BAYOOMED
  • Portfolio
    • Solutions
      • Mobile Medical Apps
      • Connectivity
      • Cloud based Solutions
      • Desktop and Web Solutions
      • Artificial Intelligence
      • Cybersecurity
      • Agile Software Development
      • Verification and Validation
    • Product Launch
      • Digital Health Applications (DiGA)
      • BAYOOCARE
    • Support
      • Regulatory Support
      • Risk Management
      • Clinical Evaluation
      • Quality Management
      • Usability Engineering
      • Approval
      • Classification
      • Post-Market Surveillance
    • Hidden Capabilities
  • Medical Software
    • Product Development
      • Requirements Management
      • Software Architecture
      • Software Engineering
      • Embedded Software
      • Verification and Validation
  • About Us
    • About BAYOOMED
      • Team
      • Certification (ISO 13485 Certificate)
      • YOOme
      • BVMed membership
    • About BAYOONET
      • BAYOOSOFT
      • BAYOOTEC
      • BAYOOCARE
    • Success Stories
  • News
  • Jobs and Career
  • Search
  • Menu

The new DiGAV: data protection, security and interoperability – what you should know

The Digital Health Applications Ordinance (DiGAV) is a central component for the app on prescription. Since 1 October, there is now a renewed version that focuses primarily on more data protection and data security as well as interoperability with the electronic patient record (ePA) and with other devices and systems.

The reason for the revision of the DiGAV are changes in the Digital Care and Nursing Modernisation Act as well as changes in the legal framework and the audit of DiGA.

But what will change in detail? And what do manufacturers have to consider when developing a DiGA in order to be included in the DiGA directory?

An overview

§ 2 Content of the application

Paragraph 1, No. 21a

(1) In addition, the application shall contain, in particular, information on:

Added (complete)the data processed by the DiGA, their representability by means of international semantic standards and from 1 August 2022, their interoperability with the electronic patient file
Paragraph 1, No. 22AddedStandards, profiles and human-readable export formats used for semantic and technical interoperability
Paragraph 5Added (complete)All information published in the Directory of Digital Health Applications is in the German language.

§ 4 Data protection and security requirements

Paragraph 8Added (complete)From 1 April 2023, audit criteria on data protection requirements must be implemented and a certificate will be issued for this purpose. These will be drawn up for the first time on 31 March 2022 (§ 139e paragraph 11 of the Fifth Book of the German Social Code).

§ 6 Quality requirements according to § 5 paragraph 1; specifications for interoperability

 ChangedSpecifications for the semantic and syntactic interoperability of data in the ePA apply according to § 355 paragraph 2a of the Fifth Book of the Social Code (no longer § 291e). Until then, open, internationally recognised standards and profiles provided by manufacturers continue to apply; these must be published in a recognised directory.

§ 6a Interoperability of digital health applications with the ePA

Paragraph 2Added (complete)From 01 January 2023, DiGa will enable data export to the ePA in accordance with the interoperability specifications described above.
Paragraph 3Added (complete)The update of the determinations must be implemented within 6 months of their publication.

§ 7 Evidence through certificates

Paragraph 4Added (complete)The BfArM may require the submission of the certificate referred to in §4 from 1 April 2023 at the latest (applies both if DiGA is already on the list and for new applications).

§ 18 Significant changes

Set 2 and 3Added (complete)“² Changes to the data and information in the directory for digital health applications that are minor in scope and merely editorial in nature do not constitute substantial changes pursuant to sentence 1. The manufacturer shall inform the Federal Institute for Drugs and Medical Devices of the necessity of editorial changes by simple notification.

§ 21 Further structuring of the electronic directory

Paragraph 2 and 3ChangedChange of the name of the directory for the interfaces, standards, profiles: The Interoperability Directory is regulated in § 385 of the Fifth Book of the German Social Code (no longer §192e).
Paragraph 3 and 4DroppedThe data are provided by the BfArM and published in a web portal. The deadline already expired on 01 January 2021.

§ 26 Fees for notices of amendment and deletion

Paragraph 4Added (complete)“The simple notification to the extent of minor and merely editorial amendments to particulars and information pursuant to section 18(1), sentences 2 and 3, shall be exempt from this requirement.”

Source

Good to know

The DiGAV also sets various deadlines that manufacturers should observe during development. The following applies:

  • from 01 April 2022

    must have a certified information security management system (ISMS) according to ISO 27001. A comparable system can no longer be used. Upon request by the Federal Institute for Drugs and Medical Devices, a recognised certificate must be available (cf. Annex 1 Questionnaire pursuant to Section 4 (6) (Requirements for data protection and data security)).

  • from 01 January 2023

    interoperability with the ePA must be guaranteed. Export from the DiGA to the ePA is a prerequisite (cf. § 6a para. 2). In addition, the update of the specifications must be implemented within 6 months of their publication (cf. § 6a para. 3).

  • from 01 January 2023

    the question must be clarified: Can the DiGA support the authentication of SHI-insured persons as the persons using the digital health application via the secure digital identity according to § 291 paragraph 8 of the Fifth Book of the German Social Code? (cf. Annex 1 Questionnaire pursuant to § 4 (6) (Data protection and data security requirements)).

  • from 01 April 2023

    must also implement audit criteria on data protection requirements, for which a certificate is issued. These will be drawn up for the first time by 31 March 2022 (§ 139e paragraph 11 of the Fifth Book of the Social Code) (cf. § 4 paragraph 8).

The experts at BAYOOMED and BAYOOCARE support you in the development of your digital health application – from regulatory advice to post-market surveillance (PMS).

Please feel free to make an appointment for an initial consultation. Inquire now without obligation.

Inquire now
Interesting, isn’t it? Why not share the article with others who are interested?
  • Share on Facebook
  • Share on WhatsApp
  • Share on LinkedIn
  • Share by Mail

News

  • Cybersecurity for medical devicesCybersecurity for medical devices – Webinar19. June 2023 - 14:32
  • MedConf 2023 with Sebastian Wittor and Florian MayerBAYOOMED @MedConf12. May 2023 - 11:01
  • MedTec Live 2023BAYOOMED @MedtecLIVE 20239. May 2023 - 16:26
Your contact at BAYOOMED

Miriam Schulze
CEO

Darmstadt
Europaplatz 5
64293 Darmstadt

Munich
Aidenbachstraße 54
81379 München

Berlin 
Mariendorfer Damm 1-3
12099 Berlin

Contact:

Phone: +49 (0) 6151 – 86 18 – 0
Fax: +49 (0) 6151 – 86 18 – 150

E-mail: info@bayoomed.com
Jobs: jobs@bayoo.net
Press: presse@bayoo.net

© Copyright - BAYOOMED
  • Contact
  • BAYOONET AG
  • Data Protection Policy
  • Imprint
  • Kontakt
  • BAYOONET AG
The whole world of medicine: BAYOOMED @Medica 2021 Merry Christmas 2021
Scroll to top