Digital health apps and telemedicine in Hungary

1.1 Is it considered a “medical device” or a “product” to which liability can attach, and if so, under what regulations?

Software within digital health apps can be considered a medical device provided that it falls under the definition of Act CLIV of 1997 on Healthcare (“Healthcare Act”). The definition of medical device in the Healthcare Act has been amended in line with Regulation (EU) 2017/745 on medical devices (“MDR”) for harmonisation purposes, and Section 3 point h) of the Healthcare Act defines medical device by reference to Article 2 point (1) of the MDR. Pursuant to Article 2 point (1) of the MDR, medical device means any instrument, apparatus, appliance, software, implant, reagent, material or other article intended by the manufacturer to be used, alone or in combination, for human beings for one or more of the following specific medical purposes:

• diagnosis, prevention, monitoring, prediction, prognosis, treatment or alleviation of disease;
• diagnosis, monitoring, treatment, alleviation of, or compensation for, an injury or disability;
• investigation, replacement or modification of the anatomy or of a physiological or pathological process or state; or
• providing information by means of in vitro examination of specimens derived from the human body, including organ, blood and tissue donations,

and which does not achieve its principal intended action by pharmacological, immunological or metabolic means, in or on the human body, but which may be assisted in its function by such means.

The detailed rules for medical devices are included in Decree 4/2009. (III. 17.) of the Minister of Health on medical devices and Decree 8/2003. (III. 13.) of the Ministry of Health, Welfare and Family on in vitro diagnostic medical devices, which have also been updated and amended in line with the MDR and Regulation (EU) 2017/746 on in vitro diagnostic medical devices (“IVDR”).

As part of the transition from the previously applicable Medical Device Directive 93/42/EEC (“MDD”) to the MDR, the old MEDDEV documents that applied under the MDD are gradually being replaced by guidance documents of the Medical Device Coordination Group (“MDCG”) established under Article 103 of the MDR. The MDCG issued a Guidance on Qualification and Classification of Software in MDR and IVDR (“ MDSW Guidance”) in 2019 (available here), which defines the criteria for the qualification of software falling within the scope of the new medical devices regulations and provides guidance on the application of classification criteria for software under MDR and IVDR. The MDSW Guidance states that a medical device software is a software that is intended to be used, alone or in combination, for a purpose specified by the above-mentioned definition of Article 2 point (2) of the MDR.

1.2 If your response to Q1.1 is yes, please state whether there are any exclusions/exemptions applicable with regard to liability, and/or whether those are applicable only under certain circumstances (e.g., for in-hospital use)?

According to Article 10 (16) of MDR and Article 10 (15) of IVDR, natural or legal persons may claim compensation for damage caused by a defective device in accordance with applicable Union and national law, therfore manufacturers shall, in a manner that is proportionate to the risk class, type of device and the size of the enterprise, implement measures to provide sufficient financial coverage in respect of their potential liability under Directive 85/374/EEC (“Product Liability Directive”), without prejudice to more protective measures under national law. Furthermore, pursuant to Article 11 (5) of MDR, where the manufacturer is not established in a Member State and has not complied with the obligations laid down in Article 10, the authorised representative shall be legally liable for defective devices on the same basis as, and jointly and severally with, the manufacturer.

The Hungarian law, however, does not set out any specific legal regime regarding the liability relating either to the software in digital health apps or to medical devices in general. So, if the software is considered a medical device, liability can attach as it would with any other product. The main applicable rules on contractual, non-contractual liability and product liability as well as the grounds for exempting therefrom can be found in Book 6 of Act V of 2013 on the Civil Code (“Civil Code”).

Besides the above-mentioned regulations, certain aspects of digital health software may also be regulated under other laws, such as:

• Regulation 2016/679(EU) on the General Data Protection Regulation (“GDPR”);
• Act XLVII of 1997 on the Processing and Protection of Health and Related Personal Data;
• Act LXXVI of 1999 on Copyright;
• Decree 60/2003. (X. 20.) of the Minister of Health, Social and Family Affairs on the minimum professional conditions required for the provision of healthcare services;
• Decree 33/2009. (X. 20.) of the Minister of Health on the clinical examination of medical devices; and
• 235/2009. (X. 20.) Government Decree on the rules for the authorization of medical research on human beings, clinical trials on investigational medicinal products for human use and clinical trials on medical devices for human use intended for clinical trials, etc.

3.1 The users are residents using it within their jurisdiction and/or using it outside their jurisdiction.

The use of software within digital health apps by residents outside their jurisdiction can invoke application of conflict of law rules which may be different in EU member states and in third countries.

3.2 It is a “B2B” (business to business) rather than “B2C” (business to end consumer) service.

Both “B2B” and “B2C” scenarios may occur. As regards to the application of data protection/ privacy laws, the material scope and the territorial scope of the GDPR shall apply. Data protection / privacy laws apply both in “B2B” and “B2C” relations, provided that the data processing is related to the data of natural persons (e.g., consumers, private entrepreneurs, contact persons of companies).

