Digital health apps and telemedicine in Singapore

1.1 Is it considered a “medical device” or a “product” to which liability can attach, and if so, under what regulations?

Yes, digital health apps fall under the definition of “medical devices” under the Health Product Act (Cap. 122D) (“HPA”) and the Health Products (Medical Devices) Regulations 2010 (“Medical Devices Regulations”), if they are software that are “intended by its manufacturer to be used, whether alone or in combination, by humans, for one or more of the specific purposes of: 

• diagnosis, prevention, monitoring, treatment or alleviation of disease; 
• diagnosis, monitoring, treatment or alleviation of, or compensation for, an injury;
• investigation, replacement, modification or support of the anatomy or of a physiological process, for medical purposes; 
• supporting or sustaining life;
• control of conception;
• disinfection of medical devices; or
• providing information by means of in vitro examination of specimens derived from the human body, for medical or diagnostic purposes, 

and which does not achieve its primary intended action, in or on the human body by pharmacological, immunological or metabolic means, but which may be assisted in its intended function by such means”.

There may be “digital health apps” software that does not fall under the legal definition of “medical device” above, such as software used for wellness purposes (e.g., massagers or body toning equipment).

Key regulations in Singapore that apply to digital health apps that are considered medical devices include:

• HPA: This legislation deals with the manufacture, import, supply, presentation and advertisement, licensing, registration, and other duties of manufacturers and importers of “health products”;
• Medical Devices Regulations: These regulations deal with the manufacture, import, supply requirements and exemptions for medical devices, presentation, advertisement and registration of medical devices, and various duties and obligations of manufacturers and importers of medical devices;
• National Telemedicine Guidelines (January 2015) (“National Telemedicine Guidelines”): These non-legally binding guidelines were issued by the Ministry of Health (“MOH”) as a guide setting out best practices in implementing telemedicine solutions. They govern the use of technology and equipment in telemedicine, which may include digital health apps, addressing procurement practices, safety, security, diagnostic quality, maintenance and reliability issues;
• Regulatory Guidelines for Telehealth Products (April 2019) (“Telehealth Products Guidelines”): These guidelines describe telehealth products, which may include digital health apps that are categorised as medical devices, and set out the risk classification and regulatory controls (such as product registration and dealer’s licence requirements) for telehealth medical devices and standalone mobile applications that are categorised as medical devices; and
• There is other specific guidance published by the Health Sciences Authority (“HSA”) addressing medical device advertisements, sales promotion and product claims, as well as by the Pharmaceutical Society of Singapore (“PSS”) addressing telepharmacy.

1.2 If your response to Q1.1 is yes, please state whether there are any exclusions/exemptions applicable with regard to liability, and/or whether those are applicable only under certain circumstances (e.g., for in-hospital use)?

There are no specific exclusions/exemptions applicable to liability arising from the usage of digital health apps that are considered medical devices under the HPA. The limitation period under the Limitation Act (Cap. 163) of Singapore will generally apply, which is 6 years from when the cause of action accrued under contract or tort. There is also a prohibition on the exclusion or restriction of liability for death or personal injury resulting from negligence under the Unfair Contract Terms Act (Cap. 396) which will apply generally.

If a medical device user suffers personal injury or damage, an action can be brought under tort, in addition to a breach of contract (if there is privity of contract) and/or breach of statute (where applicable).

An action under the tort of negligence can be based on whether the medical supplier, importer, distributor, or manufacturer breached their duty of care resulting in damage suffered by the user, such as failing to conduct quality assurance checks on the medical device resulting in a defect. The plaintiff will have to establish the general common law thresholds for negligence against the defendant, which may be a single actor in the chain of supply, or a combination, depending on the source of the damage. 

The plaintiff can also mount a contractual claim if the contract was breached. In addition, an action for a breach of implied term may be made under the Sale of Goods Act (Cap. 393) (e.g., if the medical device does not correspond with the description, sample provided, or quality or fitness for purpose).

