Ireland: Digital Health Laws And Regulations 2022

1.1       What is the general definition of “digital health” in your jurisdiction?

There is no definition of “digital health” in Irish legislation.  Digital health is generally accepted as referring to standalone software, health technologies and apps used in the healthcare sector, or those used in combination with other products.

1.2       What are the key emerging digital health technologies in your jurisdiction?

Some of the key emerging technologies are as follows:

1. Telemedicine – the delivery of healthcare by registered healthcare practitioners to patients using online platforms or health apps.
2. Artificial Intelligence (AI) – the use of advanced computer technologies, predictive analysis and machine learning is ever-increasing in the life sciences and healthcare sectors.
3. Health Apps – apps hosted on connected wearables and mobile devices which aim to monitor and improve health/wellbeing.

1.3       What are the core legal issues in digital health for your jurisdiction? 

Some of the core legal issues in healthcare are as follows:

1. Product Classification – the convergence of medical devices, medicinal products and software requires that product classification is carefully considered to ensure regulatory compliance.
2. Data Protection and Cybersecurity – patient data must be collected and handled in compliance with data protection law.
3. Product Safety – in order to ensure patient safety, all products must comply with applicable product safety legislation.

1.4       What is the digital health market size for your jurisdiction? 

Although this is difficult to quantify in the Irish context, based on Ireland's significant presence in the life sciences, technology and social media sectors, the ever-evolving digital health market in Ireland is on track to hold a significant share of the estimated $100 billion global digital health market.

1.5       What are the five largest (by revenue) digital health companies in your jurisdiction?

This information is not currently available.

2.1       What are the core healthcare regulatory schemes related to digital health in your jurisdiction?

1.   Healthcare Framework

The Health Act 1970 (as amended) sets out the statutory basis for the structure of the national healthcare system.  The Department of Health determines healthcare policy and expenditure.  This is implemented by the national health provider, the Health Service Executive (HSE).  The Health Information and Quality Authority (HIQA) is a statutory body responsible for regulating and accrediting public hospitals, implementing quality assurance programmes, and evaluating the clinical and cost effectiveness of health technologies.

2.   Healthcare Professionals

Healthcare professionals are regulated as follows:

• The Medical Practitioners Act 2007 – registered medical practitioners.
• The Nurses and Midwives Act 2011 – nurses and midwives.
• The Pharmacy Act 2007 – pharmacists and pharmaceutical assistants.
• The Health and Social Care Professionals Act 2005 – includes, amongst others, occupational therapists, speech and language therapists and social workers.

3.   Medical Devices

Directive 93/42/EEC concerning medical devices and Directive 90/385/EEC on active implantable medical devices were entirely replaced by Regulation (EU) 2017/745 on medical devices (MDR) on 26 May 2021, however, certain transitional provisions apply to certain devices (Medical Device Legislation). 

The Health Products Regulatory Authority (HPRA) is the Competent Authority responsible for regulating medical devices.  The National Standards Authority of Ireland (NSAI) is the Notified Body designated by the HPRA to carry out conformity assessment procedures to ensure compliance with Medical Device Legislation.

4.   Medicinal Products

The regulatory framework for pharmaceuticals is based on Directive 2001/83/EC on the Community code relating to medicinal products for human use (as amended).  This was implemented by the Irish Medicines Board Act 1995 (as amended) and domestic regulations.  The HPRA is the medicines regulator.

5.   Telemedicine

There is no legislation specifically regulating telemedicine in Ireland.  However, the current Medical Council Guide to Professional Conduct and Ethics for Registered Medical Practitioners states that telemedicine services can be provided, subject to:

• strong security measures;
• patients providing their consent to:
• the consultation being conducted through telemedicine;
• any treatment provided;
• information policies being clear to users;
• services being safe and suitable for patients;
• the patient's general practitioner being informed of the consultation; and
• intra-jurisdictional transfers of personal patient information complying with data protection principles.

Further, healthcare providers of telemedicine services to patients within Ireland must be registered with the Medical Council.  Derogations from the Medical Council Guide may constitute a breach of professional duty by medical doctors.

