Intended for healthcare professionals


Digital healthcare: regulating the revolution

BMJ 2018; 360 doi: (Published 15 January 2018) Cite this as: BMJ 2018;360:k6
  1. Rishi Duggal, medical adviser1,
  2. Ingrid Brindle, patient2,
  3. Jessamy Bagenal, senior medical editor3
  1. 1NHS Digital, London, UK
  2. 2Manchester, UK
  3. 3The Lancet, London, UK
  1. Correspondence to: R Duggal rishi.duggal{at}

We need an agile and future proof framework that everyone can trust

The digital health revolution has arrived. In 2017 the digital health industry was already worth $25bn (£19bn; €21bn) globally, with the potential to cut healthcare costs by an estimated $7bn a year in the US alone.1 Digital health, or e-health, encompasses several distinct technologies including but not limited to: decisional support systems that use algorithms derived through mining clinical datasets, such as the work carried out by Google DeepMind; mobile health apps, or m-health, which can support and monitor healthy behaviours; connected biometric sensors, such as continuous glucose monitoring; consultations via video link (“telemedicine”); and electronic personal health records.

New products come to market quickly—153 000 mobile health apps have been released since 2015, bringing the worldwide total to 320 000.3 The sudden influx of technology, combined with a lack of robust governance, has led to distrust among some clinicians, patients, and healthcare providers. Technologies are consequently ignored or abandoned.45 Regulating digital health, while trying to create an environment promoting innovation, is challenging.

Market forces

Part of the problem is deciding which technologies should be regulated. In the US, the 21st Century Cures Act and the Food and Drugs Administration have clarified that technologies such as mobile apps or administrative support systems (appointment reminders) that are designed only for encouraging a healthy lifestyle will fall outside regulation.6 The FDA is also developing a pilot programme using “enforcement discretion” to allow lower risk digital health products on to the market without regulatory review. These might include mobile apps that automate simple tasks for healthcare providers or that help patients to self care or track their health.7

The tension between commercialisation and regulating for patient safety is clear from the FDA proposals, but it’s easy to see why the US regulator wants to minimise the types of technology requiring premarket review. Products are being developed so fast that enormous resources would be required to keep pace. Even if healthcare systems tried to regulate all digital health, contemporary regulations would be inappropriate for the new, disruptive, and futuristic technologies to come. For example, a new psychiatric drug with inbuilt sensors to record ingestion and track adherence has recently received FDA approval.8 Digital innovations will continue to create new and unpredictable ethical and regulatory issues. Regulators will need to maintain a horizon scanning service so they are aware of how digital health evolves and how their regulations must change in response.

In 2017 the Care Quality Commission published their position on regulating digital health in primary care in England.9 Although a good first step, the guidance needs improvement in places. For example, digital services can adapt swiftly to user need. It follows that software and services registered for regulation might change before inspection and change again before the regulator reports its findings.

Regulators will need to develop more agile approaches, perhaps requiring digital health services to provide updates to regulators, based on predetermined criteria. This would put the onus on providers to keep the regulator informed about incremental changes and would enable regulatory oversight of the natural software upgrades that keep digital health technologies relevant and responsive. In some ways, this approach would resemble the National Institute for Health and Care Excellence’s recommendations that confine some technologies to use only in well designed research studies or to monitoring in a prospective registry.

Patient identifiable data

Digital health technologies collect highly valuable and personal data. The European Union General Data Protection Regulation will replace the 1995 data protection directive in May 2018.10 The new regulation aims to unify data regulation across the EU into a single set of rules to protect the fundamental rights of all patients who live in the EU.1112 Digital health will require similar cross-border regulation if we are to protect patients consistently and reliably.

Transparency is key to creating the trust that will ensure full engagement of patients and the wider public in regulating digital health services and safeguarding personal data. In Personalised Health and Care 2020 the UK’s National Information Board targets full patient access to electronic healthcare records by 2020, along with the ability to contribute to those records. The board combines this with several roadmaps detailing regulatory options for this type of activity, but important details have yet to be clarified, including how best to obtain informed consent from data contributors and how to control access by those with commercial interests.1314 We still have a long way to go.

If we are all to benefit fully from the digital health revolution, patients, clinicians, and providers must collaborate to design a forward thinking, future proof, and credible regulatory framework that can be trusted by all parties.


  • Competing interests: We have read and understood BMJ policy on declaration of interests and declare the following interests: JB is a former fellow of the Faculty of Medical Leadership and Management and a National Medical Director’s Fellow, which has close ties with NHS England. She has worked as a clinical editor at The BMJ and was editor in chief of BMJ Open Quality. RD is a previous fellow of the Faculty of Medical Leadership and Management and a National Medical Director’s Fellow at the Care Quality Commission, which has close ties with NHS England. He has worked as a clinical adviser at NHS Digital.

  • The views expressed in this article are those of the authors and not their employers.

  • Provenance and peer review: Commissioned, not peer reviewed


  1. 1.
  2. 3.
  3. 4.
  4. 5.
  5. 6.
  6. 7.
  7. 8.
  8. 9.
  9. 10.
  10. 11.
  11. 12.
  12. 13.
  13. 14.
View Abstract