On June 23, 2022, the German Federal Office for Information Security (“Office”) published technical guidelines on security requirements for healthcare apps, including mobile apps, web apps, and background systems. Although the technical guidelines are aimed at healthcare app developers, they contain useful guidance for developers of any app that processes or stores sensitive
German Government Enacts Digital Care Act
The new Digital Care Act (Digitale-Versorgung-Gesetz) is part of Germany’s efforts to expand the digitization of the healthcare system in Germany. Germany has already been pursuing this path since the so-called ‘E Health Act’ from 2016. The aim of the ‘E-Health Act’ was to establish information and communication technology in healthcare. It focuses in particular on the development of the ‘electronic health card’ and the corresponding ‘electronic patient file’ for statutory health-insured people (see below for more information on such applications), the protection of the data stored in such files against unauthorised use, the creation of a secure ‘telematics infrastructure’, the improvement of the interoperability of healthcare IT systems, and the provision of telemedical services. The ‘telematics infrastructure’ will be an interoperable and compatible information, communication and security infrastructure for the use of the ‘electronic health card’ and the corresponding ‘electronic patient file’, its applications and other electronic applications in healthcare and health research.
The new Digital Care Act builds upon the ‘E-Health Act’ by focusing on the following: medical doctors will not only be allowed to prescribe traditional medicines and treatment methods to their patients, but also health apps. Such health apps may, for example, remind chronically ill people to take their medicine regularly, or provide a diary function where users can note their daily well-being. In the future, German statutory health insurances funds have to reimburse the costs of health apps under certain conditions. Initially, the health app shall be tested for data security, data protection and functionality by the German Federal Institute for Drugs and Medical Devices (‘BfArM’). After the successful test and launch, statutory health insurances will reimburse the costs provisionally for one year. During this period, the manufacturer of the health app must prove to the BfArM that its health app improves patient care. The reimbursement amount will be negotiated with the German Association of Health Insurance Funds (GKV-Spitzenverband).…