Digital health apps and telemedicine in Norway

The Norwegian Act relating to medical devices (law 2020-05-07-37) incorporates Regulation 2017/845 on medical devices (MDR) and Regulation 2017/746 on in vitro diagnostic medical devices (IVDR), respectively, into Norwegian law.

The legal framework for the product qualification is the MDR, and the definition of “medical device” that follows in MDR article 2, as well as the MDCG 2019-11 (Guidance on Qualification and Classification of Software in Regulation (EU) 2017/745 – MDR and Regulation (EU) 2017/746 – IVDR).

A “medical device” under the Regulation is any software (e.g., app) which, according to the manufacturer, is intended to be used, alone or in combination, on human beings for one or more specific medical purposes such as diagnosis, prevention, monitoring, prediction, prognosis, treatment or alleviation of disease. The same applies to injury or disability.  For the avoidance of doubt, the Norwegian Medicines Agency (“NOMA”) (NO: Direktoratet for medisinske produkter) decides whether a product should be considered a medical device.

In general, mere lifestyle/everyday apps (e.g., for fitness tracking, nutritional recommendations, resilience exercises, meditation training without a medical purpose) are generally not intended for therapeutic purposes.   

Yes, under the Digital Services Act (NO: digitalytelsesloven). The Act applies to all digital services in a consumer relationship, including those services where the remuneration consists of the consumer providing personal data. 

The Act incorporates Directive (EU) 2019/720.

Yes, there are some exemptions. The most relevant in this regard is that the Act does not apply to healthcare services that are prescribed or carried out by healthcare professionals.

A range of laws may apply to digital health software. The following section highlights a selection of the most relevant ones.

If the digital health software processes personal data, it must comply with the requirements set forth in the Personal Data Act (NO: personopplysningsloven), which implements the General Data Protection Regulation (GDPR) into Norwegian law.

If the software collects cookies, the collection must comply with the requirements set out in Section 3-15 of the Electronic Communications Act (NO: ekomloven). According to this provision, it is prohibited to store or access information on a user’s or end user’s communication device unless the user has been informed about the data being processed, the purpose of the processing, and who is responsible for it. Additionally, explicit consent from the user is required before such data can be collected. 

The Personal Data Act primarily applies in two scenarios:

1. when the data controller or processor is established within the EU/EEA, regardless of where the data subject is located, and
2. when the data controller or processor is outside the EU/EEA but offers goods/services to or monitors the behavior of individuals within the EU/EEA.

If a Norwegian citizen is outside the EU/EEA, and both the data controller and data processor are also located outside the EU/EEA, GDPR generally does not apply.

Section 3-15 of the Electronic Communications Act applies when cookies are used on devices located in Norway.

The Personal Data Act applies in both B2B and B2C contexts if personal data of natural persons is processed.

Section 3-15 of the Electronic Communications Act applies to all users, whether in a business or consumer context.  There is no distinction between B2B and B2C.

No, there are generally no additional requirements under Norwegian law beyond those set out in the Personal Data Act for the processing of personal data. However, if the tracking or monitoring involves sensitive personal data, this will typically require explicit consent under the Act and may entail heightened expectations regarding transparency, user awareness, and control. 

In Norway, doctors generally have a professional responsibility when using electronic solutions, including apps, in their practice. Where treatment from HCP leads to damage or injuries, the general compensation process in Norway therefore states that the patient may claim damages from a public body:  Norwegian Patient Injury Compensation (NO: Norsk Pasientskadeerstatning).

However, liability can vary depending on the situation. In general, if the app has technical errors or does not work as described, the developer of the app may be held liable for any consequences it may have for the patient.

Regarding The Act relating to Medical Devices, NOMA is the competent supervisory authority.  In the case of violations, it may impose fines, suspend or withdraw certificates.

The Norwegian Data Protection Authority (NO: Datatilsynet) is the competent supervisory authority under the Personal Data Act. In the case of violations, it may issue warnings, orders, reprimands, suspend data processing, or impose fines of up to EUR 20 million or 4% of the undertaking’s total global annual turnover.

