COMMISSION STAFF WORKING DOCUMENT

on the applicability of the existing EU legal framework to telemedicine services

Accompanying the document

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS eHealth Action Plan 2012-2020 – innovative healthcare for the 21st century

TABLE OF CONTENTS

1........... Introduction. 3

2........... Legal Framework. 6

2.1........ Telemedicine as a health care service. 6

2.1.1..... The Treaty provisions on the freedom to provide services. 6

2.1.2..... Directive on the application of patients' rights in cross-border healthcare. 6

2.2........ Telemedicine as an information society service. 7

3........... Key legal issues of cross-border telemedicine. 10

3.1........ Licensing/registration of healthcare professionals performing telemedicine services. 10

3.2........ Conditions for legal processing of health data. 12

3.2.1..... General Data Protection rules. 12

3.2.2..... The data protection reform.. 15

3.2.3..... Other data protection rules. 15

3.3........ Reimbursement 16

3.4........ Liability issues and product safety. 18

3.4.1..... Health professional liability. 19

3.4.2..... Safety and performance of products and product liability. 21

3.5........ Court litigation/court proceedings. 23

3.5.1..... Determining the competent jurisdiction. 23

3.5.2..... Determining the applicable law.. 25

4........... Conclusion. 28

4.1........ Legal sources concerning information society services. 31

4.2........ Legal sources concerning reimbursement 31

4.3........ Legal sources concerning consumer protection. 31

4.4........ Legal sources concerning data protection. 32

4.5........ Legal sources concerning medical devices and medicinal products. 32

1.           Introduction

Telemedicine is defined as "the provision of healthcare services, through the use of ICT, in situations where the health professional[1] and the patient (or two health professionals) are not in the same location. It involves secure transmission of medical data and information, through text, sound, images or other forms needed for the prevention, diagnosis, treatment and follow-up of patients"[2].

Health information portals, online pharmacy, electronic health record systems, electronic transmission of prescriptions or referrals (e-prescription, e-referrals) are not regarded as telemedicine services for the purpose of this Staff Working Paper. E-prescription is excluded as it is an ancillary and independent act, which can also be delivered in a face-to-face meeting with a doctor.

Telemedicine encompasses a wide variety of services such as teleradiology, teleconsultation, telemonitoring[3], teleophtalmology, telesurgery and teledermatology, which can therefore be regarded as different forms or ways of delivering telemedicine.

Telemedicine can help to address major challenges faced by European healthcare systems. For example, telemonitoring can improve the quality of life of chronically ill patients through self-management solutions and remote monitoring from home, reducing hospitalisation costs and saving on unnecessary emergency visits. Additionally, services such as teleradiology and teleconsultation can help shortening waiting times, optimising the use of available resources and enabling productivity gains.

Telemedicine can also significantly improve access to care, by delivering high-quality services to patients living in remote or sparsely populated areas affected by shortages of specialised healthcare professionals or by facilitating across border healthcare for the benefit of citizens in the EU.[4]

The benefits go beyond improving patient care and healthcare system efficiency. Telemedicine can also make a significant contribution to the European economy. This sector, where European industry – including thousands of small and medium size enterprises (SMEs) – is well placed, has been expanding rapidly in the past decade and is expected to continue to grow at a fast pace[5].

Member States have long realised the potential of telemedicine and are supportive of its beneficial deployment. Nevertheless, despite widespread awareness of the benefits of telemedicine, its use in the provision of everyday health and care services is still relatively low and one of the reasons identified is the lack of legal clarity[6].

In its 2008 Communication on Telemedicine, the European Commission announced the publication, in cooperation with the Member States, of an analysis of the EU legal framework applicable to telemedicine. Raising awareness on the rules and norms applicable to telemedicine was shown to be a primary condition to boost the wider deployment of telemedicine services across EU Member States.

On these grounds, the objective of this Staff Working Paper is to enhance legal clarity for all the actors involved in the provision of telemedicine services. This will be done by mapping existing EU legislation that applies to cross-border telemedicine services (consistent with the title of the SWP)[7]. In so doing, the paper is expected to contribute to achieving the goals of the Digital Agenda for Europe[8], which sets out to achieve widespread deployment of telemedicine services by 2020.

The European Commission's 2010 EU Citizenship Report[9] revealed that fragmented legal rules on essential aspects of healthcare across the Member States hamper patients exercising their right to receive healthcare in other EU Member States, where the quality and delivery of care may better respond to their needs, for example through telemedicine solutions. The lack of legal clarity also causes concern for healthcare professionals, fuelling distrust in the safety of new technolgies.

Member States are primarily responsible for the organisation, financing and delivery of healthcare. This means that they remain the principal actors able to turn telemedicine into reality for EU citizens – in full respect of the subsidiarity principle.

Most Member States do not have legal instruments specifically dealing with telemedicine, and only a few have adopted national regulations or professional and ethical guidelines concerning the provision of telemedicine services.

Moreover, some national legal systems require the physical presence of the patient and health professional at the same time and in the same place, for a medical act to be legally valid[10].

As a general rule, Member States should not adopt any national law, which would prevent service providers from exercising their freedom to provide telemedicine services. Any obstacle to the freedom to provide services across borders is prohibited, unless justified by imperative reasons of public interest for example on the grounds of public health. Hurdles of an administrative and reimbursement nature might represent obstacles in this regard, and Member States should prove that they are justified.

It is important to underline that telemedicine is not a new medical act and does not intend to replace traditional methods of care delivery, such as face-to-face consultations. It rather represents an innovative way of providing health and care services, which, can complement and potentially increase the quality and efficiency of traditional healthcare delivery. Such potential was recently acknowledged in Directive 2011/24/EU on the application of patients' rights in cross-border healthcare[11], due to be transposed by 25 October 2013, codifying the European Court of Justice jurisprudence on EU patients' rights to be reimbursed for medical treatment in other EU Member States, including through eHealth and telemedicine.

Recognising Member States' responsibility for ensuring the widespread deployment of telemedicine solutions, this Staff Working Paper primarily aims to support national administrations and implementing actors, by providing them with clarification on how telemedicine is affected by current EU legislation.

Due to its nature and characteristics, cross-border telemedicine falls within the scope of several EU legal instruments.

The paper follows the key legal steps encountered by a healthcare provider in the provision of a cross-border telemedicine act. It first clarifies licensing requirements for delivering cross-border telemedicine and then the rules to comply with for data protection, conditions and rights for reimbursement and cases of liability. Finally, it details the EU legal provisions determining the competent court and the applicable law in case a conflict arises.

Given the evolving nature of telemedicine technologies, this paper does not intend to cover all possible situations or future developments of telemedicine, but merely the most frequent or likely scenarios at present.

It should be noted that the contents of this document only represent the views of the Commission services.

Lastly, this Staff Working Paper does not prejudge the interpretation that the European Court of Justice, as the final instance responsible for interpreting the Treaty and secondary legislation, may develop on these matters.

2.           Legal Framework

2.1.        Telemedicine as a health care service

Relevant provisions

-Articles 56 and 57 of Treaty on the functioning of the European Union (TFEU) -Directive 2011/24/EU on the application of patients' rights in cross-border healthcare

2.1.1.     The Treaty provisions on the freedom to provide services

Telemedicine is a service and as such falls under the provisions of the TFEU (i.e. its Article 56). The European Court of Justice has, on several occasions, stated that health services fall within the scope of the freedom to provide services (Article 56 TFEU)[12] and neither the special nature of health services nor the way in which they are organised or financed removes them from the ambit of this fundamental freedom[13].

This includes the freedom for citizens to seek and receive health and care services from another Member State, regardless of how the service is delivered, i.e. including through telemedicine. Finally, the Court expressly recognised that the freedom to provide services applies to services, which a provider supplies without moving from the Member State in which he is established, to recipients in other Member States[14].

Member States are, however, allowed to maintain or introduce restrictions to the free movement of services, provided that these are justified by imperative reasons of public interest (e.g. public health), do not exceed what is objectively necessary for that purpose and that the same result cannot be achieved by less restrictive rules[15].

2.1.2.     Directive on the application of patients' rights in cross-border healthcare

Telemedicine services fall within the scope of Directive 2011/24/EU on the application of patients' rights in cross-border healthcare when they are health services provided by health professionals as defined in that Directive [16].