Yes, there are other legal regimes that govern digital health apps, including the following:

Personal Data Protection 

The Singapore Personal Data Protection Act (“PDPA”) and its related subsidiary legislation and guidance will apply to any processing of personal data. In particular, the Personal Data Protection Commission (“PDPC”) has specifically issued Advisory Guidelines for the Healthcare Sector (revised 28 March 2017), elaborating on data protection issues relating to healthcare, that may be applicable to digital health software.

Healthcare Professionals

Doctors are regulated under the Medical Registration Act (Cap. 174) of Singapore (“MRA”) and the Medical Registration Regulations 2010 (“Medical Registration Regulations”), and are bound to observe the pronouncements on professional matters and professional ethics issued by the Singapore Medical Council (“SMC”), which primarily comprise of the SMC Ethical Code and Ethical Guidelines (2016 edition) (“SMC ECEG”) and the accompanying SMC Handbook on Medical Ethics (2016 edition) (“SMC HME”). (The SMC ECEG and the SMC HME are collectively defined as the “SMC Ethics Guidelines.”) The SMC Ethics Guidelines apply to the provision of medical services by medical practitioners, which may include the use of digital health software. For example, doctors must comply with the guidelines for specific consent and other measures to be taken if visual or audio recordings of patients are made using such software. 

In addition to the SMC, a diverse group of healthcare professionals in Singapore (e.g., physiotherapists, radiation therapists, clinical psychologists, etc.) are governed by the Allied Health Professions Council (“AHPC”), a professional board under the MOH to regulate professional conduct and ethics of registered allied health professionals. The Allied Health Professions Council Code of Professional Conduct (2013) contains general guidelines in provision of healthcare services, including obtaining informed consent from the patient in relation to the details of service or therapy provided.

Healthcare Providers

Healthcare providers must ensure that any digital health apps used to provide regulated service complies with the general rules on healthcare and telemedicine (if the digital health app is used in the context of telemedicine). For example, a licence is required under the Health Products (Licensing of Retail Pharmacies) Regulations 2016 for a provider of telepharmacy services.

Private hospitals and medical clinics must ensure that every patient is provided with adequate safety, privacy and comfort when a patient is undergoing consultation, examination or treatment under the Private Hospitals and Medical Clinics Regulations. There are specific guidelines relating to healthcare providers’ medical records management issued by the MOH, including the National Guidelines for Retention Periods of Medical Records and the Specific Licensing Terms and Conditions on Medical Records for Healthcare Institutions.

The National Telemedicine Guidelines also set out requirements on the delivery of diagnostic quality images and audio for telemedicine services, reliability of medical and laboratory equipment, equipment calibration and other application-specific standards that will apply to telemedicine equipment in general. The PSS has also released the Guidelines for Telepharmacy & Tele-Pharmaceutical Care Services which cover technology requirements for the delivery of telepharmacy services. 

3.1 The users are residents using it within their jurisdiction and/or using it outside their jurisdiction.

No, the requirements under Q2 do not depend on whether the users (i) are residents of Singapore; or (ii) are using it from Singapore or elsewhere. The PDPA applies to all organisations in Singapore. For example, the regulations under the SMC and AHPC govern all healthcare professionals in Singapore that are registered with the SMC and AHPC (as applicable), regardless of whether the patients are based in Singapore or elsewhere. Similarly, healthcare providers based in Singapore are not mandated to set out exceptions for healthcare service recipients outside of Singapore.

3.2 It is a “B2B” (business to business) rather than “B2C” (business to end consumer) service.

No, the requirements under Q2 apply to both B2B and B2C arrangements.

Under the PDPA, location tracking or any real-time information that relates to an individual will fall under the definition of personal data, and will be subject to standard data protection requirements, which includes obtaining the individual’s consent and providing sufficient notice of how his or her personal data is collected, used and disclosed. The organisation should ensure that the consent obtained is explicit and specific, setting out clear purposes for which the personal data is collected, used and disclosed, in view of the sensitive nature of health and location data.

