In early March 2024, the EU lawmakers reached agreement on the European Health Data Space (EHDS).  For now, we only have a work-in-progress draft version of the text, but a number of interesting points can already be highlighted. This article focuses on the implications for “wellness applications” and medical devices; for an overview of the EHDS generally, see our first post in this series.

The final text of the EHDS was adopted by the European Parliament on 24 April 2024 and is expected to be formally adopted by the European Council in the coming months.

1: Wellness Applications and Medical Devices in Relation to Electronic Health Records

a) Wellness applications

The EHDS contains specific provisions on “wellness applications” that claim interoperability with electronic health records (“EHRs”).   Under the original proposal for the EHDS, published in May 2022, “wellness applications” were defined as:

“any appliance or software intended by the manufacturer to be used by a natural person for processing electronic health data for other purposes than healthcare, such as well-being and pursuing healthy life-styles.” (emphasis added)

The latest draft of the EHDS defines the term more broadly as:

“any appliance or software intended by the manufacturer to be used by a natural person for processing electronic health data specifically for providing information on the health of individual persons, or the delivery of care for other purposes than the provision of healthcare.” (emphasis added)

Wellness applications claiming interoperability with the EHR system in relation to the harmonized components of EHR systems (and thus complying with the essential requirements and applicable common specifications), must, before they are placed on the market (and just like EHR systems) use a “digital testing environment” made available by the European Commission or the Member States to assess the harmonized components of their application.

Assuming the result of the test is positive, the manufacturer has to apply a (digital) label to the wellness application to inform the user of the interoperability and its effects.  The label is issued by the manufacturer and is valid for a maximum of three years.  The European Commission will determine the format and content of the label. 

Interoperability of a wellness application does not mean automatic transfer of data to the user’s EHR.  Such sharing may only take place with consent of the users, who must also have the technical ability to decide which parts of the data they want to insert in their EHR and in which circumstances.

Finally, manufacturers of labelled wellness applications must register their application, including the results of the test environment, into an the EU database maintained and made public by the European Commission. 

b) Medical devices

  1. Interoperability

The EHDS also has implications for medical devices but when it comes to defining those obligations, the definitions and current drafting of the EHDS are open to interpretation.  For one, the revised definition of “wellness application” is potentially broad enough to capture medical devices as it now seems to cover appliances or software that provide information on the health of individual persons or the delivery of care for other purposes than the provision of healthcare.  Depending on how you read it, the ‘other purposes than the provision of healthcare’ does not necessarily limit both preceding elements of the definition.  Further, the definition of “EHR system” (electronic health record system) is very broad and includes any “appliance or software”. Both of these definitions could potentially include medical devices.   

Similar to the position for wellness applications, medical devices and IVDs that claim interoperability with the harmonised components of EHR systems must “prove compliance with the essential requirements on the European interoperability component for EHR systems and the European logging component for EHR systems” laid down in Section 2, Annex II of the EHDS.

The essential requirements on interoperability of the EHDS would only apply to the extent that the manufacturer of a medical device/IVD, which is providing electronic health data to be processed as part of the EHR system, claims interoperability with an EHR system. In such case, the provisions on “common specifications” for EHR systems should be applicable to those medical devices.

  1. Conformity assessment

The recitals of the EHDS expressly acknowledge that certain components of EHR systems can qualify as medical devices and be subject to the Medical Device Regulation (EU) 2017/745 (“MDR”) or the In vitro diagnostics Regulation (EU) 2017/746 (“IVDR”).

As articulated in Recital 29 of the EHDS, software or module(s) of software which is a medical device, IVD or high-risk AI system should be certified in accordance with the MDR, IVDR and the AI Act, as applicable.  Let’s imagine (1) a medical device (2) that stores or views electronic health records (3) to achieve its medical device intended purpose and that (4) uses AI for data processing.  This hypothetical product would qualify as a medical device and EHR system and, on top of that, it uses AI to achieve its intended device purpose.  Hence, the manufacturer will be required to conduct conformity assessments under (at least) three different EU Regulations which are the (1) MDR, the (2) AI Act and (3) the EHDS Regulation. 

