Digital Healthcare 2021

Last Updated June 30, 2021


Law and Practice


QUINZ is a Brussels-based law firm with a strong focus on life sciences. Quinz assists the global, regional (Europe, the Middle East and Africa (EMEA), Latin America (LATAM), Asia-Pacific (APAC)) and local (Belgian, Luxembourg and the Netherlands) legal departments of pharmaceutical companies on a broad array of (strategic, operational, licensing and M&A) transactions throughout the life cycle of a life sciences product. Quinz has also developed sound expertise in regional and local regulatory work (including pricing and reimbursement, clinical trials, data transparency, marketing-authorisation procedures, current good manufacturing practice (CGMP) and compliance matters (including transfers of value, promotion of life sciences products, antitrust compliance questions, patient-directed programmes, the General Data Protection Regulation (GDPR)). Quinz was founded in 2011. Its life sciences department is headed by Pieter Wyckmans and Olivier Van Obberghen. Clients include Janssen Pharmaceutica, UCB, Takeda, Novo Nordisk, and Roche.

Digital healthcare is an umbrella term which stands for the use of information and communication technologies (ICT) – and in particular internet technology – to support or improve healthcare in the broadest sense (including e-health platforms, electronic patient files, electronic drug prescriptions, teleconsultations, fitness apps, etc), whereas digital medicine is a narrower concept which refers to the deployment of technologies as tools for diagnosis and intervention in the service of human health (including digital diagnostics, remote patient monitoring through sensor technologies, digital therapeutics, etc).

Regulatory oversight, including the need for clinical evidence, will be more critical in the context of digital medicine products and services due to their deployment for interventional and diagnostic purposes. In addition, digital medicine products will often meet the definition of a medical device, hence requiring compliance with medical-device legislation. 

From a patient or consumer perspective, it can be assumed that digital health technologies will be – and already are - more rapidly and widely embraced by consumers (and healthcare-providers alike) as they are purely supportive and facilitative of traditional healthcare. Digital medicine is likely to be received more sceptically by patients in the near future due to its more "invasive" nature.

Neither “digital health” nor “digital medicine” is currently defined in the Belgian regulatory framework.

As the main technologies in digital healthcare are likely to be focused on the collection, processing, transmission and presentation of data, technologies such as cloud computing, communication technologies, wireless networks (such as 5G (see in this regard also 8.1 The Impact of 5G Networks on Digital Healthcare)), big data, etc, will remain essential. Nevertheless, the importance of other technologies such as robotics, virtual reality and the Internet of Things (IoT) cannot be underestimated.

Technologies (which can be) deployed in the context of digital medicine are equally numerous and include personal genomics (which is expected to play an important role in personalised and predictive medicine), Artificial Intelligence (AI) (which may contribute to more accurate diagnosis), robot-assisted surgery and wearables and sensors (which can be used for continuous and remote monitoring of vital functions of patients).

Novel health technologies are challenging the boundaries of the Belgian regulatory framework, which is often ill-adapted to address the legal concerns such technologies entail. As further set out in 6. Telehealth, and while progress has been made in recent months, the reimbursement of tele-health services and digital products is still incomplete and unintegrated. In addition, intellectual property protection is traditionally focused on hardware (medical devices) as opposed to software and is therefore often inadequate to foster digital health inventions. The digitisation of healthcare also involves a number of actors entering the industry that are unfamiliar with the highly regulated framework in which health products are embedded, which requires additional compliance investments. As a final point, the emergence of AI-driven healthcare technologies involves ethical considerations regarding privacy, bias and discrimination in healthcare.

The COVID-19 crisis has brought the digitalisation of public health to the forefront. Radical social distance measures and the need to reduce pressure on hospital units resulted in clusters of emergency telehealth measures to be adopted. Many patients accessed their online personal health viewer for the first time to consult their COVID-19 test results. The Belgian data protection authority relentlessly advised on temperature checks, contact-tracing and the (lack of) employer prerogatives at the workplace. Further, the EU Digital COVID Certificate is a harmonised initiative that should allow EU travellers to cross borders safely in the summer of 2021. While the success of some of these initiatives, such as the contact-tracing app, may have been modest, the shifted attitudes of patients, healthcare-providers and regulators towards digital health applications are likely here to stay. 

