Digital health apps and telemedicine in Spain

1.1 Is it considered a “medical device” or a “product” to which liability can attach, and if so, under what regulations?

Software as a medical device

Applicable regulations

• Royal Decree No. 1591/2009 on medical devices.
• Royal Decree No. 1/2015 on medicines and medical devices.
• Regulation (EU) 2017/745 on medical devices.

A software within digital health apps may be considered a “medical device” if it falls under the “medical device” definition provided by art. 2 (1) (a) of Royal Decree No. 1591/2009 (which is very similar to the definition provided by article 1.2.(a) of Council Directive 93/42/EEC of 14 June 1993 concerning medical devices as amended by Directive 2007/47/EC): “medical device” means any instrument, apparatus, appliance, software, material or other article, whether used alone or in combination, including the software intended by its manufacturer to be used specifically for diagnostic and/or therapeutic purposes and necessary for its proper application, intended by the manufacturer to be used for human beings for the purpose of:

• diagnosis, prevention, monitoring, treatment or alleviation of disease;
• diagnosis, monitoring, treatment, alleviation of or compensation for an injury or handicap;
• investigation, replacement or modification of the anatomy or of a physiological process; and
• control of conception,

and which does not achieve its principal intended action in or on the human body by pharmacological, immunological or metabolic means, but which may be assisted in its function by such means.

Please note that the above definition has been slightly amended by the Regulation (EU) 2017/745 of the European Parliament and of the Council of 5 April 2017 on medical devices, including products intended by the manufacturer to be used for purposes of prediction and prognosis of diseases.

Since Spain has not issued specific guidelines for the classification/qualification of software as a medical device, the guidelines issued by the European Commission should be considered in order to evaluate whether certain software qualifies as a medical device, including the latest document “Guidance on Qualification and Classification of Software in Regulation (EU) 2017/745” issued by the European Commission. 

If considered a medical device, the software would have to comply with the corresponding regulation, which includes, among others: (i) the obligations regarding the CE labelling; (ii) the obligation to submit a prior communication to the Spanish Agency of Medicines and Medical Devices and, in certain cases to be included in the corresponding Registry of Responsible entities; (iii) labelling obligations; and (iv) the maintenance of a documented record of the medical devices commercialised in the Spanish territory.

Further from that, it could be subject to the specific liability regime set out by the Legislative Royal Decree No. 1/2015 on the Law of guarantees and rational use of medicines and medical devices. Infringements to this law are classified as minor, serious and very serious depending on the risk to health, amount of any benefit obtained, severity of the health and social infringement caused and recurrence. The sanctions to be imposed when failure to comply with this law, goes from €6,000 to €1,000,000.

1.2 Is it considered a “product” to which civil liability can attach, and if so, under what regulations?

In those cases where the software does not meet the requirements to become a medical device, then it would be considered a product to which common liability regulations apply. In particular:

• it could be considered a defective product under the EU Product Liability Directive 85/374/EEC on defective products, and thus, be subject to the liability regime set out by the EU and national laws on defective products. These are (i) the Directive 85/374/EEC on defective products, and (ii) the Third Book of the Royal Decree 1/2007 on the General Law for the Defence of Consumers and Users (the “Spanish Consumer Law”). These provisions apply also in those cases in which the defective product is a medical device; and
• it could be subject to the general liability regime of the Spanish civil law, according to which liability may arise as contractual liability or non-contractual liability.

1.3 If your response to Q1.1 is yes, please state whether there are any exclusions/exemptions applicable with regard to liability, and/or whether those are applicable only under certain circumstances (e.g., for in-hospital use)?

The liability regime on defective products contained in the Spanish Consumer law provides some exclusions/exemptions applicable (nonspecific for health context). In particular, the manufacturer of a product will not be liable for the damages caused by the defects of the product if it proves that:

• the manufacturer has not placed the product in the market; or
• given the circumstances of the case, it is possible to presume that the defect did not exist at the time the product was placed in the market; or
• the product had not been manufactured for sale or any other form of distribution for economic purposes, nor had it been manufactured, imported, supplied or distributed in the context of a professional or business activity; or
• the defect was due to the fact that the product was manufactured in accordance with existing mandatory rules; or
• the state of scientific and technical knowledge at the time when the product was placed on the market did not make it possible to assess the existence of the defect.  

In addition, this regime provides a limit to the amount for calculating liability. 

The general liability regime of the Spanish Civil law is very wide, and thus the exclusions/exceptions applicable should be assessed on a case-by-case basis.