Under the SMC Ethics Guidelines, a doctor will need to ensure there are proper records of informed consent for each step of the medical service provided, and in particular, explicit consent for any visual or audio recording of patients. Requirements for informed consent also apply to other healthcare professionals, including those registered with the AHPC. The National Telemedicine Guidelines also highlight that the use of telemedicine or any medical act outside of the traditional healthcare setting (e.g., video or audio recording of sessions or the use of data for research or educational purposes) should be made only with the explicit consent from the patient for each step.

The standard of care or liability of a physician is not limited or transferred to the producer of a digital health app or software. As stated in our response to Q2 above, a healthcare provider’s or healthcare professional’s duties and responsibilities remain regardless of whether digital health apps are used in the provision of healthcare services.

Within the context of telemedicine, the National Telemedicine Guidelines specify that the healthcare provider must be satisfied that the patient is suitable for a telemedicine interaction and that the standard of care delivered via telemedicine is reasonable considering the specific context. The healthcare professional should be trained in the use of technology and equipment, and if the technical and environmental limitations affect the quality of a telemedicine consultation such that minimum standards cannot be met, an in-person session must be arranged.

Breaches of the requirements under the HPA may result in a criminal offence, and upon conviction, a fine and/or imprisonment may be imposed. 

HSA is the regulator that oversees any breach of the HPA. HSA has the powers to suspend or revoke any licences or approvals granted under the HPA and inspect and search premises without a warrant. Any person found to obstruct or hinder any enforcement officer acting on the direction of HSA may be found guilty of a criminal offence, and subject to a fine or imprisonment. The HPA also provides for an enhanced penalty for corporations, including a fine of up to 2 times the maximum prescribed amount for the relevant offence under the HPA.

In addition, there may be other legal consequences applicable, such as disciplinary proceedings for healthcare professionals who breach guidelines issued by the SMC and the AHPC (as applicable).

There may be additional regulations that apply to digital health apps as part of future statutory reviews on telemedicine. Please also see our response to Q15 below.

The SMC, a statutory board under the MOH, is responsible for the regulation of the conduct of medical practitioners in Singapore.

The key laws / guidelines that apply to telemedicine includes: 

1. National Telemedicine Guidelines: See our response to Q1(a) above;
2. SMC Ethics Guidelines: Registered doctors in Singapore, pursuant to the Medical Registration Regulations, must observe the pronouncements on professional matters and professional ethics issued by the SMC, which comprise primarily the SMC Ethics Guidelines (which also address telemedicine specifically) or they may face disciplinary proceedings by the SMC;
3. Regulatory Guideline for Telehealth Products: See our response to Q1(a) above;
4. Other specific regulations may apply to certain types of healthcare providers (e.g., the Health Products (Licensing of Retail Pharmacies) Regulations 2016 requires retail pharmacies in Singapore to obtain the requisite approval from the HSA if they wish to provide telepharmacy service); and
5. Tort of negligence: The failure to exercise an accepted standard of care in the medical context is actionable under the tort of negligence. A claimant must establish the elements of duty of care, breach of duty, causation and unremote damage. In Singapore, there are now two differing standards of care applicable to medical negligence cases, namely one for diagnosis and treatment, and another for medical advice.

Yes.

10.1 What are the requirements?

The SMC Ethics Guidelines state several requirements, including the need for doctors to be properly trained in managing patients through telemedicine and the overall requirement for doctors providing telemedicine services to provide the same quality and standard of care as conventional in-person medical care. Further, the National Telemedicine Guidelines state that healthcare professionals intending to provide telemedicine services from or within Singapore must be registered and licensed with the respective regulatory and licensing body. Healthcare professionals must be satisfied that the patient is suitable for a telemedicine interaction and that the standard of care delivered via telemedicine is reasonable considering the specific context.

10.2 Were there any new (time-limited) regulation regarding the Sars-CoV-2 pandemic?

We are not aware of any new (time-limited) regulation for telemedicine in respect of the COVID-19 pandemic at the time of publication. MOH has introduced a time-limited extension of the use of health assistance subsidy and Medisave for follow-up of chronic conditions through video consultations – see response to Q13 for further details. 

