Digital health apps and telemedicine in Hong Kong

As a starting point, there is no specific ordinance/regulation that applies to digital health apps.

1.1 Is it considered a “medical device” or a “product” to which liability can attach, and if so, under what regulations?

Up to date, no digital health app in Hong Kong is classified as a medical device in Hong Kong. 

Whether a digital health app may be considered a medical device depends on its intended use and function etc. The Medical Device Division of the Hong Kong Department of Health defines a medical device as “any instrument, apparatus, appliance, material or other article, excluding drugs, used for human beings for diagnosis, prevention, treatment, monitoring of disease or injuries; or for rehabilitation purposes; or for the purposes of investigation, replacement or modification of body structure or function”.

1.2 If your response to Q1.1 is yes, please state whether there are any exclusions/exemptions applicable with regard to liability, and/or whether those are applicable only under certain circumstances (e.g., for in-hospital use)?

No – as mentioned above, it is not a regulated product under any ordinance/regulation.

The Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO") is a comprehensive set of laws that is technology-neutral and provides a set of Data Protection Principles (“DPPs”) outlining how data users should collect, handle and use personal data.

Depending on the nature and characteristics of the apps, it may also be regulated by other legislation such as the Pharmacy and Poisons Ordinance (Cap. 138) or the Telecommunications Ordinance (Cap. 106).

It does not matter under either case.

The PDPO will be engaged regardless of whether the users are residents using the digital health app/software within and/or outside of their jurisdiction as long as the activities fall within the scope stated in question 2 above.

The PDPO is applicable to both the private and the public sectors.  As such, B2B and B2C digital health apps/software must comply with the PDPO.

No.  None of these features will give rise to any additional consent requirement or regulatory approval beyond the general regulatory regime of the PDPO. 

No. 

The Ethical Guidelines on Practice of Telemedicine provide that a doctor who substitutes telemedicine for traditional modes of delivery of medical care remain fully responsible for meeting all legal and ethical requirements and must exercise due diligence when practising telemedicine, and the standards of care that protect patients during face-to-face medical consultations apply equally to telemedicine.

Failure to comply with applicable data privacy laws and regulations may expose an operator of a software digital health app (if it is a data user in the context) to criminal penalties as well as civil liability for damages to concerned or affected data subjects.  Criminal penalties include imprisonment and/or fines. 

Although a contravention of the DPPs does not constitute an offence in itself, the Privacy Commissioner for Personal Data, Hong Kong may serve an enforcement notice on a data user for contravention of the DPPs.  A data user who contravenes an enforcement notice commits an offence and is liable on first conviction for a fine of up to HK$50,000, a daily penalty of HK$1,000 and imprisonment for a maximum of two years.  On a second or subsequent conviction, a fine of up to HK$100,000, a daily penalty of HK$2,000 and imprisonment for a maximum of two years.

The Legislative Council has previously discussed the introduction of a regulatory framework and guidelines on the applications of technology in the healthcare sector, but no anticipated time frame has been put forward.

Medical practitioners are regulated by the Medical Council of Hong Kong (“Medical Council”).

There is currently no legislation or regulation governing telemedicine. However, the Medical Council has issued an Ethical Guidelines on Practice of Telemedicine (“Guidelines”) which are generally applicable to telemedicine services.

Please see our answer to question 9 above.

The Guidelines provide general guidance and recommendations on the use of telemedicine and contravention of such may render medical practitioners liable to disciplinary proceedings.  Although the Guidelines do not set mandatory pre-requisites in relation to when telemedicine can be used, it sets out various general principles which medical practitioners should follow.

Medical practitioners and stakeholders should note that the Guidelines are not exhaustive, are subject to periodic review and/or revisions.

No, the standards of care that protect patients during face-to-face medical consultations apply equally to telemedicine.

Generally, no.

However, before prescribing any medicine for the first time to a patient, the Guidelines recommend that the medical practitioner have an in-person consultation with the patient first.

Further, medical practitioners must consider various factors before prescribing any type of medicine.  The considerations include, but are not limited to:

1. Whether the medical practitioner has adequate knowledge of the patient’s health and is satisfied that the medicine serves the patient’s needs;
2. The limitations of the medium through which the doctor communicates with the patient;
3. The need for physical examination or other assessments; and
4. Whether he has access to the patient’s medical records.

N/A

No, the PDPO applies generally.  Please see the answers to questions 2 and 3 above.

The Legislative Council has previously discussed the introduction of a regulatory framework and guidelines on the applications of technology in the healthcare sector, but no anticipated time frame has been put forward.