A DiGA is a digital health application regulated by a specific German law called the digital health applications regulation (DiGAV). The law protects personal data collected from patients using a DiGA. In return, the vendor may bill health insurances for the service. The German Federal Institute for Drugs and Medical Devices (BfArM) has created a specific application process to ensure the patient’s safety. This means that in exchange for the profit and a wide distribution channel, vendors must comply with the DiGAV.
Although the DiGAV often refers to the General Data Protection Regulation (GDPR), it is different from the European regulation. For example, the DiGAV allows personal data collection without separate consent. This means you may use it for your research and product analysis. Still, The DiGAV is clear on what you may use data for.
DiGAs are medical devices that deal with a person’s health. This means they need to be user-friendly and function properly. That’s where product analytics becomes important. Once you collect and analyze personal data, your app must meet DiGAV’s strict criteria. Keep in mind that you are collecting health data, which requires a higher level of data security to protect it from potential data breaches.
When it comes to product analytics, it’s best to work with an analytics provider that respects the privacy of your patients’ data. This includes technical and organizational standards.
In this article, we dive into aspects of data protection and the technical side of things. We also present a small comparison of product analytics platforms on the market.
In 2019, the Apple Store offered 44,383 health apps for download. In 2020, the number grew by ten percent and the apps gained continuous popularity. In the midst of apps, such as fitness and lifestyle, emerged a different set of programs that help patients with their health issues.
According to the BfArM guidelines, a DiGA is a “digital assistant” in the patient’s hand. It is a medical product in the form of a native app, a web or desktop application that:
- Falls under risk classes I and IIa for medical devices, depending on how much they influence a patient’s health.
- Is based on digital technology.
- Detects, treats or eases illnesses.
- A patient uses it independently or together with medical staff.
A DiGA may work with medical staff or additional technologies, such as a smartwatch.
The main difference to a health app is that the DiGA provides a medical service to the patient that interacts with it.
Let’s take a look at this example: an app that helps with therapy, providing psychotherapeutic services.
|Description||The app is a digital platform for communication. The patient coordinates and conducts conversations with a psychotherapist via video or phone.||The app offers patients with mild depressive episodes a digital care model. It gives information about the illness, and records and documents moods and symptoms. It lets patients create their own diaries and offers relaxation exercises. If necessary, it automatically notifies the therapist.|
|Justification||The main function is the digital communication channel without any other services.||This is a digital care model that goes beyond communication and meets all DiGA criteria.|
The DiGAV sets high requirements for a DiGA. Registration on the DiGA list according to Social Code (SGB) Five (V) § 139e is a complicated process. We have summarized the individual steps for you in this chart:
The DiGAV gives you a dedicated checklist. It helps you fulfill all requirements before submitting an application. The first points you’ll find are data privacy and data security. So lay out your hosting and analytics strategy early. This will help you avoid hiccups during the review process.
Once your application meets the demands, the BfArM registers it as a DiGA for a defined time frame. During the following twelve months, you collect data about the app’s users to prove the DiGA affects their health positively.
If the effects on a patient’s health are positive, the BfArM registers the app as a DiGA for good. In the opposite case, you may reapply after one year.
Sometimes companies have enough information about the effects before beginning the application process. One of the following happens:
- The data set is similar in scope to a twelve-month study, and the DiGA yields positive effects. The BfArM permanently registers the app on the DiGA list within three months.
- The data is insufficient. The institute initiates another twelve-month test phase. The BfArM provisionally registers the app on the DiGA list.
The DiGAV sets such high standards for good reason – an app may improve or worsen a person’s state of health. More than 50% of vendors withdrew their DiGA from the process in 2021. 24% of apps are listed as DiGA. The rest are either under review or have been discarded.
A privacy-friendly product analytics software helps you to prepare for a DiGA registration. You can find errors in the app, identify important content, and see ways to improve the user interface.
The DiGAV describes the requirements for data protection and data security in § 4:
Digital health applications must ensure legal data protection requirements and state-of-the-art data security requirements, taking into account the type of data processed and the associated levels of protection, as well as the need for protection.
The DiGAV presents four purposes for which app vendors may collect personal information:
DiGAs aim to improve the patient’s health with or without the help of a healthcare professional. Article 6b of the GDPR requires:
The processing (of the data) is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the request of the data subject.
Without users’ health and behavioral data, vendors wouldn’t be able to tell whether the app actually helps users. This is where product analytics comes into play. A privacy-friendly analytics platform shows the efficiency of the apps’ content and monitors the DiGA’s performance.
