Health-Apps - everything under control?

Digitalization in the Health Sector

Mobile Health-Apps make it possible - medical supervision around the clock without ever having to set foot in a doctor’s practice. Sun worshippers having the possibility to diagnose cancer early. Reading an EKG or measuring a pulse with the help of an accessory device. Diabetics optimizing their insulin dosage with a movement profile, a calorie diary and blood sugar levels measurement.

Mobile Heath-Apps are said to have a large growth potential because they provide health consumers with greater control, help with the prevention of illnesses, lead to a wider spread of health services in the population, and offer an enormous basis of comparative data while simultaneously relieving the pressure on health-care systems. The communication or dataflow, respectively, between medical personnel and patient can be facilitated without the patient having to actively contact the medical personnel. Everyone should have an interest in this development - consumers, health insurers, doctors, the state, and technology companies. However, a prerequisite for the success of Health-Apps is strengthening trust in such technology without stalling innovative capacity.

From a legal point of view, providers of Health-Apps should pay particular attention to two issues: Is the particular Health-App subject to the legislation concerning medical devices? And does the particular Health-App fulfill the requirements of the relevant data protection law?

Regulation concerning medical devices

Heath-Apps may qualify as medical devices

Pursuant to the regulations applicable to medical devices, software - and thus Health-Apps - that is meant, or that is marketed, according to the intended purpose of the manufacturer for an individual's medical use, either directly or in combination with other products, and whose main effect is not caused by a pharmaceutical, qualifies as a medical device. They serve to diagnose, prevent or treat illnesses, injuries or disabilities. Health-Apps that have no medical purpose, such as those concerning fitness and nutrition counselling, or Apps serving as an electronic reference work, are not considered medical devices.

Requirements applicable to Health-Apps that qualify as medical devices

In Switzerland, the requirements for Health-Apps that qualify as medical devices are harmonized with the technical regulations of the country's major trading partners, primarily the European Union (EU). To demonstrate conformity pursuant to the applicable Medical Device Directive (Directives 93/42/EEC, 98/79/EC or 90/385/EEC), a conformity assessment procedure demonstrating that the product meets basic requirements and fulfills the advertised efficacy must be carried out prior to the placing of the product on the market. The procedure depends on the hazard potential of the respective Health-App, which is determined by certain classification rules. Health-Apps may, depending on the intended purpose and hazard potential, belong to different medical product classes. For example, a Health-App must be tested by a conformity assessment body in case of increased hazard potential. In the case of a low hazard potential, the manufacturer can carry out the product testing and the conformity assessment procedure under its sole responsibility.

By rule, a Health-App must comply with the state of the art. The industry standard with regard to software development, software maintenance and software risk management can be found in the IEC/EN 62304 Medical Device - Software Life Cycle Processes. The manufacturer must provide all product information necessary for the safe use of the product. Prior to placing the product on the market, the requisite Declaration of Conformity must be issued. The successful completion of a conformity assessment procedure allows a (Swiss-wide) MD- or a (Europe-wide) CE-conformity mark, respectively, to be affixed to the product. On the other hand, it must be specifically noted if a Health-App is not permitted to be placed on the market as a medical product by informing consumers that the App not a medical product and is not suitable for medical purposes.

After the placement of the product on the market, in order to be able to fix any product defects and, if necessary, to recall the product, the manufacturer has the duty to maintain a vigilance procedure during the entire life cycle of the Health-App.

Supervision and responsibility

The Swiss Agency for Therapeutic Products, Swissmedic, monitors the market for medical devices either randomly or upon notification. The agency responds to notifications of nonconformity and in case of a particular hazard to the safety of patients or users. Medical personnel have a notification duty. Developers, manufacturers and importers of Health-Apps that do not carefully address compliance with the applicable regulations may face unpleasant surprises. 

Civil liability does not cease with the successful completion of a conformity assessment procedure. Depending on the basis for the claims and the circumstances, the manufacturer, importer, distributor or service providers may be held liable if damage results from the application of the Heath-Apps.

MME advises providers of Health-Apps in connection with the qualification of their Apps with regard to the medical device regulation, correspondence with the relevant authorities (Swissmedic), the contractual allocation of liability risks among the parties involved (e.g. assumption of risks in connection with recalls) and the evaluation of insurance solutions for the hedging of liability risks.

Data protection

Data security and the protection of data contained in mobile applications are of the utmost importance, particularly in the healthcare sector. Many consumers are reluctant to use these Apps and hesitate before providing the necessary consent to data processing because they fear deficiencies with regard to the protection and security of their highly confidential data. Personal health data can be processed solely with the explicit consent of the person concerned!

The concerns of the consumers are justified. Tests conducted by our partner ePrivacy in Germany have shown that many Health-Apps do not satisfy the requirements regarding the security and protection of user data. All tested Apps disclosed personal, highly confidential data such as blood sugar values in connection with diabetes, medication dosage or the used insulin products. In addition, nearly two-thirds of the tested Apps (64%) did not have a secure SSL-encryption. (see ePrivacy Whitepapier). The survey has led to a respective media echo in Germany (see article in "Stern" dated December 3, 2015) and the German authorities initiated proceedings and issued fines.

MME advises providers (developers, manufacturers, importers, processors, distributors, medical personnel, etc.) of Health-Apps together with our technology partner InfoGuard regarding compliance with the technical and legal requirements regarding data protection. Providers that take data security seriously may have their App certified at MME by ePrivacy (ePrivacyApp®). Within the framework of the certification process, a comprehensive review and certification of the App takes place with regard to the security of the data and a state-of-the-art-data protection. In particular in the healthcare sector, an ePrivacyApp® privacy seal may provide a decisive competitive advantage.

* Dr. Lucy Gordon, Certified Specialist SBA Tort and Insurance Law | Dr. Martin Eckert

Your team


In need of legal, tax or compliance advice? We look forward to contacting you.