This is an open-access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/2.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work, first published in JMIR Medical Informatics, is properly cited. The complete bibliographic information, a link to the original publication on http://medinform.jmir.org/, as well as this copyright and license information must be included.
Digital health services empower people to track, manage, and improve their own health and quality of life while delivering a more personalized and precise health care, at a lower cost and with higher efficiency and availability. Essential for the use of digital health services is that the treatment of any personal data is compatible with the Patient Data Act, Personal Data Act, and other applicable privacy laws.
The aim of this study was to develop a framework for legal challenges to support designers in development and assessment of digital health services.
A purposive sampling, together with snowball recruitment, was used to identify stakeholders and information sources for organizing, extending, and prioritizing the different concepts, actors, and regulations in relation to digital health and health-promoting digital systems. The data were collected through structured interviewing and iteration, and 3 different cases were used for face validation of the framework.
A framework for assessing the legal challenges in developing digital health services (Legal Challenges in Digital Health [LCDH] Framework) was created and consists of 6 key questions to be used to evaluate a digital health service according to current legislation.
Structured discussion about legal challenges in relation to health-promoting digital services can be enabled by a constructive framework to investigate, assess, and verify the digital service according to current legislation. The LCDH Framework developed in this study proposes such a framework and can be used in prospective evaluation of the relationship of a potential health-promoting digital service with the existing laws and regulations
Through the use of wireless devices, sensor technologies, the Internet, social networks, health information technology (IT), and personal health data, digital health services empower people to track, manage, and improve their own health and quality of life. At the same time, these services provide a more personalized and precise health care delivery, at a lower cost and with higher efficiency and availability [
Essential for the use of all digital health services is that the treatment of any personal data is compatible with the Patient Data Act, Personal Data Act, and other applicable privacy laws. The European Commission has declared its intention to drive greater legal certainty in the digital health domain, and through the Directive 2011/24/European Union (EU), for the first time, it has placed eHealth in a legal context, requiring member states to cooperate with interoperability standards to allow full use of eHealth services across EU borders [
While the authorities investigate and consider the technological capabilities of eHealth services in the intersection of health care quality, patient safety, ethics and legal matters, new IT services, and mobile applications are advancing dramatically. The focus for the regulatory authorities should be to streamline the regulatory processes and promote innovation [
The study design was based on a stakeholder analysis approach for generating knowledge about actors to understand their intentions, interrelations, and interests and for assessing their influence on legal challenges in development of digital health services [
A framing of the questions about legal challenges and key concepts relevant to development of digital health services was discussed in the project group and with a consulting firm (Carmona AB) with expertise in the field of Web-based services and information solutions for handling of patient data and quality control. The consulting firm is in the forefront of developing such services in accordance with current legislation and in development of new practices and legislation. In this communication, we used data from our development of a digital service for play and interaction between children, aged 8-12 years, who have survived from childhood cancer treatment to frame legal challenges and key concepts [
On the basis of this, a basic understanding of the domain was formed, and a major law firm, with experience of legal issues in health care and a jurisconsult responsible for privacy and patient safety issues at the county council, was consulted with the intention to extend knowledge and our preunderstanding of the legal challenges and key concepts in this domain. A first draft was conceived, of a legal framework with relevant concepts, laws, and agencies or organizations involved in the care of the target group, or with regulatory or supervisory responsibility.
A purposive sampling [
Identified actors, organizations, and authorities, and their area of expertise, to be considered in the following investigation.
Actor | Area of expertise |
The project group | Researchers focused on development of digital health services for children using a participatory design where researchers collaborate with children from the target group. |
A local consulting firm | Specialized in development of Web-based services and information solutions |
Data Inspection Authority | Works to secure the individual’s right to integrity in society |
Inspection Authority for Health Care | Supervises the activities in the social area and health care, as well as of health care professionals; the Authority is also responsible for certain permits. |
The National Board | Works for all citizens’ equal access to good health and health care |
Ministry of Social Affairs | The different disciplines within the overall responsibility: health care, health, social issues, social security features news about the government’s policy initiatives or decisions; they also contain current objectives and the government’s priorities in the field. |
County Council | Responsible for many aspects of development in the county; the County Council has the mission to promote development and growth and to provide good health care. |
eHealth Authority | Works with the development of national eHealth to contribute to better health care and health; the business is focused on creating participation for residents and providing support to practitioners and policy makers. |
European Commission | Represents interests of the EUa; the commission proposes new legislation to Parliament and the Council of Ministers and ensures that EU countries apply EU law correctly. |
Medical Products Agency | Government agency under the Ministry of Social Affairs; it has the mandate to promote the Swedish public and animal health. |
aEU: European Union.
