This article was published in BLM's Healthcare Trends Emerging Risks update. To see the full edition, please click here.
Smartphones are increasingly integral to our lives. According to research, students spend between 9 and 10 hours a day “engaged” with their mobile device managing banking, fitness regime and retail, in addition to their communication. The growth of mHealth applications reflects this trend, providing information on treatment options, tips on managing illness, and helping to monitor conditions from high blood pressure to diabetes. Meanwhile the Consumer Rights Act 2015, effective from 1 October this year, has newly established the legal status of digital content and the rights and remedies of consumers.
It is estimated that by next year, 500 million people will be using healthcare apps and healthcare professionals expect to monitor the provision of treatment increasingly via apps. While the opportunities to administer treatment more efficiently are clear, the risks in a fast-evolving, lucrative healthcare market are also apparent. Pfizer had to recall a rheumatology calculator app because it generated inaccurate values for markers of disease activity, while an app for diagnosing skin cancer was found to be unreliable.
Insurers have seen recent examples of healthcare technology expose supply chain risks and lack of clarity in a regulatory regime struggling to keep check with an industry which has seen a growth in turnover reaching £17.6bn in 2013. What is the current regulatory and liability framework for the mHealth sector?
Regulators focus on the intended purpose of the app and adopt a risk-based approach. Under the Medical Device Directive 93/42/EEC (MDD) the regulation of medical devices is undertaken in the UK by the Medicines and Healthcare products Regulatory Agency (MHRA) which produced guidance on medical device standalone software (including apps) in March this year.
Under the MDD, which itself is in the process of review, software that has a medical purpose could be a medical device. A medical device as defined in the MDD includes “software… intended by the manufacturer to be used for human beings for the purpose of: diagnosis, prevention, monitoring, treatment or alleviation of disease… alleviation of or compensation for an injury or handicap, investigation, replacement or modification of the anatomy or of a physiological process, control of conception…”
The MHRA has helpfully identified words and phrases used in marketing literature which may contribute to a determination as to whether the app is indeed a medical device. Where an app provides decision support or decision making software which applies some form of automated reasoning, such as calculations or symptom tracking, such software is very likely to meet the definition of a medical device and therefore be regulated by the MHRA. It would therefore have to undergo a conformity assessment ensuring the product meets the relevant essential requirements for its classification as a device.
The MHRA encourage a system of registration/activation to enable manufacturers to trace devices in the event of a recall and also identifies the responsibilities upon UK suppliers/app stores where any problems or risks with the use of devices may be identified.
Any user of apps will be familiar with accepting the terms of a lengthy contract or licensing agreement imposed by the provider. Where a fault emerges in a healthcare app, the potential risks of injury are clear.
The Consumer Rights Act 2015 introduces a new category of sales contract, namely contracts between a trader and consumer in relation to “digital content” which may include software and mobile phone apps. The Act provides implied terms to such contracts that the digital content must be of satisfactory quality, fit for a particular purpose and as described, thus providing potential remedies for consumers which had previously applied to the sales of goods. Hence a consumer may pursue remedies where there have been breaches of the implied terms including, potentially, damages for personal injury where the digital content is not of satisfactory quality and has caused loss.
The right of redress under the Consumer Protection Act 1987 is uncertain. While the CPA covers any goods or electricity, the definition arguably does not apply to software downloaded by a consumer where no physical property has passed. There may however be a good argument for a claim in negligence where the manufacturer arguably has a duty of care to the ultimate consumer. There may also be duties upon the supplier of apps where a potential defect has been identified but no action is taken following the recommendations contained in the guidelines issued by the MHRA.
Insurers tempted to provide cover for any potential liabilities in the mHealth arena should have a clear appreciation of the risks and regulatory regime in addition to the licensing and supply chain involved and have appropriately worded exclusion clauses. mHealth apps are evolving rapidly and regulators in the UK, EU and USA are responding to the challenges of protecting consumers as healthcare moves away from traditional monitoring and treatment.