses and Midwives Act 2011 - nurses and midwives.
• The Pharmacy Act 2007 - pharmacists and pharmaceutical assistants.
• The Health and Social Care Professionals Act 2005 - includes, amongst others, occupational therapists, speech and language therapists and social workers.

3. Medical Devices

Directive 93/42/EEC concerning medical devices and Directive 90/385/EEC on active implantable medical devices were entirely replaced by Regulation (EU) 2017/745 on medical devices (MDR) on 26 May 2021, however, certain transitional provisions apply to certain devices (Medical Device Legislation).

The Health Products Regulatory Authority (HPRA) is the Competent Authority responsible for regulating medical devices. The National Standards Authority of Ireland (NSAI) is the Notified Body designated by the HPRA to carry out conformity assessment procedures to ensure compliance with Medical Device Legislation.

4. Medicinal Products

The regulatory framework for pharmaceuticals is based on Directive 2001/83/EC on the Community code relating to medicinal products for human use (as amended). This was implemented by the Irish Medicines Board Act 1995 (as amended) and domestic regulations. The HPRA is the medicines regulator.

5. Telemedicine

There is no legislation specifically regulating telemedicine in Ireland. However, the current Medical Council Guide to Professional Conduct and Ethics for Registered Medical Practitioners states that telemedicine services can be provided, subject to:

• strong security measures;
• patients providing their consent to:
• the consultation being conducted through telemedicine;
• any treatment provided;
• information policies being clear to users;
• services being safe and suitable for patients;
• the patient's general practitioner being informed of the consultation; and
• intra-jurisdictional transfers of personal patient information complying with data protection principles.

Further, healthcare providers of telemedicine services to patients within Ireland must be registered with the Medical Council. Derogations from the Medical Council Guide may constitute a breach of professional duty by medical doctors.

2.2 What other core regulatory schemes (e.g., data privacy, anti-kickback, national security, etc.) apply to digital health in your jurisdiction?

If digital health products are classified as medical devices, the Medical Device Legislation will apply.

Directive No. 2001/95/EC on general product safety, as amended (GPSD), which is transposed into Irish law by the European Communities (General Product Safety) Regulations 2004, may apply to digital health and healthcare IT products which do not fall within the scope of Medical Device Legislation. The Consumer Protection Act 2007, which gives effect to Directive No. 2005/29/EC on unfair commercial practices, may also apply to digital health consumer products.

The Liability for Defective Products Act 1991 (LDPA) implements Directive No. 85/374/EEC on liability for defective products into Irish law.

The use of personal data in digital health technologies and healthcare IT is primarily regulated by the General Data Protection Regulation (GDPR) and the Data Protection Acts 1988-2018.

2.3 What regulatory schemes apply to consumer healthcare devices or software in particular?

Generally speaking, the following regulatory schemes apply to consumer healthcare devices or software:

• Medical Device Legislation (where the product is a medical device).
• Product Safety.
• Product Liability.
• Consumer Protection.
• Data Protection.
• Cybersecurity.
• Intellectual Property (IP).

2.4 What are the principal regulatory authorities charged with enforcing the regulatory schemes? What is the scope of their respective jurisdictions?

HIQA is a statutory body responsible for regulating and accrediting public hospitals, implementing quality assurance programmes, and evaluating the clinical and cost effectiveness of health technologies.

The HPRA is the Competent Authority for the regulation of health products, including medicines, medical devices and cosmetics.

The Competition and Consumer Protection Commission (CCPC) is the statutory body responsible for enforcing consumer protection and general product safety legislation.

The Data Protection Commission (DPC) is the Irish supervisory authority for the purposes of the GDPR.

The NSAI is Ireland's official standards body that creates, maintains, promotes and issues accredited certification of products, services and organisations with recognised standards.

The Department of Health is the government department tasked with the delivery of policies for the health sector.

The Medical Council is the regulatory body of medical doctors in Ireland and maintains the Register of Medical Practitioners.

2.5 What are the key areas of enforcement when it comes to digital health?

The delivery of digital health. All registered medical practitioners must be appropriately registered with the Medical Council of Ireland and operating in compliance with applicable legislation and ethical standards.

Patient safety is of paramount importance in the delivery of appropriate healthcare. Accordingly, product safety and liability are key enforcement areas for the HPRA and CCPC.

Privacy and security are also key enforcement areas in terms of healthcare IT. The DPC has wide-ranging powers, and can impose substantial sanctions for breaches of the GDPR. Further, data subjects have the right to bring actions for material and...