No, the Hungarian laws do not currently set out any further specific restrictions, so the general data protection rules apply.

The general liability rules applicable to healthcare service providers, including physicians, are set out in the Healthcare Act. Accordingly, the health care provider (including a healthcare worker who is providing healthcare in the healthcare worker’s own name and responsibility) is liable for the damage as well as the infringement of personal rights caused during the time care was provided within the framework of the healthcare service. The rules of the Civil Code on non-contractual liability and sanctions to infringement of personality rights shall be, mutatis mutandis, applicable to claims arising in connection with healthcare services.

As described in Q1(c), it is possible to claim compensation from the manufacturer for the damages caused by the defective devices both under the MDR and the IVDR. The liability of the producer of the software could arise under the product liability rules if the damage is caused by a defect of the product (i.e., the product does not provide the safety which may be generally expected) in accordance with applicable Hungarian law. The detailed rules of product liability are included in the Civil Code.

However, in each case, the applicable liability regime(s) shall be assessed on a case-by-case basis.

The National Institute of Pharmacy and Nutrition (Hungarian acronym: “OGYÉI”) initiates ex officio market surveillance proceedings as specified in the annual preliminary market surveillance plan, or in individual cases – for public health reasons and on other reasonable grounds, based on notifications – on a continuous basis.

According to its competences laid down in Section 15 of Act LXXXVIII of 2012 on market surveillance of products (“Market Surveillance Act”), where the OGYÉI finds that the use of the product in accordance with its intended purpose or under reasonably foreseeable conditions, its installation and maintenance a) endangers the health and safety of users, or b) does not comply with applicable Union harmonisation legislation, immediately requires the relevant economic operator¹ to take appropriate and proportionate corrective action.  Pursuant to Section 15 (4) these corrective actions may include:

• making the product fit for purpose so that it no longer poses a risk;
• prohibiting the marketing of the product;
• recalling or withdrawing the product immediately and warning the public of the risk posed;
• destroying the product or otherwise rendering it inoperable;
• placing on the product adequate, clear, easily understandable warnings (in Hungarian) of the risk posed; and
• issuing immediate and adequate warning (in Hungarian) to end-users exposed to the risk.

In addition, if, during a market surveillance inspection, OGYÉI establishes that the product does not comply with the relevant Hungarian or EU legislation, pursuant to Section 15 (9) of the Market Surveillance Act it is entitled, amongst others, to:

• order the provision of comprehensive information so that consumers or users are informed of the dangers arising from the use of the product in a timely and appropriate manner;
• restrict or prohibit the placing on the market and the advertising of the product as well as introduce accompanying measures necessary to comply with such prohibition;
• order the recall of the product or, where appropriate, organize, in cooperation with economic operators, the recall of the product from consumers or users and its destruction by taking into account environmental considerations, and monitor the implementation thereof;
• by setting a deadline, oblige the economic operator to eliminate the detected errors and deficiencies by obliging the economic operator to notify the market surveillance authority of the measures taken; and/or
• impose a fine of HUF 15.000 (~ EUR 37) – 500 million (~ EUR 1,257,000) or HUF 2 billion (~ EUR 5 million) if the infringement harms or endangers the life, physical integrity, or health of consumers or users.

These legal consequences can be imposed cumulatively.

Failure to comply with the data protection rules may result in a fine in accordance with the GDPR. The sanctions, depending on the violation, may include administrative fines up to 10 or 20 million Euros or, in the case of an undertaking, up to 2% or 4% of the annual worldwide turnover of the preceding financial year, whichever is higher.

The relevant national Hungarian legislation has recently been updated and amended to introduce harmonised rules in light of the MDR and the IVDR.

As a result, there are no proposals for future legal developments with regard to digital health apps/software.

The Hungarian Medical Chamber (Hungarian acronym: "MOK”) is a public body that maintains the official register of physicians in Hungary. Healthcare activities can only be performed by a physician who is a member of the MOK.

Certain aspects of the provision of healthcare services are further supervised by the Ministry of the Interior Affairs, OGYÉI and the National Health Insurance Fund of Hungary (Hungarian acronym: “NEAK”).

• Decree 60/2003. (X. 20.) of the Minister of Health, Social and Family Affairs on the minimum professional conditions required for the provision of healthcare services (“Decree 60/2003”);
• Decree 9/2012. (II. 28.) Ministry of National Resources on the definition of outpatient care activities to be financed by the Health Insurance Fund, the accountability conditions and rules applicable to their use, and the accounting for performance (“Financing Decree”); and
• Act LVIII of 2020 on the transitional arrangements and epidemiological preparedness in connection with the end of state of the emergency (“Transitional Regulations Act”).

