European Union: The Latest UK And EU Developments In Telehealth Regulation

It is often stated that COVID-19 and remote working have led to a boom in the development and use of virtual and digital health care.

There has certainly been much activity in the regulatory space to help provide greater oversight of this area. The following is a review of some of the key developments in the U.K. and EU in 2022 and a look ahead to 2023.

Telehealth and Digital Health Developments From a Regulatory Standpoint

The Medical Devices Regulation and In Vitro Diagnostics Regulation

According to the Medical Devices Regulation¹ and In Vitro Diagnostics Regulation,² software used for a medical purpose, such as diagnosing or predicting a disease, is classified as a medical device.

However, software classification is fraught with practical challenges because it may not be immediately apparent how the legal parameters apply in the virtual environment.

The functions of the software must be reviewed considering the guidance on software qualification and classification³ to determine whether a medical purpose exists.

In May, the In Vitro Diagnostics Regulation, which includes software within its remit, became applicable. However, many software medical device regulations do not yet meet the new requirements.

Amending regulations were published in January that extended the transitional provisions for certain products to give them more time to meet the new standards.

In addition, further measures were proposed this month for both the Medical Devices Regulation and the In Vitro Diagnostics Regulation, due to the huge potential impact on patients and industry of devices not meeting the current deadlines.

These should be put in place early in 2023. The hope is that these extended deadlines will provide more time for companies to ensure compliance with the new rules.

Use of Artificial Intelligence

Across the U.K. and EU, several initiatives are being developed to encourage the development of AI-enabled medical technologies and increase confidence in their use. For example:

• The European Commission published a report on "Artificial Intelligence in Healthcare" in 2021, which provides an overview of national strategies and lack of policies for AI in health care.
• The U.S. Food and Drug Administration, Health Canada and U.K. Medicines and Healthcare Products Regulatory Agency published "Good Machine Learning Practice for Medical Device Development: Guiding Principles" in 2021 to help standardize principles across the regions.
• The G7 collaborated on the international principles for the evaluation, development and deployment of AI medical devices.
• The U.K.'s National Health Service AI Lab launched its National Strategy for AI in Health and Social Care to support the development of AI-driven technologies.⁴

Currently, there are limited concrete legislative provisions in place, and companies must navigate the various schemes in each country. Authorities are aiming to introduce more concrete frameworks in 2023.

Telehealth

The regulation of telehealth throughout the EU depends on national legislation, so it varies considerably. Overall, the regulation of telehealth is not well developed.

For example, in the U.K. there are currently no laws specifically addressing telehealth, so these services are regulated in the same way as face-to-face services.

It is likely that new policies and initiatives will be developed in 2023. For example, in November, the World Health Organization issued a consolidated guide on the key steps and considerations for implementing telemedicine.⁵

Developments Affecting Physicians and Delivery of Health Care

Virtual Interactions With Health Care Professionals

This year, recognizing that some congresses now have both in-person and virtual elements, the European Federation of Pharmaceutical Industries and Associations published guidance on virtual and hybrid international medical congresses.

The guidance advises that companies should clearly identify the product label to which promotional materials refer and ensure a process is in place to confirm participants' status as health care professionals.

The federation has also published guidance to assist member companies with using social media and digital channels. The guidance advises companies to review and monitor their social media activities, consider when digital opinion leaders are used and train employees on responsible conduct. Guidance from U.K. authorities is expected to be published shortly

Reimbursement of Digital Technologies

To address the limited way in which EU health care authorities are adopting software and AI applications, the Health Technology Assessment bodies in EU states are developing methods for evaluating standalone software and apps.

In October, a European taskforce⁶ on the evaluation framework for digital medical devices was launched to seek to harmonize assessment criteria in the EU.

Further, several countries have introduced fast-track pathways for the reimbursement of digital health solutions with rapid review processes, such as the Digital Health Apps scheme in Germany, and a similar one in France, which launched this year.

In the U.K., there is no national reimbursement program for digital products, but providers can incorporate software into care provision once they have met the National Institute for Health and Care Excellence evidence standards framework for digital health technologies, which was updated in August to include the evidence requirements for AI and data-driven technologies with adaptive algorithms.

Focus for Developers and Users From a Data Protection Standpoint

Guidance Under the General Data Protection Regulation

Software technologies raise important data protection implications, given the large amount of data collected and processed. The relationship between AI and data protection at EU-level was included in the European Data Protection Board's Work Program for 2022, although guidance has not yet been published.

However, data protection authorities around the EU continue to publish guidance in this area. For example, a GDPR compliance guide and self-assessment tool for AI systems was published in France in September.

Similarly, the U.K. Information Commissioner's Office published guidance in October on the relationship between AI and data protection. The guidance includes data protection principles for AI systems and emphasizes that data protection should be considered at the design stage of an AI project.

The European Health Data Space

In May, the EC published a proposal for a regulation for the European Health Data Space to regulate and facilitate electronic health data access and sharing across the EU.⁷

The two main objectives of the data space are to enable individuals to easily access and control their electronic health data and allow researchers, innovators and policymakers to use electronic health data in a lawful, legitimate, trusted and secure manner.