The DiGAV allows vendors to share their data and prove that their product elevates a patient’s health. This enables them to distribute their product through pharmacies, doctors and physiotherapists.
Germany is the first country in the world to allow doctors to prescribe a healthcare app. The desired entry in the DiGA list allows manufacturers to bill health insurance companies. This means that pharmaceutical companies need to review the collected data as well.
DiGAs must be available to a wide range of patients. These medical products should be safe and not endanger the patient. They should be easy to use, even for a person with disabilities. A friendly user interface (UI) and design is essential.
A detailed product analysis ensures the technical functioning of a DiGA. It enables development through data-driven decisions. The content should also “correspond to the generally accepted state of medical knowledge”.
Note that the analytics software must adhere to the same strict privacy rules as your app. Use the collected data only for product analysis, and not for marketing purposes. This requires technical as well as organizational measures, which we will discuss later.
Before we venture into product analytics, let’s go over health data and its security. What exactly is health data?
Health data is sensitive and personal data according to Art. 4 of the GDPR. It relates to the physical and mental health of a patient. Medical devices, such as DiGAs, may cause harm to a patient. Data breaches can also harm a person in various ways.
The DiGAV requires that you inform your users about the data collection and use. A detailed statement of the purpose and an active consent option, such as a checkbox, suffice. Yet, there are more differences from the GDPR.
The DiGAV forbids the use of personal data according to Art. 46 of the GDPR, i.e., utilizing standard contractual clauses (SCC). This means that American-based platforms, such as Google Analytics, may not be used. For one, they transfer data outside the EU and also use it for other purposes. Second, they cannot assure the safety of the collected data due to the Cloud Act. The act empowers governmental agencies to search through data from outside the US, including data about EU citizens. This also means you are not in control of the data you have collected.
When it comes to digital data collection, there are two categories of data that a vendor should consider:
Data in transit is sent from one place to another, but is also ready to be read, accessed, updated or processed. Data in transit is less protected than stored data, but is not a popular target for attacks.
Secure sockets layer (SSL) technology, for example, encrypts private and public communications. Regular audits and security checks are essential in protecting data in transit.
This is data that is archived or used for reference. Although this data is better protected than data in motion, it is more prone to attacks.
Data at rest must always be encrypted before you archive it. Above all, personal data must be pseudonymized. The DiGAV eliminates the need for anonymization because personal data is required for the studies.
Therefore, DiGAV looks at certain quality features in hosting.
§ 4 para 3 of the DiGAV describes:
In the context of a digital health application, the processing of personal data by the digital health application itself, as well as in the case of processing of personal data on behalf, may only take place in Germany, in a Member State of the EU or in a […] equivalent state […].
This indicates that DiGAV may favor the use and storage of data in Germany, since it travels a shorter distance. Still, it is possible to choose servers in the EU.
Make sure your hosting and analytics providers maintain the right certificates. The German Federal Institute for Drugs and Medical Devices may request to see certificates, such as ISO 27001. If you opt for on-premises, you will have to get the necessary certificates yourself.
The DiGAV allows you to share data with scientific institutions and pharmaceutical companies. But that’s about it. No other unauthorized party should access health data. This includes employees within your company.
Also pay attention to authorization levels offered by analytics software. It’s important that marketing, for example, doesn’t access and use this data. Privacy-first analytics platforms let you use your preferred single sign-on (SSO) authentication, as well as create multiple user groups with different permissions.
What’s more, use an audit log. It stores information about all data access. This way, you can verify that only authorized personnel have access to the data.
Errors in application could endanger a patient’s health. The DiGAV sets quality requirements according to § 5 to lower this risk. A DiGA should:
- Withstand disturbances and errors.
- Inform the user about the data processing at the beginning.
- Be free from advertising.
- Be easy and intuitive to use.
- Support persons with disabilities in the operation.
- Offer information that corresponds to the generally recognized professional standard. It should also be suitable for the target group.
- Support a patient’s safety.
Suppose a patient uses our example DiGA to improve their mental health. For example, if the DiGA provides the wrong relaxation exercise, it could negatively affect the state of that individual.
If a person with disabilities uses a DiGA, but the UI is not user friendly, it could also lead to unforeseeable consequences. Make data-driven decisions to improve your app.
Privacy-friendly product analytics software helps you evaluate the performance of a DiGA. This helps you optimize the app’s performance, discover problems you wouldn’t find otherwise, and see which content is helpful and which less so.
DiGAs can take different technical forms. They can be a desktop app or a mobile app. In the latter case, you need mobile software development kits (SDK) for iOS and Android.
