Should e-health companies worry about product liability risk?

The increasing use of e-health products and services as a diagnostic and information tool raises various issues concerning potential liability if these products and services malfunction or deliver incorrect advice. What happens if a patient monitoring device produces false or inaccurate readings or otherwise fails to correctly identify the signs of illness, or if the instructions for use are unclear? Could the producer of a healthcare app be liable if an app provides information on which a patient might reasonably be expected to rely in making decisions about their own medical care (e.g. guidance on how to respond to symptoms, or a reminder to take his or her medicine)?

The answer is that the producer of such a device or app could well be liable to pay compensation to a user that suffers harm in these circumstances. Questions will also arise around the potential liability of intermediaries if a participating physician gives incorrect advice in reliance on information from a device or app.

Back to basics: how product liability laws work

When we talk about product liability law, we mean laws that allow consumers to recover cash compensation where they suffer harm as a result of use of or exposure to a product.

The protections afforded to consumers vary greatly depending on the applicable jurisdiction, as do the means by which those rights can be enforced. However, the relevant rules fall into three main categories:

  • "Strict" or "no-fault" liability regimes that impose liability in defined situations, even in the absence of a direct contractual relationship with the individual who suffers harm;
  • Fault-based regimes, which may require that any damage was the result of a negligent product design or manufacturing process (again, these could apply even in the absence of any contractual relationship between the manufacturer and end user); and
  • Where it is possible for the person suffering any harm to rely upon contractual protections, any defect may also be actionable as a breach of contractual terms relating to the condition of the product or absence of defects. In addition to the express terms of the contract, there may also be further provisions implied by law to extend the protection offered to consumers.

In the EU, the Product Liability Directive (implemented through national legislation, such as the UK Consumer Protection Act) imposes a no-fault liability regime. A manufacturer or (where the product was made outside the EU) an EU-importer may be held liable whenever a product "defect" causes harm to an individual or damage to property. There is no need to prove that the manufacturer was at fault or failed to take appropriate precautions. Indeed, even if the manufacturer can establish that all reasonable precautions were taken, or that it complied with applicable regulations, this in itself is not a defence. In an e-health context, this further increases the importance of pre-market testing and ongoing monitoring, to pre-empt and prevent any actionable damage occurring.

In the absence of a claim under strict liability or other "no fault" provisions (or a favourable claim in contract), a consumer may instead opt to bring a claim under fault-based regimes such as negligence. However, this will typically be more onerous, since the consumer will need to establish that the manufacturer failed to take reasonable care or otherwise did something wrong. This may be particularly difficult in an e-health context, given the complex and highly technical nature of many products.

In contrast, where the person suffering harm is able to rely on a contract for the sale of the defective product or provision of the relevant service, this may contain terms relating to the condition of the product or the standard to which the service will be performed. Whilst some assurance of quality may be expressly included in the underlying contract of sale, in many jurisdictions, statute may provide for specific “implied” terms to be read into the contract. For example, in the UK and other common law jurisdictions, including Hong Kong and Singapore, sale of goods laws and consumer laws may give rise to certain statutory rights which impose specific terms (for example, terms as to satisfactory quality and fitness for purpose) on the sale of products. These terms can apply even if the contract of sale contains express terms that conflict with them. Similar terms are imposed in services agreements.

Contractual protections may be less relevant to consumers. Those suffering harm will not always be a party to any contract and, particularly in common law jurisdictions, this may prevent consumers from relying upon the contractual terms. For example, if a physician uses a defective e-health device to treat a patient, the patient is unlikely to have any contractual relationship with the producer or supplier (although, in some jurisdictions, there may be a contract between the healthcare provider and patient). However, where a contractual relationship does exist (most typically between the consumer and supplier), this may be the most desirable claim, since it will often be easier for a consumer to identify the supplier and in many jurisdictions a claim for breach of contract will be simpler than other forms of action. However, in an e-health context, there may be some additional challenges. For instance, if the defect relates to an item of downloaded software, the supplier could easily be located outside the consumer’s own jurisdiction, raising issues of whether they can be sued in the consumer’s home country and, if so, whether any judgment can be enforced. Where a website or app-store purports to act as a “marketplace” for individual suppliers to sell their software, this may also raise additional issues as to the identity of the contractual counter-party.

