Diagnostic medical apps have become an increasing part of modern medicine. They can allow patients immediate access to healthcare; help patients take ownership of their health; and may even reduce needless trips to emergency departments. Examples of these apps include those used by emergency department / triage doctors and paramedics to diagnose patients quickly; those which provide assessment tools; and those used for prescription calculation.
The primary difference between an assessment by an app and assessment by a doctor is clearly the lack of human involvement. Rather than a doctor making a decision on the spot based on the symptoms before him, a pre-set algorithm will do that. The algorithms at a very basic level essentially draw associations between symptoms and an illness to reach a diagnosis.
This mimics an algorithm of sorts used by medical practitioners in the sense that there are set ‘pathways’ for management of patients, clinical pathways and red flags that doctors pay particular attention to when considering symptoms and reaching a diagnosis. However, doctors have the added advantage of physically examining a patient and making a clinical judgment while at the same time asking follow up questions which may assist in reaching the correct diagnosis. If they make an incorrect diagnosis resulting in harm to a patient, that patient may have a cause of action in clinical negligence against the hospital and/or the doctor.
What happens however when a diagnostic app makes an incorrect diagnosis and a patient relies on that diagnosis resulting in harm, i.e. delayed or incorrect treatment. Against whom can legal proceedings be issued? ; On what basis? ; And with whom does liability lie?
Regulation of diagnostic apps
Assuming a diagnostic app is intended by its ‘manufacturer’ or developer to be used by humans for the purpose of ‘diagnosis, prevention, monitoring, treatment or alleviation of disease’ it is likely to be deemed a software medical device and subject to the Medical Devices regulatory framework. This framework currently exists as the Medical Devices Directive until the Medical Devices Regulation comes fully into force in May 2020. The regulatory framework for software medical devices, sets out significant obligations on manufacturers on obtaining regulatory approval before a software medical device can be lawfully placed on the market. For example, there are obligations relating to:
- Clinical data
- The device going through a conformity assessment to obtain a CE mark
- Post market surveillance
While the medical devices regulatory framework regulates the entry of these apps on to the market, the law relating to the potential liability of apps and their developers and sellers when things go wrong is largely under developed. When considering on what basis an app and its developers/sellers could be sued for misdiagnosing a user, there is no set algorithm. Below are some of the legal basis in which an app developer could be sued, however each is not without its own health warning.
Product liability legislation
The Liability for Defective Products Act, 1991 (the 1991 Act) provides for strict liability where damage is caused wholly or partly by a defect in a producer’s product. It could be argued that, because a diagnostic app is called a device under the Medical Devices Regulations, it is therefore ‘a product’, however this is not necessarily the case. The current Product Liability Directive defines ‘product’ in Article 2 as "all movables … even though incorporated into another movable or into an immovable…Product includes electricity”. There is currently an on-going debate at EU level as to whether software can constitute a product for the purposes of the EU Product Liability Directive, and in turn the 1991 Act. An expert working group on Liability for New Technologies has been established by the European Commission and this is one of the issues they are considering.
Assuming an app is determined to be a product then under the 1991 Act the developer of the app; the company who buys, markets and sells the app; or possibly even the app store itself as supplier; could all be deemed to be a producer under the 1991 Act. Therefore there is difficulty in identifying the correct person/company to sue. In reality, a potential claimant would likely ‘cast the net wide’ and sue all those who could possibly be deemed to be producers of the app that the claim is centred on.
There are also complications with defining what a “defect” is under the 1991 Act in the context of an app and it may be challenging to determine what the defect actually is and what caused the defect. A defect could be caused by:
- Faulty hardware
- Faults in the underlying algorithm, or
- A clinical error arising from how a clinician used the app or from the data or information they inputted into the app
There are a limited number of statutory defences available to producers under the 1991 Act. For example, they may escape liability if they can prove that:
- They did not put the app into circulation
- The defect did not exist at the time the app was put into circulation or the defect came into being afterwards, this may be relevant where a user failed to ‘update’ the app as instructed, or
- The state of scientific and technical knowledge at the time when the app was put into circulation was not such as to enable the existence of the defect to be discovered.