2.2       What other core regulatory schemes (e.g., data privacy, anti-kickback, national security, etc.) apply to digital health in your jurisdiction?

If digital health products are classified as medical devices, the Medical Device Legislation will apply.

Directive No. 2001/95/EC on general product safety, as amended (GPSD), which is transposed into Irish law by the European Communities (General Product Safety) Regulations 2004, may apply to digital health and healthcare IT products which do not fall within the scope of Medical Device Legislation.  The Consumer Protection Act 2007, which gives effect to Directive No. 2005/29/EC on unfair commercial practices, may also apply to digital health consumer products.

The Liability for Defective Products Act 1991 (LDPA) implements Directive No. 85/374/EEC on liability for defective products into Irish law.

The use of personal data in digital health technologies and healthcare IT is primarily regulated by the General Data Protection Regulation (GDPR) and the Data Protection Acts 1988–2018.

2.3       What regulatory schemes apply to consumer healthcare devices or software in particular?

Generally speaking, the following regulatory schemes apply to consumer healthcare devices or software:

• Medical Device Legislation (where the product is a medical device).
• Product Safety.
• Product Liability.
• Consumer Protection.
• Data Protection.
• Cybersecurity.
• Intellectual Property (IP).

2.4       What are the principal regulatory authorities charged with enforcing the regulatory schemes? What is the scope of their respective jurisdictions?

HIQA is a statutory body responsible for regulating and accrediting public hospitals, implementing quality assurance programmes, and evaluating the clinical and cost effectiveness of health technologies.

The HPRA is the Competent Authority for the regulation of health products, including medicines, medical devices and cosmetics.

The Competition and Consumer Protection Commission (CCPC) is the statutory body responsible for enforcing consumer protection and general product safety legislation.

The Data Protection Commission (DPC) is the Irish supervisory authority for the purposes of the GDPR.

The NSAI is Ireland's official standards body that creates, maintains, promotes and issues accredited certification of products, services and organisations with recognised standards.

The Department of Health is the government department tasked with the delivery of policies for the health sector.

The Medical Council is the regulatory body of medical doctors in Ireland and maintains the Register of Medical Practitioners.

2.5       What are the key areas of enforcement when it comes to digital health?

The delivery of digital health.  All registered medical practitioners must be appropriately registered with the Medical Council of Ireland and operating in compliance with applicable legislation and ethical standards.

Patient safety is of paramount importance in the delivery of appropriate healthcare.  Accordingly, product safety and liability are key enforcement areas for the HPRA and CCPC.

Privacy and security are also key enforcement areas in terms of healthcare IT.  The DPC has wide-ranging powers, and can impose substantial sanctions for breaches of the GDPR.  Further, data subjects have the right to bring actions for material and non-material damages in the courts.

2.6       What regulations apply to Software as a Medical Device and its approval for clinical use?

Software as a medical device is regulated by the Medical Device Legislation.  Approval for clinical use is assessed by either the device manufacturer (the device is subject to the self-certification conformity procedure) or a Notified Body.

2.7       What regulations apply to Artificial Intelligence/Machine Learning powered digital health devices or software solutions and their approval for clinical use?

Depending on the specific product and its function, the legislation referred to above will apply.  Approval for clinical use will be assessed by the manufacturer if subject to the self-certification conformity procedure or a Notified Body.

3.1       What are the core issues that apply to the following digital health technologies?

■    Telemedicine/Virtual Care

As there is no specific legislation regulating telemedicine in Ireland, healthcare providers and companies offering telemedicine services must comply with a range of related and applicable legislation, regulation and guidance.  Core issues include compliance with prescribing regulations and the applicability of the medical devices framework.

■    Robotics

Product liability and allocation of liability are key issues relating to the use of robotics in the life sciences and healthcare sectors.  IP issues may also arise.

■    Wearables

The applicability of Medical Device Legislation to wearables is a core issue.  Product safety, product liability, consumer protection and data protection are also pressing concerns regarding the use of wearables.