Data Protection

If the Software processes personal data of the users/patients, it must comply with the data protection regulations in force, in particular with:

• the General Data Protection Regulation (“GDPR”) and the instructions of the European Supervisory Authority, if the processing of personal data falls under art. 2 (Material scope) and art. 3 GDPR (Territorial scope); and
• the Spanish Data Protection Act and the instructions of the Spanish Supervisory Authority.  

Compliance with these regulations entail (among other things) the following: 

• Analysing the personal data flows existing between users, the provider of the Software and third parties involved in the functioning of the Software (e.g., cloud service providers, support services or any other service providers).
• Determining the legal positions of the different parties processing the personal data, to determine the data protection liability regime between them.
• Identifying the personal data which will be processed, for which purposes, and the legal basis in which this data processing will be based, especially considering the consequences of processing health data. 
• Designing and implementing the most adequate measures to process special categories of personal data. It is often the case that digital health software processes special categories of personal data (e.g., health data). 
• Drafting and implementing in the app all the informative clauses required by data protection regulation, to inform data subjects about the processing of their data.

Although the Spanish Data Protection Act does not contain any special provision for the processing of personal data within a health app/software, there are some general requirements which could apply, for instance (and among others which could apply):

• providing the information of art. 13 GDPR to the data subject in two layers, first one with the main information (data controller, purposes of the processing and data protection rights) and the second one with the additional information (e.g., the Privacy Policy); and 
• maintaining the data processed duly blocked once the purpose for its processing has expired, in order to share it with national authorities when required, during the limitation periods applicable by law. 
  E-commerce
• The Spanish Act no. 34/2002 on information society services and electronic commerce (“Spanish e-Commerce Act”) does not apply to the provision of services related to medical devices. However, it could still apply to those digital health apps which are not considered a medical device. Under this act, information service providers should comply with several obligations, including:

1. Providing information before and after the conclusion of electronic contracts.
2. Correctly identifying themselves and providing the compulsory contact information.
3. Complying with specific obligations regarding consent (such as in the context of commercial communications via e-mail or equivalent electronic means of communication).  

To determine the applicable regulations in this case, the most relevant element to be assessed in practice is the location of the software provider. 

Nevertheless, a claim could be filed by a data subject before the Spanish Supervisory Authority (AEPD) regarding the processing carried out by data controller/processor located in other EU Country, if the alleged infringement substantially affects data subjects in Spain, in which case the Spanish Data Protection Act might be applicable.

Accordingly, applicability of Spanish e-Commerce Act should be assessed taking into account the particularities of the relevant digital health app, and it will apply when: 

• the software provider is located in Spain; 
• the software provider is located in another EU Country—other than Spain—or in the European Economic Area, but the user is based in Spanish territory; and 
• the software provider is located in a non-EU Country, but the service is addressed specifically to Spanish territory.

In light of the above, the fact that the user is located outside of the Spanish jurisdiction is not actually relevant and does not change applicability regime of the regulation.

Consumer law

If the software is made available to consumers (this is, “any natural person who is acting for purposes which are outside his or her trade, business or profession” as defined in article 3 of the Spanish Consumer Act), the Spanish Consumer Law would apply. 

In the said case, the act of making available the app/software should comply with said regulation which, among other provisions, grants certain rights to consumers. In particular, consumers have the right to:

• The protection of their health and safety;
• The protection of their economic and social rights; in particular against unfair competition practices and the inclusion of abusive clauses in contracts;
• The compensation for damages suffered; and
• The right to obtain all the information about the relevant products and services in a correct, easy and clear manner, to facilitate knowledge about their proper use, consumption or enjoyment, warranty, technical assistance, etc. 

In practice, this results in the obligation to provide specific information to the consumers and including special clauses in the corresponding agreements. 

Advertisement

If the software within the digital app is considered a medical device, its promotion/advertisement must follow the requirements sets out by Royal Decree No. 1/2015. Among other provisions, this regulation prohibits advertising to the general public (i) medical devices destined to be used or applied exclusively by Health Care Professionals and (ii) medical devices to be reimbursed by the NHS. 

In any event, advertisement of digital apps will have to comply with the General Advertisement Law No. 34/1988.

