Digital health apps and telemedicine in Poland

  1. Digital Health Apps/Software
    1. 1. How is the software within digital health apps classified in your jurisdiction, and what regulation(s) apply?
    2. 2. Are there any other legal regimes that may govern digital health software? (e.g. data protection/ privacy) If yes, please indicate these.
    3. 3. If your response to Q2 is yes, please state whether it matters if, the users are residents using it within their jurisdiction and/or using it outside their jurisdiction; and/or it is a “B2B” (business to business) rather than “B2C” (business to end consumer) service. In each case, please summarise any implications (if applicable). 
    4. 4. Do any particular features, such as location tracking, or monitoring real-time information, trigger any additional consent requirement, regulatory approval, and/or other restrictions beyond the general ones applicable to Q1/Q2?
    5. 5. In the context of physicians relying on digital health apps (containing software), whether for in-person or via telemedicine consultations, are there circumstances where the physicians’ liability can be limited or transferred to the producer of the software contained in the app, or of the final product/app itself, when a fault or inaccuracy with the software (rather than the physicians’ error) occurs, leading to damage (or injury)? 
    6. 6. Please describe the enforcement mechanism for compliance with regard to the regulations discussed in Q1, Q2, and/or Q4 in your jurisdiction with regard to the software contained in digital health apps. What are the legal consequences for non-compliance?
    7. 7. Are you aware of any future legal developments in your jurisdiction with regard to digital health apps/software?
  2. Telemedicine
    1. 8. How are physicians regulated in your jurisdiction (i.e., who is their Regulator; e.g., the General Medical Council in the UK)?
    2. 9. What laws and/or regulations apply to physicians regarding telemedicine?
    3. 10. Does the law in your jurisdiction regulate under what circumstances physicians can use telemedicine in order to treat patients?
    4. 11. Do the standards of care applicable to physicians change in the context of using telemedicine?
    5. 12. Are there any restrictions on the type of medicine that can be prescribed through telemedicine?
    6. 13. Are telemedicine services reimbursable under the state’s medical insurance / subsidy / coverage? 
    7. 14. Are there specific data protection regulations covering telemedicine (outside the context of using a digital health app) in your jurisdiction? If so, please summarise what they are.
    8. 15. Are you aware of any future legal developments in your jurisdiction with regard to telemedicine?

Digital Health Apps/Software

1. How is the software within digital health apps classified in your jurisdiction, and what regulation(s) apply?

1.1 Is it considered a “medical device” or a “product” to which liability can attach, and if so, under what regulations?

Under the Polish Act of 20 May 2010 on Medical Devices (“AMD”), software may be considered a medical device provided it is intended by the manufacturer to be used for human beings for the purpose of:

  • diagnosis, prevention, monitoring, treatment or alleviation of disease;
  • diagnosis, monitoring, treatment, alleviation of or compensation for an injury or handicap;
  • investigation, replacement or modification of the anatomy or of a physiological process; or
  • control of conception.

Pursuant to the AMD, it is a manufacturer of the medical device that is responsible for the medical device, for performing the conformity assessment of the medical device before it is placed on the market, and for placing the medical device on the market. If the manufacturer is not domiciled or established in a Member State, this responsibility is borne by the authorised representative for that medical device. If the manufacturer has not appointed an authorised representative or if the medical device is not placed on the market under the responsibility of the manufacturer or the authorised representative, the person who has placed the medical device on the market bears this responsibility.

1.2 If your response to Q1.1 is yes, please state whether there are any exclusions/exemptions applicable with regard to liability, and/or whether those are applicable only under certain circumstances (e.g., for in-hospital use)?

As a rule, there are no exclusions/exemptions applicable with regard to the rules of liability as described above.

Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”):

  • rules for processing personal data.

Act of 18 July 2002 on Electronically Supplied Services (“ESS Act”):

  • obligations of the service provider relating to Electronically Supplied Services, rules for exempting the service provider from liability for Electronically Supplied Services, rules for protecting personal data of natural persons using Electronically Supplied Services.

Act of 16 July 2004 – Telecommunications Law (“Telecommunications Law”)

  • in particular with respect to storing of or gaining access to information already stored in the telecommunications terminal equipment (e.g., smartphone) of a subscriber or end user.

Act of 4 February 1994 on Copyright and Related Rights (“Copyright Act”):

  • in principle, computer programs have the same protection as literary works; and
  • economic rights belong to employer of the author, unless agreement between them states otherwise.

As a side note, certain aspects of digital health software may be governed by the Polish Act on Competition and Consumer Protection. This act may apply, in particular, where digital health software is designed in such a way that it requires consumers to give access to their data, e.g., phone book, camera, exact location, making it a necessary condition to download the software. In addition, it is often the case that the software providers use the acquired data in unspecified or unknown ways.