Given the many uncertainties about whether an app is in fact a product; how a defect is defined in terms of a diagnostic app; and who is a producer, it is clear that existing product liability legislation may need to be updated to reflect the growth of apps in the marketplace. While the European Commission has deemed existing product liability legislation still fit for purpose, they have acknowledged that given the array of digital products and services now available to consumers, “its effectiveness is hampered by concepts, such as ‘product’, ‘producer’, ‘defect’ or ‘damage’, that could be more effective in practice. It remains to be seen what the outcome of the expert working groups’s findings will be.
It is important that, in seeking to apportion the risks, any changes to product liability legislation strike a fair balance between consumer rights and protection of app developers and sellers, so that the development and progress of existing and new diagnostic apps is not impeded.
The law of contract
The same consideration arises in determining whether apps are considered “goods” for the purposes of this Act. App developers and sellers should also be mindful of their potential obligations under the sale of Goods and Supply of Services Acts 1893 and 1980 under which a good must be of merchantable quality. This implied term will have been breached if the products in questions are:
- Not fit for purpose or purposes for which goods of that kind are commonly bought
- Not as durable as it is reasonable to expect in view of the description given to them, the price and all other relevant circumstances
- Where a product can foreseeably be considered to breach the implied term that a product corresponds with its description
In addition, liability may arise depending on the contractual provisions in place between those who are using the app. For example, the app developer may have entered into a contract with the hospital that permits its use by its clinicians which sets out clear provisions on liability arising from use of the app.
The legal challenges facing developers and sellers of diagnostic apps are not just limited to those under existing legislation. An app developer and seller could potentially be sued for negligence in tort. It is possible an app developer or seller could be deemed to owe a duty of care to a user of a diagnostic app, that the duty is breached if the app provides the wrong diagnosis causing harm to the user and that harm was foreseeable.
However the application of negligence principles also raises questions - can an app developer or seller be expected to foresee every set of symptoms a user may input and what diagnosis the app may give?
Significantly, the app–patient interaction is not the same as the doctor-patient relationship and, therefore, it is not subject to a professional negligence test. What therefore would be the appropriate test for negligence in these circumstances and what test would an app be assessed against? Would it be assessed against what a reasonable doctor would do? Or against the reasonable app? If an app has been appropriately tested and achieved a CE mark in line with the Medical Devices Regulations, is the standard of care met? If the app is deemed to be a service it could be argued that its supplier would only need to show its use of reasonable care and skill?
A further issue to consider is whether a potential claimant could be guilty of contributory negligence if they did not update the app when required; or failed to input all possible relevant symptoms. Given the legal uncertainties, those involved in developing, producing and supplying diagnostic apps need to ensure they include adequate warnings and stringent terms and conditions of use when making their app available for sale either to individuals or healthcare providers/institutions. These would generally include warnings to users about the limitations of the app and safety net advice, such as that given in emergency departments. They should also include:
- Language advising users to always seek medical attention if their condition worsens
- Robust disclaimers
- Information on contractual warranties, liability, indemnity and limitation clauses, and
- A jurisdiction clause so that proceedings would have to be issued in a jurisdiction of their choice
There is huge uncertainty surrounding the potential liability of apps, the complex issues that will arise when determining liability and the under developed legislative framework for tort and product liability. As a result, those in the app supply chain - from developers to suppliers and those in the healthcare arena are developing and using diagnostic apps in the midst of much legal uncertainty.
While waiting for the legislature to ‘catch up’ the best they can do is ensure compliance with the regulatory framework which includes the medical devices and consumer protection legislation. They should also maintain adequate insurance and build in appropriate contractual protection where possible.