Public-health dangers driven by climate change can vary in nature, from extreme events to the emergence of infectious diseases and nutrition insecurities.

Although digital healthcare might not be able to eliminate public health dangers driven by climate change, it might enable early detection of such dangers through the constant monitoring of the health effects of climate change. This, in turn, will improve reaction speeds in addressing these dangers and potentially avoid a widespread impact.

Even when a health threat is already fully and inevitably present, digital healthcare might help to mitigate exposure to it. Similarly to the digital technologies used to combat the further spread of the COVID-19 virus, health technologies can play their part in preventing the spread and impact of public-health dangers driven by climate change (from rapid case-identification through sensors and connected devices, to interrupting the spread of the disease by digital contact-tracing applications and providing the public with digital alerting systems, all the way to caring for patients through digital services and thereby avoiding contact with contagious individuals).

Digital health solutions also reduce the need for patients to travel (within one country or cross-border) to receive appropriate care through the shift to virtual outpatient care and remote monitoring and electronic patient records and prescriptions reduce pollution and waste.

With regard to the deployment of digital healthcare following extreme events, reference can be made to 8.1 The Impact of 5G Networks on Digital Healthcare concerning remote healthcare in disaster areas.

The Federal Agency for Medicines and Health Products (FAMHP) oversees the quality, safety and efficacy of medicines and health products, both during the clinical development process and with regard to the authorisation and marketing of drug and health products. In addition, the National Institute for Health and Disability Insurance (NIHDI) establishes reimbursement schemes for healthcare services, medicines and health products. Healthcare professionals have in addition certain reporting obligations to the Federal Public Service for Health, whose organs supervise the services and practice of those healthcare professionals. Lastly, professional associations such as the Order of Physicians and the Order of Pharmacists impose deontological obligations on healthcare professions, while self-regulatory industry organisations such as and beMedTech lay down ethical rules for pharmaceutical and medical-device companies.

After a long transition period, the EU Medical Device Regulation 2017/745 (MDR) is applicable as of 26 May 2021 and the EU in vitro Diagnostic Medical Device Regulation 2017/746 (IVDR) shall apply as of 25 May 2022. As set out below, the NIHDI has also recently launched a scheme for the reimbursement of mobile health applications. Furthermore, electronic prescribing has been mandatory as of the beginning of 2020. The Health Care Quality of Practice Act of 22 September 2019 safeguarding privacy, safety and quality of healthcare was intended to come into force on 1 July 2021, but has been postponed for another year. Finally, a number of legislative proposals in light of the EU’s Digital Strategy (which will undoubtedly have a considerable impact on digital healthcare) have also been adopted in recent months (as further discussed under 4.1 Non-healthcare Regulatory Agencies, Regulatory Concerns and New Healthcare Technologies).

Enforcement in relation to digital healthcare has been limited up until this point in Belgium; however, regulatory authorities have increasingly been on guard since the beginning of the COVID-19 crisis. The main areas of enforcement concern data-protection infringements, violations on the marketing and sale of medical devices and competition considerations. While both competition and data protection authorities in the European Union have been closing in on both healthcare-providers and tech companies over the last few years, the digital health landscape has been left relatively unscathed. It can be expected that the medtech industry will become an enforcement priority in the next few years.

The increasing digitisation of the healthcare industry is causing healthcare professionals and businesses to be impacted incrementally by legislators regulating digital markets. For instance, the European Union recently launched several legislative initiatives governing digital markets, goods and services (eg, the Digital Governance Act, the Digital Services Act, the Digital Markets Act) and a set of draft regulations on artificial intelligence. In addition, both recent decisions of the European Commission (eg, with regard to the acquisition of Fitbit by Google) and the 2021 enforcement priorities of the Belgian Competition Authority demonstrate that the digital health space is being closely monitored by market and competition authorities. Furthermore, the healthcare industry is continuously looking for guidance from and engaging with data-protection authorities such as the Belgian Data Protection Authority (DPA) and the European Data Protection Board (EDPB) to manage the challenges that accompany the introduction of novel technologies in the sector. Several regulatory agencies also take on a different role with regard to new health products. Where the Federal Public Service of Economy was traditionally predominantly involved in the setting of prices of medicines and implantable medical devices, it will now have to take on more responsibility with regard to the advertising of (online) healthcare products and services.