10.1 What are the requirements?

Under Section 9 (7) of the Decree 60/2003, a specialised physician, or a professional healthcare worker of the given professional field, may, within his/her competence, without personal presence, by forwarding health data via information communication tools in accordance with the provisions of the act on the processing and protection of health and other related data:

• give diagnosis, propose therapy;
• provide advice, consultation;
• engage in patient management;
• refer patients to other healthcare professionals;
• provide care;
• conduct therapy and rehabilitation activities;
• prescribe medicinal product; or
• prescribe medical aid which can be ordered with electronic prescription,

if meeting the requirements of conducting the given activities prescribed by the Decree 60/2003 and provided that the activity is allowed based on the characteristics of the given care and medical professional justification. The Decree 60/2003 also prescribes the mandatory technical conditions required for telemedicine.

10.2 Were there any new (time-limited) regulation regarding the Sars-CoV-2 pandemic?

Yes:

• Government Decree 57/2021 (II. 10) on telemedicine using video technology based on facial identification during the state of emergency, which was repealed on 31. 12. 2021.
• Act LVIII of 2020 on thetransitional arrangements and epidemiological preparedness in connection with the end of state of the emergency (“Transitional Regulations Act”). The Transitional Regulations Act was adopted considering the Sars-CoV-2 pandemic and is still applicable. It contains provisions on the legal possibilities for teleconsultation in the health sector, defines the minimum service conditions, procedures for the provision of services, and the rules of financing such services from the NEAK.

11.1 Are there legal requirements for physicians to give disclaimers or other types of notices to patients (as part of the consent process) before using telemedicine? If so, please indicate these.

Section 3 (1) g) of the Decree 60/2003 requires the healthcare provider to provide the required communication device on the side of the provider as well as the necessary medical devices, a protocoland a patient information leaflet regarding telemedicine care.

If the telemedicine service is provided via the internet, under Section 3 (2b) the healthcare provider must provide broadband internet, adequate and stable data transfer, data security and virus protection.

If legislation mandates the use of a video link, the communication device provided must be adequate for video transmission too.

The clear identification of the patient is the responsibility of the healthcare provider in this case.

11.2 Does the use of telemedicine increase the risk of liability (e.g., if a physician is asked to certify someone’s fitness to engage in a particular employment and does so virtually versus an in-person consultation)?

There is no specific rule on the risk of liability. However, it is suggested for the healthcare provider to pay increased attention on the proper documentation of healthcare services provided through telemedicine. (Some activities, e.g., testing of the fitness for a job, which is subject to a health examination, may not be performed via telemedicine.)

Some new developments may have impact on future legislation - for example, according to the National eHealth Infrastructure (“EESZT”)², there is a huge potential of channelling information obtained through telemedicine solutions into the EESZT system. Therefore, it is likely that organisations will be able to upload new types of telemedicine data into the system. This type of information may also be available to providers (with the patient consent), which could, for example, significantly reduce response times. EESZT expects this service to develop further, as it will be able to send feedback or even alerts to healthcare professionals based on the preliminary evaluation of the data.

There are no specific restrictions on the type of the medicine that can be prescribed through the telemedicine. According to Section 9 (7) of the Decree 60/2003, if it is allowed based on the characteristics of the given care and medical professional justification, a specialised physician may prescribe a medicinal product or a medical aid which can be ordered with an electronic prescription.

Yes. The Financing Decree specifies the procedures the reimbursement of which can also be accounted for in the context of telemedicine care.

There are no special provisions about the reimbursement/coverage of costs regarding the use of mobile apps that can combine digital health and telemedicine.

No, general rules, amongst others, the GDPR and Act XLVII of 1997 on the Processing and Protection of Health and Related Personal Data would apply.

Although, in 2020, the explanatory memorandum of Decree 33/2020 (IX. 16.) of the Ministry for Human Capacities amending Decree 60/2003 stated that the amendment of Decree 60/2003 has only been the first element of a comprehensive telemedicine regulation, since then, there has not been any substantial progress in this topic apart from transitional provisions due to the Sars-CoV-2 pandemic. However, the initial steps have been taken in this direction, and it is expected that there will be further changes, as Hungary is committed to the digitalisation and development of the healthcare. Nevertheless, for the time being, we still have to wait for the next milestones.

¹According to Article 3(13) of the Regulation (EU) 2019/1020 on market surveillance and compliance of products, ‘economic operator’ means the manufacturer, the authorised representative, the importer, the distributor, the fulfilment service provider or any other natural or legal person who is subject to obligations in relation to the manufacture of products, making them available on the market or putting them into service in accordance with the relevant Union harmonisation legislation;

² The National eHealth Infrastructure (“EESZT”) was established with the support of the Ministry of Human Capacities. The EESZT is a communication interface using cloud-based technologies that connects health care providers (family doctor care and inpatient and outpatient services), pharmacies and the general population of all Hungary.