The Consumer Authority (NO:  Forbrukertilsynet) and the Market Council (NO: Markedsrådet) supervise compliance with the Digital Services Act, while the Norwegian Communications Authority (NO:  Nkom) supervises compliance with the Electronic Communications Act.

In carrying out their supervisory duties, these authorities may request access to necessary information, conduct on-site inspections, and seize relevant documents and objects. In cases of non-compliance, they may issue orders to cease unlawful practices and impose fines or coercive measures to ensure compliance.

There are no specific legal developments currently expected with regard to digital health apps or software. However, the forthcoming AI Act may have implications for digital health solutions that involve artificial intelligence.

Norwegian physicians are regulated by the Act Relating to Health Care Personnel (NO: helsepersonelloven). Pursuant to Section 4 of the Act, health care personnel must carry out their work in a professional, diligent, sound, and responsible manner.  This entails that the individual patient must be provided with comprehensive and coordinated health and care services. The services must be sufficient, provided at the right time, and be of good quality.

Other relevant laws are the Act on Health and Care Services in the Municipalities (NO: helse- og omsorgstjenesteloven), intended to ensure good health and care services for municipal residents, and the Act on Specialized Health Care (NO: spesialisthelsetjenesteloven), which regulates health care services that are not provided at a municipal level.  

Providers of health and care services must also abide by the rules set out in the Patient and User Rights Act (NO: pasient- og brukerrettighetsloven).

The Regulation on benefits to cover expenses for examination and treatment by a doctor (NO:  forskrift om stønad til dekning av utgifter til undersøkelse og behandling hos lege) is also relevant for physicians.  For General Practitioners assigned to every citizen (NO: fastlege), rules regarding their responsibilities are also set out in the Regulation on the GP scheme in the municipalities (NO: forskrift om fastlegeordningen i kommunene).

Pursuant to the Act relating to Health Care Personnel Section 53, The Directorate of Health (NO: Helsedirektoratet) - or the person it authorises - grants authorisations, licences and specialist approval to various occupational groups in the health sector, including physicians.

The Directorate of Health implements adopted policies and perform several administrative tasks delegated by the Ministry of Health and Care Services. This includes an authority to apply and interpret several laws and regulations within the health care sector.   

Norwegian law – more specifically the Regulation on benefits to cover expenses for examination and treatment by a doctor – uses the term “e-consultation.”  E-consultations are defined as “electronic or telephonic communication between the patient and his/her GP…”.  This includes patients using telephone, electronic written communication, and video conferencing.

Offering e-consultations is not mandatory, and each physician may decide whether or not to do so.  In Norway, however, it is generally desirable to have legislation that is technology-neutral and allows for cost-effective and user-friendly solutions, and e-consultations are encouraged.  At the same time, e-consultations can increase the risk of missed diagnoses or failure to detect symptoms about which the patient is unaware.  Physicians are encouraged to take this into account.

The laws that apply to physicians therefore generally also apply to their e-consultations.  The use of e-consultations therefore does not change fundamental treatment responsibilities, such as the requirement of sound treatment found in Section 4 of the Act relating to Health Care Personnel.

In addition, there are special regulations of e-consultations that apply. For example, the National Insurance Act (NO: folketrygdloven) contains provisions to secure income and compensate for expenses in the event of for instance unemployment, illness and injury, and disability. Pursuant to Section 8-7, a member of the National Insurance can be entitled to sickness benefit, if documented with a medical certificate. The main rule is that such a sickness certificate can only be issued following a physical examination of the patient.  Even if this is not possible on the day, due to no availability in the doctor’s office or to other conditions that prevent physical attendance, a subsequent physical examination should take place. 

However, in recent years, certain exceptions have been introduced.  A certificate may now be issued without a physical examination if 1) the patient is known to the physician from a previous physical examination, 2) the patient’s diagnosis is known, 3) it is possible to assess the ability to work without a physical examination, and 4) it is considered professionally justifiable to conduct the consultation as an e-consultation, entailing a proper sick leave practice in accordance with the Health Personnel Act.

