The European Parliament has approved new legislation, the Digital Services Act (DSA) and Digital Markets Act (DMA) to improve the functioning of the internal market of intermediary services in the European Union (EU) where there is a risk that the major so-called gatekeeper companies can exercise unfair control of core platform services. The purpose of this study was to investigate, what health information systems could be in the scopes of these acts and what requirements the acts may have for the production, the sale and the use of health information systems.
The act texts were examined bearing in mind what types of health information systems exist and what their user bases are. Those health information systems that can belong or do not belong to the groups of systems regulated by the DMA and DSA were identified. The most relevant requirements for these systems were also identified from these acts.
The result of the study is that these acts have only minor consequences for the healthcare information systems sector as they are not often intermediary (hosting) services in the meaning of the DSA or gatekeepers in the meaning of the DMA. The emerging digital healthcare platforms are most affected by the new DSA and secondly such peer support patient portals where patients can supply content for others to see. Apparently, no digital healthcare platform has yet reached such a size or a dominant role within the EU that it would fall under the scope of the DMA.
The two above mentioned healthcare related intermediary services have due diligence obligations to remove illegal contents from their services and to treat their business and consumer customers fairly. The obligations include clear and fair terms and conditions, the provision of a single point of contact for users and authorities, content moderation, complaint handling, marking advertising clearly, annual reporting, and responding to the contacts from the authorities. The obligations increase when the size of the enterprise increases.
It is still too early to produce healthcare information systems specific guidance to support the implementation of these two acts as the acts themselves and potential upcoming general guidance documents can serve the health information systems community sufficiently well