The interests of such non-healthcare agencies are from time to time at odds with those pursued by regulatory healthcare agencies. For example, since the validity of certain data transfer mechanisms has been called into question this past year, privacy experts generally recommend that personal data be kept as much as possible within the European Economic Area or any other country that has been recognised by the European Commission as offering sufficient safeguards for data protection. This suggestion does not only collide with the reality of global pharmaceutical or medical-device companies, where much of the research and development takes place in countries not offering adequate protection of personal data, but also conflicts with the requirements of regulatory agencies governing the authorisation and marketing of health products, who generally demand worldwide clinical and safety data. The interplay between the responsibilities of non-healthcare and healthcare agencies is nowadays more frequently uncovered and many regulatory agencies have made commitments to collaborate more closely with one another. It will now be important to ensure that these pledges are being put into practice and a harmonised regulatory framework is being established.

Under the MDR, software is classified as a medical device in its own right (MDSW) if it is intended to be used for a medical purpose as set out in Section 2(1) of the MDR (eg, diagnosis, prevention, monitoring, treatment or alleviation of a disease, injury or disability or control or support of conception). The medical-device framework shall also apply if software is intended to drive or control the use of a medical device or can be considered as an accessory of a medical device. However, software that is intended for general or life-style and well-being purposes shall not be considered as a medical device. The classification of software as an MDSW has important consequences, as the medical-device framework is complex and burdensome, especially for manufacturers that are just entering the healthcare market. Software companies may therefore be incentivised to indicate that their product is not intended for medical purposes and should instead be considered a wellness product, in order to avoid having to comply with this framework.

The MDR introduces a new risk-categorisation system for medical devices which entails that many MDSWs may now fall under Class IIA and higher. This may, for example, be the case when software is used to make therapeutic or diagnostic decisions. If an MDSW cannot be classified under Class I, self-assessment will no longer suffice to receive CE-marking and thus, market access for an MDSW may become increasingly time-consuming. The new draft regulation on artificial intelligence recognises that certain artificial intelligence systems may be high-risk and proposes that the requirements for any such AI-system should be checked in the conformity assessment of the medical device.

The more rigorous requirements of the quality management system under the MDR compared to its predecessor and a focus on post-market surveillance both in the MDR and the draft regulation on artificial intelligence are a first step to manage software that is improved or modified over the course of its lifetime; however, a comprehensive framework on machine-learning medical devices is still absent and the current landscape still revolves around "static" rather than "dynamic" medical devices.

Telehealth holds the promise of increasing the accessibility, efficiency and affordability of healthcare, while offering the patient a more personalised and highly specialised approach. Through telehealth services, the patient’s right to choose its physician is no longer determined by location but by best fit. In addition, telemonitoring services through wearables and other remote patient monitoring devices and technologies foster early discovery and intervention and provide physicians with a dynamic overview of a patient’s health status as opposed to a snapshot at the time a patient comes in for consultation. Tele-expertise is no longer limited to a select group of key opinion leaders consulting on rare diseases but is also readily used by general practitioners seeking advice from specialists. Where hospitals and physicians go digital, the online (retail) pharmacy follows, providing pharmaceutical advice and products more rapidly and cost-effective. However, telehealth services also give rise to several risks and challenges, more notably regarding the credibility and certification of online healthcare-providers, the confidentiality, privacy and security of patient data, the reimbursement of cross-border services and medical liability.

