Digital health apps and telemedicine in the Netherlands

The relevant legislation is the “Wet medischehulpmiddelen (“Wmh”)”, or in English, the Medical Device Act and the “Besluit medische hulpmiddelen” or in English, the Medical Device Decree, and the Medical Device Regulation (EU) 2017/745 (MDR).

The Wmh refers  the definition of a medical device to the MDR. Based on article 2.1 MDR, a medical device means: any instrument, apparatus, appliance, software, implant, reagent, material or other article intended by the manufacturer to be used, alone or in combination, for human beings for one or more of the following specific medical purposes:

• Diagnosis, prevention, monitoring, prediction, prognosis, treatment or alleviation of disease;
• Diagnosis, monitoring, treatment, alleviation of, or compensation for, an injury or disability;
• Investigation, replacement or modification of the anatomy or of a physiological or pathological process or state; and
• Providing information by means of in vitro examination of specimens derived from the human body, including organ, blood and tissue donations,

and which does not achieve its principal intended action by pharmacological, immunological or metabolic means, in or on the human body, but which may be assisted in its function by such means.

The following products shall also be deemed to be medical devices:

• Devices for the control or support of conception;

Products specifically intended for the cleaning, disinfection or sterilization of devices as referred to in Article 1(4) and of those referred to in the first paragraph of this point. If the software within digital health apps are used for the purpose of any of the above purposes, then the software itself is considered a medical device.

Dutch law does not distinguish a medical device from any other product with regard to liability, so if the software is considered a medical device, liability can attach as it would with any other product. The applicable rules can be found in book 6 of the Dutch Civil Code; specifically, the chapters on contractual liability (6:74 and further), non-contractual liability (6:162 and further) and product liability (6:185 and further).

No specific exclusions or exemptions are made by Dutch law with regard to liability of medical devices. Parties can contractually agree on specific clauses to limit or extend liability.

Yes, other legal regimes that need to be taken into consideration are the rules on data privacy: General Data Protection Regulation (EU) 2016/679 and relevant guidelines, e.g., the NEN 7510 on information security in healthcare, NEN 7512 on secure data exchange in healthcare and the NEN 7513 concerning the logging of actions in electronic patient records.

Also relevant are the aspects of patient rights in case the medical device is used to perform a medical treatment agreement: article 7:446 Dutch Civil Code and further, and the additional provisions for Processing personal data in healthcare Act, or in Dutch “Wet aanvullende bepalingen verwerking persoonsgegevens in de zorg.”

The patient is the “protected” party in national legislation, the patient rights he or she derives from Dutch law(s) “follow” the patient across the border. Therefore, it does not matter if the resident uses it within or outside their jurisdiction. This could differ with respect to (the processing of) the data privacy-rights if the resident goes outside the borders of the European Union. 

Data privacy-rules are intended to protect the personal data and privacy of an individual, the end user, so it is very important in B2C-scenarios. Nonetheless, businesses have to comply with data protection regulation in B2B-scenarios.

The same goes for patient rights – the regulations are in place in order to regulate the rights and obligations in case of a medical treatment agreement with a patient, but businesses also have to comply with the applicable regulations in a B2C relationship.

No, the general (data privacy) rules apply. 

The basic principle in Dutch law is that the physician is liable for the device he or she use if the device turns out to be unfit to perform the task. This rule is codified in article 6:77 Dutch Civil Code. The article also nuances the rule by adding that liability for auxiliary equipment is not attributed to the debtor (physician) if this would be unreasonable in view of the content and necessary implication of the juridical act from which the obligation arises, the generally accepted principles (common opinion), and other circumstances of the situation. 

The liability is transferred to the producer of the software if the damage is caused by a defect (safety defect) in the product. A product is defective when it does not provide the safety which a person is entitled to expect, taking all circumstances into account, especially the presentation of the product, the use that could reasonably be expected to be made of the product, and the time when the product was put into circulation on the market. The producer’s liability is limited to damage caused by death or personal injuries and damage caused by the defective product to another asset of a type which is ordinarily intended for private use or consumption (with a threshold of €500). Product liability is included in article 6:185-193 Dutch Civil Code. 

