European Commission Presents Strategies for Data and AI (Part 1 of 4)

By Lisa Peets, Marty Hansen, Sam Jungyun Choi, Nicholas Shepherd and Anna Oberschelp de Meneses on Posted in Artificial Intelligence (AI), Cybersecurity, Data Privacy, Ethics, European Union, GDPR, Health Data, Innovation, Internet of Things (IoT), Product Liability

On 19 February 2020, the European Commission presented its long-awaited strategies for data and AI.  These follow Commission President Ursula von der Leyen’s commitment upon taking office to put forward legislative proposals for a “coordinated European approach to the human and ethical implications of AI” within the new Commission’s first 100 days.  Although the papers published this week do not set out a comprehensive EU legal framework for AI, they do give a clear indication of the Commission’s key priorities and anticipated next steps.

The Commission strategies are set out in four separate papers—two on AI, and one each on Europe’s digital future and the data economy.  Read together, it is clear that the Commission seeks to position the EU as a digital leader, both in terms of trustworthy AI and the wider data economy.

Continue Reading

New Report Recommends Putting Public Engagement at the Heart of NHS Health Data Strategy

By Daniel Pavin and Seán Finan on Posted in Big Data, Data, Data Privacy, Digital Health, Health Data, UK National Health Service

The Institute of Global Health Innovation at Imperial College London has published a report called “NHS data: Maximising its impact on the health and wealth of the United Kingdom” (the “Report”).[1] The Report begins from the premise that the knowledge gleaned from the combination of patient health data and “big data” technologies has incredible potential for “transformative …impact” on patient health, scientific advancement and the UK’s economy. However, the Report argues that the current efforts of scientists, medical professionals and the UK government to develop the UK’s capacities are not sufficiently coordinated to maximise that potential. To address this, the Report presents a single, high-level, strategic framework for the collection, governance and use of patient health data in the NHS. Continue Reading

Germany Publishes Draft Regulation on the Reimbursement of Digital Health Applications

By Ulrike Elteste, Kristof Van Quathem and Anna Oberschelp de Meneses on Posted in Data Privacy, Digital Health, GDPR, Health Data, Medical Apps

Germany recently enacted a law that enables state health insurance schemes to reimburse costs related to the use of digital health applications (“health apps”), but the law requires the Federal Ministry of Health to first develop the reimbursement process for such apps.  Accordingly, on January 15, 2020, the German government published a draft regulation setting out the procedure for examining the eligibility of health apps to receive insurance reimbursements, as well as the requirements that such health apps must fulfill.

Notably, among its various obligations, the draft regulation and its Annex 1 include a number of data protection and data security requirements that health app developers must comply with if their health apps are to benefit from the reimbursement scheme.

According to the draft regulation, developers must:

  • implement appropriate data protection and security measures, taking into account the state of the art, the categories of personal data processed and the risk level;
  • carry out a Data Protection Impact Assessment;
  • obtain the explicit consent of the patient to process their health data (Art. 9(2) (a) GDPR);
  • not disclose data outside the European Economic Area to countries that do not provide an adequate level of protection of personal data pursuant to an adequacy decision of the European Commission (transfers on the basis of standard contract clauses or BCRs are apparently not allowed);
  • impose an obligation of confidentiality on all persons under its authority that have access to the personal data of the user; and
  • ensure the portability of the personal data.

The patient’s data may be used by the developer of the health app only:

  • for the intended use of the health app and for the reimbursement procedure;
  • to prove the benefit of the application (in the framework of specific procedures regulated under Book V of the Social Security Code);
  • to comply with legal obligations imposed by the EU Medical Devices Regulation 2017/745 and the German Medical Devices Implementation Act, and
  • to ensure, on an ongoing basis, the technical functionality and user-friendliness of the health app.

The health app must be free of advertising and the patient’s data must not be used for advertising purposes whatsoever.

Developers must fill out a detailed checklist (Annex 1 of the draft regulation) explaining how they comply with the above requirements when applying for registration with the Federal Institute for Drugs and Medical Devices (BfArM).

Updates to the draft regulation and the procedure to register a health app for reimbursement will be published on a dedicated page of the BfArM’s website.