So far, Belgium does not have an integral telehealth framework. While telemonitoring and tele-expertise between physicians has been common practice for quite some time, the National Council of the Order of Physicians has long been opposed to diagnosing patients at a distance, asserting that considerable risks were involved and that therefore, physicians could only diagnose patients without a physical consultation in exceptional cases. However, Directive 2011/24/EU on patients’ rights in cross-border healthcare establishes the “country of origin” principle, meaning that healthcare professionals established in a Member State of the European Union can provide healthcare services to patients located in other Member States under the same terms and conditions as they are able to provide in their Member State of establishment. In other words, Belgium cannot impose its regulatory framework on a healthcare-provider that is established in another EU Member State and is providing healthcare services to a recipient in Belgium. In addition, Directive 2011/24/EU obliges the NIHDI to reimburse certain cross-border healthcare services. This has led to the contradictory situation where a patient could not receive reimbursed telehealth services from a physician located in Belgium, but that patient could receive (reimbursement for) those healthcare services if they were provided by a physician located in another EU member state.

The beginning of the COVID-19 crisis signified the end of an era in which healthcare was centred around in-person consultations and brought the telehealth framework on stream. The emergency measures taken by the legislator provide that telehealth services are allowed and are reimbursable by the NIHDI, if provided:

  • after having obtained a patient’s informed consent;
  • via a means of communication with end-to-end encryption;
  • to the extent the patient is able to attend the consultation at distance, both physically and mentally;
  • under the condition that the continuity of care is safeguarded; and
  • provided that the quality of care is guaranteed.

However temporary these measures are, it is already apparent that the sudden widespread use of health services at a distance has induced a shift in mindsets, not only of physicians and patients, but also at the regulatory level. To this extent, recent telehealth initiatives have been given the approval of both the NIHDI and the National Council of the Order of Physicians.

Slowly, but surely, a liberalisation on the sale of medicines and medical devices is also emerging. As of 2019, patients and healthcare professionals can purchase their medical devices (carrying a CE-mark) directly (online) from any distributor or manufacturer instead of in a pharmacy.

Telehealth services have only been introduced in the nomenclature of the NIHDI in the past few years and, even now, a comprehensive reimbursement scheme is lacking. Certain mobile health applications that are classified as medical device, are CE-marked, connected or inter-operable with the Belgian e-Health platform, and that have demonstrated sufficient social-economic added value, are eligible for reimbursement. As previously contemplated, telehealth services provided within the limits of the COVID-19 emergency measures can also be reimbursed, as well as certain cross-border healthcare services in light of Directive 2011/24/EU. The NIHDI is also testing a number of pilot projects with regard to telemedicine and has expressed its commitment to develop a consolidated framework in the near future.

Consumer and connected devices and the internet of medical things (IoMT) are welcome allies in the fight against a rise in welfare and chronic diseases, the challenges arising from an ageing population and a healthcare budget that is increasingly under pressure from innovative but high-cost therapies. Through wearables, physicians can monitor patients consistently and effectively at home, leaving hospital beds available for patients who need to be admitted for intervention. The older generation is able to live at home for a longer period of time via the help of digital assistants and medical-alert systems, which reduces the burden on residential care centres and care staff. Lastly, individuals are empowered to take their health into their own hands and, consequently, the overuse of healthcare services is prevented.

Nonetheless, the devices and applications related to the IoMT are not without their controversies. To begin with, mobile health applications and consumer devices are often presented as a wellness or fitness device and manufacturers avoid labelling their products as “intended for medical purposes” in order to evade the stringent regulatory requirements applicable to medical devices (for more information on the classification as a medical device, see also 5. Software as a Medical Device). Accordingly, medical advice may be disguised as lifestyle recommendations given by unqualified professionals, contrary to the rules on lawful practice of medicine and the regulatory oversight by the FAHMP on medical devices. Virtual hospitals and tele-monitoring also result in changing roles and responsibilities for healthcare professionals, who should therefore not only be trained in their respective areas of expertise, but also in cybersecurity, IT and data protection. Furthermore, since the patient data collected by IoMT devices and applications is often transmitted to the manufacturer prior to being provided to the healthcare-provider, the Medtech industry collaborates with healthcare professionals more closely and comes into contact with patients and patient organisations more often and more closely, which results in concerns regarding the advertising and promotion of health products. Cybersecurity and privacy risks are also prominently present in this field of digital health, as devices, technologies and applications are interconnected and may process personal data collected in this setting outside of the strict realms of healthcare provision. Finally, a key problem remains the inequality of access to these devices and technologies, as the reimbursement schemes for digital health applications remain fragmented (see also 6.3 Payment and Reimbursement).