In such cases, where “[w]here EHR systems are subject to other Union legislation in respect of aspects not covered by this Regulation, which also requires an EU declaration of conformity by the manufacturer…, a single EU declaration of conformity shall be drawn up in respect of all Union acts applicable to the EHR system.”

Although the EHDS requires EU Member States to take appropriate measures to ensure that the respective conformity assessment is carried out as a joint or coordinated procedure in order to limit the administrative burden on manufacturers, it will be interesting to see how the EU Member States will achieve this in practice.  Experience has shown that this has not worked for the (single) conformity assessments under the MDR…

  1. Registration

There also seems to be some contradiction in the latest draft EHDS when it comes to registration requirements for medical devices.  Article 32(3) EHDS suggests that medical devices that also qualify as EHR systems or claim interoperability with EHR systems need to be registered in the new “EU database for registration of EHR systems and wellness applications” in addition to registration under medical devices rules (i.e., registered with EUDAMED).  However, Recital 36 EHDS conflicts and implies that new registration obligations apply only to “EHR systems and wellness applications, which are not falling within the scope of Regulations (EU) 2017/745 and […] [AI act COM/2021/206 final]…”  For medical devices the registration should be maintained under the existing databases…” 

Since the EU appears to be facing significant challenges with larger IT projects like EU-wide databases (e.g., EUDAMED, CTIS), it in any event remains to be seen whether the new EU database for registration of EHR systems and wellness applications under the EHDS will be functional in time to support implementation of the EHDS.

2: Secondary use

The EHDS sets out a long list of covered electronic health data that should be made available for secondary use under the EHDS.  It includes, among others, data from wellness applications and health data from medical devices.  Note that this chapter of the EHDS is not limited to wellness applications and medical devices that claim interoperability with EHRs; it seems to apply to all wellness applications and medical devices.  Data holders (see our blog here for more) of data generated by wellness applications and devices will have to share this data upon request from an HDAB. 

Note, however, that Member States are apparently allowed to introduce stricter safeguards (for example an opt-in consent) for the re-use of health data from wellness applications under the EHDS, but not for health data from the EHR system they can interoperate with or from health data from medical devices.  This makes little sense, and it will be interesting to see what safeguards (if any) Member States introduce in practice.

We will keep you posted about any further developments.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Kristof Van Quathem Kristof Van Quathem

Kristof Van Quathem advises clients on information technology matters and policy, with a focus on data protection, cybercrime and various EU data-related initiatives, such as the Data Act, the AI Act and EHDS.

Kristof has been specializing in this area for over twenty…

Kristof Van Quathem advises clients on information technology matters and policy, with a focus on data protection, cybercrime and various EU data-related initiatives, such as the Data Act, the AI Act and EHDS.

Kristof has been specializing in this area for over twenty years and developed particular experience in the life science and information technology sectors. He counsels clients on government affairs strategies concerning EU lawmaking and their compliance with applicable regulatory frameworks, and has represented clients in non-contentious and contentious matters before data protection authorities, national courts and the Court of the Justice of the EU.

Kristof is admitted to practice in Belgium.

Photo of Sarah Cowlishaw Sarah Cowlishaw

Advising clients on a broad range of life sciences matters, Sarah Cowlishaw supports innovative pharmaceutical, biotech, medical device, diagnostic and software technology companies on regulatory, compliance, transactional, and legislative matters.

Sarah has particular expertise in advising on legal issues presented by digital health…

Advising clients on a broad range of life sciences matters, Sarah Cowlishaw supports innovative pharmaceutical, biotech, medical device, diagnostic and software technology companies on regulatory, compliance, transactional, and legislative matters.

Sarah has particular expertise in advising on legal issues presented by digital health technologies, helping companies navigate regulatory frameworks while balancing challenges presented by the pace of technological change over legislative developments.

Sarah is a co-chair of Covington’s multidisciplinary Digital Health Initiative, and is the Graduate Recruitment Partner for Covington’s London office.

Sarah regularly advises on:

  • classification determinations for software medical devices, including on developments resulting from the implementation of the EU Medical Devices Regulation;
  • legal issues presented by digital health technologies including artificial intelligence;
  • general regulatory matters for the pharma and device industry, including borderline determinations, adverse event and other reporting obligations, manufacturing controls, and labeling and promotion;
  • the full range of agreements that span the product life-cycle in the life sciences sector, including collaborations and other strategic agreements, clinical trial agreements, and manufacturing and supply agreements; and
  • regulatory and commercial due diligence for life sciences transactions.

