E-health refers to the application of information and communication technologies to the healthcare sector. From the management of the electronic patient or staff data, to the use of telesurveillance, telesurgery, teleexpertise, teleconsultations, to long distance learning by personnel members, e-health manifests itself through a wide range of products and services within the hospital context. But what about the legal implications of such applications?
e-Health applications are often governed by regulations on the right to respect for private life and on the processing of personal data. But in order to ensure the sound management of a hospital there are many other conditions and regulations to be adhered to, depending on the angle and approach of analysis.
Information management is key when it comes to the use of ICT. In this regard, it is necessary to highlight that regulations concerning processing of personal data are largely harmonised within the EU. To summarise, these regulations require to identify the purposes pursued by the data controller - in this case, the hospital (medical or nursing management, scientific research, healthcare quality control, reimbursement of healthcare costs, etc.), the different actors involved in the collection/management of the data (the data controller and the processor, the data subject, the personal data protection official, etc.), as well as the rights and responsibilities - awarded by law - in terms of general conditions of lawfulness, the data subject’s rights (i.e. the patient or staff members), of notification, security, and confidentiality.
As well as the processing of personal data, intellectual rights (rights of the author, copyrights, and trademarks) must not be forgotten. An example of this would be the creation and use of software and databases.
Whether they are designed as "autonomous" (meaning through a wireless network of telecommunications allowing easy communication among practitioners) or in interaction with other pre-existing hospital equipment (such as a connection through a wireless system to a EEG device), e-health products must comply with general regulations for products and equipment as well as specific regulations for medical devices.
Management and the Free Delivery of Services Within the EU
The use of ICT is likely to influence the conditions in which hospital activities are exerted. When the hospital offers remote services, questions are raised concerning conditions for the promotion and delivery of these services. Most notably in terms of information society services, of quality criteria for healthcare websites, of professional qualifications for health practitioners, of unfair trade practices, of misleading publicity, of online contracts, of electronic signatures, and of the online promotion and selling of drugs. This also raises questions regarding conditions for creating electronic communication networks in healthcare. In this respect, discussions remain underway on the usage of bandwidth for telemedicine applications within the framework of universal service.
Similarly, if the hospital uses services offered by external providers, a set of conditions must be developed in order to appeal to these providers. This is particularly relevant concerning the recognition of their professional qualification if they do not fall within the same jurisdiction. In this regard, it is necessary to remember that, as a rule, within the
European Union, online medical services can be offered from any member state and these services are subject to the law of the state of origin, except when receiving states perceive them to be duly justified special cases (such as cases that affect public health).
The question of liability for damages caused by the use of ICT is a recurrent one, even if some underestimate it. Any hospital intending to use ICT in its day-to-day performances cannot dis regard this question. At European level, there are two legal instruments that partially address this issue. Firstly, there is legislation on the processing of personal data, which sanctions the right of the data subject to hold the data controller liable for any illicit processing or of any action incompatible with the applicable national law. Secondly, there is the legislation on the liability for defective products.
As for the rest, it is necessary to interpret the law as it applies to each individual case, if need be according to private international law for international cases. What must be remembered is that there is a series of legal instruments in place at European level that can prove to be useful in matters of jurisdiction, of applicable law (be they of contractual or noncontractual obligations), of serving, of recognition and execution of judicial decisions.
The relationship between a hospital's activities and competition law gives rise to questions of particular sensitivity. Among these the primary concern is the very idea of applying competition rules to the healthcare sector. If competition laws are found to be applicable, it is then necessary to look into questions relating to inter-hospital agreements, concerted practices and abuses of dominant positions, without forgetting those related to state aid and interhospital mergers.
The legal aspects of e-health in hospitals are not limited to matters of right to respect for private life or to regulations on the processing of personal data. They are also pertaining to equipment laws, laws regarding services, as well to hospital liability laws and competition rules. A great portion of these rules and regulations are not specific to the hospital sector or to healthcare. It is not however, always possible to avoid the examination of their value when using ICT in a hospital concerned with the sound management of its activities.
Jean Herveg, Member of the bar of Brussels,
Research Centre on IT and Law, Belgium
For more information, please contact:
C. VAN DOSSELAERE, J. HERVEG, D. SILBER, P. WILSON, Legal
and regulatory aspects of eHealth - Putting eHealth in its European
Legal Context, Brussels European Commission, Directorate
General « Information Society and Media », March 2008.