Table 2.
The Legal Challenges in Digital Health (LCDH) Framework for exploring a prospective health promoting digital service’s relationship to valid regulations.
| # | Concept | Definition | Question | The following is valid for “yes” | The following is valid for “no” | Regulation |
| 1 | Medical device | A product is a medical device if it has a medical purpose as to: - Prove, prevent, monitor, treat, or mitigate a disease. - Prove, monitor, treat, mitigate, or compensate an injury or disability. - Examine, change, or replace anatomy or a physiological process. - Control fertilization. |
Is the product a medical device? | The manufacturer must handle security aspects. Medical Products Agency is responsible for supervision of products and manufacturers. Inspection Authority for Health Care audits healthcare usage. Proceed to No. 2. |
The manufacturer cannot claim anything, which is covered by the definition of a medical device, for example, that the product may mitigate a disease. Proceed to No. 2. |
The law of medical devices (SFSa1993:584). Council Directive 93/42/EECbconcerning medical devices. |
| 2 | eHealth | An eHealth service has a purpose to: - Mediate health service or information and interaction between health care and an individual. - Mediate information exchange between patients and health care professionals, hospitals, and other professionals within health care and networks for health information and telemedicine. - Use ICTcto improve the preventive work, diagnoses, health care, monitoring, or administration. |
Is the product an eHealth service? | Proceed to No. 4. | Proceed to No. 3. | The Health Care Act (SFS 1982:763). |
| 3 | Medical responsibility | Usually referred to health professionals' medical professional liability in the care and treatment of a patient and the medical responsibility in a comprehensive organizational plan. | Is the service recommended/supplied by the health care? The health care recommends a service if they encourage or call for usage. It is not enough to only inform that the service is available. |
The health care vouches for the safety and security of the technology and that the risk of care damage is low. The service is examined and evaluated by a number of criteria. Proceed to No. 4. |
The health care has no responsibility. Proceed to No. 5. |
The Health Care Act (SFS 1982:763). |
| 4 | Care damage | A damage that could have been avoided if adequate arrangements were taken in contact with health care. If medical device or eHealth service: The risk of care damage is determined by the level of care, the vulnerability of the target group, and how the usage is being monitored or followed up by the health care. |
Is there any risk of care damage? | If the service provides monitoring/data logs that register threshold values or personal controls to prevent care damage, the responsibility of the health care is restricted. If no monitoring, the health care is responsible for preventing formation of care damage. Proceed to No. 5. |
The healthcare has no responsibility. Proceed to No. 5. |
Patient Safety Act (SFS 2010:659). |
| 5 | Personal data | Definition personal data: All information that can directly or indirectly be assigned to a physical person who is alive. Definition handling of personal data: Every action or series of actions taken regarding personal data (automatically or not). For example, collection, registration, usage, storage, organization, processing, and distribution. |
Are personal data handled? | Proceed to No. 6. | To completely stay out of Privacy Act, the outcome measures of the patients must be anonymized. The health care has no responsibility. | Privacy Act (SFS 1998:204). Patient Data Act (SFS 2008:355). |
| 6 | Consent | Consent is defined as any freely given specific and unambiguous expression by which the registered person, after receiving information, accepts handling of personal data relating to him or her. | Does the service lack user agreement? An agreement in which the purpose with the service, privacy, terms of use, responsibilities, and similar are regulated. |
The responsibility of the health care should be investigated/examined. | A responsibility agreement signed by adult or parent/advocate may disclaim the health care from responsibility. | Privacy Act (SFS 1998:204). |
aSFS: Swedish Code of Statutes
bEEC: European Economic Community
cICT: information and communications technology