The general standards of care applicable to healthcare providers do not change in the context of using telemedicine. The National Telemedicine Guidelines issued by the MOH indicate that the overall standard of care in the context of telemedicine services must not be less than what is provided in conventional services. 

11.1 Are there legal requirements for physicians to give disclaimers or other types of notices to patients (as part of the consent process) before using telemedicine? If so, please indicate these.

Similar to our response to Q4 above, the SMC Ethics Guidelines state that doctors must provide their patients with sufficient information about telemedicine prior to obtaining consent and ensure that the patients understand any limitations of telemedicine that may affect the quality of their care in relation to their specific circumstances. Moreover, the National Telemedicine Guidelines encourage healthcare providers to share relevant information with the patient and caregiver, as appropriate, before beginning any telemedicine interaction.

11.2 Does the use of telemedicine increase the risk of liability (e.g., if a physician is asked to certify someone’s fitness to engage in a particular employment and does so virtually versus an in-person consultation)?

Similar to our response to Q5 above, the National Telemedicine Guidelines state that, to ensure that the standard of care is maintained in telemedicine, healthcare providers must be satisfied that the patient is suitable for a telemedicine interaction and that the standard of care delivered via telemedicine is reasonable considering the specific context. If healthcare providers do not take into account such considerations, the use of telemedicine may increase the risk of liability. Where an in-person session is deemed necessary, the doctor should arrange such session so as to provide the appropriate standard of care required, or if that is not possible, a qualified opinion ought to be given pending the availability of more information. 

We are not aware of any express (publicly available) restrictions on the type of medicine that can be prescribed through telemedicine. However, the National Telemedicine Guidelines state that the healthcare professional should conduct a face-to-face evaluation or consultation, where reasonably practical, before or very soon after the commencement of telemedicine services involving tele-treatment (including the prescription of medication). Further, the healthcare professional must follow the relevant MOH Clinical Practice Guidelines when they provide the delivery of care by telemedicine, including the prescription of any medicine through telemedicine. 

In terms of medicine delivery, which is particularly relevant in the telemedicine context, Singapore has launched the first national standard, Singapore Standard 644 (“SS 644”) for the supply and delivery of medication to patients. The SS 644 provides guidance for healthcare and logistics service providers on storage, security, traceability and safety of medication during the delivery process, and compliance with legal and professional requirements.

Yes, there are some subsidies in Singapore for patients as well as small and medium-sized healthcare providers in relation to telemedicine services.

The MOH announced earlier this year that patients may tap on Community Health Assistance Scheme subsidies and MediSave (a national medical savings scheme) for their regular follow-ups for seven chronic conditions through video consultation. This time-limited initiative was introduced to support safe distancing measures and will be effective until further notice.

In a similar vein, to manage the impact of COVID-19, the Infocomm Media Development Authority and Enterprise Singapore has expanded the range of pre-approved teleconsultation digital solutions (to include three teleconsultation solutions) in May 2020 and announced grants and subsidies to encourage small and medium-sized healthcare providers to adopt these solutions.

As set out in Q2 above, there are no specific data protection regulations covering telemedicine in Singapore. However, healthcare and telemedicine providers should ensure that the collection, use and disclosure of personal data of patients are in compliance with the PDPA, and other relevant guidelines and regulations, including the PDPC’s Advisory Guidelines for the Healthcare Sector. 

In addition, the Private Hospitals and Medical Clinics Regulations requires healthcare institutions to complete the proper documentation and carry out accurate verification of a patient’s identity.

The MOH has indicated in January 2020 that it intends to license telemedicine under the forthcoming Healthcare Services Act (“HCSA”), which will replace the current Private Hospitals and Medical Clinics Act. The HCSA will be implemented over 3 phases, with telemedicine licensing being introduced as part of the third phase that is estimated to be implemented in the third quarter of 2022.