Sarah’s pro bono work includes advising the Restoration of Appearance and Function Trust (RAFT) on the classification of a wound healing product containing human blood derivatives, and assisting in a project aimed at improving regulatory systems for clinical trials of drugs and vaccines for neglected diseases in developing countries.

Sarah has been recognized as one of the UK’s Rising Stars by Law.com (2021), which lists 25 up and coming female lawyers in the UK. She was named among the Hot 100 by The Lawyer (2020) and was included in the 50 Movers & Shakers in BioBusiness 2019 for advancing legal thinking for digital health.

Sarah has undertaken several client secondments, including to the in-house legal department of a multinational pharmaceutical company.

Photo of Dr. Dr. Adem Koyuncu Dr. Dr. Adem Koyuncu

Adem Koyuncu is double qualified as a lawyer and medical doctor and a partner in our Brussels and Frankfurt office. He is a chair of the firm’s “Food, Drug & Device” practice group and also a member of our Compliance practice. Adem is…

Adem Koyuncu is double qualified as a lawyer and medical doctor and a partner in our Brussels and Frankfurt office. He is a chair of the firm’s “Food, Drug & Device” practice group and also a member of our Compliance practice. Adem is recognized as a “leading lawyer for pharma and medical devices law” (JUVE 2021).

Adem helps clients on a wide range of EU and German law issues, including regulatory, compliance, privacy and liability matters. He also provides strategic advice. He knows the life sciences sector also from his earlier work in the pharmaceutical industry and as a medical doctor. He represents clients before courts and authorities and assists them in contract negotiations, investigations and transactions. For years, Adem is listed in various lawyer rankings.

See some Accolades from Clients and Surveys:

  • “He is one of the most detail-oriented and client-focused partners I have ever encountered.” (Client, Chambers 2021)
  • „Great professional and human competence, good team player.“ (Client/Adverse Party, JUVE 2022)
  • “I find him to be one of the most pragmatic regulatory lawyers. He was a doctor before a lawyer, has been in-house, worked on lots of stuff that I have to handle in-house, which helps when getting advice. He is really good at saying it’s a complex situation and your best option is to do this.” (Chambers 2022)
  • “He always comes through with extremely helpful advice. He brings a unique understanding and experience to his practice as both a lawyer and medical doctor.” (Chambers 2021)
  • “Adem Koyuncu is not only a lawyer but also a doctor and has worked in industry. He knows the perspectives that also move in-house lawyers.” (Legal 500 2022)
  • “He is very sharp and quick, while at the same time having a good sense of humor and nerves of steel. Very pleasant to work with.” (Legal 500 2022)
  • He is described as “versatile competent, reliable and high quality” (JUVE 2021) and “incredibly fast.” (JUVE 2018)
  • Provides advice at “an outstanding level.” (Legal 500 2015)
  • “Very strong negotiation skills.” (JUVE 2011)
  • Clients appreciate his “very broad knowledge and long-standing expertise” (JUVE 2021/22) and that “he is approachable, knowledgeable and really easy to talk to over the various issues. He is calm and has seen most problems before.” (Chambers 2020)
  • Peer lawyers described him as “highly competent” and a “very good and pleasant lawyer” (JUVE 2014) and as “the off-label-guru, substantively very good, creative.“ (JUVE 2022)

Adem is the author of numerous publications (e.g., in leading books on pharma law, product liability and clinical trials) and frequent speaker at different events. As such, he will soon speak at following events:

  • “Medical Device Liability and Risk Transfer 2.0 | A liability issue for the Management?!,” BVMed, Webinar (3/24/2023)
  • “Data Protection Requirements and Open Issues in the Pharma Sector – Status quo,” Speech at conference, 26. Marburger Gespräche zum Pharmarecht, Marburg (3/16/2023)
  • “Vendor Oversight & Vendor (Quality) Management in the Pharma Industry,” FORUM-Institut, Online Seminar (4/19/2023)