German Federal Agencies Publish Privacy and IT Security Requirements for Digital Health Applications
On April 21, 2020, the Regulation on the Requirements and Reimbursement Process for Digital Health Applications (DiGAV) entered into force in Germany.
Among other provisions, the DiGAV includes specific IT security and privacy requirements. Shortly after the law took effect, Germany’s Federal Medicines and Medical Devices Agency (“BfArM”) also released an extensive explanatory Guidance to the DiGAV.
While the scope of application of the DiGAV and the BSI draft guidance may be limited, the documents can serve to provide useful insights and benchmarks for health applications generally.