■    Virtual Assistants (e.g. Alexa)

Cybersecurity and data protection concerns are core issues relating to the use of virtual assistants.  Liability and product safety issues may also arise regarding the use of virtual assistants and particularly as regards their interaction with connected devices.

■    Mobile Apps

See Telemedicine and Wearables.

■    Software as a Medical Device

When software is classified as a medical device, core issues relating to the use of that software, aside from compliance with Medical Device Legislation, include cybersecurity, data protection and consumer protection.

■    Clinical Decision Support Software

See Software as a Medical Device.

■    AI/ML powered digital health solutions

See Software as a Medical Device.  Cybersecurity and data protection are also key issues, as are product safety, liability and consumer protection. 

■    IoT and Connected Devices

Cybersecurity is of paramount importance regarding Internet of Things (IoT) and connected devices, particularly regarding unauthorised access attempts.  Data protection, product liability and consumer protection are also important.

■    3D Printing/Bioprinting

3D-printed products may be used to produce medical devices which fall within the scope of Medical Device Legislation.  Accordingly, compliance with Medical Device Legislation and applicable conformity assessment and CE-marking procedures will be a core issue.  Product liability and IP concerns may also arise.

■    Digital Therapeutics

This will depend on the specific nature of the product.  See core issues that apply to all of the above.

■    Natural Language Processing

Natural Language Processing may give rise to concerns around data protection, product safety, liability and IP.

3.2       What are the key issues for digital platform providers?

Where there is no specific regulatory regime for digital health in Ireland, digital platform providers must comply with a range of related and applicable legislation, regulation and guidance.

Data protection and, particularly the use, storage and transfer of personal data are key issues for digital platform providers, as is cybersecurity.  In particular, digital platform providers must adopt measures to protect against and prevent the occurrence of malware virus attacks, particularly where large amounts of sensitive personal data are stored within their platforms.

4.1       What are the key issues to consider for use of personal data?

In conducting any activities that involve the processing of personal data, companies must adhere to the key principles in Article 5 GDPR.  These can be summarised as follows:

• Lawfulness, Fairness and Transparency: All processing activities must have a legal basis under Article 6 GDPR, meaning the processing must be: (a) based on data subject consent; (b) necessary to perform a contract with the data subject; (c) necessary to comply with a legal obligation; (d) necessary to protect a person's vital interests; (e) necessary to perform a task in the public interest; or (f) necessary to achieve the legitimate interests of the controller or a third party, where those interests outweigh the rights and freedoms of the relevant data subject(s).  Where special categories of data are concerned (including health data, genetic data and biometric data), controllers must identify an exemption under Article 9 GDPR (e.g. explicit consent).  Reliance on such exemptions may be subject to further conditions under the Data Protection Acts 1988–2018.  Controllers must also facilitate data subjects in the exercise of their rights under Articles 15–22 GDPR, and ensure any transfers of personal data outside the European Economic Area (EEA) are made subject to the adoption of appropriate measures.  To ensure transparency, data subjects must receive user-friendly information about how their personal data is processed, including but not limited to all information in Article 13/14 GDPR.
• Purpose Limitation: Personal data must only be processed for the specific purposes communicated to the data subject, and cannot be processed in a manner incompatible with those purposes.
• Data Minimisation: No more personal data than is needed for the controller's purposes should be collected, and it should not be shared more widely than is necessary.
• Accuracy: Personal data must be accurate and kept up-to-date.  Inaccurate data must be promptly rectified or erased.
• Storage Limitation: Save for limited exemptions (e.g. for scientific research and statistical purposes), personal data should be deleted or anonymised when it is no longer necessary.
• Integrity and Confidentiality: Controllers must implement appropriate technical measures and policies to ensure personal data is processed securely, and to protect against unauthorised or unlawful processing or accidental loss, destruction or damage (i.e. a data breach).
• Accountability: Controllers are responsible for demonstrating compliance with their obligations under the GDPR.  Where any digital health offering involves the processing of health data and could potentially pose high risks to data subjects, a data protection impact assessment must be conducted in advance of the processing.  Such assessments and records of processing help controllers to demonstrate accountability.  If a company's core activities involve the processing of special categories of personal data, they will also need to appoint a data protection officer.