The low latency, increased speed and bandwidth of 5G networks will allow cellular wireless networks to compete fully with wired networks in the provision of digital healthcare. This in turn will allow the provision of telehealth services from and to practically everywhere, even in the absence of wired networks. The possibilities for remote healthcare which 5G brings to the table are crucial for medical treatment in disaster areas, as wired infrastructure might be impacted or destroyed as a result of a disaster, or these areas might be hard to reach. The same applies for first responders who, through 5G technology, will be able to provide remote first aid or benefit from the qualities and experience of specialists and colleagues without a need for their physical presence.

Moreover, the aforementioned qualities of 5G networks coupled with its increased connection density will allow for a more complete and effective integration of technologies such as the IoT in digital health(care). For example, one might think of the use of sensors and wearables, allowing the monitoring of vital functions, not only during a telehealth consultation, but consistently over a longer period, providing healthcare practitioners with useful insights on the overall health, stability or pathology of a patient. The use of IoT technologies (enabled by 5G networks) will allow this data to be transmitted automatically to healthcare practitioners and allows the various wearables or sensors to communicate and interact with each other.

Overall, it can be expected that 5G will enable the provision of remote healthcare services in a more effective, reliable and comprehensive manner, with the possibility of remote operations due to low latency of 5G networks as a pinnacle.

Nonetheless, the highly sensitive and private nature of data created, processed and transferred in the context of digital health(care) is diametrically opposed to the public character of (5G) wireless communication networks. Hence, when entering into arrangements with telecom-providers that deploy and manage a 5G network, sufficient attention to provisions regarding responsibility for network security and data privacy will be paramount. Furthermore, when relying on (wireless) technologies for the provision of critical services such as healthcare services, contractual provisions regarding the assurance of connection stability and liability for failure or interruption of services will also be crucial.

Patients have the right to privacy and a carefully kept and stored patient record in relation to their healthcare professional (Articles 9 and 10 of the Act of 22 August 2002 on Patients’ Rights and Articles 33-40 of the Health Care Quality of Practice Act of 22 September 2019). However, the time that medical confidentiality by healthcare professionals was sufficient to safeguard patients’ health information is long gone. Patient information is currently stored in an electronic health record on the e-Health platform and can, to the extent relevant for treatment, be accessed by a patient’s healthcare provider after having obtained that patient’s consent. In addition, in a digitised healthcare industry, several other participants will need to process a patient’s personal data. Personal information regarding health and genetic and biometric data are considered sensitive personal data under Article 9 of the GDPR. Processing of such personal data is principally prohibited, unless a justification applies. Personal data relating to health can therefore only be processed in exceptional cases.

Data protection in the healthcare industry is further complicated by recent developments. The landmark Schrems II-case by the European Court of Justice squashed the EU-US Privacy Shield and questioned the validity of data transfers under the European Commission’s Standard Contractual Clauses to third countries with inadequate data protection laws. While the European Data Protection Board is working on supplementary measures which would make data transfers to third countries possible and the European Commission is launching a new set of model clauses, the question arises whether the European Union will move towards data sovereignty or whether appropriate solutions are found to overcome inadequate data protection laws in third countries. The outcome of this debate will likely impact the future of clinical research and digital health profoundly. (Med)Tech companies are often global enterprises and innovative health solutions require collaborations across borders. If (health) data can no longer be transferred to tech-savvy countries such as China and the US (regardless of the safeguards taken by contracting parties), this may drastically impair digital health progress.

Other uncertainties relate to the data processing roles and responsibilities in multi-stakeholder innovative partnerships such as consortium agreements, but even in multi-study site clinical research projects, it remains dubious which processing role each party takes on. This leads to ambiguity for data subjects and can cause considerable delays in negotiations in partnership agreements.