B2C

• In a B2C relationship the above-mentioned regulation would apply. In particular:
• Under Consumer law, what is relevant is the consumer’s habitual residence and not from where he or she is using the software. EU Regulation 2018/302 on addressing unjustified geo-blocking should be considered:

1. If telemedicine services are provided through the Digital health app/software: this regulation would not apply and therefore the software provider may stablish measures for geo-blocking access and use from other jurisdictions.
2. If telemedicine services are not provided through the Digital health app/software, this regulation would apply, and therefore, the software provider cannot stablish measures for geo-blocking access and use from other jurisdictions. This would not, in itself, entail that the service provider has to comply with local regulation of those different jurisdictions applicable to digital health apps.   

• Under Data Protection law, the legal positions of the parties may vary on a case by case basis. In most cases, the digital app provider will be the data controller and the consumer/patient will be the data subject.

B2B

• In a B2B relationship, the consumer law would not be applicable to the agreements celebrated between the parties, nor would the provisions on the promotion of medical devices to the general public, although the General Advertisement Law would apply. 
• As for Data Protection law, the following should be carefully analysed: (i) which of the companies (if any) is processing personal data; and (ii) if so, the particular position which each company will have in respect to the data processing (whether data controller, data processor or joint data controllers), their respective obligations, risks and responsibilities.

Location tracking, monitoring behaviour, and processing of real time information (among other processing activities) may require prior data subject’s consent according to the data protection regulations (art. 4 (11) GDPR and art. 6 Spanish DPA).  However, this issue should be assessed on a case-by-case basis.

If the digital app were to include analytical, behavioural, or marketing cookies according to the recommendations issued by the AEPD, the installations of said cookies requires prior data subject’s consent (according to art. 4 (11) GDPR). In addition, the AEPD requires data controllers installing these types of cookies to: (i) provide part of the information of art. 13 GDPR through a cookies’ banner and all the information of said article in the Cookie Policy; and (ii) to enable a cookies’ configuration panel in the cookie policy, where the users can accept or reject those cookies in an easy manner. 

Within the health field, the AEPD Spanish Supervisory Authority has permitted remote monitoring of clinical trials during Covid-19 pandemic without data subject’s consent (https://www.aepd.es/sites/default/files/2020-06/Monitorizacion-remota-Verificacion-Datos-Fuente.pdf). 

In Spain, liability of health care professionals is assessed through the case law doctrine of the lex artis, defined by the Spanish Supreme Court as the evaluating criteria to assess the level of due care which should be complied with in all health care treatments. It implies not only complying with all techniques generally accepted by the medical science and adequate to a good practice, but applying said techniques with due care and preciseness in light of the circumstances and the risks inherent to each treatment according to its nature. 

Thus, the particular circumstances and techniques used by the health care professional should be assessed on a case-by-case basis. For instance:

• If a fault or inaccuracy of the software led to damage (or injury) but the health care professional was able to prove that use of the digital app was a generally accepted technique and that it had been correctly applied to the specific case, the health care professional could be found not liable, in which case the patient could try to seek a compensation for damages from the producer of the software.
• If a health care professional was found liable of a damage (or injury) which was caused by a fault or inaccuracy with the software or the final product/app, the health care professional could have a recovery right to seek damages from the software producer, unless the agreement between them stablished a limitation (such as an “as it is” clause). Accordingly, clauses regarding liabilities and liability waivers should be carefully drafted when commercialising digital health products/apps.

Medical devices

According to Royal Legislative Decree No. 1/2015 on medicines and medical devices, national health authorities can carry out periodic inspections to verify compliance with its provisions. The infringement of this provisions could entail: (i) the adoption of precautionary measures; and (ii) sanctions.

Indeed, if national authorities consider that a medical device can affect the health and/or the security of patients, users or third parties, then precautionary measures can be adopted, including ordering their withdrawal from the market, seizure of the product, or imposing additional/special requirements. 

As for the infringements regarding medical devices regulation, article 112 provides the list of infringements and classifies them as minor, serious and very serious. According to said provision the classification is made attending to the following criteria: (i) risk to the health; (ii) amount of any potential benefit to be obtained; (iii) severity of the health and social disorder caused; (iv) generalization of the infringement; (v) and recurrence. The sanctions which may be imposed depend on the particular infringement and may vary from €6,000 to €1,000,000 and even surpassing said quantity to a maximum of five times the value of the products and services which have been part of the infringement. However, the maximum of each sanction will only be imposed if the infringement act has caused direct damage to the public health or created a serious and direct risk to the public health.

In cases of serious or very serious infringements, the sanction will be published in the corresponding official journal, and in cases of very serious infringements, the corresponding authority could order the temporary closing of the corresponding installation for up to 5 years. 