4.2       How do such considerations change depending on the nature of the entities involved?

Whether the entity is public or private will impact on the legal bases that can be relied upon (e.g. public bodies cannot rely on their legitimate interests (Article 6(1)(f) GDPR) to conduct official activities).  Public bodies are also subject to the Data Sharing and Governance Act 2019.

Controllers bear primary responsibility for compliance with data protection law, insofar as they decide how and why personal data is processed.  Where they engage vendors/service providers to process personal data on their behalf, they must vet them in advance, and enter data processing agreements with robust safeguards, as explained in question 4.5.

4.3       Which key regulatory requirements apply?

The GDPR, as supplemented by the Data Protection Acts 1988–2018, contains the core data protection rules.

To the extent digital health technologies may involve the use of cookies, or where organisations want to market to individuals, the ePrivacy Directive 2002/58/EC (as amended) and the Irish ePrivacy Regulations are also relevant.

Where health data is collected for the purpose of health research, the Data Protection Act 2018 (Section 36(2) (Health Research) Regulations 2019 (as amended) (Health Research Regulations) will apply, and the controller will be subject to extensive obligations, including the need to obtain the explicit consent of data subjects.  If it is not possible/appropriate to obtain the explicit consent of data subjects, controllers may apply to the Health Research Consent Declaration Committee for a declaration that the explicit consent of data subjects is not required where the public interest in conducting the health research “significantly outweighs” the public interest in obtaining their explicit consent.

The Data Protection (Access Modification) (Health) Regulations 1989 put parameters around access to health information, recognising the important role of health professionals regarding this data.

The Data Sharing and Governance Act 2019 introduced additional statutory obligations for public bodies.

4.4       Do the regulations define the scope of data use?

Although the GDPR is a principle-based regulation, meaning it is not highly prescriptive as to how data can be used, it places clear obligations on controllers to respect data subjects' information.  The Irish legislation outlined above is more explicit regarding how organisations can use data.

4.5       What are the key contractual considerations? 

Where a controller appoints a data processor to process personal data on its behalf, both parties must enter a written data processing agreement (DPA) that meets the requirements of Article 28 GDPR.

Where two or more parties are working together, they may be considered “joint controllers” if they are jointly deciding the purposes and means of processing personal data.  In such circumstances, joint controllers would be well advised to enter a written contract setting out the respective responsibilities of each party, as joint controllership implies joint liability for breaches of data protection law, and the “essence” of the arrangement must be further communicated to data subjects.

It is worth including detailed data protection provisions in any contract concerning the disclosure of personal data.

4.6       What are the key legal issues in your jurisdiction with securing comprehensive rights to data that is used or collected? 

Where data is exchanged pursuant to a contract, ownership of that data (and rights regarding its use) should be set out very clearly.

Where personal data is concerned, the parties to any digital health offering must be aware of their roles and responsibilities, and controllers must have valid legal grounds for the collection and use of the personal data.

Data subjects cannot waive their rights of access, rectification, erasure, restriction, objection and portability, and the right to not be subject to automated decision-making.  As such, controllers must be in a position to promptly and effectively facilitate the exercise of data subject rights.

5.1       What are the key issues to consider when sharing personal data?

As noted in our answer to question 4.1, the GDPR restricts the transfer of personal data outside the EEA.  This has significance where controllers wish to share personal data with partners/service providers in “third countries”.

Personal data can be freely transferred to countries which have received an “adequacy decision” from the European Commission.  Otherwise, certain safeguards must be implemented (e.g. data exporters and data importers may execute the European Commission-approved Standard Contractual Clauses).  Following the recent decision of the Court of Justice of the European Union in case C-311/18 (Schrems II) and subsequent regulatory guidance, data exporters must also verify on a case-by-case basis that the personal data being transferred will be afforded an “essentially equivalent” level of protection in the destination country, and adopt technical, contractual and/or organisational measures as appropriate to mitigate risks.