Identified websites of organizations, authorities and different operators or actors, and functions were screened for information about concepts and regulations in relation to digital health services. Stakeholders were interviewed about their relationship to eHealth and digital health services (
The meaning out of the data was made in a systematical way to discover the relevant concepts and relationships among the input [
The identified concepts to consider in this domain are: medical device, eHealth, medical responsibility, care damage, personal data, and consent. The concepts, their definitions, and relevant regulations identified during data collection and the subsequent analysis are listed in
The Legal Challenges in Digital Health (LCDH) Framework for exploring a prospective health promoting digital service’s relationship to valid regulations.
# | Concept | Definition | Question | The following is valid for “yes” | The following is valid for “no” | Regulation |
1 | Medical device | A product is a medical device if it has a medical purpose as to: |
Is the product a medical device? | The manufacturer must handle security aspects. |
The manufacturer cannot claim anything, which is covered by the definition of a medical device, for example, that the product may mitigate a disease. |
The law of medical devices (SFSa1993:584). |
2 | eHealth | An eHealth service has a purpose to: |
Is the product an eHealth service? | The Health Care Act (SFS 1982:763). | ||
3 | Medical responsibility | Usually referred to health professionals' medical professional liability in the care and treatment of a patient and the medical responsibility in a comprehensive organizational plan. | Is the service recommended/supplied by the health care? |
The health care vouches for the safety and security of the technology and that the risk of care damage is low. The service is examined and evaluated by a number of criteria. |
The health care has no responsibility. |
The Health Care Act (SFS 1982:763). |
4 | Care damage | A damage that could have been avoided if adequate arrangements were taken in contact with health care. |
Is there any risk of care damage? | If the service provides monitoring/data logs that register threshold values or personal controls to prevent care damage, the responsibility of the health care is restricted. |
The healthcare has no responsibility. |
Patient Safety Act (SFS 2010:659). |
5 | Personal data | Definition personal data: |
Are personal data handled? | To completely stay out of Privacy Act, the outcome measures of the patients must be anonymized. The health care has no responsibility. | Privacy Act (SFS 1998:204). |
|
6 | Consent | Consent is defined as any freely given specific and unambiguous expression by which the registered person, after receiving information, accepts handling of personal data relating to him or her. | Does the service lack user agreement? |
The responsibility of the health care should be investigated/examined. | A responsibility agreement signed by adult or parent/advocate may disclaim the health care from responsibility. | Privacy Act (SFS 1998:204). |
aSFS: Swedish Code of Statutes
bEEC: European Economic Community
cICT: information and communications technology
On the basis of the identified concepts, regulations, and stakeholders, we designed a framework for assessing the legal challenges in developing digital health services (Legal Challenges in Digital Health [LCDH] Framework) consisting of 6 key questions to be used in prospective evaluation of the relationship of a digital health service to existing laws and regulations (
The accuracy and quality of the LCDH Framework were assessed by the Swedish Data Inspection Authority and eHealth Authority and, finally, by the consulting firm, the law firm, and the jurisconsult involved in the framing of the data collection. The reviewed and iteratively revised framework was confirmed to be in accordance with current regulation, law and practice, and experience of these stakeholders. Because the stakeholders, during data collection, did not identify additional stakeholders or sources of information than those already included in our dataset (which means that saturation was achieved), the quality assessment of our framework indicated that it was valid and in line with current law and practice.