Cross-border telemedicine services are covered by the Directive as it contains two express references to telemedicine (Article 3(d) and Article 7(7) of the Directive) and its scope covers "the provision of healthcare to patients, regardless of how it is organised, delivered or financed" (Article 1(2) of the Directive).

Although it does not aim to solve all legal issues related to the provision of cross-border health services in the EU, the Directive clarifies patients' rights to be reimbursed for the provision of cross-border health services, including cross-border telemedicine services[17].

The key applicable provisions are the following:

· Rights are established to ensure that the essential information on prices, quality and safety of care are accessible to the patient to ensure informed decision.

· The Member State of treatment (that in case of telemedicine is the Member State where the service provider is established – see also paragraph 3.1 below) must ensure that the healthcare in question is provided in accordance with its legislation (Article 4(1) of the Directive).

· The principle of non-discrimination with regard to nationality is recognised and applies both to access and to fees charged for medical services (Article 4(3) and (4) of the Directive).

· The Directive provides that, in principle, the Member State of affiliation of the patient shall reimburse the costs of cross-border healthcare if the healthcare in question is among the benefits to which the insured person is entitled in the Member State of affiliation.

2.2.        Telemedicine as an information society service

Relevant provisions

-Directive 2000/31/EC on Electronic Commerce, hereinafter the "eCommerce Directive" -Directive 98/34/EC hereinafter the "Regulatory Transparency Directive"

The eCommerce Directive[18] creates a legal framework to ensure the free movement of information society services[19]. It sets information requirements for information society service providers, rules on commercial communications, on contracts concluded by electronic means and on the liability of intermediary service providers.

In order for a telemedicine service to qualify as an information society service, it needs to be a “service normally provided for remuneration, at a distance, by electronic means, at the individual request of a recipient of service:”[20]

· for remuneration. "Remuneration" is to be considered in relation to the service in question, regardless of who effectively pays for the telemedicine service;

· at a distance. The concept of "at a distance" means that the service is provided without the parties being simultaneously present. All telemedicine services are by definition provided at a distance;

· by electronic means. The service also has to be sent initially and received at its destination by means of electronic equipment for the processing (including digital compression) and storage of data, and entirely transmitted, conveyed and received by means of wire, radio, optical means or other electromagnetic means. This means that the following health services are not information society services:

· services provided in the physical presence of the provider and the recipient, such as medical examinations at a doctor's premises, even if using electronic equipment;

· services which are not using online telecommunication services, such as a telephone or telefax medical consultation or medical call-centers providing services through traditional voice telephony;

· at the individual request of a recipient. Services falling under the definition of information society service are those provided in response to an individual request from the recipient. Telemedicine services are usually provided at the individual request of a recipient. Patients being treated by a doctor using telemedicine services (e.g. teleradiology), implicitly accept such services and this constitutes the individual request.

Examples of services supplied on individual request can be found in the Vade-mecum to the Regulatory Transparency Directive, which include “doctors (computer medicine), etc., access to databases, data and file management, consultation, diagnosis etc[21].“

The main provisions in the eCommerce Directive that apply to cross-border telemedicine are the following[22]:

· The country of origin principle. It provides that the law applicable to an eCommerce activity will be the law of the Member State in which the service provider is established, i.e. the place in which a service provider effectively pursues an economic activity using a fixed establishment for an indefinite period. The Member States may however under certain circumstances and procedural conditions and on a case-by-case basis take measures to restrict the provision of a particular online service from another Member State (Article 3 of the Directive).

· The Directive prohibits Member States from making the taking up and the pursuit of the activity of an information society service provider subject to prior authorisation or any other requirement having an equivalent effect (Article 4 (1) of the Directive).

· Duty of information of Information Society Service (ISS) providers. They have to render easily, directly and permanently accessible to the recipients of the service a set of information, such as their identity and contact details on their website (Article 5 of the Directive). Regulated professions have to provide additional information, for instance, their professional body or registered institution, professional title and the Member State where it has been granted.

· Commercial communications. The ISS provider has to comply with some specific requirements when using commercial communications for the promotion of  eHealth services or products (Articles 6 and 7), for instance, ensuring they are "clearly" and "unambiguously" identifiable as such[23]. Member States must ensure that members of regulated professions may use commercial communications online, subject to compliance with such professional rules governing the independence, honour and dignity of the profession.[24]

According to the Regulatory Transparency Directive[25], Member States wishing to adopt a regulation on telemedicine services as information society services will have to notify it to the Commission and to other Member States before adoption[26].

3.           Key legal issues of cross-border telemedicine

In order to provide telemedicine cross-border within the EU, healthcare professionals first have to look for the responses to the following questions:

– Licensing: Does the telemedicine provider also need to be licensed/registered in the Member State of the patient?

– Data Protection: What are the conditions for the legitimate processing of personal data related to health?

– Reimbursement: Will the cross-border telemedicine service be reimbursed?

– Liability: What is the liability regime applicable in case damage arises?

– Relevant jurisdiction and applicable law in case of damage: What are the relevant jurisdiction and the law applicable in case damage arises?

3.1.        Licensing/registration of healthcare professionals performing telemedicine services

Relevant provisions

-Articles 56 and 57 of TFEU -Directive 2011/24/EU on the application of patients' rights in cross-border healthcare - Directive 2000/31/EC on electronic Commerce, hereinafter "the eCommerce Directive".

In most Member States, the competence to accredit professionals wishing to deliver health services is delegated to an appointed licensing or registration body. Upon being licensed/registered, the health professional will have to abide by the rules and regulations established by the licensing authority (the professional body) and be subject to disciplinary sanctions in case of non-observance[27]. It is also up to each Member State to decide which healthcare professionals are entitled to deliver health services and the kind of recognition/accredition they need to do so.

When healthcare services are provided by means of telemedicine, i.e. without the actual movement of either the healthcare professional (i.e. the telemedicine provider) or the service recipient (i.e. patient or another healthcare professional), some questions regarding the licensing/registration of health professionals arise in cross-border scenarios.

It is assumed that the telemedicine provider healthcare professional already complies with the authorization and registration requirements of his or her Member State of establishment. Directive 2005/36/EC[28]  on the recognition of professional qualifications does not apply to healthcare professionals providing cross-border telemedicine. This is clearly stated in Article 5(2) of the Directive, which sets that the Directive is only applicable to situations where the service provider actually moves to the territory of a host Member State to pursue a regulated profession. As indicated above, telemedicine services are provided without the actual movement of the telemedicine provider health care professional.

As already mentioned, Directive 2011/24/EU requires that cross-border healthcare is to be provided in accordance with the legislation of the Member State of treatment (Article 4(1) of the Directive). In the case of telemedicine, the Member State of treatment is expressly defined as that of the service provider's Member State of establishment (Article 4(1)(a) of the Directive)[29].

The applicability of the service provider's Member State of establishment legislation is also enshrined in the eCommerce Directive[30]. In other words, if the service provider (here the healthcare professional) complies with the legislation applicable to the taking up and exercise of an information society service in his Member State of establishment, he will in principle be free to provide its services in other Member States (Article 3(1) and 3(2) of Directive 2000/31/EC). This is known as the 'country-of-origin principle'.

Case study In January 2014, an innovative eye care centre in Country A explores the opportunity to invest in a state-of-the-art teleophtalmology system, capable of providing services at distance nationally and across borders. Healthcare professionals in the centre are particularly interested in expanding their services to patients living in border regions in Country B and Country C, offering them the comfort of remote eye care from home. Prior to purchasing the necessary equipment, the healthcare professionals from Country A seek relevant information concerning the conditions they need to comply with in order to be entitled to treat patients in other EU Member States and, if applicable, the requirements for professional recognition of their credentials. It should first of all be noted that the professionals from Country A will continue exercising their activity there and will propose health services in Country B and Country C from Country A, without physically moving to either of those countries. The provisions of Directive 2005/36 on the recognition of professional qualifications are therefore not applicable. However, Article 4(1) of Directive 2011/24/EU applies. It provides that cross-border healthcare be provided in accordance with the legislation of the Member State of treatment, which in the case of telemedicine is that of the service provider's Member State of establishment. This means that the healthcare professionals of Country A should only comply with the existing accreditation and legal requirements existing in Country A to perform telemedicine. As the telemedicine services at stake fall within the definition of an information society service, the healthcare professionals from Country A would also have to comply with the national provisions applicable in Country A for the provision of an information society service.

