Ulrike Elteste, Kristof Van Quathem, and Nicholas Shepherd of Covington & Burling write:
On April 21, 2020, the Regulation on the Requirements and Reimbursement Process for Digital Health Applications (Digitale Gesundheitsanwendungen-Verordnung or „DiGAV“, available here) entered into force in Germany. Among other provisions, the DiGAV includes specific IT security and privacy requirements. Shortly after the law took effect, Germany’s Federal Medicines and Medical Devices Agency (“BfArM”) also released an extensive explanatory Guidance (Leitfaden, available here) to the DiGAV.
Independently, on April 15, 2020, the German Federal Office for IT Security (“BSI”) published a draft version of its guidance on “Security Requirements for Digital Health Applications” (BSI TR-03161) (available here). The BSI is now seeking feedback from industry on this draft guidance before releasing a final version.
Read more on InsidePrivacy.