To assess the usability, and hence the face validity, for using the framework for development and assessment of products and services, we applied the framework for evaluation of the legal challenges in 3 cases entailing development of digital health services. The questions in the framework (
A medical device is a product with a medical purpose; as to prove, prevent, monitor, treat or mitigate a disease, and to prove, monitor, treat, mitigate, or compensate an injury or disabilities (
An eHealth service mediates health information or service or interaction between health care and the individual (
Two of the services,
According to the definition in
Personal data are handled in all the 3 services and in some cases, such information is of sensitive nature as it relates to health and is coupled to the users identity through a personal code number, name, or photo. In
At registration and the first logon to all the 3 services, the users and their parents must approve an agreement in which the purpose of the service is outlined. The user agreement regulates privacy issues, terms of use, and responsibilities. Specifically, they state to what extent and how the services are a part of the user’s health care. For
The aim of this study was to develop a framework for legal challenges to support designers in development and assessment of digital health services. The LCDH Framework presented herein was created based on concepts and regulations identified through interviews with authority representatives, and a process of stakeholder review and iterative revision of the developed framework confirmed that it was in accordance with current regulation, legislation, and practice. Usability evaluation against real cases of digital health services revealed how the definitions in the framework feasibly guided identification of distinctive and appropriate regulation to be considered and legal challenges to relate to given the nature of each of the evaluated services.
The work of government regulation and legislation of digital health services have not so far kept pace with the digital development. Digital health services in various forms are under rapid development and are involving several stakeholders and actors. Game and app developers, for instance, with innovative ideas for digital health may experience obstacles in implementation of digital health services in the interface between health care and individuals [
This slow and perhaps circumspect legislation under construction may cause difficulties to developers of digital health services to acquire knowledge about relevant regulation and how to relate to and act on the regulation. Implications of this can be: (1) inaccuracies due to misinterpretations and (2) omitted development of digital health services owing to complexity in understanding the regulations. It would be desirable in the future that this type of regulation and legislation would be prepared in cooperation between the authorities, the developers, and the health care experts [
The LCDH Framework presented in this article has the qualifications to be a useful tool in guiding designers and developers through the legal challenges in development work in the digital health domain. The framework: (1) considers the current regulation and legislation that apply in the EU; (2) presents the definitions of relevant legal concepts; (3) is verified by the Swedish Data Inspection Authority and eHealth Authority; and finally, (4) is easy to use. The framework merely aims to guide development by identifying legal dividing lines between different digital health services in their product design. It has no legal power to determine guidelines, and a jurisconsult may need to confirm the legal application in case of uncertainties. Although the concepts used in the framework are based on legislation in the EU, it can be used in other contexts to understand the legal challenges and the hierarchy of the various concepts governing legislation within the digital health domain.
As with all methods and studies used in research, certain limitations apply. The interviews were performed with 1 person from each organization or authority over the phone. Performing the interviews over phone was convenient and time-saving, and if the informants had text material to share, it was sent by email. Important information sources and stakeholders can be identified by using snowball recruitment [
Consideration toward ethical aspects is a requirement for both performing and publishing research in relation to health and human subjects. However, as long as such ethical aspects are taken into account, no requirements are placed on that, and research should also be aligned with legal challenges that are relevant to the context of the research.
Structured discussion about legal challenges in relation to health-promoting digital services can be enabled by a constructive framework to investigate, assess, and verify the digital service according to current legislation. The LCDH Framework developed in this study proposes such a framework and can be used in prospective evaluation of the relationship of a potential health-promoting digital service to the existing laws and regulations. However, legislation regarding eHealth in general and health-promoting digital services in particular is under construction, and authorities’ judgments are made from case to case. Further research is critical to expanding the knowledge base of cases, or products, using health-promoting digital service implemented and where current legislation is applied.
Electronic health
European Union
information and communications technology
Legal Challenges in Digital Health Framework
mobile health
The authors want to thank Gunnar Severinson for valuable guidance during project initiation and data analysis and Pontus Wärnestål for advice in the initial stages of data collection. The study was supported by grants from the Swedish Research Council, the Knowledge foundation, and the Regional Swedish Innovation Office West.
None declared.
Usability validation of The Legal Challenges in Digital Health (LCDH) Framework for exploring the relationship to valid regulations of 3 health-promoting digital services.