Newswire

For Further Information Contact:

saudiarabia@transatlanticlaw.com

Saudi Arabia Update: What Are the Legal Implications of Health-Tech?

Over the years, there has been unprecedented growth in digital health used in delivering healthcare across the GCC states. However, the COVID-19 Public Health Emergency (PHE) has accelerated digital transformation in the healthcare industry more than in any other industry.

With the rise in demand to meet patients’ needs and control over their health, tech companies are coming up with new tech advancements in in-patient management diagnostics and treatment. Inventions like e-prescriptions, electronic medical records (EMR), and healthcare information and management systems (HIMSS), among others, have changed how healthcare is delivered to patients.

However, like any other industry undergoing rapid growth, health tech faces dramatic legal changes; for instance, in 2019, the UAE president issued the health data law, which aims at regulating the use of technology in the healthcare industry. Moving forward, tech companies in these spaces should expect heightened legal scrutiny from various regulators.

The following are some legal considerations in health tech.

1. Regulatory Bodies

Companies developing medical devices that incorporate Artificial intelligence (AI) and machine learning (ML) should abide by the Ministry of Health and Prevention (MOHAP) new approaches to regulate health tech. Companies must provide their proposals and any other critical information about any of the machines to be installed and used in healthcare.

Recently, a blockchain-based health data storage platform was introduced to help MOHAP efficiently provide smart health services to patients. The guidance by the regulatory bodies will help companies developing medical devices clarify to what extent the products will be regulated.

2. Fraud and Abuse

As healthcare operations are adopting technology, every person involved, from providers to vendors and payers, must adopt key practices to prevent or minimize fraud and abuse. All models involved in digital delivery create different types of risks under the legal theories, which the Ministry of Justice(MOJ) has taken a key interest in.

MOJ scrutinizes different healthcare vendors, for instance, those that provide electronic medical records. Organizations must provide consumers using medical insurance cards with relevant knowledge on how to protect themselves against questionable actions.

The companies must also have appropriate monitoring and enforcement strategies to eradicate fraud and abuse, according to the Saudi Arabia Anti-fraud and abuse regulation body.

3. Antitrust

Balancing data sharing, and data blocking, is one of the greatest antitrust concerns in digital health. Oversharing data in digital health is much more complicated compared to any other industry. While some companies can positively welcome the idea, sharing data in digital health can lead to regulatory issues.

Limited sharing can make a provider dominant in the market; while this isn’t necessarily a bad thing, it creates different antitrust issues, for instance, abuse of dominance. Abuse of dominance is considered a breach of antitrust, which results in lawsuits, and heavy fines, among others.

4. Data Privacy

Healthcare professionals must protect the confidentiality of patient’s medical data at all costs, and any breaches in the data should be reported immediately and appropriately. Relevant companies must comply with data protection in the right manner to prevent exposure to any liability when handling sensitive patient data.

All the following issues should be put into consideration when handling sensitive data:

•Seek consent in data processing, particularly in clinical trials

•Ensure that data subjects are notified about secondary uses of data, for instance, in the case of research

•Healthcare providers and pharma businesses impacted by any data flaws are allocated compliance responsibilities

•All consent should be explicit, specific, and informed

5. Product Liability

Product liability is a type of law in which the law holds the producer (manufacturers, suppliers, retailers and distributors) responsible for any product defects that cause injuries to patients. In digital health, many people can be held liable in case of litigation; such people include:

•Data provider

•Software developer

•Device manufacturer

•The company responsible for commercialization

The Consumer Protection Association of Saudi Arabia aims to protect consumers’ interests and safeguard their rights. All those who fail to meet the established professional standards, requirements and ethics must face disciplinary actions.

6. Employers Liability

As more and more digital devices are adopted by employers, there will be a need to analyze data collected by all these devices. Analysis of data comes with its own set of risks to the employer; for instance, if a patient is harmed due to any foreseeable issues that weren’t addressed, then the employer can be held liable.

A foreseeable issue depends on what the employer knows or doesn’t know. As a way to protect the employer, digital health providers must not disclose personal health data to the employer.

7. Ethical Use of Artificial Intelligence

With the rise in technology in healthcare, there is more focus on the use of AI. Several guidelines have been produced over the years to help with the evaluation and implementation of digital technologies in the healthcare industry. However, even with this, there have been cases of discrimination and biases made by AI systems.

As a result, there have been increased calls to make these systems more transparent. Companies must adapt and implement good governance when it comes to procuring and implementing AI systems in healthcare.

8. Cybersecurity

Every day, organizations are becoming susceptible to cyber-attacks that are threatening confidential information and disrupting daily activities. Hospitals, particularly private hospitals, store a lot of information that is worth lots of money in the wrong hands.

All the healthcare organizations accessing patients’ data must comply with any laws set, including the proposed Personal Data Protection Law (PDPL). Ensuring digital health solutions are in compliance with the set laws is one way to reduce and prevent cyberattacks.

The healthcare industry is quickly adopting technology to provide health services smarter and faster. However, with technology comes great risks that affect everyone involved. Regulatory bodies are increasingly becoming focused on the health tech space and new products introduced in the healthcare industry.

Even though there are various opportunities for healthcare delivery models, the responsible companies must tread lightly and ensure they are in compliance with the rules and regulations in all the GCC states.

By Hammad & Al-Mehdar, Saudi Arabia, a Transatlantic Law International Affiliated Firm. 

For further information or for any assistance please contact saudiarabia@transatlanticlaw.com

Disclaimer: Transatlantic Law International Limited is a UK registered limited liability company providing international business and legal solutions through its own resources and the expertise of over 105 affiliated independent law firms in over 95 countries worldwide. This article is for background information only and provided in the context of the applicable law when published and does not constitute legal advice and cannot be relied on as such for any matter. Legal advice may be provided subject to the retention of Transatlantic Law International Limited’s services and its governing terms and conditions of service. Transatlantic Law International Limited, based at 42 Brook Street, London W1K 5DB, United Kingdom, is registered with Companies House, Reg Nr. 361484, with its registered address at 83 Cambridge Street, London SW1V 4PS, United Kingdom.