Data Protection

Despite of the enforcement mechanism provided by the GDPR (art. 83), the Spanish Data Protection Act contains its own enforcement mechanism (Title IX Spanish Data Protection Act). In particular, the Spanish Supervisory Authority could—ex officio or at the request of a party or a national authority—initiate a sanctioning proceeding in the case of a possible infringement of the data protection regulation in force. Main milestones of this proceeding are:

• Individuals and national authorities should file before the AEPD a complaint for this purpose. 
• Once this is admitted, the AEPD can initiate ex officio preliminary diligences to better determine the facts and circumstances that justify the initiation of a proceeding.
• In light of the result of these preliminary diligences, the AEPD will initiate the sanctioning proceeding. In these proceedings, the facts of the case, the defendant and the appellant and the alleged infringement should be specified. 

Within the context of this proceedings, the infringements can be classified as minor, serious and very serious. The sanction that may be imposed by the AEPD (if the infringement is finally confirmed) depends on each case and on the severity of the infringement. Aggravating and mitigating circumstances could apply.

Consumer law

According to art. 49 Royal Decree 1/2007 on users and consumers, the competent authorities could sanction the infringements of its provisions (without prejudice to the civil and criminal liabilities that may arise), which are specified in its art. 29. 

All infringements specified by art. 29 of this law have the consideration of “serious” and can be subject to sanctions from €3,005.07 to €15,025.30.

However, these infringements can be very serious in case of recurrence or if the benefits obtained with the infringement are higher that €601,012.10. Very serious infringements can be subject to sanctions from € 15,025.31 to €601,012.10. 

General Advertising 

Infringement of the provisions of the General Advertising Law qualifies as an act of unfair competition and thus may lead to the exercise by a competitor or a consumer of legal actions in a court proceeding, seeking, among others, the cessation of the infringement and a compensation for damages.

E-commerce

Spanish e-Commerce Act establishes a mechanism of infringements and sanctions, by virtue of which a failure to comply with its obligations may result in a sanction of up to €600,000 (depending on the severity of the infringement). These sanctions could be made publicly available.

In the event of serious or very serious infringements and within the relevant sanctioning procedure, certain preliminary injunctions could be adopted, such as:

• temporary suspension of the service provider activity and, where appropriate, temporary closure of its establishments or 
• sealing records, supports and computer files and documents in general, as well as computer equipment of all kinds.  

In addition, an infringement (or potential infringement) of certain principles set out in the Spanish e-Commerce Act, may give rise to enforcement mechanisms through which the competent authorities may interrupt the provision of services.

AI Regulation

The 2021 proposal for a Regulation on Artificial Intelligence foresees that each Member State shall designate or establish a notifying authority responsible for setting up and carrying out the necessary procedures for the assessment, designation and notification of conformity assessment bodies and for their monitoring. Furthermore, Member States shall lay down the rules on penalties, including administrative fines, applicable to infringements of this Regulation and shall take all measures necessary to ensure that they are properly and effectively implemented. Therefore, once this Regulation comes into force, Spanish regulatory body will implement an enforcement mechanism for compliance with the AI Regulation.

There are no published future legal developments in Spain with regard to digital health apps/software.

Physicians in Spain are co-regulated by the General Council of Official Medical Associations (Consejo General de Colegios Oficiales de Médicos and the particular Associations established in the different Autonomous Communities) and the public administration (Ministry of Health and equivalents from the Autonomous Communities).

Spain does not have any express regulation on telemedicine. 

However, the Spanish General Council of Official Medical Associations has expressly stated that the use of telephonic means or other non-face-to-face communication systems to assist in professional decision-making is in accordance with Medical Ethics. The above is mainly subject to the services being clearly identified, confidentiality is ensured, and that the used communication channels guarantee the maximum available security. In any case, general legislation applicable to the particular services that physicians can be provided in person are also applicable when provided via telemedicine, among others they are regulated under the following laws and regulations:

• Law 14/1986, General Health (Ley 14/1986, General de Sanidad).
• Organic Law 15/1999, of 13 December, on the Protection of Personal Data and Royal Decree 1720/2007, which develops it (Ley Orgánica 15/1999, de 13 de diciembre, de Protección de Datos de Carácter Personal y Real Decreto 1720/2007 que lo desarrolla).
• Law 41/2002, on Patient Autonomy (Ley 41/2002, de Autonomía del Paciente).
• Law 16/2003 of Cohesion and Quality of the National Health System (Ley 16/2003 de Cohesión y Calidad del Sistema Nacional de Salud).
• Royal Decree 81/2014, of 7 February, establishing rules to guarantee cross-border healthcare (Real Decreto 81/2014, de 7 de febrero, por el que se establecen normas para garantizar la asistencia sanitaria transfronteriza).
• Royal Legislative Decree 1/2007, of the General Law for the Defence of Consumers and Users (Real Decreto Legislativo 1/2007, de la Ley General para la Defensa de los Consumidores y Usuarios).

