Digital health: principles and recommendations

Health and healthcare services are rapidly and inevitably changing due to new technologies. Traditional health is becoming digital. Consumers will be profoundly impacted by the ongoing and future developments in healthcare services. On the positive side, digitalisation of health care has a potential to deliver better disease prevention, diagnosis and treatment. Tools such as the electronic health record (EHR) may allow consumers 24/7 access to their disease history and medicines prescriptions, also when travelling or moving abroad. Mobile health (m-health) apps and online doctor consultations may provide an excellent support for patients and consumers in their efforts to maintain their health and prevent diseases. However, the benefits of digital health products and services come together with high risks when it comes to consumer privacy, security and safety. With health data becoming a new currency, security breaches of personal health records and data stored in the healthcare settings may become more frequent. The questions of trustworthiness and safety of digital health products and services are also potent.

Key principles: 

• Consumers must have full control over their personal health data.

• Health and medical data of consumers must be accurate and up-to-date.

• Consumers must benefit from digital health tools which respect privacy and security by design and by default principles.

• Digital health products and services must be safe and reliable to use.

• Digital health products and services must be closely supervised by the competent authorities. 

• Access to an affordable, high-quality, high-speed internet connection for all.

• Digital health products and services must correspond to the variety of users’ preferences, also respecting a preference not to use a digital health product or service. The level of digital health literacy should also be improved.

Key recommendations: 

• The General Data Protection Regulation (GDPR) must be diligently implemented across the EU. 

• Artificial intelligence in healthcare must be applied in full respect of EU data protection rules.

• In the context of the Medical Devices Regulation’s provisions on IT security, the EU should ensure that it is implemented in full respect of the principle of security by design and by default. 

• A minimum set of security measures must be obligatory for all digital health connected products.

• The Security of digital medical systems in healthcare settings must be strengthened.

• The Radio Equipment Directive and the General Product Safety Directive must be updated to cover safety issues of digital health connected products falling outside of the scope of the Medical Devices Regulation. 

• The EU should develop a comprehensive regulatory framework.

• It is of key importance to harmonise the approach to the liability of such services and products across the EU. 

• Strong market surveillance, law enforcement, as well as efficient redress tools on digital health products and services must be put in place to contribute to an effective protection of EU consumers.