5.2       How do such considerations change depending on the nature of the entities involved?

The Data Sharing and Governance Act 2019 regulates the ability of public bodies (including the HSE) to share personal data with other public bodies.  The majority of its provisions do not apply to special categories of personal data, which may limit its applicability to data sharing in a healthcare context.

5.3       Which key regulatory requirements apply when it comes to sharing data?

Any transfers of personal data outside the EEA must comply with Chapter V GDPR, and the Data Sharing and Governance Act 2019 regulates the sharing of data by public sector bodies.  As outlined in our answer to question 4.5, appropriate contractual arrangements should be entered into where personal data is shared between parties.

6.1       What is the scope of patent protection?

The Patents Act 1992 (as amended) governs the law relating to patents.  For an invention to be patentable, it must be susceptible of industrial application, new and involve an inventive step.

To register a patent in Ireland, applicants must file at the Intellectual Property Office of Ireland or at the European Patent Office with an Irish designation.

Full-term patents can provide protections for up to 20 years.  A short-term patent may be obtained without needing to demonstrate the invention's novelty.

A patent cannot be obtained for, among other things:

• a discovery, scientific theory or mathematical method;
• a scheme, rule or method for performing a mental act, or a computer program;
• the presentation of information; or
• a method for treatment of the human or animal body by surgery or therapy and a diagnostic method practised on the human or animal body (excluding a product, substance or composition for use in any such method).

6.2       What is the scope of copyright protection?

The Copyright and Related Rights Act 2000 (as amended) (2000 Act) governs the law relating to copyright.  It was recently amended by the Copyright and Other Intellectual Property Law Provisions Act 2019, which also provided more recourse to rights in the Irish courts.

Copyright subsists automatically upon the creation of literary, artistic and other tangible works (including computer programs) and databases, protecting the physical manifestation of the work (as distinct from the underlying idea or principle) once the work in question meets the test of originality under copyright law.

In an employment context, the employer will be the first owner of any copyright created by an employee in the course of their employment, unless they have agreed otherwise.

The owner of copyright in a work has the exclusive right to prevent or allow others to:

• copy the work;
• perform the work;
• publish or otherwise make available the work; and
• adapt the work.

6.3       What is the scope of trade secret protection?

The protection of trade secrets is governed by the European Union (Protection of Trade Secrets) Regulations 2018 (Trade Secrets Regulations), which transpose Directive EU 2016/943 (the Trade Secrets Directive) into Irish law.  Under this regime, a trade secret is protected if:

• it is secret, being not generally known among or readily accessible to persons who normally deal with that kind of information;
• it has commercial value because it is secret; or
• reasonable steps have been taken to keep it secret.

The Trade Secrets Regulations provide for prohibitive and corrective remedies in order to prevent and/or obtain redress for the unlawful acquisition, use or disclosure of the trade secret.

6.4       What are the rules or laws that apply to academic technology transfers in your jurisdiction?

Knowledge Transfer Ireland is the national office tasked with facilitating the transfer of academic and state-funded expertise and technology to businesses.  They produce model agreements which typically form the basis for the licensing of university-generated IP to spin-out companies or industry investors in return for royalties and for collaborative developments between industry and academia.

IP owned or developed by academic institutions may also be assigned provided the transfer is in accordance with State Aid rules.

6.5       What is the scope of intellectual property protection for Software as a Medical Device?

Copyright in the software itself (source and object code) is protected by copyright.  Any accompanying elements such as sound and graphic designs are also protected by copyright.

6.6       Can an artificial intelligence device be named as an inventor of a patent in your jurisdiction?

Although there is no case law on this question in Ireland, the legislation envisages that the inventor will be a natural person, with section 17 of the Patents Act 1992 requiring patent applicants to identify the “person or persons whom he believes to be the inventor or inventor”, and the Patent Rules requiring the applicant to provide their address.  This is supported by a recent decision of the UK Court of Appeal (Thaler v Comptroller General of Patents Trade Marks and Designs [2021] EWCA Civ 1374) where the Court held that an artificial intelligence machine cannot qualify as an “inventor” for the purposes of the UK Patents Act 1977 because it is not a person within the meaning of the legislation.