3.2.        Conditions for legal processing of health data

Relevant provisions

- Article 16(1) TFEU, Article 8 of the EU Charter of Fundamental Rights and Article 8 of the European Convention on Human Rights (“ECHR”) - Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data - Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector - Directive 2011/24/EU on the application of patients' rights in cross-border healthcare

A significant aspect of the cross-border provision of telemedicine services provided by a healthcare professional is the legitimate processing of personal data and the respect for the fundamental right to the protection of personal data. Telemedicine by its nature involves personal data processing through the generation and/or transmission of personal data related to health.

Since the entry into force of the Treaty on the Functioning of the EU (TFEU), the EU Charter of Fundamental Rights has become legally binding, and Article 8 of the Charter guaranteeing the fundamental right to the protection of personal data is now enshrined in Article 16(1) TFEU.

3.2.1.     General Data Protection rules

Directive 95/46/EC[31] is the general EU law on the protection of personal data, which sets the rights of data subjects and establishes criteria for the legitimacy of processing personal data, including "personal data on health"[32]. Directive 95/46/EC is currently under review[33] with the aim to modernise and clarify the EU legal system for the protection of personal data, strengthen individuals' rights, while at the same time reducing administrative formalities to ensure a free flow of personal data within the EU and beyond.

As regard to its scope of application, Directive 95/46/EC establishes that "personal data" means any information related to an identified or identifiable natural person (the "data subject"; Article 2 a) of the Directive). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity[34] This includes the processing of sound and image data.

"Processing of personal data" means any operation or set of operations, which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction (Article 2 b) of the Directive). This may include the processing of sound and image data.

Data protection rules are applicable not only when the data controller is established within the EU, but, whenever the data controller uses equipment situated within the EU in order to process data (Article 4 of the Directive). Data controllers from outside the EU, processing data in the EU, are therefore obliged to follow European data protection rules in such cases.

Special protection for personal data related to health

According to Directive 95/46/EC the processing of personal data related to health is prohibited unless certain conditions are fulfilled (Article 8 of the Directive). According to the European Court of Justice, the notion of "data concerning health" must be given a wide interpretation, so as to include information concerning all aspects, both physical and mental, of an individual's health[35]. The Article 29 Data Protection Working Party[36] provided further interpretation of this concept   by recommending that health data should cover:

· any personal data closely linked to the health status of a person only, such as genetic data or data on consumption of medicinal products, alcohol or drugs.

· any other data contained in the medical documentation concerning the treatment of a patient – including administrative data (social security number, date of admission to hospital, etc.). Any data that is not relevant for the treatment of the patient, should not be included in the medical file[37].

Derogation from the prohibition of processing health data is granted under very specific circumstances. Limited exemptions to this prohibition principle are laid down in the Directive, in particular if processing is required for specified medical and healthcare purposes. The general prohibition of processing such personal data does not apply where:

· the data subject has given his explicit consent to the processing;

· processing is necessary to protect the vital interests of the data subject or of another person where the data subject is physically or legally incapable of giving his consent;

· where processing of the data is required for the purposes of preventive medicine, medical diagnosis, the provision of care or treatment or the management of health-care services, and where those data are processed by a health professional subject under national law or rules established by national competent bodies to the obligation of professional secrecy or by another person also subject to an equivalent obligation of secrecy (Article 8(3) of the Directive).

Member States are allowed to derogate further from the prohibition of processing sensitive categories of data, for reasons of substantial public interest in areas such as public health and social security (Article 8(4) of the Directive). Any such measure must be proportionate, i.e. there must not be other less infringing measures available.

General principles for the processing of personal data

The processing of personal data related to health must comply with the following general data protection principles established by legislation. Some of the key principles are outlined in the following summarised table:

Personal data must: – only be collected for specific, explicit and legitimate purposes and not be kept for longer than necessary (Article 6(1)(b)). Further processing of data for historical, statistical or scientific purposes shall not be considered as incompatible provided that Member States provide appropriate safeguards; – be limited to the relevant data for the specific purposes they are intended to fulfil, e.g. by obtaining appropriate contractual or other commitments from the entities in the third countries (Article 6(1)(c)) – only be transferred to third countries outside the EU/EEA if they guarantee an “adequate” level of protection[38]. Where a non-EU country does not ensure an adequate level of protection, the transfer of personal data is only allowed under certain conditions (Article 26). || Data controllers must: – provide certain information to data subjects on the identity of the controller and recipients of data, the purposes of the processing, and the existence of a right of access (Articles 10 and 11) – allow data subjects access to their personal data – implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction or unauthorised disclosure. Such measures shall ensure a level of security appropriate to the risks represented by the processing and the nature of the data to be protected (Article 17) – under specific conditions, comply with European data protection rules even when they are based outside the EU (Article 4).

Case study Patient X, affiliated to the Country A social security system, suffers from chronic gall bladder problems. The treating healthcare provider in Country A puts the patient in touch with a surgical centre of excellence specialising in digestive systems in Country B. A well-renowned healthcare professional based in Country B would be able to operate on Patient X through telesurgery. A series of medical tests and important health-related patient data are requested by the Country B based operating doctor. The key sensitive medical information is therefore to be transferred electronically across borders between Country A and Country B. The health data first have to be processed according to the law of Country A as the data controller is a healthcare provider from that country. The latter will have to ensure that the processing was legitimate according to Article 8 of the Data Protection Directive 95/46/EC and the Country A law transposing the Data Protection Directive. Once the health data of the patient are transferred to Country B, any further processing must comply with the law of that Country (e.g. legitimate grounds for processing, information to data subject, access to data, security requirements, etc.).

3.2.2.     The data protection reform

EU pilot projects such as EpSOS have shown that current practices regarding the assessment of lawfulness, proportionality and required level of security for such health data vary a lot across the Union, due to the margins of manover left to the discretion of Member States when implementing Directive 95/46/EC. It has shown that this is one of the many factors limiting innovation in the eHealth sector.

By providing one single set of rules and for a consistency mechanism involving the data protection authorities in charge of ensuring a consistent application of the Regulation, the proposed Data Protection Regulation presented by the Commission on 25 January 2012 will facilitate the cross border exchange of health data while preserving a high level of protection. 

3.2.3.     Other data protection rules

Directive 2002/58/EC (as lastly amended by Directive 2009/136[39]) lays down specific requirements in connection with the provision of publicly available electronic communications services in public communications networks  to ensure confidentiality of communications and security of their networks. One important obligation is their duty to notify personal data breaches to the competent national authority.[40]

According to the Directive on the application of patients' rights in cross-border healthcare the Member State of treatment must ensure that the fundamental right to privacy with respect to the processing of personal data is protected in conformity with national measures implementing Union provisions on the protection of personal data, in particular Directives 95/46/EC and 2002/58/EC.

This means that these rules should also be respected with regard to patients' medical invoices and health records.

Patients who have received cross-border healthcare treatment (including through telemedicine) are entitled to a written or electronic medical record of such treatment, and access to at least a copy of this (See Articles 4(f) and 5(d) of Directive 2011/24/EU).

3.3.        Reimbursement

Relevant provisions

- Directive 2011/24/EU on the application of patients' rights in cross-border healthcare

When providing cross-border telemedicine services, it is essential to determine whether the patient being treated is entitled to reimbursement for the services received.

EU legal provisions come into play in cases of cross-border provision of telemedicine services. Two different and alternative mechanisms for reimbursement of cross-border healthcare are in place at EU level:

· Regulation (EC) No 883/2004 on the coordination of social security systems[41]. However, this is not applicable to telemedicine services as it expressly requires the physical presence of the patient in the Member State of treatment (the one of the healthcare provider);[42]

· the other mechanism is provided for in the Directive on the application of patients' rights in cross-border healthcare[43], which covers telemedicine within its scope.

The Directive on the application of patients' rights in cross-border healthcare sets as a general rule that the Member State of affiliation shall ensure that the costs incurred by any insured person receiving cross-border healthcare are reimbursed, if the healthcare in question is among the benefits to which the insured person is entitled in the Member State of affiliation (Article 7(1) of the Directive).

