Mobile health apps and other technical applications in the health sector are becoming more and more popular. Whether it’s heart rate, weight, medication, sleep phases or laboratory values, in health apps everything revolves around health data. Health data are all data that relate to the state of health of a natural person and that provide information about the person’s past, present and future physical or mental health (see recital 35 GDPR). Such health data are personal data that are considered to be particularly sensitive. Regulations on the use of health data can be found in para 9 GDPR. However, the regulations encounter practical implementation problems and uncertainties in their application, in particular with the new technical applications in the health sector. Concrete guidelines would be desirable for many providers of technical applications in the health sector.

On 27 March 2019, the Council of Europe published a recommendation to provide Member States with guidelines for the regulation of the processing of health-related data (available under new guidelines). The recommendation by the Council of Europe sets out principles for the protection of health data. Authorities should make the guidelines available to actors within the health system who process health data.

Practical tip:

Providers of mobile health apps and other technical applications in the health sector should follow the authorities’ current opinions and recommendations. Clarifying information may soon be made available to providers of technical applications in the healthcare sector.