In addition, the Regulation on benefits to cover expenses for examination and treatment by a doctor contains provisions on which tariffs that a doctor can claim reimbursement for when providing health care services. The regulation provides tariffs for various types of services and sets out separate provisions on reimbursement for various types of e-consultations. 

The main limitation is the physician's duty to provide sufficient and professionally sound healthcare, cf. Section 4 of the Act Relating to Health Care Personnel. The need to carry out a physical examination must be assessed on a case-by-case basis.

No.

No.

It depends.  As the physicians in some cases would have better grounds to certify someone’s fitness or lack of fitness, or health issues, an in-person consultation would probably reduce the liability risk. Please note, however, that this is based on general liability law, as no specific legislation regarding liability and virtual versus in-person consultations exists.

The regulation on ordering and dispensing of medicines regulates the prescription of medicines. The regulation is administered by the Norwegian Directorate of Health and the Norwegian Medicines Agency. Prescriptions are usually electronic and are prescribed through the national e-health solution, for the secure transfer of prescription information. 

Whether a prescription can be prescribed through an e-consultation depends on whether or not the doctor considers that a physical examination is necessary. However, the national guidelines for prescriptions of addictive medicines sets out that use of addictive drugs can lead to harmful use and dependence. This imposes certain requirements on the prescription of these types of drugs. Consequently, the guidelines set out that so-called A or B drugs (strong substances or addictive drugs) should not be prescribed unless the patient is physically present. 

The Norwegian Health Economics Administration (HELFO) is an agency for the Norwegian Directorate for Health and Social Affairs. HELFO administers settlements from the National Insurance Scheme to healthcare providers for patient treatment and healthcare services. HELFO also provides individual reimbursement of citizens’ expenses for medicines and healthcare services.

When visiting a general practitioner that has an agreement with HELFO the National Insurance scheme provides benefits for patients, meaning that most of the treatment cost is covered.  Normally the patient therefore only pays a user fee (up to a certain total limit) in these instances.  For the remaining cost the general practitioner gets a direct settlement from HELFO.  

Telemedicine services are reimbursable for the patient, and the user fee is the same for a general consultation and an e-consultation.  With regards to the direct settlement that the general practitioner receives from HELFO there are special tariffs for the physician’s coverage of e-consultations.

There are also rules on which services that are to be considered an e-consultation, and consequently what type of electronic interaction that can be reimbursed.  An e-consultation must be booked by the patient or agreed in advance with the patient. However, this does not apply to telephone or video in emergency situations, cf. section 7 of the Norwegian Health Personnel Act.  The GP, or their deputy, must be responsible for the patient's treatment. \In addition, the e-consultation must be worthy of putting in the patient’s journal cf. a consultation that should be registered as an ordinary consultation/sick visit. The e-consultation must contain a medical assessment and is considered complete when the doctor has assessed the enquiry and given the patient an answer. Any additional questions and obtaining supplementary information from the patient during a written e-consultation are included in the fee.

The Regulation on benefits to cover expenses for examination and treatment by a doctor do not cover costs related to apps.

Video consultations and written e-consultations are available for general practitioners (fastlege) through HelseNorge. HelseNorge is a website in the public sector with information about and access to the health sector, and access to these services are also provided through the HelseNorge-app.

Several services related to this is provided by Norsk Helsenett, a Norwegian state enterprise which has as its purpose to develop national ICT infrastructure for interaction in the health and care sector and national e-health solutions. The access to HelseNorge services is granted provided that the practitioner in question has adhered to these services. The practitioners decide themselves which services they want to offer, and which supplier to use for this purpose. Some practitioners also adhere to other solutions, such as for instance PasientSky and Confrere.

Various e-health solutions have various financing. HelseNorge is financed through a membership fee that the general practitioners pay to be part of Helsenettet, a network for collaboration in the healthcare sector. In the network, hospitals, pharmacies, GPs and other healthcare providers can communicate and exchange health information in a safe and legal manner. The solutions are financed following a cost allocation key where also the municipalities and regional health authorities contribute. This is further regulated in the Regulation on standards and national e-health solutions. 

There are no specific data protection regulations covering telemedicine under Norwegian law.

No, but the number of e-consultations are increasing.