Medical Device Act

The Health and Youth Care Inspectorate (Inspectie Gezondheidszorg en Jeugd (“IGJ”)) is the authority that acts on behalf of the Minister. The Minister is authorized to impose an administrative fine up to €1,030,000 for violations of (a number of provisions of) the Medical Device Act. The violation of a number of specific provisions can even constitute an economic offense, punishable with one year in custody or a fine. Lastly, it is forbidden to recommend an object as a medical device, while you know or should reasonably suspect that the advertised suitability is lacking. This could lead to criminal prosecution.

General Data Protection Regulation

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens ("AP)") supervises processing of personal data in order to ensure compliance with laws that regulate the use of personal data. According to the Dutch Implementation Act of the GDPR, the Dutch AP is authorized in the event of a violation of the Regulation to impose an administrative fine of up to €20,000,000 (or up to €10,000,000, depending on the breach) or, for a business entity, up to 4% (or up to 2%, depending on the breach) of the total worldwide annual turnover in the previous financial year if this amount is higher. How the fine is calculated is set out in the Fining Guidelines of the European Data Protection Board ("EDPB").

In case of an infringement of the rights regulated by this regulation, the person who has suffered material or non-material damage shall have the right to receive compensation. Any controller involved in processing of the personal data shall be liable for the damage.

Rights and obligations medical treatment agreement

The IGJ, part of the Ministry of Health Welfare and Sport, has the role to supervise healthcare in the Netherlands and the market for medicines and medical devices. The IGJ ensures that actors on these markets comply with the relevant legal and regulatory standards. The IGJ has a number of instruments to enforce the regulation, such as an instruction, administrative fine, administrative coercion, injunction, order to immediately abstain from professional activities, to put under supervision or file a disciplinary complaint. More specific for medical devices (using software) the IGJ could also order to withdraw the product from the market.

The National Institute for Public Health and the Environment (RIVM), Nivel and the National eHealth Living Lab (NeLL), are working together on the Digital Healthcare Monitor 2024-2027 (formerly the E-health Monitor). Each year, this monitor provides insight into the use of digital healthcare and the experiences of healthcare users and providers. The Digital Healthcare Monitor is being carried out on behalf of the Ministry of Health, Welfare and Sport. The Ministry wants to know if healthcare is becoming more digital and what effects this has on patients and healthcare providers.

In the Netherlands, a few category of medical professionals like doctors, dentists and midwives, are able to register in the Dutch individual healthcare professions-register (“BIG-register”), which is a registration that is only open to certain categories of healthcare professionals if they have completed the right education. The BIG register provides clarity about the healthcare professional's qualification and entitlement to practise. With a BIG registration, the healthcare professional may use the legally protected title belonging to the profession. Furthermore, a BIG registration allows to perform certain restricted actions (voorbehouden handelingen), such as operating, injecting, sedating, prescribing medicine or other acts which present unacceptable risks to the health of the patient if carried out by untrained persons. 

The basic principle under the Individual Healthcare Professions Act (Wet op de Beroepen in de Individuele Gezondheidszorg or Wet BIG) is that everyone is allowed to act in the field of individual healthcare, with the exception of the performance of “reserved acts.” Only BIG-registered professionals are allowed to perform these.

The regulator authority that supervises the BIG-registrations and compliance of the BIG-registered professionals with the Individual Healthcare Professions Act is the IGJ. 

Medical treatment agreement (Wet geneeskundigen behandelingsovereenkomst), Individual Healthcare Professions Act (Wet BIG), Medicines Act (Geneesmiddelenwet), Healthcare Quality, Complaints and Disputes Act (Wet kwaliteit, klachten en geschillen zorg), relevant guidelines on telemedicine and with respect to the processing of personal data, the General Data Protection Regulation. 

The competence of a healthcare provider will be assessed against the criteria of a “good caregiver”. This means that in providing medical services, the healthcare provider must observe the standards of a prudent caregiver and, in doing so, has to act in conformity with the responsibilities laid upon him/her by the professional standard for healthcare providers. The professional standard is set by industry protocols and self-regulation and should comply with the latest developments in the medical field. The use of telemedicine will constitute a medical treatment agreement. A patient can only enter into a medical treatment agreement for himself/herself from the age of sixteen. An important limitation for teleconsultation in the Netherlands is that Dutch legislation prohibits a medical doctor to prescribe medicinal products to a patient whom he or she has never physically met. However, in specific circumstances, remote prescribing is temporarily tolerated by the Minister of VWS.  In April 2023, a Dutch decree regarding online prescribing of medicine was published. The decree is in principle a formal statement from the Dutch minister that, as an exception to the ban on online prescribing as stated in Article 67 of the Dutch Medicines Act, online prescribing will be tolerated if the following two conditions are met: 

• A physical consultation or examination to determine whether to prescribe a medicine (or which medicine to prescribe) is not necessary; and
• The prescriber has the patient's updated medication history and consults this medication history as is necessary.

