The barriers to the widespread adoption of telemedicine are many, but providers and regulators are working to remove the roadblocks. Hannah Willson and Marcus Vass of Osborne Clarke LLP discuss the legal issues surrounding telemedicine in Europe and the progress made in addressing them.
In an increasingly competitive market, to be successful a company needs to achieve scale by offering services to an international market and whilst the technology to enable this is already in existence, and innovating at pace, the regulatory framework to enable cross-border healthcare is still catching up.
The internet is, by its very nature, international and can enable the market for cross-border services to grow rapidly. Healthcare typically poses a greater risk to patient safety than other e-commerce services, including other digital health lifestyle or wellbeing applications, and is necessarily underpinned by a complex set of regulations.
Regulation is, by and large, a national issue for each country to determine. Within Europe we benefit from harmonised regulation on some issues, but even within this single market differentiation occurs on a local level where EU legislation is implemented by way of a directive, and thus not directly effective. At this point in time, we can’t talk about the EU and harmonising the regulatory framework without a mention of Brexit. We don’t know what form a new trade deal will take. This may have the effect of increasing cross-border challenges for the UK; we will have to wait and see in the coming months what the outcome may be.
We are still on the frontier of what telemedicine is capable of, and it is not only traditional health and medical companies that are diversifying into digital solutions, but there is also a growing number of technology companies delving into the world of digital health. One example of this trend is FitBit. FitBit started with wearable consumer activity trackers and announced, in April 2016, its intention to expand into the delivery of medical-grade technology and will therefore need to adapt to the more heavily regulated environment into which it is moving.
We are focussing on the challenges and current European law concerning the delivery of health services within Europe, more specifically the delivery of a service in one Member State which is received by an end user in another Member State, in other words telemedicine. European and national laws also play a role in shaping the licensing requirements and legal framework for medical devices and are a challenge to service providers designing telemedicine solutions and structuring their business models.
Cross-border service delivery in Europe
It is widely recognised that a telemedicine service can be both a health service and an information society service. When delivering a telemedicine service to a consumer within Europe the regulatory framework that applies to the service provider will be dependent on whether the telemedicine service is considered an information society service, and thus the laws with which the service provider must comply may vary with each customer.
Information society service
Europe’s E-Commerce Directive 2000/31/EC applies to the operation of an information society
service1. An information society service is ‘any service normally provided for remuneration at a distance, by means of electronic equipment for the processing and storage of data, at the individual request of a recipient of the service.’ In the healthcare context it is important to note that remuneration does not need to flow from the patient receiving the healthcare, as in many cases there are processes in place for reimbursement from the national
authority2 or an insurance provider. It is clear therefore that telemedicine services are likely to fall within the definition of an information society service.
A fundamental principle of the European single market is the freedom to provide services within the EU, and the provision of telemedicine is no exception to this3. Following a number of cases that tested this principle of freedom to provide services, including the notable Watts case in 20064, the Cross-Border Healthcare Directive 2011/24/EU5 was implemented. This Directive clarifies that a health professional licensed in one Member State may practise medicine ‘regardless of how it is organised, delivered or financed’ in another Member State without the need to obtain a medical licence in the other Member
This sets a clear position that within the EU there is no barrier in principle to providing telemedicine services provided the health professional is licensed to do so in their ‘home’ Member State. A doctor providing medical advice via video conferencing from the UK, is therefore licensed to do so to end users based in any other Member State without being required to be licensed to practice in the Member State in which the end user is based.
This breaks down one barrier to cross-border telemedicine – but in designing the telemedicine solution and determining the business model to be used, the laws with which the service provider must comply are not entirely straightforward.
The country of origin principle
Within Europe, the provision of a service by a healthcare professional will be subject to the laws in the country in which the service provider is established7 and whilst this provision will apply to a telemedicine service, it is without prejudice to the E-Commerce Directive8. In other words in the event of a conflict, this Directive will prevail.
This conflict does occur with respect to the provision of an information society service. Where the telemedicine is being provided on a business to business basis, an information society service has the same country of origin principle as set out in the Cross-Border Healthcare Directive – the country in which the service provider is established will be the Member State laws with which it must comply9. The E-Commerce Directive however excludes certain categories from the country of origin principle – including consumer contracts. Therefore where a consumer contracts for the provision of telemedicine the laws of the Member State in which it receives the service will apply to the service provider.
Therefore, where a telemedicine service is also an information society service, which we are increasingly seeing as being the case, and the patient is a consumer, the service provider will be required to comply with the laws in the Member State in which the consumer is based. Those businesses that focus on the corporate market, however, may be able to derive more certainty of the legal risks that they face in the delivery of a telemedicine service.
There is no harmonised definition of telemedicine within the EU. The European Commission (‘EC’) Staff Working Document looking at the EU legal framework for telemedicine10 defines telemedicine as ‘the provision of healthcare services, through use of ICT, in situations where the health professional and the patient, or two health professionals, are not in the same location.’ However the UK does not have a legislative definition, whilst France and Belgium have each enacted slight variations in their local laws. United4Health’s industry
report11 specific differences between Member State law, in particular how the regulatory frameworks for healthcare professionals differ and what constitutes a medical act.
