Digital health researcher Lorena Macnaughtan explores the global regulatory trends in digital health—and the impact upon innovation and progress.

“It is impossible to predict the future, and all attempts to do so in any detail appear ludicrous within a very few years." Sir Arthur Charles Clarke.

Too little, too late—or too much, too soon?

It’s a good question for Digital Health, particularly mHealth—in terms of the significant challenges that are posed—including those for regulators.

Whilst the European Union (EU) and the US have made attempts to regulate some aspects of Digital Health, other countries seem to either mimic them (India and China for instance), or not have any regulations at all.

Although there is a directive (2012) for the use of standalone software in healthcare, the EU appears to lag behind the US in mHealth regulatory initiatives and this raises some anxiety in the market:

“I think the EC understands the need for guidance in this space, but I am not sure it understands the urgency” (Pinsent Mason’s Helen Austin in eHealth Law & Policy 2014).

In April 2014, the EU launched a public consultation on mHealth justified by the acknowledgment that mHealth causes deep challenges to the provision of healthcare.

In the US, the Food and Drug Administration (FDA) got involved early with mHealth, in 2011, and then again in 2013. In 2014, the FDA jumped in once more—along with two other agencies—to produce the FDASIA report. This time, the dynamic was different, with a relative and uncertain step back from the FDA and a potential step forward from other agencies—perhaps the Office of the National Coordinator for Health Information Technology (ONC) and the Federal Communications Commission (FCC).

A comparison use case study of the US and EU regulatory processes for mHealth apps is offered by Papadopoulos et al. (2013).

Why worry?

Regulations and industry standards alike are the rules of the game for a market, because they make it predictable for its participants. Digital Health is a space where three industries collide: healthcare, medical devices and consumer digital technologies. The state is a powerful actor and not easily engaged in change. Given that it so deeply penetrates healthcare and medical devices arenas, Digital Health producers want to know how much it will extend its influence over them.

Regulators’ tendency to overreach in healthcare manifests often through the iron cage of reimbursement, “the most pervasive and powerful regulatory mechanism ever devised” (Christensen et al. 2009). 

Similarly, medical devices are subject to time consuming and very expensive regulatory and certification processes. Moreover, in some countries, these are topped up by other endeavours to produce evidence for economic or clinical benefits in order to access the healthcare distribution channels. This traps healthcare “in the expertise-intensive world of high costs” (ibid.).

And here we have the digital technology field, where “operations are emergent and fluid, goods and services are intangible and informational, authority is distributed and diverse, and accountability is multiple and shifting” (Orlikowski 2010). The regulators’ philosophy couldn’t be more different than that of a “region that celebrates speed, and, yes, even failure” (Tahir 2014).

Ready or not

Thus, the pressure builds in the Digital Health market.

“We are concerned that there is significant confusion in the market about what technologies may be regulated, by which agencies, and to what standards” (Sullivan 2014, fragment from a letter to the US congress).

This comes in response to the FDA’s intention to take a step back in Digital Health, whilst leaving the door open for other agencies to step in. The 58 companies requested “recommendations codified into law before the end of the current (113th) Congressional session” (Sullivan 2014), arguing that this limbo state hinders innovation. Moreover, they demanded deregulation of certain aspects of Digital Health, based on risks to patients. 

Fig. 1. Digital technology producers request a risk-based regulatory framework

If, what and when

The letter from these Digital Health companies might have come as a surprise for the regulators, as deregulation typically offers a priceless moment. So why aren’t Digital Health companies happy? Because as uncertainty deepens, the landscape becomes more complex. The FDA might step back, but other agencies (ONC and FCC) might step in and “[w]hen government is everywhere, innovators can’t go where the regulators aren’t...” (Christensen et al. 2009).

The EU regulatory framework is less restraining for Digital Health (PwC mHealth Insights 2013), but companies still demand clear guidance.

Regulators seem to have difficulties in both identifying and clarifying the basic principles in which to ground these (de)regulations. There are a few themes which return obstinately in regulatory debates: data, patient, disease and medical device.