The Directive makes it clear that cross-border healthcare services using eHealth services[44] are also to be reimbursed (Recital 26 of the Directive).

It also provides that the Member State of affiliation may impose on an insured person seeking reimbursement of the costs of cross-border healthcare, including healthcare received through the use of telemedicine, the same conditions, criteria of eligibility and regulatory and administrative formalities as it would impose if this healthcare were provided on its territory (Article 7(7) of the Directive).

Therefore a patient receiving a telemedicine service from a healthcare provider located in another Member State should, in principle, be reimbursed for the costs incurred. However, such reimbursement shall only take place provided that the telemedicine service falls within the range of healthcare services to which citizens are entitled in the Member State of affiliation[45].

The service will be reimbursed up to the same level as a telemedicine service in the Member State of affiliation. In the case of health systems which do not operate on the basis of reimbursement directly to the patient and do not therefore have reimbursement tariffs which they use within their own system, the patient is entitled to be reimbursed up to the amount paid for that service by the institution responsible for meeting the costs of healthcare. Member States will also have to have a transparent mechanism for the calculation of costs of cross-border healthcare that are to be reimbursed to the insured person.

Reimbursement of cross-border healthcare, cannot, as a rule, be subject to prior authorisation (Article 7(8) of the Directive). However, Member States may introduce a system of prior authorisation only for certains types of healthcare and under strict conditions (Article 8(2) of Directive); such as planning requirements and the use of highly specialised and cost-intensive medical infrastructure or medical equipment. Such a system should be restricted to what is necessary and proportionate to the objective to be achieved. Member States should notify to the European Commission of the set-up of a prior authorisation system and make publicly available which healthcare is subject to such system.

The Directive also limits the conditions under which the Member State of affiliation may refuse to grant prior authorisation to an insured person (Article 8(6) of the Directive).

Case study Further to an acute admission for decompensated heart failure on January 1, 2014, patient X from Country A is referred by his secondary care provider in Country A to telehealth services offered to patients who suffer heart failure by a hospital in Country B. Patient X would benefit from this type of supporting technology, as it would encourage better self-management of his condition and adherence to the prescribed medications. Though telehealth services of this kind are recognised as valid medical acts in Country A, no facilities are available locally to offer the service. This is due to a shortage of nursing staff at the Country A hospital where Patient X was initially treated. Other Country A-based healthcare centres providing same telehealth services operate at the local level only, and thus have no capacity to include Patient X in their schemes. After meeting the indicated specialist doctor in Country B, the patient requests to have the necessary equipment installed at home. In order to do so, patient X is faced with upfront out-of-pocket costs directly requested by the treating centre in Country B. Prior to concluding the agreement, patient X therefore seeks information concerning his entitlement to reimbursement and the applicable conditions attached from his social security scheme. According to Directive 2011/24/EU, patients are entlitled to be reimbursed by their Member State of affiliation, for the healthcare received in another EU Member State, if the healthcare in question is among the benefits to which the insured person is entitled in his home country. If these conditions are met, Patient X should therefore have his costs related to the telemedicine service in Country B reimbursed by his healthcare system[46].

3.4.        Liability issues and product safety

Relevant provisions

- Directive 85/374/EEC on liability for defective products as amended by Directive 1999/34/EC, hereinafter "the defective products Directive" - Directive 2011/24/EU on the application of patients' rights in cross-border healthcare, hereinafter "the cross-border healthcare Directive" - Directive 90/385/EEC on active implantable medical devices and Directive 93/42/EEC on medical devices and Directive 98/79/EC on in vitro diagnostic medical devices - Regulation 593/2008 on the law applicable to contractual obligations (Rome I) and Regulation 864/2007 on the law applicable to non-contractual obligations (Rome II)

When damage occurs in the provision of a cross-border telemedicine act, it is first of all necessary to determine who should be held liable. This may prove complex, due to the potentially large number of actors involved (e.g. nurses, health informaticians, doctors, etc.). Several types of liability might also come into play depending on the source of the problem.

Liability can be of a professional nature (medical) or of a defective product.

Also, depending on the existence or not of a contractual relationship between the damaged person and the person responsible for the damage, a case of contractual liability or tort liability could arise[47].

EU legislation only harmonises rules related to liability for defective products. EU legislation determines, however, which law is applicable to the liability of the different actors involved. Indeed, the law applicable will determine the basis and extent of liability, the level of compensation and the nature and assessment of damage/problem. For more details on the determination of the law applicable see Section 3.5.2.

The newly adopted Directive on Consumer Rights[48] (which repeals Directive 97/7/EC on the protection of consumers in respect of distance contracts as of 13 June 2014) expressly excludes healthcare from its scope. It is thus not covered by this paper.

3.4.1.     Health professional liability

Medical liability is regulated at the Member State level and the complexity and diversity in liability rules in the Member States regarding the provision of healthcare are considerable.

Most of the Member States apply their general liability regime in case of medical errors or negligence in providing healthcare. A few of them, however, have introduced specific liability rules to increase protection for patients[49]. Medical liability can take various forms, depending on the provisions existing at Member State level. One must distinguish between the following types of liability regime:

· contractual or delictual liability;

· criminal, civil or administrative liability;

· faultless liability (also known as "strict liability") or liability with fault.

Nevertheless, the Directive on the application of patients' rights in cross-border healthcare contains some provisions, which are helpful to shed some light on the cross-border liability for healthcare services, albeit not solving the issue completely.

The legislation of the Member State of treatment should apply as a rule to the provision of cross-border telemedicine services to patients (Article 4(1) of the Directive). For telemedicine, the Member State of treatment is the Member State in which the service provider is established (Article 3(d) of the Directive).

Member States have the duty to put in place systems of professional liability insurance or a guarantee or similar arrangement that is equivalent or essentially comparable as regards its purpose and which is appropriate to the nature and the extent of the risk for treatment provided on their territory, including cross-border healthcare (Article 4(2)(d) of the Directive).

Transparent complaint procedures for the patient suffering harm from the services they receive must be in place, in accordance with the legislation of the Member State of treatment (Article 4(2)(c) of the Directive).

The determination of responsibilities between several healthcare professionals involved in the provision of a telemedicine act (e.g. a second opinion doctor) should be facilitated by the duty of the Member State of treatment to ensure that cross-border patients receive a written or electronic medical record of the treatment received (Article 4(2)(f) of the Directive). The written account of the treatment, which could constitute evidence in Court, should detail how and by whom the patient was treated.

Patients planning to receive healthcare in another Member State should receive the following relevant information (Articles 4 and 6 of the Directive):

· from the national contact point of the Member State of treatment, upon request, relevant information on the standards and guidelines on quality and safety[50];

· from healthcare providers, relevant information to help individual patients to make an informed choice:

· on treatment options;

· on the availability, quality and safety of the healthcare they provide in the Member State of treatment;

· clear invoices and clear information on prices, on the healthcare professional's authorisation or registration status, their insurance cover or other means of personal or collective protection with regard to professional liability.

The reception or lack of such information could also have a role to play in the determination of possible liability of the actors involved in the provision of a cross-border telemedicine act.

Case study Further to a persistent cough, patient X, whom is affiliated to Country A social security scheme, is asked by his general practitioner in his Member State to undergo chest x-ray tests. However the hospital in Country A where the x-rays were taken has no lung teleradiologist specialist on site to interpret the results. Using electronic means, images are thus sent to a teleradiologist established in a hospital in Country B, with whom the Country A hospital has a contractual relationship for the provision of such type of teleradiology services. The specialist in Country B is asked to deliver a medical opinion on the x-rays to support the medical doctor in Country A in his diagnosis of the patient's conditions. The teleradiologist in Country B provides a consultation falling short of the expected medical standard, resulting in an incorrect diagnosis. This negatively impacts on the treatment decision prescribed by the treating doctor in Country A. Besides not addressing the patient's cough, the treatment provokes a worsening of the patient's conditions, raising an issue of medical negligence. The telemedicine service is provided across-border between two healthcare professionals located in two different EU Member States, which are bound by an established contractual relationship. The patient only has a contractual relationship with his healthcare provider in Country A. There is no contractual relationship between the patient and the teleradiologist in Country B. Liability action against doctor in Country A introduced by patient X in Country A As the patient and his doctor have their residence in Country A,there is no cross-border situation. Therefore, the  Courts of Country A are competent and the law of this country will also apply. Liability action introduced by patient X against Country B teleradiologist As there is no contract binding patient X and the radiologist from country B, patient will have the option of suing in the MS of domicile of the teleradiologist (Article 2 of Brussels I Regulation), namely country B, or in the patient's Member State of residence, which is the one where the harmful event occurred (Article 5.3 of Brussels I Regulation). This means either where the negligence took place or where it caused harm, i.e. where it was acted on, namely country A. Whereas the law applicable will be the law of the country where the damage occurred (Article 4.1 Rome II Regulation).

