Digital health application: The app on prescription
Digital health application: The app on prescription
An opportunity for you to drive forward digital medical care, expand your portfolio and open up an internationally unique reimbursement channel. This is because, under the Digital Healthcare Act (DGV), people with statutory health insurance are now entitled to the provision of DiGA, which can be prescribed by doctors and psychotherapists and reimbursed by health insurance companies. Alternatively, patients can also apply directly to their health insurance provider for reimbursement of a DiGA.
What does DiGA support?
Among other things, DiGAs provide support in the treatment of illnesses and the management of medical complaints and, since the latest update, may also include telemedical services. This can be an app for the smartphone, but also a web application for the browser. However, before entering the market, the Federal Institute for Drugs and Medical Devices (BfArM) checks whether a DiGA meets all the requirements. Read our blog post to find out more about the six facts that manufacturers should be aware of.
Would you like to bring a DiGA to the market?
Inclusion in the DiGA directory by the Federal Institute for Drugs and Medical Devices is granted if your DiGA meets all requirements, including safety, suitability for use, quality, medical benefit, data protection and data security. This is how a digital health application gets listed in the DiGA directory (BfArM):
The positive supply effect
The positive care effect of digital health applications
Medical benefit
- Improvement in the state of health
- Reducing the duration of illness
- Prolonging survival
- Improving the quality of life
Patient-relevant improvement of structure and processes (among other things):
- Coordination of treatment procedures
- Easier access to healthcare
- Patient safety
- Developing health literacy
The requirements and development of DiGA
According to §3 Abs. 1 DiGAV, proof of compliance with the safety and functionality requirements is deemed to have been provided by the CE marking.
Manufacturers meet data protection and security requirements through a self-declaration
- The declaration is based on Annex 1 of the DiGAV
- BSI Standard 200-1, 200-2 and 200-3 provide instructions
- Introduction of a complete ISMS in accordance with ISO 27001
- BfArM does not check for compliance with data law (risk of incorrect assessment)
Exchange of data via networks in a specific format; electronic patient file (ePA) is the central data hub
- Export in human-readable and printable form
- Export in machine-readable, interoperable format
- Hardware connectivity (sensor) – use of an interoperable interface
Verification of user-friendliness for the intended groups (also for digitally inexperienced persons); accessibility: All DiGA listed in the directory must be either:
- include assistance for people with disabilities or
- support operating aids offered by the platform (support for every form of disability – hearing, vision, motor skills)
Penetration testing in the development of DiGA
With the entry into force of the DVPMG, penetration testing is no longer only prescribed for DiGAs with increased protection requirements, but is now mandatory for all DiGAs. The goal of penetration testing is to quickly identify security vulnerabilities and create maximum data security. We are happy to support you in creating the test concept in accordance with the BSI’s implementation concept for penetration tests and taking into account the current OWASP Top 10 security risks. In order to maintain objectivity, all our penetration tests are carried out by our BAYOOTEC experts.