EHDS Series – 4: The European Health Data Space’s Implications for “Wellness Applications” and Medical Devices

In early March 2024, the EU lawmakers reached agreement on the European Health Data Space (EHDS). For now, we only have a work-in-progress draft version of the text, but a number of interesting points can already be highlighted. This article focuses on the implications for "wellness applications" and medical devices; for an overview of the EHDS generally, see our first post in this series.

The final text of the EHDS was adopted by the European Parliament on 24 April 2024 and is expected to be formally adopted by the European Council in the coming months.

1:Wellness Applications and Medical Devices in Relation to Electronic Health Records

a) Wellness applications

The EHDS contains specific provisions on "wellness applications" that claim interoperability with electronic health records ("EHRs"). Under the original proposal for the EHDS, published in May 2022, "wellness applications" were defined as:

"any appliance or software intended by the manufacturer to be used by a natural person for processing electronic health data for other purposes than healthcare, such as well-being and pursuing healthy life-styles." (emphasis added)

The latest draft of the EHDS defines the term more broadly as:

"any appliance or software intended by the manufacturer to be used by a natural person for processing electronic health data specifically for providing information on the health of individual persons, or the delivery of care for other purposes than the provision of healthcare." (emphasis added)

Wellness applications claiming interoperability with the EHR system in relation to the harmonized components of EHR systems (and thus complying with the essential requirements and applicable common specifications), must, before they are placed on the market (and just like EHR systems) use a "digital testing environment" made available by the European Commission or the Member States to assess the harmonized components of their application.

Assuming the result of the test is positive, the manufacturer has to apply a (digital) label to the wellness application to inform the user of the interoperability and its effects. The label is issued by the manufacturer and is valid for a maximum of three years. The European Commission will determine the format and content of the label.

Interoperability of a wellness application does not mean automatic transfer of data to the user's EHR. Such sharing may only take place with consent of the users, who must also have the technical ability to decide which parts of the data they want to insert in their EHR and in which circumstances.

Finally, manufacturers of labelled wellness applications must register their application, including the results of the test environment, into an the EU database maintained and made public by the European Commission.

b) Medical devices

1. Interoperability

The EHDS also has implications for medical devices but when it comes to defining those obligations, the definitions and current drafting of the EHDS are open to interpretation. For one, the revised definition of "wellness application" is potentially broad enough to capture medical devices as it now seems to cover appliances or software that provide information on the health of individual persons or the delivery of care for other purposes than the provision of healthcare. Depending on how you read it, the 'other purposes than the provision of healthcare' does not necessarily limit both preceding elements of the definition. Further, the definition of "EHR system" (electronic health record system) is very broad and includes any "appliance or software". Both of these definitions could potentially include medical devices.

Similar to the position for wellness applications, medical devices and IVDs that claim interoperability with the harmonised components of EHR systems must "prove compliance with the essential requirements on the European interoperability component for EHR systems and the European logging component for EHR systems" laid down in Section 2, Annex II of the EHDS.

The essential requirements on interoperability of the EHDS would only apply to the extent that the manufacturer of a medical device/IVD, which is providing electronic health data to be processed as part of the EHR system, claims interoperability with an EHR system. In such case, the provisions on "common specifications" for EHR systems should be applicable to those medical devices.

1. Conformity assessment

The recitals of the EHDS expressly acknowledge that certain components of EHR systems can qualify as medical devices and be subject to the Medical Device Regulation (EU) 2017/745 ("MDR") or the In vitro diagnostics Regulation (EU) 2017/746 ("IVDR").

As articulated in Recital 29 of the EHDS, software or module(s) of software which is a medical device, IVD or high-risk AI system should be certified in accordance with the MDR, IVDR and the AI Act, as applicable. Let's imagine (1) a medical device (2) that stores or views electronic health records (3) to achieve its medical device intended purpose and that (4) uses AI for data processing. This hypothetical product would qualify as a medical device and EHR system and, on top of that, it uses AI to achieve its intended device purpose. Hence, the manufacturer will be required to conduct conformity assessments under (at least) three different EU Regulations which are the (1) MDR, the (2) AI Act and (3) the EHDS Regulation.

In such cases, where "[w]here EHR systems are subject to other Union legislation in respect of aspects not covered by this Regulation, which also requires an EU declaration of conformity by the manufacturer…, a single EU declaration of conformity shall be drawn up in respect of all Union acts applicable to the EHR system."

Although the EHDS requires EU Member States to take appropriate measures to ensure that the respective conformity assessment is carried out as a joint or coordinated procedure in order to limit the administrative burden on manufacturers, it will be interesting to see how the EU Member States will achieve this in practice. Experience has shown that this has not worked for the (single) conformity assessments under the MDR…

1. Registration

There also seems to be some contradiction in the latest draft EHDS when it comes to registration requirements for medical devices. Article 32(3) EHDS suggests that medical devices that also qualify as EHR systems or claim interoperability with EHR systems need to be registered in the new "EU database for registration of EHR systems and wellness applications" in addition to registration under medical devices rules (i.e., registered with EUDAMED). However, Recital 36 EHDS conflicts and implies that new registration obligations apply only to "EHR systems and wellness applications, which are not falling within the scope of Regulations (EU) 2017/745 and […] [AI act COM/2021/206 final]…" For medical devices "the registration should be maintained under the existing databases…"

Since the EU appears to be facing significant challenges with larger IT projects like EU-wide databases (e.g., EUDAMED, CTIS), it in any event remains to be seen whether the new EU database for registration of EHR systems and wellness applications under the EHDS will be functional in time to support implementation of the EHDS.

2: Secondary use

The EHDS sets out a long list of covered electronic health data that should be made available for secondary use under the EHDS. It includes, among others, data from wellness applications and health data from medical devices. Note that this chapter of the EHDS is not limited to wellness applications and medical devices that claim interoperability with EHRs; it seems to apply to all wellness applications and medical devices. Data holders (see our blog here for more) of data generated by wellness applications and devices will have to share this data upon request from an HDAB.

Note, however, that Member States are apparently allowed to introduce stricter safeguards (for example an opt-in consent) for the re-use of health data from wellness applications under the EHDS, but not for health data from the EHR system they can interoperate with or from health data from medical devices. This makes little sense, and it will be interesting to see what safeguards (if any) Member States introduce in practice.

We will keep you posted about any further developments.

Public link

Please use the above public link if you want to share this noodl on another website.