This post originally appeared on our sister blog, InsideMedicalDevices.

The UK Information Commissioner’s Office (ICO) has launched an informal survey of current practices relating to the use of data-enabled medical devices and apps.

The short and anonymous survey explores whether organisations have put in place specific policies and procedures, asset registers, IT security requirements for medical device procurement policies, information governance and incident response processes, and an “end of life” policy for defunct/decommissioned devices.

It also asks high-level questions about the technology being used, such as whether the devices can connect to the Internet, and about the use of medical apps, mobile phones, tablets, and dictaphones.

Medical devices, which under EU law include both hardware and software being used for medical purposes, are becoming increasingly smart, and nowadays can generate or process significant quantities of very sensitive data about an individual’s health.

We’re increasingly seeing data protection and medical device regulators trying to get to grips with how to regulate e-Health. Hot topics range from wearable devices and the Internet of Things, to “software as a medical device” (SaMD), a broad category of “medical device” that can includes mobile or desktop apps — or even spreadsheets.

As e-Health gets smarter, medical device and data protection regulators are increasingly going to find themselves having to regulate different and sometimes overlapping aspects of the same technology. Working together harmoniously will be an important challenge.

What’s more, the EU is currently hard at work revising the regulatory frameworks around both EU data protection and medical devices. As a result, regulators, businesses and healthcare organisations across the EU are likely to face significant changes in the compliance environment in the not-so-distant future.

As new rules and technologies emerge, regulators will have to be well-informed and sensitive when it comes to regulating the healthcare sector, to avoid hindering patient care and medical progress with impractical, ill-informed attitudes and guidance.

If these issues are important to you, we strongly encourage you to follow both our InsidePrivacy and InsideMedicalDevices blogs for coverage of the latest developments in privacy, data protection, and medical device regulation in the EU, U.S., China, and elsewhere

 

Print:
EmailTweetLikeLinkedIn
Photo of Phil Bradley-Schmieg Phil Bradley-Schmieg

Philippe Bradley-Schmieg’s practice covers a range of commercial, regulatory and intellectual property matters affecting the IT, e-health, internet media and telecoms sectors, often with a multi-jurisdictional scope.  He advises on intellectual property, compliance and policy matters such as online consumer rights, liability for…

Philippe Bradley-Schmieg’s practice covers a range of commercial, regulatory and intellectual property matters affecting the IT, e-health, internet media and telecoms sectors, often with a multi-jurisdictional scope.  He advises on intellectual property, compliance and policy matters such as online consumer rights, liability for third party content, patent, copyright and database right licensing, privacy and data protection, medical confidentiality, cybersecurity, data breach responses, and law enforcement data disclosure.  Mr. Bradley-Schmieg advises on UK, EU and international law, and has worked in London and Brussels.