Mobile SDKs for analytics are pre-programmed code packages that help to measure specific dimensions and metrics. They simplify measurement because you don’t have to write your tracking code. Once the mobile device is connected to a mobile network, the SDK sends the data to the server.
You can collect the following data:
- Screen views or page views represent the content that a patient views in the DiGA. This could be the home screen, the diary, or content for reading that you offer in the app.
- Custom events collect data about the use of the DiGA and how the patient interacts with it. They let you collect data on individual clicks of forms that record a patient’s mood.
- Custom dimensions are user-defined attributes that you assign to a visit or an interaction. This could be useful, for example, in identifying users with disabilities. It may show the paths they take, and represent possible vulnerabilities in the UI.
- Exemptions are caused by errors in the DiGA. These errors usually lead to a change in the program. Detecting them immediately enables the safe functioning of the DiGA.
- Outlinks are external websites that patients visit from your DiGA. These could be various articles and medical resources linked in the application.
- Internal searches show you what your users are looking for and what content may be missing.
- Content impressions and interactions let you collect data on banners, videos or text messages and show you how the user engages with them.
Custom reports allow you to tailor the product analytics software to your DiGA to e.g. capture exemptions quickly that could put patients at risk.
Learn which content is helpful and which you should improve. Custom reports enable data-driven decisions at a global and a granular level, depending on your needs.
The user flow report shows the paths your users take and whether they encounter any problems. It helps you to spot large drop-offs. Design your DiGA in an easy and intuitive fashion. Compare your planned paths with those of your users. This way you identify gaps in user experience and identify opportunities for further development.
The user flow shows you up to five items, by default, that are either a screen view or all events. In the figure below we show an example of a global view of the screens that DiGA users use.
Say that your DiGA should display certain relaxation exercises according to a patient’s answers in a form. A user flow tells you whether it displays all exercises and at what frequency. Learn how patients interact with your DiGA and analyze their behavior.
Once you select “all events”, you will see what users choose within a sentiment analysis form. The report displays each click as a custom event. You learn if users answer all questions and which answers they pick most often.
When you classify people with disabilities up front, you use custom session scope dimensions to see if they have trouble with the form. This means that you might need to create a different form globally, or only for people with disabilities.
Funnel reports let you review a specific path, especially when you have made changes to your app. Let’s say you have improved the forms for people with disabilities. The funnel allows you to view the path step by step. This includes optional steps as well.
Export the data to common BI tools and visualization programs via an API. They display care effects in a clear and understandable fashion. Make it as easy as possible for BfArM to understand and validate the data.
Dedicated APIs help you to visualize data or send it to authorities and health insurers. Create your channel of information via data lakes or direct connections between the parties involved.
Google Analytics has its own SDK called Firebase. At first glance, the offer looks very inviting – it’s free and it’s powerful. But the impression is deceptive. DiGAV sets high standards for the security of health data. When analyzing a DiGA, you work with personal data. This must not be sent to Google Analytics. You have to take many steps to become DiGAV compliant, but are at risk of losing countless data sets.
Choose an analytics partner that lets you work in a privacy-friendly environment and provides the data you need.
We have compiled the most important product analysis programs for you. Get a brief insight into the providers and their software.
|General information||Piwik PRO Enterprise||Mixpanel Enterprise||Amplitude|
|100% data control|
|On-premises and Private Cloud|
|Cloud hosting in Germany|
|Android & iOS support|
|Compliance with GDPR|
|Compliance with DiGAV|
|ISO 27001 certified organization|
As you can see, all but one piece of product analytics software comes from the US. Problems with data security might occur, as the US does not have equivalent laws to the GDPR.
|Data Processing & Connectivity||Piwik PRO Enterprise||Mixpanel Enterprise||Amplitude|
|Raw data access|
|Connectors to common BI and data visualization software|
*more details are found in the product analytics comparison
Connectors to data visualization programs simplify the presentation of data. This increases your chances of getting certified. Now let’s take a look at the reports themselves.
|Reporting Features||Piwik PRO Enterprise||Mixpanel Enterprise||Amplitude|
|Custom report editor|
|Clickpaths & journey mapping|
|Integrated tag manager|
The DiGAV is a very strict law in Germany. If you are looking for a product analytics platform for the US market, check out these materials:
The DiGAV sets high demands on DiGA manufacturers. All the cogs must mesh so that your users experience flawless user friendliness and you get reimbursed by health insurers. Product analytics is an essential part of DiGA certification and beyond.
We hope this article has been helpful to you. If you want to know more about product analytics for DiGAs, please do not hesitate to contact us. We would be happy to present our product to you in a demo.