European Parliament Endorses Digital Health Resolution

By Sam Jungyun Choi on Posted in Data, Digital Health, European Union, Health Data, Innovation

On December 12, 2019, the European Parliament endorsed a non-binding resolution on enabling the digital transformation of health and care. The resolution calls on the European Commission to take a number of actions to foster the development of digital health systems in Europe to improve patient care and support research efforts — particularly those using innovative technologies such as AI.

Continue Reading

Digital Healthcare Act Takes Effect in Germany

By Ulrike Elteste on Posted in Digital Health

Digital health applications that meet certain requirements will be covered by the German state health insurance schemes from 2020. This is one of the elements of the Digital Healthcare Act 2019 (Digitale Versorgung-Gesetz), which we discussed in an earlier post this year and which was approved by the German Parliament in November and published on December 18th, 2019.

To qualify for coverage, an app must be a low-risk medical device. In addition, the manufacturer must apply for registration with a new registry which will be kept by the Federal Institute for Medicinal Products and Medical Devices. The detailed requirements for registration will be set out in a regulation which is currently being drafted, but will include proof of privacy law compliance, a high level of data security and a concept for evaluation of the medical benefit of the app by an independent expert. Patients will need to obtain a prescription by a physician or psychotherapist or their health scheme’s prior approval.

Independently of this, the Act also contains amendments to the Social Code that will authorize state health insurance schemes to work with device manufacturers, IT companies and others to improve healthcare services through digital innovations. They will also be authorized to invest up to 2% of their financial reserves in investment funds with the aim of furthering the development of digital innovations.

UK ICO and The Alan Turing Institute Issue Draft Guidance on Explaining Decisions Made by AI

By Mark Young and Sam Jungyun Choi on Posted in Artificial Intelligence (AI), Big Data

The UK’s Information Commissioner’s Office (“ICO”) has issued and is consulting on draft guidance about explaining decisions made by AI.  The ICO prepared the guidance with The Alan Turing Institute, which is the UK’s national institute for data science and artificial intelligence.  Among other things, the guidance sets out key principles to follow and steps to take when explaining AI-assisted decisions — including in relation to different types of AI algorithms — and the policies and procedures that organizations should consider putting in place.

The draft guidance builds upon the ICO’s previous work in this area, including its AI Auditing Framework, June 2019 Project ExplAIN interim report, and September 2017 paper ‘Big data, artificial intelligence, machine learning and data protection’.  (Previous blog posts that track this issue are available here.)  Elements of the new draft guidance touch on points that go beyond narrow GDPR requirements, such as AI ethics (see, in particular, the recommendation to provide explanations of the fairness or societal impacts of AI systems).  Other sections of the guidance are quite technical; for example, the ICO provides its own analysis of the possible uses and interpretability of eleven specific types of AI algorithms.

Organizations that develop, test or deploy AI decision-making systems should review the draft guidance and consider responding to the consultation. The consultation is open until January 24, 2020.  A final version is expected to be published later next year.

Continue Reading

Ideation Question #10: What Are the Priorities for the Solution?

By Elizabeth Guo and Wade Ackerman on Posted in Data Security, Digital Health, Health Data, Medical Apps, Medical Devices and FDA

This is the tenth of our video posts on 10 questions that can help lawyers contribute to the digital health ideation process.  Today’s video explores the question: What are the priorities for the solution?

Ideation Question #9: Who Will Own the Intellectual Property Rights?

By Priscilla Fasoro and David Wildman on Posted in Data Security, Digital Health, Health Data, Medical Apps, Medical Devices and FDA

This is the ninth of our video posts on 10 questions that can help lawyers contribute to the digital health ideation process.  Today’s video explores the question: Who will own the intellectual property rights?

Ideation Question #8: What is Novel in the Digital Health Solution and What Will Give the Solution a Competitive Advantage?

By Jessica Parezo and Joshua Gray on Posted in Data Security, Digital Health, Health Data, Medical Apps, Medical Devices and FDA

This is the eighth of our video posts on 10 questions that can help lawyers contribute to the digital health ideation process.  Today’s video explores the question: what is novel in the digital health solution and what will give the solution a competitive advantage?

LexBlog