Another point of interest is the possibility to use existing research data for secondary use. The GDPR and the EU Commission guidelines provide some flexibility to ask for consent for a broader field of research instead of for one research project; however, it remains to be seen how any such margin should be interpreted in practice (see Recital 33 of the GDPR).

In closing, the European Commission is currently working on an ambitious project that would constitute a European Health Data Space, holding qualitative health data and facilitating the sharing of data for research, innovation and improvement of public health without losing sight of data protection. If this initiative were to succeed and were to gain the trust of patients and healthcare-providers, the path forward for machine learning, AI, research and innovation may look quite promising.

In the current healthcare ecosystem, it may be more appropriate to make use of the term “augmented intelligence” than “artificial intelligence”, that is to say, human capabilities can only be augmented but not replaced by intelligent devices. AI systems work well in verifying outcomes, correcting human errors and processing large amounts of information efficiently, but are presently not intended to function without human instruction, oversight and intervention in an industry as sensitive as the healthcare industry.

In order for machine learning and AI to work to the best of their abilities, large amounts of highly qualitative training data sets are needed. This requirement seems often to be at odds with a few of the basic principles of the GDPR, such as purpose- and use-limitation and data minimisation. It may therefore be challenging to secure sufficiently comprehensive rights on data in order to be able to use and share such data with relevant partners. Transparency and patient empowerment are useful tools that may help this purpose, ie, if extensive information about the processing of personal data is given by the healthcare-provider to the patient, a patient is more willing to give its free informed consent (although the adequacy of consent as a legal basis must not be overestimated).

Another difficulty arises in relation to automated decision-making by AI. Data subjects have the right not to be subject to a decision based solely on automatic processing (Article 22 GDPR). A data subject may therefore request that a decision made about it by automated means shall be reviewed by a natural person. It may be difficult for the natural person to assess whether the decision made by an AI-system was correct if that person is not aware of the way in which the AI-system decided on a certain outcome.

In order for digital healthcare to be fully embraced by healthcare organisations and healthcare professionals, considerable changes to the infrastructure and organisation of hospitals and practitioners will be required. For instance, several cyber-attacks on Belgian hospitals and testing centres during the COVID-19 crisis have proven that healthcare institutions are, on the one hand, a frequent target for cybercriminals and, on the other hand, often ill-prepared for such a challenge. Recent initiatives have attempted to rectify this situation and ensure the continuity of care, such as the Early Warning System by the Belgian Centre for Cybersecurity and the law of 7 April 2019 establishing a framework for the security of network and information systems of public interest for public safety (transposing Directive (EU) 2016/1148).

At the level of the individual practitioner, several barriers prevent the adoption of healthcare technologies. A recent study by the Belgian Health Care Knowledge Centre concluded that general practitioners struggle with security concerns and an overload of information on e-health platforms. They also have to invest substantial amounts of their own time in getting to know new IT systems and they are reluctant to being dependent on external services for the operability and functioning of their general practice. The e-Health Action Plan 2019-2021 recognises these barriers and sets forth the intention to put more resources towards operational excellence and providing incentives for healthcare professionals.

Besides investment in better infrastructure, due care should be given to a radically different manner of educating healthcare-providers. In order for artificial intelligence, mobile health technologies and wearables to find their way to individual practitioners, these care-givers should be incentivised and educated thoroughly and continuously. The Health Care Quality of Practice Act of 22 September 2019 imposes an obligation of continuous learning on healthcare professionals; however, multiple implementing acts are still required and qualitative digital healthcare learning opportunities need to be offered to practitioners.

As a final point, while improving the infrastructure at the level of healthcare organisations and professionals is critical for advancing digital healthcare, careful consideration should also be given to equal access and non-discrimination of patients. The uptake of the Internet of Things and general connectivity of patients must therefore also be reviewed on a population level.

Cloud computing is an important, cost-efficient tool in the healthcare industry that can improve the management of and access to information and collaboration. A cloud can be used for clinical data management or for the operation of health apps, but can equally be a crucial instrument in strengthening hospital IT infrastructure.