Additionally, it should be noted that Health competences are transferred to the Autonomous Communities, which means that there is not a uniform regulation in this matter.

Law 34/2002 of 11 July, on information society services and electronic commerce (Ley 34/2002 de 11 de julio, de servicios de la sociedad de la información y de comercio electrónico) is also applicable on the basis that it is a service provided electronically.

Moreover, the physicians would also be subject to the applicable Codes of Good Practice of the medical associations to which they belong.  By ways of example, at the beginning of 2022, the Medical Association of Catalonia approved the Notebook of Good Practice (Cuaderno de Buena Práxis) dedicated to telemedicine, which includes fundamental aspects of this modality of care, with the aim of guiding professionals and organizations to incorporate it appropriately and safely into healthcare practice.

Spain does not have any express regulation on telemedicine. 

However, it should be noted that in the case of cross-border healthcare within the EU, the Spanish legislation, through Royal Decree 81/2014 of 7 February establishing rules to ensure cross-border healthcare (Real Decreto 81/2014, de 7 de febrero, por el que se establecen normas para garantizar la asistencia sanitaria transfronteriza) sets forth that the healthcare service is deemed to be provided in the Member State where the provider is established.

10.1 What are the requirements?

Requirements

The Spanish Code of Medical Ethics has addressed the issue of telemedicine by covering its use and establishing a series of principles that must be met:

• Proper Provision of medical services inevitably implies personal and direct contact between doctor and patient.
• It is ethically acceptable, in the case of a second opinion and medical checks, to use e-mail or other means of non-presential communication and telemedicine, provided that mutual identification is clear, and privacy is ensured.

10.2 Were there any new (time-limited) regulation regarding the Sars-CoV-2 pandemic?

Sars- CoV-2 specific regulation

In March 2020, the Madrid Medical Association published a guidance document on the application of telemedicine in very urgent cases like the current pandemic as a mere complement to in-person medical examinations. It recalled the principles previously stated, although it clarified that, in the scenario of healthcare alerts and always in the best interests of the patient, it is understood that, with the technical precautions mentioned above, medical visits could be carried out via telematic means.

Further from the above, the Spanish Government issued a specific and time-limited measure to develop health care apps, although they do not fit within the definition of telemedicine. In this regard, the Ministry of Heath approved the Order SND/297/2020, of 27 March, which entrusts the State Secretariat for Digitalisation and Artificial Intelligence, of the Ministry of Economic Affairs and Digital Transformation, with the development of various actions to manage the health crisis caused by COVID-19.

• The urgent development and operation of a computer application to support the management of the health crisis caused by COVID-19. This application should at least enable users to carry out a self-assessment based on the medical symptoms they report of the probability of being infected by COVID-19, provide information to users on COVID-19, and give them practical advice and recommendations for actions to be taken in accordance with the assessment.
• The development of a conversational assistant/chatbot to be used via WhatsApp and other instant messaging applications. It will provide official information in response to questions from the public.

The above-mentioned regulation provides that “under no circumstances will the application constitute a medical diagnosis service, emergency care or the prescription of pharmacological treatment” and specifies that “the use of the application shall in no way replace consultation with a duly qualified medical professional.”

Some public authorities with health competences (e.g., Community of Madrid), are currently evaluating the possibilities to introduce the offer of telemedicine as a service to patients. Additionally, virtual consultations with doctors are being maintained.

Since Spain does not foresee a specific regulation on tele-medicine, physicians that provide the very limited services that are allowed to be provided via telemedicine must meet, and are subject to, the general lex artis of the medical profession. For further detail on this topic, please see Question 5.

11.1 Are there legal requirements for physicians to give disclaimers or other types of notices to patients (as part of the consent process) before using telemedicine? If so, please indicate these.

Disclaimers and notices

Regulation does not provide specific requirements for physicians that provide their services through telemedicine to include disclaimers before providing their services.