Where the aforementioned protections apply, it is not normally possible for the manufacturer or importer to exclude their liability completely. Consumer protection legislation typically limits the extent to which a manufacturer or importer can exempt itself from liability for loss or damage caused to a consumer, whether with regard to claims in contract or under fault-based or no-fault regimes.

Product liability laws will need updating to address the novel challenge of E-health

Product liability laws across the world have yet fully to catch-up with many of the novel situations to which e-health products and services will give rise. Two issues, in particular, suggest that the law needs updating.

First, it is less than clear in many countries how product liability law applies to services rather than products. While a patient who suffers harm as a result of a defective monitoring device may well be able to recover under existing product liability regimes, he or she might have more difficulty recovering where information provided by e.g. an online advisory service was inaccurate. Would that service constitute a “product” for the purposes of “no-fault” or strict liability regimes? In many jurisdictions, the answer may well be no. In the EU, for example, the product liability directive has been found to apply only to products and not to services. If damage is attributable to a service, it is therefore possible that the claimant will be unable to rely on a no-fault action and will instead be forced to pursue a claim under negligence.

Second, product liability laws do not always cope well with situations where there are multiple potential defendants involved. For example, there will be many different operators involved in the delivery chain for a wearable device that provides medical feedback or an app that dispenses medical advice. Should the failure of a monitoring device result in liability for the manufacturer of the device, for the seller, or for the physician who had recommended the device to his patient? A proportion of e-healthcare apps are marketed at healthcare professionals and intended as decision support tools to aid patient diagnosis or manage treatment. In this context, the app provider could owe a duty of care to both the healthcare provider and patients, while a doctor or other healthcare professional may also be expected to exercise his or her independent judgement in filtering and applying diagnostic information provided by the app.

Unpicking these situations to attribute responsibility for an incorrect diagnosis or treatment among multiple operators and intermediaries would test the boundaries of existing product liability laws in many jurisdictions.

General law and the rules of causation will continue to provide guidance in these cases, but specific legislation may be required to fully clarify responsibilities and allocate risk.

Resolving questions of jurisdiction and governing law

The introduction of e-health devices and arrangements also raises challenging jurisdictional issues. Medical advice provided remotely via an app could potentially be accessed in any country or even on a roaming basis in multiple countries. If healthcare advice provided from Germany is accessed by a patient in Russia, which jurisdiction will govern the treatment? What would the governing law and forum be for claims brought a patient who has accessed a telemedicine service from a professional based in another country? Would a court in one country accept jurisdiction in relation to a patient injury occurring in another country? Can a physician administer a treatment that has been approved in his home country but not in the country in which the patient is located?

The answer to the last of these questions has been clarified in the European Union under Directive 2011/24/EU on the application of patients’ rights in cross-border healthcare. (Cross-border healthcare is regulated by the legal framework of the member state in which the treatment occurs, and the physician need not be authorised in the member state of the patient’s residence.) But these questions remain fundamentally unresolved in most other countries. Liability regimes for healthcare professionals also still vary between member states of the European Union.

We expect to see existing rules on the governing law of disputes and available jurisdiction tested by the inherent scope of e-health products and services to be used and accessed across national borders. We will no doubt see attempts by claimants to forum shop as they look for recourse from defendants with ‘deep pockets’ and in jurisdictions where consumer protection laws are stricter or damage awards are typically more generous (for example, in the US). The ability to enforce a judgment against the defendant in its home country will be another important factor in a claimant’s choice of jurisdiction.

Criminal law and regulatory implications

In addition to the risk of consumer-led product liability actions, significant or widespread defects may also result in regulatory intervention. If these reveal a failure of comply with product safety requirements, in many jurisdictions this could also trigger criminal sanctions.

To avoid or at least mitigate these risks, e-health device manufacturers will need to identify and comply with safety requirements, to include appropriate safety warnings, to test goods for safety and to recall goods that are unsafe. The challenge of consumers purchasing products or accessing many services across multiple jurisdictions is likely to further increase this regulatory burden. These requirements are also likely to be particularly onerous if a product is deemed to constitute a ‘medical device’ (or equivalent) and is therefore subject to additional regulation.