While cloud computing has the potential to improve security and privacy, identifying service-providers that offer sufficient safeguards to protect the (personal) information of healthcare organisations or companies will be of the highest priority. The Belgian DPA has recently adopted its first transnational Code of Conduct for cloud service-providers, which offers a reference point for compliant data processing in the cloud. Adherence to this Code of Conduct by a service-provider can be used to demonstrate that it has adopted sufficient technical and organisational measures to protect personal data, as required under Article 28 of the GDPR.

In light of the foregoing, the drafting and negotiation of Software as a Service, Infrastructure as a Service and Platform as a Service agreements must be done in a diligent manner and on a case-by-case basis. If multiple providers are involved in the provision of cloud services, a controller should identify the roles and responsibilities of all of these parties and ascertain where the processing will take place. For this reason, careful consideration should be given to, eg, a controller’s audit rights and rights to object to sub-processors. As personal data in relation to health is sensitive data under the GDPR, healthcare participants should avoid working with cloud providers that are not able to offer a sufficiently secure environment appropriate to the sensitive nature of such data. 

Inventions are patentable if they fulfil the criteria of novelty, inventiveness and if they are capable of industrial application. Computer programs are in principle exempt from patent protection as such; however, software may be protected if incorporated in a product of a technical nature. Problems also arise in relation to the inventor of AI inventions. Under the current guidelines for applications to the European Patent Office, the inventor needs to be a human being. This is problematic when inventions are made by AI without human intervention. In addition, one might wonder whether patents for inventions made by AI need to be vested in the researcher that discovers the invention when using the AI technology, the owner of the AI technology or the developer of that technology.

Further, the author of a literary or artistic work that is original and expressed in a specific form is granted copyright protection. As long as software and databases meet the requirements of expression and originality, they can also be protected by copyright. In addition, a database can be protected by the Sui Generis Database Right if the acquisition, control or presentation of that database qualitatively or quantitatively represents a substantial investment on the creator’s or developer’s part (Article XI.306 of the Code of Economic Law).

Trade-secret protection in Belgium is detailed in Title 8/1 of Book XI of the Code of Economic Law and based on Directive (EU) 2016/943 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure. Information constitutes a trade secret if it is not generally known or readily accessible to persons in circles that normally deal with the kind of information in question, if it has commercial value because of its secrecy and if it has been subject to reasonable steps to keep the information secret. The illegitimate disclosure or acquisition of such information can be contested in court and (former) employees can be sanctioned for disclosing such information.

Education is a competence of the communities in Belgium (the Flemish Community, the French Community and the German-speaking Community). The Codex Higher Education of the Flemish Community provides that the intellectual property rights to inventions created by salaried researchers in the course of their research duties for the university or the university of applied sciences are vested in that university (of applied sciences). The university has the sole right to exploit any such inventions. Belgian universities have a long tradition of creating and supporting spin-off companies and the Flemish Catholic University of Leuven (KU Leuven) has been named the most innovative university of Europe several years in a row for its large amount of (successful) patents filed in the field of pharmaceuticals and biotech, agriculture and food, chemicals and medical devices. Belgian universities often collaborate with industry partners and participate in European consortium projects by conducting R&D or seconding one of their researchers to a project. The ownership and exploitation of intellectual property rights differ from project to project; however, Belgian academic institutions often endeavour to secure the ownership rights to their R&D results and grant the exploitation rights to the industry.

The pandemic has evidenced that better public health is driven by improved collaborative working, including through public-private partnerships. In order to foster the innovation that such partnerships can yield, trust between the different participants needs to be built, including while drafting and negotiating R&D agreements. In this regard, the allocation of ownership and exploitation rights for digital health inventions must be determined from the outset. As previously stated, default statutory rules vest intellectual property rights of new ideas, works or inventions with the inventor or author of such work. Therefore, pharmaceutical and MedTech companies that outsource part of their R&D need to consider which rights they need to secure in relation to the results of the R&D, including if and to what extent they have sufficient freedom to operate to exploit the outcomes of their research investment commercially.