Pursuant to Polish law, undertakings are obliged to provide consumers with reliable, truthful and comprehensive information on the products and services sold. In the case of digital health software, consumers should be provided with clear information about which parts of their data will be used and how. More importantly, consumers should be informed of this fact prior to downloading the app.

3. If your response to Q2 is yes, please state whether it matters if, the users are residents using it within their jurisdiction and/or using it outside their jurisdiction; and/or it is a “B2B” (business to business) rather than “B2C” (business to end consumer) service. In each case, please summarise any implications (if applicable). 

3.1 The users are residents using it within their jurisdiction and/or using it outside their jurisdiction.

GDPR

GDPR applies if the health app is offered to residents of Poland or another member state, regardless whether a user actually uses it in Poland/another EU member state, or If the health app includes monitoring of behaviour if it takes place in Poland or in another EU member state.

ESS Act

In principle no, application is based on domicile or establishment of the service provider.

Telecommunications Law

No.

Copyright Act

No, application is based on domicile of the author or place/language of original publication.

3.2 It is a “B2B” (business to business) rather than “B2C” (business to end consumer) service.

GDPR

GDPR applies towards natural persons. Hence, even in case of B2B service, GDPR will apply to the extent natural persons use it.

ESS Act

In case of B2C service, the ESS Act does not apply to the extent consumer law provides protection.

Telecommunications Law

No, applies to subscribers and end users.

Copyright Act

No.

The consents are required under the acts indicated in Q1/Q2 (GDPR and Telecommunications Law).

5. In the context of physicians relying on digital health apps (containing software), whether for in-person or via telemedicine consultations, are there circumstances where the physicians’ liability can be limited or transferred to the producer of the software contained in the app, or of the final product/app itself, when a fault or inaccuracy with the software (rather than the physicians’ error) occurs, leading to damage (or injury)? 

There are no specific rules for liability in the context of the use of digital health apps/telemedicine.

GDPR

  • Administrative fines up to EUR 20,000,000 or up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher; or
  • Criminal liability of a fine, restriction of freedom or imprisonment of up to two/three years (in case of unauthorised data processing).

Enforcement: UODO (the Polish supervisory authority – Prezes Urzędu Ochrony Danych Osobowych: President of the Office for Protection of Personal Data); prosecution office (for criminal liability)

ESS Act

  • A fine of up to PLN 5,000 (approx. EUR 1,115) under petty offense regime.

Enforcement: police

Telecommunications Law

  • An administrative fine of up to 3% of the revenue generated in the previous calendar year.

Enforcement: UKE (Urząd Komunikacji Elektronicznej: Office for Electronic Communication)

We are not aware of any future legal developments.

Telemedicine

8. How are physicians regulated in your jurisdiction (i.e., who is their Regulator; e.g., the General Medical Council in the UK)?

In Poland, physicians are affiliated by a professional self-governing body. Pursuant to the Polish Act on Chambers of Physicians (“ACP”), the self-governing body of physicians is an entity which is independent in the performance of its tasks and subject only to the provisions of the ACP.

The organisational units of the self-governing body of physicians are the Supreme Chamber of Physicians, the Military Chamber of Physicians and district chambers of physicians.

In addition, pursuant to the Polish Act of 15 April 2011 on Medical Activity (“AMA”), the Ministry of Health is entitled to conduct inspections of the medical entities. Such inspections may, among other things, include the inspections of the premises or evaluations of the medical records obtained.

The main provisions relating to the organisation, functioning and competences of the chambers of physicians are provided for in the ACP, the Polish Act of 5 December 1996 on the Medical Profession (“AMP”), the AMA, as well as the Code of Medical Ethics.

9. What laws and/or regulations apply to physicians regarding telemedicine?

General provisions regarding telemedicine are provided for in various legal acts applicable to the profession of physicians (there is no one, comprehensive act regarding telemedicine), such as (i) the AMP, which indicates that physicians may also provide medical services through ICT systems, (ii) the AMS, which states that medical activity which consists of the provision of health services may also be provided through ICT systems, and (iii) the Polish Act of 28 April 2011 on the Healthcare Information System.

Recently, the Regulation of the Polish Ministry of Health of 12 August 2020 on the organisational standard of telemedicine in primary healthcare (“Regulation”) was issued. The Regulation defines, in a general way, the organisational standard of medical services provided as part of primary healthcare via the ICT systems.

Moreover, the Supreme Chamber of Physicians issued guidelines on 24 July 2020 regarding telemedicine (“Guidelines”). The Guidelines are addressed to physicians. They concern the rules of telemedicine services and consist of three documents regarding the provision of telemedicine services, the ethical aspects thereof, as well as indications concerning a telemedicine visit.