Currently, the EU has privacy laws for all types of personal data. In the US, the Department of Health and Human Services (HHS) deals with mHealth developers regarding health data matters. In order to decide the rules of the game for personal health data, the role the patient is to play in his own health should be understood and agreed upon. “The eHealth Action Plan 2012-2020 indicated that the rise of mHealth is blurring the distinction between the traditional provision of clinical care and self-administration of care and wellbeing; and that different actors were seeking clarity on their roles and responsibilities in the value chain of mobile health” (European Commission 2014). 

Wellness and disease

Wellness is not regulated. But, “[b]y presenting exercise as a treatment for the disease of obesity, the app may have crossed the line from a wellness app to a medical app” (Strickland 2012). This serves as an example of the grey areas present in differentiating healthcare from common sense and/or education.

Fig. 2. Alternative regulatory design (with deregulation of healthcare)

Perhaps the time for (de)regulation inside healthcare itself has arrived, to let innovation tackle a wide range of problems in different, creative and—why not—cheaper ways. “Doctors and hospitals, regulators, and policy makers need to convert to this religion [...]. The fact that cost-lowering, accessibility-enhancing disruptive enablers can address only the simplest of problems at the outset is indeed a gospel of good news” (Christensen et al. 2009).

And this is how we get back to the roles of patients and their relationships to healthcare professionals. (De)regulation should allow for more professional judgment and patient preference.

Hard and soft

Regulators seem to have difficulties in making clear cuts into Digital Health. “We observed that health IT is being woven together in a very complex web of software, and it is utterly impossible to divide that into three discrete groups” (Sullivan 2014). It is a wave of hardware, software and people.

The EU guide (2012) considers that stand alone software is a medical device, based on its intended marketed use. It offers some distinctions between active/not active medical devices, standalone and expert software. Hardware medical devices are considered active and not active based on changes effected to the human body, but, paradoxically, standalone software is active in all cases. And further down, the conundrum deepens: “Not all standalone software used within healthcare can be qualified as a medical device” (ibid.). Even the decision diagram is an oxymoron, because it admits to “some guidance” (ibid.) only.

On the other hand, the FDA (2014) intends to deregulate some hardware medical devices, on the grounds that they are sufficiently understood. Whilst this is refreshing, it should be reflected in the approach for wellness and disease, patient role and, finally, reimbursement.

A kind of magic

Regulation can be positive for an emergent market, only if it does not contribute to ambiguity. Otherwise, it slows progress because it blocks innovation, scares investors and hinders the self-organising mechanisms of the market. What regulators can do is to subsidize protected spaces (Rip and Schot 2002) where stakeholders can contribute towards the understanding of technological, social and economic aspects. Only when armed with deep understanding, can regulators eventually draw lines to guide and stabilize the market.

Fig. 3. Examples of protected spaces

The EU and the US regulatory landscapes prove that neither early regulation, nor delayed action will best support emerging Digital Health.  There is perhaps an invitation for regulators to define the basic principles needed to guide coordinated (de)regulation across fields.

Additionally, regulators should accept that the ever-evolving nature of Digital Health is a good thing, because “any sufficiently advanced technology is indistinguishable from magic” (Sir Arthur Charles Clarke).

Lorena Macnaughtan is currently a PhD candidate who researches Digital Health. Through her research, she has tracked the evolution of this market and its stakeholders. Additionally, she looks at the morphing strategies employed by technology producers to respond to ever changing, often conflicting demands. Lorena has extensive industry experience in IT and Consultancy, including rollout of technology in a highly regulated context. She holds an MBA, an MA degree in Advertising and a BSc (Hons) in Psychology.

Acknowledgements: I would like to thank nuviun for giving me a voice. My PhD research is supported by the Horizon Doctoral Training Centre at the University of Nottingham (RCUK Grant No. EP/G037574/1) and by the RCUK’s Horizon Digital Economy Research Institute (RCUK Grant No. EP/G065802/1).

The nuviun blog is intended to contribute to discussion and stimulate debate on important issues in global digital health. The views are solely those of the author.