As mobile technologies advance, Francesca Cattarin, Health Policy Officer at The European Consumer Organisation (BEUC), explores the role of mHealth in the EU
Mobile health (mHealth) is an emerging field that has the potential to transform the traditional way of delivering healthcare. Thanks to mobile phones and wireless devices, including related software called applications (or ‘apps’), consumers can check how many steps they make, the calories they consume, as well as managing chronic conditions, such as blood disorders, and send the information to doctors or nurses.
As our populations age, chronic diseases increase and healthcare budgets are cut, remote solutions can ease the burden of European healthcare systems. Through updates about their condition a few clicks or swipes away, mHealth can help make consumers more responsible and aware of their health status. It can also allow them to perform services traditionally provided only in hospital or at a general practitioner’s office.
Because of this potential and its attractiveness, mHealth solutions are booming in the European Union. At the moment consumers can choose from around 165,000 mHealth apps. One economic forecast expects the mHealth sector to represent €23 billion in 2017.
mHealth in the EU: Rules and requirements
Despite these achievements, mHealth raises important questions for consumers, particularly regarding the safety, security and privacy of mHealth devices and apps.
There is no comprehensive set of rules for mHealth in the EU. Mobile health solutions with a medical purpose fall into the scope of the Medical Devices Regulation whilst all the others, designed for general purpose, will only be subject to voluntary guidelines which are expected to be published soon. In practice, this means that once a mobile health app is classified as a medical device, strict safety requirements will apply: The manufacturer will have to report serious incidents in a designated database (Eudamed) and a post-market surveillance of the product will be conducted and reported to the notified body annually. Furthermore in case of problems caused using the device, consumers will be able to get corrective actions and seek redress.
This will not be the case for lifestyle, fitness and wellbeing apps, despite them accounting for over two-thirds of the current mHealth apps global market and some of them providing important advice for consumers’ health. The voluntary guidelines the European Commission will propose for them do not seem appropriate to ensure a high quality standard and consumers’ legal protection in case things go wrong.
We believe it is high time to define these standards for the manufacturing and marketing of all mHealth solutions, including rules on liability to grant consumers the right to seek redress. Additionally, when it comes to mHealth, liability deserves particular attention as many players are involved in its life-cycle such as manufacturers, distributors and doctors.
Protecting patients’ privacy
Privacy protection has to be at the core of mHealth. Any health device or app entails the processing of a large amount of consumers’ personal information. The recent adoption of the European Data Protection Regulation certainly brings an important contribution in this sense, as it considers health a special category, whose data merits additional protection and can be processed only under strict conditions. However, its definition of health data clearly does not apply to fitness, lifestyle and well-being, although the information they provide are certainly linked to individuals’ health.
Furthermore, mHealth can facilitate the information gathering and analysis of a large amount of health data that can be stored, combined and analysed in large databases. This so-called ‘big data analysis’ has the potential to develop more advanced mechanisms for detection and the prevention of diseases. But, if not properly regulated, it can also expose consumers to serious privacy risks, first and foremost if their profiling is used for merely commercial business strategies.
To effectively control their data, consumers should always have the possibility to revoke any prior consent given for specific data processing. Equally, this consent has to be informed and explicit, and must be sought any time the terms and conditions change. As for the majority of apps, terms and conditions of mHealth tools are often indecipherable, never-ending and do not reveal the reason for collecting the information. Unsurprisingly, most consumers accept these terms without knowing what the company behind it gives itself the right to do.
The protection of personal data is strictly linked with security. If a mHealth tool is not secure, consumer data can get processed improperly and without being authorised. To guarantee this protection in case of loss or theft of the device, mHealth solutions should embed specific safeguards at each stage of the data processing, such as encrypting patients’ data and creating authentication mechanisms.
Overall, mHealth might open a new era in the way healthcare systems are set up in the EU. Yet, these technological health developments have to go hand in hand with a robust regulatory framework to guarantee consumers’ safety, security and privacy. EU policy makers should bear that in mind and address the challenges it poses in a more resolute way.
Health Policy Officer