Table 3.
Overview of the identified legal barriers and facilitators.
| Topic | ||
|---|---|---|
| Barriers | Facilitators | |
| Safe and Secure Data Management (n = 23 studies) | Challenges in ensuring and maintaining data confidentiality (42, 45–47, 59, 63) | Establish robust security measures against data breaches (36, 37, 39, 45–48, 59, 60, 62, 63, 65) |
| Threat of cyber-attacks (46, 47, 60, 63) | Employ advanced technologies for secure data storage and transmission (46, 60, 61, 63, 70) | |
| Challenges in ensuring safe storage and transmission of patient data (46, 57, 60) | Perform impact and risks assessments (40, 45, 47, 48, 55, 65) | |
| Difficulty in balancing competing interests in medical device regulation (44) | Ensuring privacy-preserving data sharing (36, 46, 70) | |
| Difficulty in balancing patient safety with advancements in healthcare (30) | Ensure health technology complies with data security and privacy regulations (47, 67) | |
| Exceptionalism imposing unrealistic AI standards, impeding adoption (56) | Empower patients as data owners (38, 47) | |
| Ensure a balance between data security and data liquidity promotion (40) | ||
| Implementation and Compliance with regulations (n = 21 studies) | Complex interpretation of legislative regulations hinders compliance (41, 42, 48, 57, 59, 67) | Provide a clear and understandable regulatory framework (42, 48, 49, 51, 57, 58, 60, 61, 65, 66) |
| Stringent regulations impose restrictions in innovations (42, 44, 58) | Regularly assess and adapt governance structure and procedures to evolving developments (65) | |
| Current regulatory frameworks lack adaptability for various device types and operating techniques (44, 52, 56) | ||
| Data governance arrangements differ depending on the purpose of data (45, 59) | ||
| Although regulations for eHealth are fragmented across the EU, disparities exist between countries (47) | ||
| Diverse technology classifications require distinct regulatory strategies (48) | ||
| Ensuring compliance with the MDR's requirement to maintain device performance when used in combination with other technologies poses difficulties (48) | ||
| A regulatory framework for product connectivity remains unaddressed by the MDR (48) | ||
| Legislation lacks clarity on defining, developing, assessing, and managing risks in device component combinations (48) | ||
| Managing a substantial volume of sensitive information leads to regulatory compliance challenges (56) | ||
| Data protection regulations limit access to patient-level databases (56) | ||
| Risk and impact assessments cause planning delays (55) | ||
| Policy making and governance (n = 7 studies) | Insufficient political commitment hinders effective policymaking and governance (70) | Develop data governance and ethical frameworks that promote data sharing (40, 45) |
| Difficulty in balancing stringent regulations with inadequate oversight poses challenges in critical health sectors (44) | Promote awareness and political commitment (70) | |
| Incorporate provides perspectives alongside regulatory considerations in frameworks (53) | ||
| Consider GDPR for crafting targeted legislation on data protection and interoperability (68) | ||
| Establish a method for market entry approval (58) | ||
| Include standardized catalog, indicator types, and accepted methods in evaluation procedures (53) | ||
| Conduct a “risk assessment” of the regulations (44) | ||
| Conduct a “conformity assessment” of the regulation by an independent entity (44) | ||
| Implement post market surveillance to evaluate regulation performance (44) | ||
| Perform Root Cause Analyses of problems that occur during the implementation of regulations (44) | ||