3.4.2.     Safety and performance of products and product liability

The provision of a telemedicine service is often made possible thanks to the use of a medical device[51].

To the extent that a telemedicine system falls within the definition of an active implantable medical device or of a medical device or of an in vitro diagnostic medical device as laid down in Directive 90/385/EEC or Directive 98/79/EC[52], respectively, the product must be in conformity with the legal requirements set out in those directives. The directives mainly lay down the essential requirements on safety and performance of medical devices to ensure the protection of the health and safety of patients, users in relation to the use of medical devices[53].

Liability for defective products is regulated at EU level by Directive 85/374/EEC[54], which applies to any product manufactured in or imported into the European market.

This Directive aims at ensuring a high level of consumer protection against damage caused to health or property by a defective product[55]. It introduces the principle of objective liability or faultless liability of the producer or the importer, and if no producer or importer can be identified of the supplier.

The producer will be held liable and has to pay compensation for damages resulting from a defect caused to persons or properties.

If more than one person is liable for the same damage, joint liability is applicable. This means that the injured patient can claim full compensation for the damage from any one of the liable persons.

This also means that the injured person does not have to prove the existence of a fault or negligence; he needs to prove that damage arose, that a defect in the product exists and that there is a causal relationship between defect and damage.

For instance, if a diabetic patient were to be harmed by a defective medical device providing the wrong quantity of insulin in his body, he could sue the producer of such device and would have to demonstrate the harm to his health and the causal link with the proven defective device.

The liability of the producer can only be excluded or reduced under certain circumstances enumerated by the Directive (Articles 7 and 8). Moreover, the consumer has three years time to introduce an action in court from the moment he becomes aware of the damage, the defect and the identity of the producer. Additionally, the consumer's right to recover damages is limited to ten years after the producer has put the product into circulation.

This "objective liability" scheme is of course without prejudice of the rights the injured patient may have according to the rules of the law of contractual or non contractial liability.

Case study Patient X is a citizen of Country A and has undergone partial knee replacement in a specialised centre of excellence in Country B. Prior to his return to Country A, the patient is provided with a patient-controlled analgesia infusion pump and is offered to receive follow-up consultations through the treating hospital's Department of Orthopedic Surgery's telemonitoring system. Due to severe post-operative pain, during a telemonitoring consultation session between patient X in Country A and his treating doctor in Country B, patient X is prescribed the use of the pump. The patient is expected to be monitored for the following 24 hours as to ensure proper use of the device. A software defect, however, causes the preprogrammed analgesic ceiling meant to avoid intoxication to malfunction. This results in hazardous respiratory depression for the patient, who is urgently hospitalised. After some research, the software is proven to be produced by a producer in Country B. Patient X will be able to sue the producer of the defective software on the basis of Directive 85/374/EECon liability for defective products, which provides for a faultless liability. The patient will have to prove the defect and the causal link between the harm caused and the defective product. The competent court and the applicable law will have to be determined according to the Regulations on Brussels I and Rome I, Rome II (see Section 3.5 of this document). If the pump is CE marked as a medical device, the national authorities could decide to withdraw the defective product from the market based on the national provisions implementing the Medical Devices Directive (i.e. Directive 93/42/EEC).

3.5.        Court litigation/court proceedings

Relevant provisions

-Council Regulation (EC) No 44/2001 of 22 December 2000 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters, hereinafter "Brussels I Regulation" -Regulation (EC) No 593/2008 of the European Parliament and of the Council of 17 June 2008 on the law applicable to contractual obligations, hereinafter "Rome I Regulation" -Regulation (EC) No 864/2007 of the European Parliament and of the Council of 11 July 2007 on the law applicable to non-contractual obligations, hereinafter "Rome II Regulation"

3.5.1.     Determining the competent jurisdiction

In the exercise and delivery of cross-border telemedicine services, it is essential that the actors involved determine in which Member State and in particular before which jurisdiction they can sue or be sued, in case problems occur.

For civil and commercial matters, the rules determining the competent jurisdiction in a cross-border situation are enshrined in Regulation (EC) No 44/2001.

Parties can designate which court should be competent to resolve a possible conflict arising between them (Article 23 of the Regulation)[56].This agreement must be in writing. However, with the view to protect consumers, the possibility for such a designation in the case of a consumer/ professional contractual relationship is limited (Article 17 of the Regulation).

If parties have not contractually defined the court of their choice, as a general rule jurisdiction is to be exercised in the Member State in which the defendant is domiciled, regardless of his/her nationality[57].

However, in certain circumstances a defendant may be sued in the courts of another Member State. This is the case for instance in matters involving a contractual relationship or a non-contractual relationship (liability for wrongful acts):

· In matters involving a non-contractual relationship, the competent courts are the courts of the place where the harmful event occurred or may occur (Article 5(3) of the Regulation). According to case law, this includes the place where either the act causing harm or the direct damage occurs; cases of consequential damage are therefore not covered. In a cross-border telemedicine scenario, it can be assumed that:

· the place where the act causing the damage occurs is located in the Member State where the professional is when delivering the service, and;

· the place where the damage arises is located in the Member State where the patient was when he received the medical advice or treatment.

· In matters involving a contractual relationship, one must distinguish between (1) telemedicine scenarios involving professionals only, i.e. a professional to professional relationship and (2) telemedicine scenarios involving a professional and a patient, i.e. a professional to consumer relationship[58]:

· Contract between professionals only: the competent courts are the courts in the Member State where, under the contract, the services were provided or should be provided (Article 5(1)(b) of the Regulation)[59].

· Professional to consumer contract:

(a) if the professional's activity is "directed to the Member State of the consumer's domicile or to several States including that Member State", the consumer has a choice: he may sue either in the Member State where the other party is domiciled or in the Member State where he is himself domiciled (Article 15(1)(c) in conjunction with Article 16 of the Regulation).

          In the rulings Alpenhof and Pammer[60], the European Court of Justice clarified the notion of "directed activities" in the context of the internet. To determine whether a trader's website is ‘directing’ its activity to the Member State of the consumer’s domicile, it should be ascertained whether, before the conclusion of any contract, it was apparent from the website and the trader’s overall activity that he was foreseeing business opportunities in that Member State[61]. On the other hand, "the mere accessibility of the trader’s or the intermediary’s website in the Member State in which the consumer is domiciled is insufficient"[62].

          In the case the consumer is sued (e.g. over a dispute concerning an unpaid bill), the competent jurisdiction will be the one of the Member State of his domicile.

(b) if the activity is not directed to the Member State of the consumer's domicile, the competent courts are the courts in the Member State where, under the contract, the services were provided or should be provided (Article 5(1)(b) of the Regulation. In a cross-border Telemedicine scenario, and by analogy with the case-law concerning the delivery of goods, it could be reasonably assumed that it would be the Member State where the patient was when he received the advice or treatment.

· Thus, to sum up, the patient always has the possibility of suing the professional in the Member State where the professional is domiciled. The alternative optional jurisdictions are likely in very many cases to allow him to sue in the Member State of his own domicile if he so chooses.

3.5.2.     Determining the applicable law

In case a conflict arises following the provision of a cross-border telemedicine service, after identifying the competent jurisdiction, it will be necessary to identify, which law should apply.

As for the determination of the competent court, at EU level, existing rules on the determination of the applicable law in a cross-border situation only cover civil and commercial matters.