However as there are only limited services that can be provided via telemedicine, the patient should be clearly informed (notice) as to what the scope of services is/the patient could expect to be provided via telemedicine (particularly that no diagnostic can be offered). Further from that, data protection notices and rights of personality notices (in case of recording conversations) have to be made.

11.2 Does the use of telemedicine increase the risk of liability (e.g., if a physician is asked to certify someone’s fitness to engage in a particular employment and does so virtually versus an in-person consultation)?

Increase of risk liability

The use of telemedicine does not particularly increase the risk liability itself, particularly because liability is mainly related to diagnosis and diagnosis cannot be offered via telemedicine. Thus, liability could be raised mainly regarding second opinions (most likely) and medical checks (less likely). Liability in any event would be assessed on a case-by-case basis, therefore it might be very convenient for the purposes of determining and/or excluding-mitigating liability (i) to have a proper record on the content of the service provided via telemedicine; and (ii) to clearly inform on the scope of the limited services that can be provided. Disclaimers of liability could be related to the amount of information provided (and not provided) by the patient.

With telemedicine, it has become necessary that prescriptions are handled by digital means. However, the law in Spain prohibits distance selling of prescription-only medicines and medical devices. This includes sales by mail order or telematic means.

Online prescription dispensing can only be done by pharmacists, doctors, dentists or podiatrists, who are legally authorized to do so.

Dispensing shall be carried out by pharmacies connected to the electronic medical prescription system. After unequivocal identification of the patient and, where appropriate, of the person he/she delegates, the pharmacist shall dispense the prescriptions requested by the patient.

The period of validity during which the patient may collect the medicine or medical device from the pharmacy shall be ten calendar days in the case of a first dispensing, counted from the date of the prescription.

The electronic medical prescription system shall ensure the security of access to and transmission of information, as well as the protection of the confidentiality of data.

There is no specific regulation in Spain regarding reimbursement of telemedicine services/appointments. Thus, telemedicine appointments follow the same regulation as face-to-face appointments, which is as follows:

In Spain, the public health insurance only funds treatments which are provided by centres, establishments and services of the National Health System or those which are subsidised by the National Health System, except in situations of vital risk, when it is justified that the means of the latter could not be used (art. 4.3 of Royal Decree no. 1030/2006 and art. 9 of Law no. 16/2003 on the National Health Care System).

Indeed, in cases in which urgent, immediate and vital health care services have been provided outside the National Health System, the costs of such care shall be reimbursed if proven that the services of the National Health System could not be used in a timely manner and that it does not constitute a deviant or abusive use of this exception.

As per the private insurance coverage, telemedicine has taken hold in Spain during the pandemic and has become an additional benefit offered by many insurance companies in their health policies.

There is no specific Spanish data protection regulation specifically covering telemedicine services. 

Nevertheless, personal data processed through a telemedicine service might be considered as part of the “Clinical Record” as defined by Spanish Act 41/2002 regulating patient autonomy and rights and obligations in terms of clinical information and documentation. Thus, provisions under this Act regarding basic patients’ rights and health professionals/centres’ obligations (i.e., information rights, rights of access to Clinical Record, custody and conservation obligations concerning clinical documentation, etc.) might be applicable in conjunction with GDPR and Spanish Data Protection Act. 

During these last years there have been proposals to regulate telemedicine by various associations and experts in health law. However, these proposals have not been taken up in general terms by political parties or institutions and it does not seem that a future development would be carried out soon.

In any case, it should be remembered that Health competences in Spain are transferred to the Autonomous Communities, which means that there is not a uniform regulation in this matter. Certain Autonomous Communities, such as the Community of Madrid, are recently considering the implementation of telemedicine to decongest the healthcare centres so that patients can follow treatments at home, while remaining in contact with professionals remotely.

The above would promote the regulation of telemedicine from a legal perspective in certain Autonomous Communities.

At the moment, according to the European Commission, online health is an issue on which members state should regulate and develop at a national level. In this regard, EU Directive 2006/123 specifically declared, “the exclusion of healthcare from the scope of this Directive should cover healthcare and pharmaceutical services provided by health professionals to patients to assess, maintain or restore their state of health where those activities are reserved to a regulated health profession in the Member State in which the services are provided.”

Notwithstanding that, the current policy promotion of the Single Digital Market in the European Union also covers e-health. Further to the share and access to health data, online health services are also pointed out for evaluation. Thus, in the medium or long term, and particularly with the full implementation of 5G technology, we expect further policy development to occur, both at EU and local level.