June 13, 2023

The metaverse in healthcare: What are the legal implications?

The Italian version of this article has been published on April 26, 2023 on AboutPharma.com, within our bi-monthly column “Digital impact in Life Sciences: Legal Corner”.

For some time now, there has been talk of the metaverse as a tool with great potential for increasing opportunities for treatment, research, and training in healthcare.

Imagine a virtual reality where a physician can “meet” a patient or other physicians and where data are exchanged in real time, scenarios are simulated, and virtual and immersive tools allow physicians all over the world to simulate surgeries to prepare to operate—or even to operate remotely. Imagine virtual rooms where physicians and medical representatives can convene. The health-sector possibilities are seemingly endless.

Naturally, all of this raises legal questions about what kind of tools will manage and regulate the metaverse in healthcare. Obviously, there is not yet a firm answer to this question. As is always the case when the law follows in the wake of science and technology, specific issues are emerging and answers and solutions are being sought. This often happens in fits and starts, or with two steps forward and one step back. It’s all part of a process of striking the right balance between often opposing interests and needs—a process that requires time and patience, as the recent ChatGPT privacy affair demonstrated.

Purely legal issues surrounding the metaverse in healthcare obviously will differ depending on the purpose of each specific tool. The metaverse is a technology, and therefore “neutral” from a legal standpoint. What is relevant for assessing legal implications is what is done in the metaverse and how it is done.

Metaverse for healing

When we speak of using the metaverse to treat disease, we usually are talking about software and apps designed to treat a specific pathology, mitigate its symptoms, support rehabilitation, and so on. In other words, these are software/apps that fall under the definition of medical devices under Regulation (EU) 2017/745 (MDR), so they must be classified as medical devices and therefore are subject to medical-device certification and all the safety and quality requirements in the MDR.

However, not all software used in healthcare can be categorized as a medical device. It is essential that the purpose of the software be one of the purposes expressly listed by the MDR, as confirmed by case law from the Court of Justice of the European Union (judgment of December 7, 2017, Case C-329/16) and an Italian court (TAR (Regional Administrative Tribunal) of Milan, judgment no. 452 filed on February 23, 2022). A piece of software is a medical device when it is “intended by its manufacturer to be used specifically” for one or more of the medical purposes set out in the definition of medical device; this is not the case “for software that, while intended for use in a medical context, has the sole purpose of archiving, collecting, and transmitting data.” The latter type of software may be used in a medical context, but it is not a medical device.

Metaverse for communication

The metaverse can also provide a more efficient mode for doctor-patient communication. For example, it can be used for telehealth appointments. In this case, from a legal standpoint the metaverse is similar to a telephone or video call used to transmit information, medical advice, and prescriptions. It has no medical function and is not considered a medical device.

The TAR decision cited above makes clear the distinction between medical-device software and software merely for communication and data storage. The case concerned a hospital’s rental of electromedical equipment needed to read patient parameters (oximeters and electrocardiographs)—which obviously required CE marking—and services connected to the storage and management of patient data, monitoring data, and data relating to therapy and clinical decisions—which did not require CE certification. The court confirmed that the contracting authority was correct in stating that a platform that merely classifies and stores health data acquired via medical devices, creating a database that can then be consulted while providing telehealth services, cannot be classified as a medical device.

When software cannot be classified as a medical device, the most important legal issue is probably security for virtual data transfer and storage (which obviously also is an issue for software classified as a medical device). In addition to the general privacy law, the telemedicine law is key here. That law applies based on the specific telemedicine tool implemented and sets minimum security requirements for platforms used for related services.

The Ministerial Decree of September 21, 2022 approved guidelines for telemedicine services (including functional requirements and service levels) and provides that the production environments for telemedicine platforms must be provided on the “cloud” according to the SaaS (Software as a Service) or PaaS (Platform as a Service) model and that (i) data and users must be properly separated and isolated at the application level, using appropriate authentication and authorization mechanisms required for the information to be visible; (ii) depending on the type of data that will be produced, acquired, and exchanged by the regional telemedicine infrastructure (IRT), the level of information assets may be labeled critical, making it necessary to orient the design of the IRT toward one of the following models: encrypted public cloud (in national territory); private/hybrid “licensed” cloud (in national territory); or private cloud (in national territory).

Metaverse for training

The metaverse can also be used to train and educate surgeons and other doctors. For instance, a virtual space can be created where surgeons can train to perform operations or prepare for the operating room by simulating surgery after entering patient parameters into the platform. Here again, the function of the virtual reality tool in question should be considered to determine whether or not it should be classified as a medical device. Some tools will be intended only for training physicians, while others will have more direct impact on patient care.

Alternatively, for other forms of training, doctors and medical representatives may meet in dedicated virtual spaces. This is a matter of understanding how the rules on medical-scientific information can be applied by adapting them to this new modality. For example, there might be discussion of how to oversee communication of the “avatar” information provider, or how to implement limits on the number of visits when a virtual room is always accessible. These are just a few examples of the many issues that may arise.

Metaverse and artificial intelligence

The combination of the metaverse and artificial intelligence, which enhances the potential of all the tools mentioned above, raises further issues related to personal data protection and use of these tools to drive this technology. This is not the place for a full discussion of those issues, but clearly the current Italian legislation on secondary use of personal data collected for different purposes is very restrictive (due to its distinctly “consent-centric” approach) and may block development of new technologies based on artificial intelligence.

So, we are waiting to see how the metaverse will play out in the world of healthcare, as well as whether and how current regulations will change to face the new challenges ahead.

< Back to blog
Welcome to the Portolano Cavallo Life Sciences blog focusing on legal development and key legal issues affecting the life sciences and healthcare industry.
Read more
Our highly-ranked team of professionals will provide news, insights and multidisciplinary commentary on the hottest and most recent regulatory, transactional and contentious aspects of the pharmaceutical, bio-tech, med-tech, food supplement and healthcare world with an eye on its digital transformation and technological developments.

This blog will be a place for focusing on digital health, telemedicine and artificial intelligence, as well as more traditional topics: from the protection of intellectual properties to performance of clinical trials, from the market access to advertising and competition issues, from internal and criminal investigations to M&A and venture capital transactions.

October 6, 2023
CBD products: the Administrative Court suspended until October 24 the recent Decree of the Italian Ministry of Health listing cannabidiol for oral use among narcotic drugs, due to the lack o...
October 4, 2023
The Guidelines for regulating contractual relations between universities and research institutes and private sponsors were adopted by the relevant Italian Ministries following the amendment ...
September 21, 2023
CBS products: from September 20th, compositions for oral administration of cannabidiol obtained from Cannabis sativa extracts shall be considered as narcotic drugs in Italy, as they have bee...
July 27, 2023
Payback on medical devices: Italian government announces extension of payment deadline to October 30, 2023
July 21, 2023
On July 21, 2023, the Italian Ministry of Health published new guidelines on health advertising of self-medication drugs (OTC) and non-prescription drugs (SOP), including advertising on new ...
Search by...
Follow us on
Follow us on