3.5.2.1.  Determining the applicable law in a contractual relationship

In situations resulting in a conflict of laws involving a contractual relation, the Rome I Regulation[63] shall apply.

· Contract between professionals:

The general rule is the freedom of choice of the parties, meaning that the applicable law to the contract will be the one expressly chosen by the parties.

In the absence of choice of the applicable law in the contract, the default rule shall apply:

The contract for the provision of services shall be governed by the law of the Member State where the service provider has his habitual residence (Article 4(1)(b) of the Regulation).

· Contract between a professional and a consumer:

· If the healthcare professional directs its activities to the Member State where the consumer has his habitual residence or to several countries including that country, the  contract shall be governed by the law of the country where the consumer has his habitual residence (Article 6 of the Regulation)[64].  

· If the healthcare professional does not direct its activities to the Member State where the patient has his habitual residence, the contract shall be governed by the law of the Member State where the service provider has his habitual residence (Article 4(1) b) of the Regulation).

· The parties may nevertheless choose a law other than the consumer's law. If they do so, however, the consumer may still not be deprived of the protection afforded to him by the provisions of the law of his country that cannot be derogated from (due to their importance) through agreement.

3.5.2.2.  Determining the applicable law in a non-contractual relationship

In situations involving a conflict of laws regarding non-contractual obligations in civil or commercial matters, the Rome II Regulation shall apply, which provides the following:

· The law applicable to a non-contractual obligation arising out of a tort/delict shall be the law of the country in which the damage occurs (i.e. the Member State where the patient was when he received the treatment). This is irrespective of the country in which the event giving rise to the damage occurred (i.e. the Member State where the healtcare professional was when he delivered the advice/treatment) and irrespective of the country or countries in which the indirect consequences of that event occur (Article 4(1) of the Regulation).

· Under certain conditions, the parties may choose another applicable law by an agreement entered into after the event giving rise to the damage occurred (Article 14 of the Regulation).

3.5.2.3.  Relationship between Rome I and II Regulations and Directive 2011/24/EU on the application of patients' rights in cross-border healthcare

Cross-border healthcare shall be provided in accordance with the legislation of the Member State of treatment and the standards and guidelines on quality and safety laid down by that Member State (Article 4 of Directive 2011/24/EU).

However, that provision does not derogate from the rules set out in the Rome I and II Regulations on applicable law (Article 2(q) of the Directive2011/24/EU) . Article 4 of the Directive thus only applies to public law issues and states the obvious principle that treatment must be carried out in a way that complies with the local law. If the law applicable to civil liability is that of a different Member State than the one of the healthcare provider, Article 4 of the Directive will not displace that law but may have an impact on the way in which it is applied.

For example, if the Member State of treatment is France but the parties have chosen UK law, the latter will apply to civil liability between the parties but the standards imposed by French law will still be relevant in determining whether a surgeon has been negligent or has not complied with local requirements on explaining to a patient the risks attendant on a particular operation. This rule operates in a way similar to Article 17 of the Rome II Regulation which provides that in assessing the conduct of the person claimed to be liable, account shall be taken of the rules of safety and conduct in force in the place of the event giving rise to liability.

Finally, as already mentioned, it should be noted that certain situations can give rise to both, contractual and non-contractual liability. Member States' legal systems deal with such situations in different ways[65]. The Rome II Regulation does not decide in favour of either solution but implicitly accepts those national legal systems which admit the concurrent pleading of claims in contract and court by allowing the court to apply the same law to contractual and tort claims.

Case study Patient X from Country A intends to initiate a lawsuit against his treating doctor in Country B, after receiving a teleconsultation for pulmonary rehabilitation. The healthcare professional was unable to detect complications in the respiratory condition of patient X and failed to provide the appropriate medical treatment. The patient came into contact with the Country B doctor after visiting his website, which advertises, among others, his teleconsultation services in the language of patient X and accepts payments in the currency of that country. Despite concluding a telemedicine contract, the parties omitted to specify the competent court and applicable law in case of conflict. It is first necessary to identify the court competent to judge this case. In the absence of parties' agreement in the case of a consumer-professional relationship, the consumer has a choice: he may sue either in the Member State where the other party is domiciled or in the Member State where he is himself domiciled (Articles 15(1)(c) and 16 of Regulation (EC) No 44/2001). Such a choice exists only if the professional directed his activities "towards the Member State of the consumer's domicile or to several States including that Member State, and the contract falls within the scope of such activities". According to the European Court of Justice ruling Alpenhof and Pammer, the fact that the Country B doctor proposes his services on a website in the language of the consumer as well as in his currency, demonstrates that he was directly targeting the patient's country for the exercise of his activity. The competent court will therefore be left to the choice of the patient, either in Country A or in Country B. In addition, it is necessary to identify the applicable law to the case. As a contractual relationship exists between the patient from Country A and the doctor from Country B, the provisions of Rome I Regulation are applicable. According to Article 6 of the Regulation, in the absence of a law choice clause in a contract concluded with a consumer, the law applicable should be the one of the country where the consumer has his habitual residence, provided that the professional "directs" by any means such activities to that country. It was shown above that the doctor targeted the country of the consumer. This means that the applicable law is the law of Country A and the doctor from Country B will be sued under the liability regime of Country A (i.e. the law of the patient). Article 4 of Directive 2011/24/EU also applies. It provides that the rules on safety and quality of the healthcare treatment are governed by the law of the Member State of treatment, which is expressly defined as the law of the service provider's country of establishment in the case of telemedicine. Therefore, the law of Country B would as well apply but only as regards the standards and guidelines on quality and safety of the healthcare treatment.

4.           Conclusion

This Staff Working Paper provides an overview of the relevant body of EU legislation that is applicable to cross-border telemedicine services provided in the EU.

It first underlines that a telemedicine service is both a health service and an information society service. Therefore it is covered by the principle of freedom to provide services as well as by the provisions of the Directive on the application of patients' rights in cross-border healthcare and the eCommerce Directive.

The document focuses on the key legal issues related to the provision of cross-border telemedicine: licensing/registration of health professionals performing cross-border telemedicine services; the conditions for legal processing of health data; the right of reimbursement of a cross-border telemedicine act; and finally the determination of potential liability, competent jurisdiction, and applicable law.

MAIN KEY FINDINGS:

Patients' rights

The rights of patients when receiving cross-border healthcare, including telemedicine are enshrined in Directive 2011/24/EU on the application of patients' rights in cross-border healthcare. They include the right to:

•           receive treatment in another Member State and be reimbursed under certain conditions;

•           have access to a written or electronic copy of their health records.

Licensing/registration of healthcare professionals

Directive 2011/24/EU on the application of patients' rights in cross-border healthcare requires that cross-border healthcare is to be provided in accordance with the legislation of the Member State of treatment. In the case of telemedicine, it expressly defines the Member State of treatment as that of the service provider's Member State of establishment.

Indeed, to provide cross-border telemedicine services, the professional does not need to move. Logically, the professional do not have to have an authorization of the Member State of residence of the patient. This is only in the case where he wants to exercise in another Member State that the one of its habitual residence that he may need to request an authorisation.

Processing of health data

The processing of personal data related to health is regulated under Directive 1995/46 on general data protection, currently under review. The Commission proposal for a regulation on data protection will, inter alia, clarify the rules applicable to personal data related to health including for the purpose of research.

Liability

The liability regime of healthcare professionals varies from one Member State to another. The liability regime for defective products is the only liability regime related to the provision of telemedicine regulated at European level.

Reimbursement

Directive 2011/24/EU on the application of patients' rights in cross-border healthcare provides that the costs incurred by the patient for cross-border healthcare, such as telemedicine should be reimbursed if the healthcare in question is among the benefits to which the insured person (i.e. patient) is entitled in his Member State of affiliation.

Other issues

The definition of telemedicine as a medical act varies from one Member State to another.

Directive 2005/36/EC on the recognition of professional qualifications only covers healthcare professionals that physically move to another Member State to practice their profession[66]. This is for the most part not the case for the health care professionals providing cross-border telemedicine.

For each abovementioned issue, a summary of the applicable EU legislation and their main provisions is given and illustrated in a case study.

This Staff Working Paper underlines the importance of legal clarity in cultivating trust and acceptability of telemedicine. Furthermore, it is intended to serve as guidance to Member States, raising awareness on what telemedicine is and what they are committing to when they adopt it as a type of medical act, or reimbursable health service.