6.7       What are the core rules or laws related to government funded inventions in your jurisdiction?

Government grants are often awarded subject to a range of conditions relating to intellectual property, in respect of which compliance is required.

7.1       What considerations apply to collaborative improvements?

Parties should contractually agree the manner in which the resulting IP (including any improvements to pre-existing IP) will be owned and licensed as well as matters of confidentiality and commercialisation.

7.2       What considerations apply in agreements between healthcare and non-healthcare companies?

Healthcare companies are subject to specific regulatory and reporting obligations in respect of their activities which will need to be recognised and reflected in the agreement governing its activities with any other company.  Depending on the nature and extent of the activities being conducted by each party, particular consideration should be given to issues of reporting, quality standards, confidentiality and protection over proprietary IP and liability and claims management.

Where a contract relates to a product, as defined by the Product Liability Directive, then a strict liability regime will apply to each of the developers, manufacturers and potentially the suppliers and distributors depending on the necessary facts.  The ability for a party to limit its liability in a contract is also impacted by consumer law.

8.1       What is the role of machine learning in digital health?

Machine learning continues to play an increasingly important role in digital health, particularly regarding diagnostics, patient monitoring and decision support systems.  Of course, the use of AI should enhance and not replace the role of the healthcare practitioner.

8.2       How is training data licensed?

Training data can be licensed in the same way as any other proprietary data or technology (governing issues such as field of use, warranties and disclaimers, and confidentiality).  Please see our response to question 8.4 below.

Under the Open Data Strategy 2017–2022, the Irish Government licenses open (non-personal) data sourced from the activities of public bodies using the Creative Commons (CC-BY) Licence.  This licence allows others to distribute, adapt and build upon data for commercial or non-commercial purposes, provided the originator is credited for the original creation.

Directive (EU) 2019/790 on copyright and related rights in the Digital Single Market (as recently implemented in Ireland by the European Union (Copyright and Related Rights in the Digital Single Market) Regulations 2021) provides research organisations with a mandatory exception to copyright that allows them to extract and reproduce text and data from databases or other sources to which they have lawful access in order to carry out data mining for the purposes of scientific research.  A more restrictive regime applies to commercial text and data mining.

8.3       Who owns the intellectual property rights to algorithms that are improved by machine learning without active human involvement in the software development?

Under the 2000 Act, the author of a work generated by a computer in circumstances where the author of the work is not an individual is the person who made the arrangements necessary for the creation of the work.  Although there is no Irish case law on this point as yet, it is likely that the engineers who assemble the models and software which improve the algorithm would individually and collectively be considered the “authors”, and would therefore own the IP in the improved algorithms.  As noted in our answer to question 6.2, copyright would vest in their employers if they generated the copyright in the course of their employment unless there was an agreement to the contrary.

8.4       What commercial considerations apply to licensing data for use in machine learning? 

The parties should consider the strength of any warranties as to the completeness, accuracy and usefulness of the licensed data, data protection compliance, the ownership of background IP and IP that is generated by using the data, and the scope of the licence.

9.1       What theories of liability apply to adverse outcomes in digital health solutions?

Liability for adverse outcomes in digital health can arise under:

• Contract: Liability can arise under the Sale of Goods Act 1893, as amended by the Sale of Goods and Supply of Services Act 1980.
• Tort: The general common law principle of duty of care applies.  Therefore, product manufacturers owe a duty of care to all those who may be foreseeably injured or damaged by their products.
• Statutory Liability: The LDPA implements Directive 85/374/EEC on liability for defective products (Product Liability Directive) into Irish law.
• Criminal: The European Communities (General Product Safety) Regulations 2004 implement the provisions of the GPSD.
• Medical Devices: Digital health products that are classified as medical devices will be subject to liability arising under Medical Device Legislation.
• Clinical Negligence: Liability in the context of clinical negligence may arise where a medical practitioner breaches a duty of care owed to a patient and damage or injury is suffered by the patient as a result.