The standards of care do not specifically change in the context of using telemedicine, but some aspects may need more attention. For example, a physician needs to assess whether telemedicine is the right medium to use, whether he or she is comfortable to do the assessment remotely and whether or not the situation requires that the physician see the patient in person.

A physician must provide good care and has a professional responsibility to assess if telemedicine is the correct or a suitable tool to use in the specific situation. In the Netherlands, there are no specific legal requirements for physicians to give any disclaimers, but the physician does have a general information-obligation as set out in the Dutch Civil Code.  This means that the physician must inform the patient  about the limitations of the telemedicine services and has to refer the patient to a real life consultation when telemedicine is not the appropriate medium to provide good care. The duty to inform forms an essential part of obtaining informed consent.

No, the use of telemedicine does not specifically increase the risk of liability The general liability risks are the same as in traditional doctor-patient treatment relations. The healthcare provider has the responsibility to remotely practice medicine in a way that ensures quality and safety of care.

The Royal Dutch Medical Association (Koninklijke Nederlandse Maatschappij tot bevordering der Geneeskunst/ KNMG) has published a leading set of guidelines on remotely practising medicine.  According to these guidelines, providing patient-oriented advice via telemedicine is only permitted if the following cumulative conditions are met by the physician:

• The physician has informed the patient in a sufficient way about the videoconference intervention;
• The physician has received relevant and reliable medical data from the patient;
• The applicable professional standard is taken into account;
• The identity of the patient had been sufficiently established and the physician must identify him-/herself to the patient;
• The physician clearly indicates that the online advice is based on the data presented by the patient and the available medical file;
• If the healthcare professional is not the patient's regular physician, he or she informs the patient's own physician (e.g., general practitioner) about the medical advice given to the patient.

Complying with these standards lowers the risks of liability for the physician.

Yes, there are restrictions on prescribing medicine through telemedicine.  Article 67 of the Dutch Medicines Act (Geneesmiddelenwet) prohibits a medical doctor to prescribe medicinal products to a patient whom he or she has never met. In April 2023, a Dutch Degree regarding online prescribing of medicine was published.  The Degree is in principle a formal statement from the Dutch minister that outlines that violations of the ban on online prescribing as stated in article 67 of the Dutch Medicines Act will be permitted if two conditions are met:

• A physical consultation or examination to determine whether to prescribe a medicine occurs and, if so, the prescription of such medicine is not necessary; and
• The prescriber has the patient's updated medication history and consults this medication history as is necessary. 

Yes, if a telemedicine service is used in the performance of or as a substitute to a “normal” reimbursable act, the telemedicine service would be reimbursed under the same conditions. Telemedicine can be an alternative for a “regular” or physical service. For example, a consultation with a doctor will be reimbursed both in person and via telemedicine.

No, there are no special provisions on the reimbursement of the costs regarding the use of digital health or telemedicine. In general, if the telemedicine performs an activity that would be eligible for compensation according to the “normal” rules, it will be reimbursed without any special requirements. However, healthcare insurers can impose additional requirements for reimbursement.

If the activity the app is used for will be reimbursed by the healthcare insurer because the activity is covered by the national basic health insurance (“basisverzekering”), the cost of the app will be covered by the national healthcare system. The app will have to be funded from the amount you receive as reimbursement for the specific activity from the healthcare insurer, as the app is part of the fulfilment of the activity and not an independent ground for compensation. 

The General Data Protection Regulation applies as well as the Processing personal data in healthcare Act, or in Dutch “Wet aanvullende bepalingen verwerking persoonsgegevens in de zorg.” The Processing personal data in healthcare Act includes safeguards for clients/patients in electronic data exchange. 

The Dutch government promotes the use of e-health and telemedicine as part of its broader strategy to improve accessibility, efficiency and sustainability in healthcare. While there is no specific new telemedicine legislation pending, there are ongoing legal and industry developments that support and regulate digital healthcare.