Finally, this paper shall serve as a starting point for discussion with Member States on the opportunity to tackle at EU level remaining legal uncertainties created by divergent national regimes such as the issue of medical liability.

Annex: list of secondary eu legislation applicable to telemedicine

4.1.        Legal sources concerning information society services

Directive 98/34/EC of the European Parliament and of the Council of 20 July 1998 amended by Directive 98/34/EC laying down a procedure for the provision of information in the field of technical standards and regulations and of rules on information society services

Directive 1999/93/EC on a Community framework for electronic signatures

Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market ('Directive on electronic commerce')

4.2.        Legal sources concerning reimbursement

Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare

4.3.        Legal sources concerning consumer protection

Council of Europe Convention on products liability in regard to personal injury and death of 27 January 1977

Directive 1999/34/EC of the European Parliament and of the Council of 10 May 1999 amending Council Directive 85/374/EEC of 25 July 1985 on the approximation of the laws, regulations and administrative provisions of the Member States concerning liability for defective products

Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights, amending Council Directive 93/13/EEC and Directive 1999/44/EC of the European Parliament and of the Council and repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European Parliament and of the Council

Directive 2001/95/EC of the European Parliament and of the Council of 3 December 2001 on general product safety

RoHS Directive 2002/95/EC of the European Parliament and of the Council of 27 January 2003 on the restriction of the use of certain hazardous substances in electrical and electronic equipment.

Directive 2005/29/EC of the European Parliament and of the Council of 11 May 2005 concerning unfair business-to-consumer commercial practices in the internal market (Unfair Commercial Practices Directive).

Directive 2006/114/EC of the European Parliament and of the Council of 12 December 2006 concerning misleading and comparative advertising. This directive applies, as regards misleading advertising to business-to-business, and in the case of comparative advertising both to business-to-business and business-to-consumer relationships.

Directive 2011/83 of the European Parliament and of the Council of 25 October 2011 on consumer rights, amending Council Directive 93/13/EEC and Directive 1999/44/EC of the European Parliament and of the Council and repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European Parliament and of the Council

4.4.        Legal sources concerning data protection

Directive 95/46/CE of the European Parliament and of the Council of 25 October 1995 on the protection of individuals with regards to the processing of personal data and on the free movement of such data

Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws

4.5.        Legal sources concerning medical devices and medicinal products

Council Directive 90/385/EEC of 20 June 1990 on the approximation of the laws of the Member States relating to Active Implantable Medical Devices as amended by Directive 2007/47/EC of 5 September 2007

Council Directive 93/42/EEC of 14 June 1993 concerning Medical Devices as amended by Directive 2007/47/EC of 5 September 2007

Directive 98/79/EC on In Vitro Diagnostic Medical Devices as amended by Directive 2007/47/EC of 5 September 2007

Commission Regulation (EU) No 207/2012 of 9 March 2012 on electronic instructions for use of medical devices

Directive 2001/83/EC of the European Parliament and of the Council of 6 November 2001 on the Community code relating to medicinal products for human use

4.6.      Legal sources concerning conflicts of jurisdiction and conflicts of laws

Council Regulation (EC) No 44/2001 of 22 December 2000 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters (Brussels I)

Regulation (EC) No 593/2008 of the European Parliament and of the Council of 17 June 2008 on the law applicable to contractual obligations (Rome I)

Regulation (EC) No 864/2007 of the European Parliament and of the Council of 11 July 2007 on the law applicable to non-contractual obligations (Rome II)

[1]               The health care professional is here defined as in Article 3f) of Directive 2011/24/EU on the application of patients’ rights in cross-border healthcare: "means a doctor of medicine, a nurse responsible for general care, a dental practitioner, a midwife or a pharmacist within the meaning of Directive 2005/36/EC, or another professional exercising activities in the healthcare sector which are restricted to a regulated profession as defined in Article 3(1)(a) of Directive 2005/36/EC, or a person considered to be a health professional according to the legislation of the Member State of treatment".

[2]               This definition of telemedicine is the one adopted by the Commission in its Communication on telemedicine for the benefit of patients, healthcare systems and society, COM(2008)689, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2008:0689:FIN:EN:PDF

                ISO technical specification 13131 addresses quality criteria for services and systems for telehealth. Some EU countries have already adopted this technical specification as a bidding prerequisite for commissioning telehealth services.

[3]               Telemonitoring falling within the scope of this SWD is telemonitoring utilised in the context of the provision of medical care.

[4]               EU Citizenship Report 2010 - Dismantling the obstacles to EU citizens’ rights COM(2010) 603 final (see page 9).

[5]               The global market for eHealth is estimated to have a potential value of €60 billion, of which Europe represents one third, i.e. €20 billion. The combined global value of the telehome and telehospital market in 2011 was estimated at €8.8 billion in 2011, which will climb to €20.7 billion in 2016, according to BCC Research study of March 2012.

[6]               Commission Staff Working Paper on Telemedicine, SEC(2009)943 final, http://ec.europa.eu/information_society/activities/health/docs/policy/telemedicine/telemedecine-swp_sec-2009-943.pdf

[7]               It is important to underline that EU legislation is for the most part Directives or Regulations. Directives must be implemented by Member States in their national law and it is the national law implementing Directives that is applicable to EU citizens. Regulations (once they enter into force) have direct effect and do not need to be transposed.

[8]               A Digital Agenda for Europe, COM(2010)245 final, http://ec.europa.eu/information_society/digital-agenda/index_en.htm. (Action 75)

[9]               EU Citizenship Report 2010 – Dismantling the obstacles to EU citizens' rights, COM(2010) 603 final, http://ec.europa.eu/justice/citizen/files/com_2010_603_en.pdf. This report identified the main obstacles faced by EU citizens in the effective exercise of their rights under EU law.

[10]             In Poland, the Polish Act on the Professions of Physician and Dentist requires that a diagnosis is made only after personally examining the patient. Polish Act on the Professions of Physicians and Dentist of 5 December 1996.

[11]             Directive 2011/24/EU on the application of patients' rights in cross-border healthcare, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2011:088:0045:0065:EN:PDF, OJ L 88, 4.4.2011, p.45.

[12]             ECJ judgment of 31 January 1984 in joined cases 286/82 and 26/83 Luisi and Carbone

[13]             See in particular ECJ judgment of 28 April 1998, in case C-158/96 Kohll; ECJ judgment of 12 July 2001 in case C-368/98, Vanbraekel; ECJ judgment of 13 May 2003 in case C-385/99, Müller-Fauré and Van Riet; ECJ judgment of 12 July 2001 in case C-157/99, Smits and Peerbooms; ECJ judgment of 16 May 2006 in case C-372/04, Watts.

[14]             ECJ judgement of 10 May 1995 in case C-384/93 Alpine Investments

[15]             ECJ judgment of 02 March 2011 in case C-108/91 Ker-Optika, 58 until 76. ECJ judgement of 4 December 1986 in case 205/84, Commission v Germany, paragraphs 27 and 29; ECJ judgment of 26 February 1991 in case C-180/89, Commission v Italy, paragraphs 17 and 18; and ECJ judgement of 20 May 1992 in case C-106/91, Ramrath, paragraphs 30 and 31.

[16]             Member States are expected to transpose Directive 2011/24/EU by 25 October 2013.

[17]             It is based on the European Court of Justice rulings issued over a decade confirming the right for patients to be reimbursed for care received in another Member State under certain conditions – see recent Case ECJ ruling of 27 October 2011, C-255-09, Commission v. Portugal

[18]             Directive 200/31/EC of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market - OJ L 178, 17. 7. 2000, p. 1.

[19]             Article 2(a) of the e-Commerce Directive andArticle 1(2) of the "Transparency Directive"

[20]             Article 2(a) of the e-Commerce Directive and Article 1(2) of the "Regulatory Transparency Directive"

[21]             http://ec.europa.eu/enterprise/tris/vade9848/index_en.pdf

[22]             This Staff Working Document does not cover the liability regime of the eCommerce Directive as the providers of telemedicine services are not considered "intermediaries" in the meaning of Articles 12-15 of the Directive.

