EU Regulators in the Era of "App-Scriptions"

Europe is the world’s largest mHealth market, representing more than $2 billion in revenue by 2018 (BCC Research) . As technology outpaces the regulatory framework, the EU is undertaking a "Code of Conduct on Privacy for Mobile Health Applications". One key person involved in this effort is Elie Lobel, Healthcare Projects Manager at ASIP Santé, the French government agency overseeing e-Health. He presented at the mHealth Israel Conference last month, sharing his perspective about mHealth regulatory trends in Europe.
"Our priority is to make eHealth and mHealth benefits widely available. We strive to promote meaningful, secure and interoperable use of IT in healthcare. We must change the mindset by showing that health IT should be considered a strategic investment, that provides return on investment, even from a public health point of view. And we work to adapt the legal framework, step by step".
The French government has deployed several national programs, investing hundreds of millions of euros, to promote eHealth:
• Digital Hospitals
• Digital Regions
• National Patient Health Record
• National Secured Mail Service (covering thousands of healthcare professionals with a secured email system for Health Care Providers, safely exchanging health information about patients)
• National Emergency Calls System, improving the emergency system to deal with epidemics or acute crisis (such as terrorist attacks)
At the startup level, the French and European priority is to find the right balance between innovation and patient protection.
"We have an obligation to make sure mHealth tools are developed in a secured and regulated way. It is a major prerequisite for us, because patients protection is necessary to create trust in the domain and enable it to grow. The level of regulation must be stringent because. mHealth applications deal with personal data, sharing of data with healthcare professionals, and also providing medical advice".
For mHealth apps, there are 3 levels of regulation, addressed in the "Code of Conduct on Privacy for Mobile Health Applications", which will soon be finalized.
European Personal Data Protection Laws: The 1995 regulation is currently being updated. The new regulation will result in less paperwork, but also increased responsibilities for the data controller, particularly concerning risk management. It also protects the user’s right to consent, to retrieve personal data get its data back, and to be forgotten and for risk management.
Medical Apps as Medical Device: Medical apps will require medical CE approval at the European level, like any other medical device.
Data Storage Provider Certification: French law requires certification for external data storage providers, whether or not the server is located in France. Servers in Israel, providing service to customers in France, will be required to comply with the French regulation.
In the future, apps with proven medical efficacy will be reimbursed by healthcare insurance systems. These regulations are necessary to safeguard patients while enabling doctors to prescribe apps.