One of the widely reported barriers to widespread adoption of telemedicine is trust in the privacy and security of data collected within the service. Whilst there is currently varied implementation in each Member State, there is progress in this area with the implementation of the General Data Protection Regulation (‘GDPR’) scheduled to come into force on 28 May 2018. The GDPR will not only provide some certainty for cross-border telemedicine service providers with respect to the collection, processing and storage of personal data, but it also addresses issues related to the processing of ‘big data.’ New provisions around pseudonymisation and anonymisation of personal data are intended to help drive trust and it is hoped this will help break down one of the barriers to the adoption of telemedicine services, whilst also providing a more harmonised regulatory framework for service providers.
The eHealth Action Plan sets out that the goal of the EC Staff Working Paper is to bring down these legal barriers, however we expect any development in these areas to be targeted at improving reimbursement processes between Member States and clarifying the distinction between wellbeing applications and medical devices.
Outside of Europe
European service providers developing an international expansion plan will also have to negotiate the cross-border regulatory issues outside Europe where there is no principle of free movement of services. The question of whether the service provider is permitted to offer the service in that country will apply in addition to the national laws relating to healthcare delivery and medical devices. Service providers will have to consider carefully how they structure their business model and design their solution to try and reduce these risks where possible.
A clear example of this challenge is highlighted in the US where medical practitioners are licensed on a state basis whereby it is illegal to offer medical advice to users within the state unless the practitioner is registered in that state. For an international video conferencing medical advice service, such as Doctors on Demand, a medical practitioner will need to be located in the state in which the user is located to avoid liability. This is clearly a barrier to the business model of selected doctors being able to deliver medical advice wherever the user is located.
Whilst the Federation of State Medical Boards is trying to address this for service providers within the US through the Interstate Medical Licensure Compact – that does not provide much help to non-US based providers, or providers based in a state that hasn’t signed up to the compact.
Standardisation and interoperability
Whilst the complex legal and regulatory framework creates a significant challenge, service providers also face non-regulatory challenges. A lack of global standardisation is largely seen as one of the largest barriers to growth in the digital healthcare sector12. The eHealth Action Plan13sets out the EC’s aims of developing innovative healthcare for the 21st century by fostering EU-wide standards, interoperability testing and standards for the provision of eHealth. The EC has a number of ongoing activities in the field of developing a standardisation and interoperability framework14 and in June 2016 the EC published a final version of the Code of Conduct on privacy for mHealth apps15 which will help drive standardisation.
The EC’s goal of removing these standardisation barriers by 2020 will help to lower the cost to entry and speed up the development and adoption of new cross-border solutions from a technical perspective.
Effect on telemedicine service providers
The growth of traditional healthcare providers delivering cross-border solutions, and technology companies experienced in cross-border service delivery diversifying into telemedicine throws up a knowledge challenge. The EC’s Green Paper on mHealth identified that web entrepreneurs consider it difficult to access the market due to the lack of a clear regulatory framework, interoperability and common quality criteria. There are possible opportunities for strategic partnerships between healthcare providers and technology companies to help bridge this knowledge gap.
Any entrant to this market would be wise to consider the regulatory, and non-regulatory challenges, from the initial concept stages of a telemedicine solution. Compliance by design, widely supported by the UK Information Commissioner’s Office in relation to privacy and security, will be a key element to overcoming these challenges. It may be disproportionate for a small startup to analyse the legal requirements in each country in which an end user may access their service, if in fact the service provider would be aware of which country they are in. Therefore telemedicine service providers should consider the contracting approach and user terms to mitigate the risks of unknowingly breaching regulations in the country in which the end user is located at the time of receiving the service. Telemedicine service providers may also want to consider the business structure to help mitigate any liability risks should it be the subject of a legal claim – either from an end user, or a national regulatory/licensing authority.
Within the EU the EC is pushing towards making cross-border telemedicine a less challenging market, and there are organisations such as the European Connected Health Alliance (‘ECHA’) that are striving to push this agenda forwards. Unsurprisingly a number of large technology companies are members of the ECHA.
1. Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market implemented in the UK under the Electronic Commerce (EU Directive) Regulations 2002.
2. E-Commerce Directive.
3. Article 56 Treaty on the Functioning of European Union.
4. In which the ECJ ruled that Watts, a UK citizen, was entitled to reimbursement of medical treatment received in France under Article 49 of the EC Treaty – Case C-372/04 Watts v. Bedford Primary Care Trust  ECR I-4352.
5. Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare implemented in the UK under the National Health Service (Cross Border Healthcare) Regulations 2013.
6. Article 1(2).
7. Article 3(d) and Article 4(1)(a) Cross-Border Healthcare Directive.
8. Article 2(e) Cross-Border Healthcare Directive.
9. Articles 3(1) and (2) of the E-Commerce Directive.