[23]             The rules on unsolicited commercial communications were complemented by new rules in Directive 2002/58 of 12 July 2002 , recently amended by Directive 2009/136.

[24]             The Services Directive complements the rules on online commercial communication set out in the E-commerce Directive. According to Article 24(1) of Directive 2006/123 of 12 December 2006 on services in the internal market (OJ L 376/36, 27.12.2006), Member States shall remove all total prohibitions on commercial communications by the regulated professions.

[25]             Directive 98/34/EC of 20 July 1998, OJ L 204, 21.0, 21.7.1998.

[26]             This requirement seeks to verify that the future regulation will not create obstacles to the free movement of information society services and to the freedom of establishment (of information society service providers) within the internal market.

[27]             For an overview of Member States' accreditation mechanisms, see the 'Study on the Legal Framework for Interoperable eHealth in Europe', page 35 onwards, http://ec.europa.eu/information_society/activities/health/docs/studies/legal-fw-interop/ehealth-legal-fmwk-final-report.pdf

[28]             Directive 2005/36/EC of the European Parliament and of the Council of 7 September 2005 on the recognition of professional qualifications, OJ 30.09.2005 L 255/22. This Directive only covers health professionals that fall within the category of the regulated professions.

[29]             As expressly defined by Article 3d): "In the case of telemedicine, healthcare is considered to be provided in the Member State where the healthcare provider is established".

[30]             As stated in Directive 2011/24/EU on the application of patients' rights in cross-border healthcare (Article 2(e)), this Directive does not prejudice to the application of the eCommerce Directive.

[31]             OJ L 281, 23.11.1995, p. 31. It is currently under revision, see Commission proposal for a regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data, http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf

[32]             Directive 95/46/EC has been elaborated on the European Standards EN 14484:2003 “Health informatics – International transfer of personal health data covered by the EU data protection directive – High level security policy” and EN 14485:2003 “Health informatics – Guidance for handling personal health data in international applications in the context of the EU data protection directive”. These standards are currently under revision.

[33]             Commission proposal for a regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), COM(2012) 11, http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf

[34]             Further clarifications and examples can be found in “Opinion 4/2007 (WP 136) of the Article 29 Working Party on Data Protection on the concept of personal data” (http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2007/wp136_en.pdf ).

[35]             European Court of Justice, Judgment of 6 November 2003, Case C-101/01 - Bodil Lindqvist, 50 and 51.

[36]             This group was created by Article 29 of Directive 95/46/EC.

[37]             See Article 29 Data Protection Working Party working document on Electronic Health Records of 15 February 2007.

[38]             The Council and the European Parliament have given the Commission the power to determine, on the basis of Article 25(6) of Directive 95/46/EC whether a third country ensures an adequate level of protection by reason of its domestic law or of the international commitments it has entered into. See Commission decisions on the adequacy of the protection of personal data in third countries: http://ec.europa.eu/justice/policies/privacy/thridcountries/index_en.htm

[39]             OJ L 201, 31.7.2002, p. 37. and OJ L 88, 4.4.2011, p. 45–65

[40]             See Articles 5 and 4(3) of Directive 2002/58/EC

[41]             Regulation (EC) No 883/2004 of the European Parliament and of the Council of 29 April 2004 on the coordination of social security systems - OJ L 166, 30.4.2004, p. 1.

[42]             See Article 20 of Regulation (EC) No 883/2004

[43]             See Article 3 (d) of Directive 2011/24/EU on the application of patients' rights in cross-border healthcare.

[44]             e-Health tools or solutions include products, systems and services that go beyond simply Internet-based applications. They include tools for both health authorities and professionals as well as personalised health systems for patients and citizens. Examples include health information networks, electronic health records, telemedicine services, personal wearable and portable communicable systems, health portals, and many other information and communication technology-based tools assisting prevention, diagnosis, treatment, health monitoring, and lifestyle management.

[45]             As previously mentioned, Member States have the primary responsibility to define their health policy and the organisation and delivery of health services. This includes the competence to decide whether telemedicine can be reimbursed, what telemedicine acts to reimburse, as well as the level of reimbursement.

[46]             However, Member States can set-up a prior authorisation system for a specific healthcare act in very limited cases enshrined in the Directive. It must be notified to the Commission, and information on such a system should be made publicly available.

[47]             Vicarious liability could also come into play, i.e. when a person is held responsible for another person's damage.

[48]             Directive 2011/83/EC on consumers rights, OJ L 304, 22.11.2011, p. 64, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2011:304:0064:0088:EN:PDF

[49]             For an overview of Member States liability rules relating to damages rising from the provision of healthcare, see 'Study on the Legal Framework for Interoperable eHealth in Europe', page 41 onwards, http://ec.europa.eu/information_society/activities/health/docs/studies/legal-fw-interop/ehealth-legal-fmwk-final-report.pdf

[50]             Such information must include information "on supervision and assessment of healthcare providers, information on which healthcare providers are subject to these standards and guidelines and information on the accessibility of hospitals for persons with disabilities"- (Article 4(2)(a) of the Directive)

[51]             Here are some examples of telemedicine products:

                -Patient monitoring devices measuring vital signals such as ECG, heart rate, breathing etc.

                -Telemonitoring devices transmitting data between patients and doctors

                -Components of communication infrastructure facilitating the transfer of data (e.g. digital images) between health centres.

[52]             Council Directive 90/385/EEC of 20 June 1990 on the approximation of the laws of the Member States relating to active implantable medical devices, Official Journal L 189 , 20/07/1990 P. 0017 – 0036; Council Directive 93/42/EEC of 14 June 1993 concerning medical devices, Official Journal L 169 , 12/07/1993 P. 0001 – 0043; Directive 98/79/EC of 27 October 1998 on in vitro diagnostic medical devices, Official Journal L 331 , 07/12/1998 P. 0001 - 0037

[53]             Guidance on stand alone software used in healthcare within the regulatory framework of medical devices has recently been published, see http://ec.europa.eu/health/medical-devices/files/meddev/2_1_6_ol_en.pdf .

[54]             Directive 85/374/EEC on liability for defective products as amended by Directive 1999/34/EC ("the defective products Directive")

[55]             Pursuant to Article 6 of the Directive, a product is deemed defective when it does not provide the safety which a person is entitled to expect.

[56]             This is subject to what is said below in relation to consumer contracts,

[57]             See Article 2 of Regulation 44/2001

[58]             According to Article 15 of Regulation 44/2001, a consumer is defined as a person, who concludes a contract "for a purpose which can be regarded as being outside his trade or profession". This is always the case for patients.

[59]             For instance, this means that in a cross-border telemedicine scenario between two professionals (e.g. for a secondary opinion), in the absence of a court choice clause, the competent court should be the one of the Member State where the telemedicine service was delivered according to the contract.

[60]             ECJ Rulings C-144/09 and C-585/08 of 7 December 2010.

[61]             The Court also formulates a non-exhaustive list of matters from which it may be concluded that the trader’s activity is directed to the Member State of the consumer’s domicile: "the international nature of the activity, mention of itineraries from other Member States for going to the place where the trader is established, use of a language or a currency other than the language or currency generally used in the Member State in which the trader is established, mention of telephone numbers with an international code, outlay of expenditure on an internet referencing service to facilitate access to the trader’s site or that of its intermediary by consumers domiciled in other Member States etc."

[62]             This means that, for instance, if a Belgian citizen were to contact on his own initiative a Swedish healthcare professional providing telemedicine services advertised via a website, and such website was only available in Swedish language, the Belgian citizen (who understands Swedish) would not be able to sue the Swedish professional in Belgium as the website did not specifically target the Belgian market.

[63]             OJ L 177, 4.7.2008, p. 6.

[64]             See above the concept of "directing activities" clarified by the ECJ judgment of 7 December 2010 in the joined cases C-144/09 Alpenhof and C-585/08 Pammer.

[65]             Some Member States (e.g. Germany and England) allow a victim to base a claim on both contractual and delictual liability. Other Member States, notably France, limit the victim to the contractual claim (so-called non cumul rule).

[66]             The proposal to revise Directive 2005/36 keeps this approach. See: http://ec.europa.eu/internal_market/qualifications/docs/policy_developments/modernising/COM2011_883_en.pdf