As the proposal touches upon sensitive areas of the EU member states' health care systems, these negotiations have been challenging. For example, the European Data Protection Board and the European Data Protection Supervisor have noted several potential GDPR issues with the health data space, and have made suggestions to clarify the interplay with existing data protection laws.

What Legislative Changes Are on the Horizon?

The Regulation of AI

The European Commission proposed an AI Act in April 2021⁶ that will cover all uses of AI and does not currently distinguish between technologies already regulated by other relevant sector-specific legislation, such as medical devices. Negotiations are ongoing between the European Parliament, the European Council and key stakeholders.

Earlier this month, the Council of the EU adopted a common position on the text. The Parliament is scheduled to vote on the draft by March 2023.

The AI Act has a risk-proportionate approach, categorizing four levels:

• No or minimal risk;
• Limited risk;
• High risk; and
• Unacceptable risk.

Medical devices will likely be classed as high risk and would therefore be subject to risk assessment, mitigation and appropriate human oversight. There is therefore a concern that the AI Act may require extensive evaluation and certification, over and above the requirements in the Medical Devices and In Vitro Diagnostics Regulations.

Additionally, in September, a joint industry statement was published by a coalition of 12 European trade bodies calling for an alignment of the proposed AI Act with existing, sector-specific product safety legislation, such as for medical devices.

The coalition points out that the proposal significantly risks over-regulating the medical device industry. If not addressed adequately, the duplicative requirements could limit a wide range of products and technologies accessing the EU market.

The most recent version of the text indicates that the EC Council is in favor of a narrower definition of AI systems, which would not capture all types of traditional software. However, medical devices do not seem to have been addressed, and the obligations on high-risk AI systems have been maintained.

The U.K. has taken a different approach. In July, the U.K. government published a policy paper on regulating AI. The government proposes establishing a pro-innovation framework of principles for regulating AI while leaving regulatory authorities' discretion over how the principles apply in their respective sectors. The U.K. government's white paper is expected to be published in 2023.

Regulation of Medical Devices in the U.K.

The EU Medical Devices Regulation does not apply in Great Britain, although it does in Northern Ireland, given the agreement reached with the European Commission postBrexit. As such, the U.K. Medicines and Healthcare Products Regulatory Agency has been considering the future U.K. regime.

In June, the agency published the U.K. government's response to the consultation on the regulatory framework for medical devices in the U.K. and its intentions for the U.K. regime.⁷

For software medical devices, the new regulations will include a new definition of software, currently proposed as a set of instructions that processes input data and creates output data.

The classification rules will be amended to include the International Medical Device Regulators Forum Software as a Medical Device classification rule, to allow for international alignment. This is likely to lead to up-classification of software, which was one of the areas where industry hoped the U.K. regime might provide more discretion compared to the EU Medical Devices Regulation.

Further essential requirements will be introduced to assure the safety and performance of software as a medical device. The Medicines and Healthcare Products Regulatory Agency does not propose to define AI as a medical device or set out specific legal requirements beyond those being considered for software as a medical device, as this would risk being overly prescriptive.

Liability for Defective Products

It has been suggested that the existing Product Liability Directive makes it too difficult for claimants to succeed in their claims, especially when products are new or technologically complex.

As a result, in September, the European Commission published two proposed directives:

• A new Product Liability Directive,⁸ which would make it easier for consumers to obtain compensation by expanding the regime's scope and alleviating the burden of proof in certain circumstances. It amends the definition of a product to include software and digital manufacturing files, such that AI systems and AI-enabled goods are within its scope. It also adds data loss and psychological harm to the types of actionable damage and alleviates the burden of proof by introducing certain rebuttable presumptions; and
• A new AI Liability Directive⁹ aims to harmonize fault-based liability rules that apply to claims beyond the scope of the Product Liability Directive. It seeks to ensure that persons claiming compensation for damage caused to them by an AI system will have a level of protection equivalent to that enjoyed by persons claiming compensation for damage caused without the involvement of AI.

It is unclear when and in what form these proposals will be finalized; they are quite contentious and may not be approved in their current form.

Footnotes

1. Regulation (EU) 2017/745.

2. Regulation (EU) 2017/746.

3. https://health.ec.europa.eu/system/files/2020- 09/md_mdcg_2019_11_guidance_qualification_classification_software_en_0.pdf.

4. https://digital-strategy.ec.europa.eu/en/library/artificial-intelligence-healthcarereport; https://assets.publishing.service.gov.uk/government/uploads/system/uploads/at tachment_data/file/1028766/GMLP_Guiding_Principles_FINAL.pdf; https://www.gov.uk/ government/publications/g7-health-track-digital-health-finalreports; https://transform.england.nhs.uk/ai-lab/ai-lab-programmes/the-nationalstrategy-for-ai-in-health-and-social-.

5. https://www.who.int/publications/i/item/9789240059184.

6. https://eithealth.eu/news-article/press-release-digital-medical-devices-launch-of-aeuropean-taskforce.

7. https://eur-lex.europa.eu/resource.html?uri=cellar:dbfd8974-cb79-11ec-b6f4- 01aa75ed71a1.0001.02/DOC_1&format=PDF.

8. https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=COM:2022:495:FIN.

9. https://ec.europa.eu/info/files/proposal-directive-adapting-non-contractual-civilliability-rules-artificial-intelligence_en.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.