Digital health apps and telemedicine in Slovenia

  1. Digital Health Apps/Software
    1. 1. How is the software within digital health apps classified in your jurisdiction, and what regulation(s) apply?
    2. 2. Are there any other legal regimes that may govern digital health software? (e.g. data protection/ privacy) If yes, please indicate these.
    3. 3. If your response to Q2 is yes, please state whether it matters if, the users are residents using it within their jurisdiction and/or using it outside their jurisdiction; and/or it is a “B2B” (business to business) rather than “B2C” (business to end consumer) service. In each case, please summarise any implications (if applicable). 
    4. 4. Do any particular features, such as location tracking, or monitoring real-time information, trigger any additional consent requirement, regulatory approval, and/or other restrictions beyond the general ones applicable to Q1/Q2?
    5. 5. In the context of physicians relying on digital health apps (containing software), whether for in-person or via telemedicine consultations, are there circumstances where the physicians’ liability can be limited or transferred to the producer of the software contained in the app, or of the final product/app itself, when a fault or inaccuracy with the software (rather than the physicians’ error) occurs, leading to damage (or injury)? 
    6. 6. Please describe the enforcement mechanism for compliance with regard to the regulations discussed in Q1, Q2, and/or Q4 in your jurisdiction with regard to the software contained in digital health apps. What are the legal consequences for non-compliance?
    7. 7. Are you aware of any future legal developments in your jurisdiction with regard to digital health apps/software?
  2. Telemedicine
    1. 8. How are physicians regulated in your jurisdiction (i.e., who is their Regulator; e.g., the General Medical Council in the UK)?
    2. 9. What laws and/or regulations apply to physicians regarding telemedicine?
    3. 10. Does the law in your jurisdiction regulate under what circumstances physicians can use telemedicine in order to treat patients?
    4. 11. Do the standards of care applicable to physicians change in the context of using telemedicine?
    5. 12. Are there any restrictions on the type of medicine that can be prescribed through telemedicine?
    6. 13. Are telemedicine services reimbursable under the state’s medical insurance / subsidy / coverage? 
    7. 14. Are there specific data protection regulations covering telemedicine (outside the context of using a digital health app) in your jurisdiction? If so, please summarise what they are.
    8. 15. Are you aware of any future legal developments in your jurisdiction with regard to telemedicine?

Digital Health Apps/Software

1. How is the software within digital health apps classified in your jurisdiction, and what regulation(s) apply?

1.1 Is it considered a “medical device” or a “product” to which liability can attach, and if so, under what regulations?

Under Rules on Medical Devices (Pravilnik o medicinskih pripomočkih, Official Gazette of RS, no. 37/10 and 66/12) a product is classified as a medical device if it, in relation to its properties and main purpose of operation, meets the definition of a medical device.

The software component may be classified as medical device under Medical Devices Act (“ZMedPri”, Zakon o medicinskih pripomočkih, Official Gazette of RS, no. 98/09) if it is intended to be used on human beings for the purpose of: 

  • diagnosis, prevention, monitoring, treatment or alleviation of disease; 
  • diagnosis, monitoring, treatment, alleviation of or compensation for an injury or handicap;
  • investigation, replacement or modification of the anatomy or of a physiological process; or 
  • control of conception,  

and does not achieve its principal function in or on the human body by way of pharmacological, immunological or metabolic means (although it may be assisted in its function by such means).

When in doubt whether a product needs to be classified as a medical device, an application for the classification may be submitted to the Agency for Medicinal Products and Medical Devices of the Republic of Slovenia (“JAZMP”). 

1.2 If your response to Q1.1 is yes, please state whether there are any exclusions/exemptions applicable with regard to liability, and/or whether those are applicable only under certain circumstances (e.g., for in-hospital use)?

This question should be assessed on case by case basis.

  • REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
  • Personal Data Protection Act (Zakon o varstvu osebnih podatkov, “ZVOP-1”, Official Gazette of RS, no. 94/07 – official consolidated text) – note that the new data protection law based on the GDPR has not been adopted yet and only some provisions of ZVOP-1 still apply;
  • Healthcare Databases Act (Zakon o zbirkah podatkov s področja zdravstvenega varstva, Official Gazette of RS, no. 65/00, 47/15 and 31/18);
  • Patients’ Rights Act (Zakon o pacientovih pravicah, “ZPacP”, Official Gazette of RS, no. 15/08 and 55/17);
  • Electronic Communications Act (Zakon o elektronskih komunikacijah, “ZEKom-1”, Official Gazette of RS, no. 109/12, 110/13, 40/14 – ZIN-B, 54/14 – dec. CC, 81/15 and 40/17); and
  • Zakon o avtorski in sorodnih pravicah (Copyright and Related Rights Act, “ZASP”, Official Gazette of RS, no. 16/07 – official consolidated text, 68/08, 110/13, 56/15, 63/16 – ZKUASP and 59/19).

3. If your response to Q2 is yes, please state whether it matters if, the users are residents using it within their jurisdiction and/or using it outside their jurisdiction; and/or it is a “B2B” (business to business) rather than “B2C” (business to end consumer) service. In each case, please summarise any implications (if applicable). 

3.1 The users are residents using it within their jurisdiction and/or using it outside their jurisdiction.

Yes, ZVOP-1 applies to cases when the personal data controller is not established, has no registered office, or is not registered in a Member State of the of the EU or the EEA, but uses automated or other equipment located in the Slovenia to process personal data. If a medical device collects or processes personal data within the jurisdiction of Slovenia, ZVOP-1 could apply.