10. Does the law in your jurisdiction regulate under what circumstances physicians can use telemedicine in order to treat patients?

In order to treat patients using telemedicine, physicians have to fulfil general requirements under the AMA and AMP, which include: (i) being a licensed physician (ii) holding civil liability insurance, (iii) being entered in the register of medical activity, and (iv) detailed record-keeping.

The Regulation provides for some specific requirements that must be met when physicians use telemedicine in order to treat patients.

10.1 What are the requirements?

Pursuant to the Regulation, physicians are obliged to take into the consideration the health condition of each patient when determining whether an in-person consultation with the patient at hand is necessary. Additionally, the Regulation sets out various technical requirements to be met by physicians in order to treat patients using telemedicine, as specified in Q11a.

10.2 Were there any new (time-limited) regulation regarding the Sars-CoV-2 pandemic?

Pursuant to the Polish Act of 2 March 2020 on Preventing, Counteracting and Combating COVID-19, a physician who carries out medical activities in the form of an individual medical practice and who has the right to practise and is not suspended in the right to practise or limited in the performance of specific medical activities, may provide healthcare services in connection with COVID-19 counteraction through the ICT system, without the obligation to make an entry in the register of entities carrying out medical activities and without the obligation to maintain medical records resulting from the relevant regulations on the rights of patients and the Act on the Patients’ Ombudsman.

As at the time of this advice, the provisions referred to in point 10.2 are in force.

11. Do the standards of care applicable to physicians change in the context of using telemedicine?

Physicians should apply the same standard of care whether they are providing a healthcare service through ICT systems or carrying out an in-person consultation.

11.1 Are there legal requirements for physicians to give disclaimers or other types of notices to patients (as part of the consent process) before using telemedicine? If so, please indicate these.

Pursuant to the Regulation, physicians providing a healthcare service via ICT systems are obliged to: (i) inform the patient of their right to an in-person consultation; in particular, to inform the patient of the possibility of benefitting from the provision of a healthcare service provided in direct contact, if the healthcare service is necessary due to the patient's state of health cannot be provided via ICT systems - this circumstance should be determined in consultation with the patient or his/her statutory guardian; (ii) inform the patient of how to use e prescriptions, e-sick leave certificates, e order for medical devices, of how to carry out an order for additional tests, in particular laboratory or radiological, as well as the possibility for the patient to set up an Internet Patient Account, (iii) guarantee confidentiality, and (iv) confirm the identity of the patient before discussing medical records via the ICT system.

11.2 Does the use of telemedicine increase the risk of liability (e.g., if a physician is asked to certify someone’s fitness to engage in a particular employment and does so virtually versus an in-person consultation)?

From the point of view of the applicable Polish laws, physicians are legally responsible for their actions and omissions on the same basis and to the same extant, both when providing healthcare services to a patient directly or through ICT systems. The physician is subject to the same liability regimes and their prerequisites (e.g., fault, damage, existence of an adequate causal link in case of civil liability). Telemedicine activities, however, have their own specificity and pose challenges to physicians, such as technical malfunctions, protection of privacy or the risk of sudden health deterioration of a patient, which must be considered in order to reduce the risk of legal liability in connection with the provision of healthcare services via ICT systems.

12. Are there any restrictions on the type of medicine that can be prescribed through telemedicine?

Polish law does not provide for any restrictions as regards the type of medicine that can be prescribed though telemedicine. However, physicians who provide healthcare services via the ICT systems are obliged to determine whether information obtained through telemedicine is sufficient to assess the state of health of the patient and to prescribe adequate medicines to the patient.

13. Are telemedicine services reimbursable under the state’s medical insurance / subsidy / coverage? 

Yes. Pursuant to Annex 1 to the Regulation of the Ministry of Health of 24 September 2013 on guaranteed benefits in the field of primary health care, telemedicine is covered by the universal health insurance, but only if performed by physicians whose services are already covered by the insurance.

13.1 If so, are there any special provisions about the reimbursement/coverage of costs regarding the use of mobile apps that can combine digital health and telemedicine? 

No, but there are public health information systems that are free of charge for everyone

13.2 And further, if yes, who is covering the costs for apps that are mostly used by healthcare professionals and by patients?

Not applicable.

14. Are there specific data protection regulations covering telemedicine (outside the context of using a digital health app) in your jurisdiction? If so, please summarise what they are.

There are no data protection regulations relating to telemedicine specifically.

We are not aware of any future legal developments in Poland regarding telemedicine.

Portrait of Małgorzata Urbańska
Małgorzata Urbańska
Partner
Warsaw
Portrait of Tomasz Koryzma
Tomasz Koryzma
Partner
Warsaw
Portrait of Agnieszka Starzyńska
Agnieszka Starzyńska
Senior Associate
Warsaw