New technologies increase the number of participants involved in healthcare and make it increasingly complicated for a patient seeking redress for damage caused in the provision of healthcare. Liability of a physician or hospital can be invoked both contractually and extra-contractually, depending on the act from which the damage arises. In addition, compensation can be sought from the Fund for Medical Accidents for medical accidents without liability. Further, product liability for medical devices is based on the strict liability regime of Directive 85/374/EEC. If a medical device is defective (ie, if it does not provide the safety a patient is entitled to expect) and therefore causes damage, the fault of the manufacturer does not need to be corroborated.

In light of new technologies, these classic liability regimes may need to be revisited. For instance, AI-driven software sometimes lacks transparency in its decision-making and demonstrates considerable autonomous behaviour. This leads one to question whether a physician is at fault (and liable) if that physician does not follow a diagnosis made by an AI technology or, conversely, whether that physician fails to do the required due diligence by making treatment decisions based on a diagnosis made by an AI technology without knowing exactly how the software reaches a conclusion. With respect hereto, the new legislative proposal of the European Parliament on AI suggests the implementation of both a strict liability and a fault-based liability regime for AI technologies, depending on the risk involved in that AI-system. Similarly, the product liability Directive may not always offer relief with regard to defects in digital health technologies, as many of these applications contain one or several service elements, which may make it more difficult to classify the technology as a defective product.

As stated above, multi-participant involvement in the manufacture of digital health technologies and the provision of healthcare services has made it gradually more complex to allocate responsibility. Under the defective product regime, any participant in the supply chain may be held liable, including the EU importer and the supplier. As with data protection, any controller is accountable for any damage that arises from a processing activity that breaches the GDPR, in contrast with processors, who are only responsible for damage that is the result of that processor acting outside the lawful instructions of the controller. Data processing agreements thus often include rigid liability and indemnification obligations to ensure a controller can recover the damage that is caused by its service-provider from that processor. 

Constrained healthcare budgets are finding new and innovative (pricing) solutions by investing in value-based arrangements with the industry. Such value-based care requires qualitative real-world evidence data from patients, outside of the controlled environment of a clinical trial. Patients, healthcare-providers, reimbursement authorities and the industry will therefore have to collaborate to gather the necessary data for cost-efficiency analyses. This may soon not only be done at the national level but also at the European Union level, as the Member States have adopted a common position on health-technology assessment. Healthcare is also visibly working towards more integrated, personal solutions, where the traditional prescription of medicines may be combined with a mental health or symptom tracker app. Physicians encourage patients to take ownership of their own health by making lifestyle switches and patients are able to review their health status from their pockets by consulting their medical records and personal health information collected through monitoring devices.

All in all, it can therefore be expected that the future of healthcare is personalised and patient-centred, with a strong focus on prevention.


Medialaan 28B

+322 557 380

+322 534 219
Author Business Card

Law and Practice


QUINZ is a Brussels-based law firm with a strong focus on life sciences. Quinz assists the global, regional (Europe, the Middle East and Africa (EMEA), Latin America (LATAM), Asia-Pacific (APAC)) and local (Belgian, Luxembourg and the Netherlands) legal departments of pharmaceutical companies on a broad array of (strategic, operational, licensing and M&A) transactions throughout the life cycle of a life sciences product. Quinz has also developed sound expertise in regional and local regulatory work (including pricing and reimbursement, clinical trials, data transparency, marketing-authorisation procedures, current good manufacturing practice (CGMP) and compliance matters (including transfers of value, promotion of life sciences products, antitrust compliance questions, patient-directed programmes, the General Data Protection Regulation (GDPR)). Quinz was founded in 2011. Its life sciences department is headed by Pieter Wyckmans and Olivier Van Obberghen. Clients include Janssen Pharmaceutica, UCB, Takeda, Novo Nordisk, and Roche.

Compare law and practice by selecting locations and topic(s)


Select Topic(s)

loading ...

Please select at least one chapter and one topic to use the compare functionality.