3.2 It is a “B2B” (business to business) rather than “B2C” (business to end consumer) service.

Yes, especially in relation to B2C matters. In any case, data processing must be lawful, meaning based on legitimate interest (consent of the data subject, for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, etc.). Also, when it comes to B2B matters where both parties are processing personal data, a data processing contract has to be concluded.

Besides the general restrictions under Q2, the Slovenian Information Commissioner (“IC”) issued several opinions stating that controlling and processing of location tracking data should be carried out pursuant to the Constitution and laws, while the general impression is that the IC is rather reticent towards such features. 

5. In the context of physicians relying on digital health apps (containing software), whether for in-person or via telemedicine consultations, are there circumstances where the physicians’ liability can be limited or transferred to the producer of the software contained in the app, or of the final product/app itself, when a fault or inaccuracy with the software (rather than the physicians’ error) occurs, leading to damage (or injury)? 

Since the question on physicians’ liability is depending on its liability for damages, such matters must be dealt with on a case by case basis. 

In general, the manufacturer of medical devices is held liable for damages under the general rules of civil law and with regard to product liability.

Since the matter on product liability regarding software has not been elaborated conclusively either in theory or in court practice yet, a final answer would require further assessment. Based on the literature so far, only the general rules of civil law would apply.

IC is the competent authority to run inspection procedures pursuant ZVOP-1 and other laws governing data protection. IC runs minor offence procedures under ZVOP-1. Under ZPacP, the IC acts as an appeal, inspection, and minor offences body. 

Within an inspection procedure, IC may for example, issue a warning, impose rectification of irregularities or prohibit carrying out of activities. Within a minor offence procedure, IC may impose monetary fines. 

Until the new Personal Data Protection Act (ZVOP-2) is adopted, the IC is prevented from carrying out minor offence procedures and may not impose fines under GDPR due to a legal loophole.  

The new Personal Data Protection Act ZVOP-2 (fully implementing GDPR) was planned to be adopted in the beginning of 2020. Due to changes in government and Sars-CoV-2, the focus has shifted, but we expect it should not be long before it is implemented.

Telemedicine

8. How are physicians regulated in your jurisdiction (i.e., who is their Regulator; e.g., the General Medical Council in the UK)?

In order to work as physician in Slovenia, one should obtain the appropriate education and training, be entered in the register of physicians and be granted a licence to be authorized to practise medicine independently in a particular field of expertise. The licence is granted for seven years and is renewed if the physician complies with requirements for renewal. 

Membership in the Medical Chamber of Slovenia is obligatory for practising physicians and dentists that have a direct contact with patients.

9. What laws and/or regulations apply to physicians regarding telemedicine?

  • Health Services Act (Zakon o zdravstveni dejavnosti, “ZZDej”, Official Gazette of RS, no. 23/05 – official consolidated text, 15/08 – ZPacP, 23/08, 58/08 – ZZdrS-E, 77/08 – ZDZdr, 40/12 – ZUJF, 14/13, 88/16 – ZdZPZD, 64/17, 1/19 – dec. US, 73/19 and 82/20)

10. Does the law in your jurisdiction regulate under what circumstances physicians can use telemedicine in order to treat patients?

10.1 What are the requirements?

When physicians use telemedicine, they should comply with the same rules as when practising medicine “on-site”, i.e., ZZDej and rules of medical doctrine should be complied with at all times.

10.2 Were there any new (time-limited) regulation regarding the Sars-CoV-2 pandemic?

No, however some telemedicine services have been added to the list of services reimbursed by the Health Insurance Institute of Slovenia after the Sars-CoV-2 outbreak. 

11. Do the standards of care applicable to physicians change in the context of using telemedicine?

The standards of care applicable to physicians do not change in the context of using telemedicine.

11.1 Are there legal requirements for physicians to give disclaimers or other types of notices to patients (as part of the consent process) before using telemedicine? If so, please indicate these.

No.

11.2 Does the use of telemedicine increase the risk of liability (e.g., if a physician is asked to certify someone’s fitness to engage in a particular employment and does so virtually versus an in-person consultation)?

No.

12. Are there any restrictions on the type of medicine that can be prescribed through telemedicine?

There are no specific provisions which would provide restrictions on the type of medicine that can be prescribed through telemedicine. 

13. Are telemedicine services reimbursable under the state’s medical insurance / subsidy / coverage? 

Yes, certain telemedicine services are reimbursable under compulsory health insurance by the Health Insurance Institute of Slovenia.

13.1 If so, are there any special provisions about the reimbursement/coverage of costs regarding the use of mobile apps that can combine digital health and telemedicine? 

Most of the rules regarding reimbursement of telemedicine services include general reference to services carried out by means of telecommunications/telemetry and do not specifically refer to mobile apps that can combine digital health and telemedicine. 

13.2 And further, if yes, who is covering the costs for apps that are mostly used by healthcare professionals and by patients?

Health Insurance Institute of Slovenia.

14. Are there specific data protection regulations covering telemedicine (outside the context of using a digital health app) in your jurisdiction? If so, please summarise what they are.

Please see Q2 above. 

We are not aware of any such future legal developments.

Picture of Dunja Jandl
Dunja Jandl
Partner
Ljubljana
Robert Kordić
Associate
Ljubljana