9.2       What cross-border considerations are there?  

Under the Rome I Regulation and the Rome II Regulation, Irish law will apply to contractual and non-contractual (e.g. personal injury) claims arising in relation to digital health delivery to patients, irrespective of the country of origin of the digital health provider.

10.1    What are the key issues in Cloud-based services for digital health?

Compliance with data protection law is critical where a service entails the sharing of special categories of personal data, particularly outside the EEA.  Strong measures must be adopted to maintain the security of the services and mitigate against the risks of a data breach.

Cloud-based service providers in the digital health space should also consider if they fall within the scope of the EU Directive on the Security of Network and Information Systems (NIS Directive), as transposed into Irish law by the European Union (Measures for a High Common Level of Security of Network and Information Systems) Regulations 2018 and the Commission Implementing Regulation (EU) 2018/151.  The legislation imposes a range of cyber-security rules on operators of essential services (OES) and digital service providers (DSPs).  Non-computing cloud solutions do not fall within the definition of DSPs.  Service providers may be an OES in limited circumstances – where they fall within a category of activity (including the “health sector”), they fulfil various criteria and they are designated by the competent authority.

10.2    What are the key issues that non-healthcare companies should consider before entering today's digital healthcare market?

Non-healthcare companies should adopt a holistic approach when navigating the relevant legal and regulatory requirements at an early stage of development of services and related technology.  As the regulation and guidance around telemedicine is developing rapidly, companies should maintain a dialogue with the relevant regulatory authorities to confirm whether the authorities are drafting or preparing any guidance that might be relevant.

10.3    What are the key issues that venture capital and private equity firms should consider before investing in digital healthcare ventures? 

Prior to investing in digital healthcare ventures, venture capital and private equity, firms should consider whether:

• appropriate procedures are in place for regulatory compliance;
• the target companies own all of the necessary IP and have patent protection in place; and
• appropriate supply and service contracts are in place.

10.4    What are the key barrier(s) holding back widespread clinical adoption of digital health solutions in your jurisdiction?

Some of the key barriers holding back widespread clinical adoption of digital health solutions are as follows:

• Fewer clinical trials in the area of digital health solutions are conducted, which in turn results in lower rates of demonstrated clinical and economic benefit or safety and efficacy.
• Lack of a harmonised approach and overarching legislation across the EU. 
• Cybersecurity and privacy concerns.
• Product safety and liability allocation concerns.

10.5    What are the key clinician certification bodies (e.g., American College of Radiology, etc.) in your jurisdiction that influence the clinical adoption of digital health solutions?

The Medical Council regulates medical doctors in Ireland and provides input on policy and legislation in this area, as well as guidance on professional conduct and ethics in this area.  The Pharmaceutical Society of Ireland carries out a similar role for pharmacists in Ireland and would be active in this area.  There are a number of industry bodies relevant to the digital health sector under the auspices of IBEC (Irish Business and Employers Confederation), including the Irish MedTech Association, BioPharamChem Ireland and Technology Ireland, driving policy initiatives and cross-sectoral strategies relevant to the digital health sector.  eHealth Ireland, a HSE initiative, assists in the delivery of improved digital health across Ireland. 

10.6    Are patients who utilise digital health solutions reimbursed by the government or private insurers in your jurisdiction?  If so, does a digital health solution provider need to comply with any formal certification, registration or other requirements in order to be reimbursed?

This will depend on the specific product.  In order to receive reimbursement approval under one of the State schemes in Ireland, a product supplier must apply to the HSE for inclusion on the HSE's reimbursement list.  Where products are not available for reimbursement under a State reimbursement scheme, a patient may pay privately for a product or service.  Private health insurers may reimburse patients for access to certain products or services, depending on the level of cover of the insured.