The German Digital Health Act (DiGA): Strategy, Impact, Challenges and Future Direction
NA
I. Executive Summary
The German Digital Health Act (DiGA), a foundational element of Germany's broader digital healthcare transformation, represents a pioneering legislative initiative to integrate digital health applications into mainstream medical care. Initiated by the Digital Healthcare Act (DVG) in 2019 and further bolstered by the Digital Act (DigiG) in 2024, this framework enables "apps on prescription" to be reimbursed by statutory health insurers, covering approximately 90% of the German population.
Significant achievements include the establishment of a "Fast-Track" approval process by the Federal Institute for Drugs and Medical Devices (BfArM), which has considerably expedited market entry for numerous digital health solutions. This accelerated pathway has resulted in a substantial increase in approved DiGAs, growing from 24 at the end of 2021 to 68 by late 2024, and a notable surge in prescriptions, with cumulative reimbursements reaching €234 million by December 2024. The model has garnered international attention, with other European countries exploring similar frameworks.
Despite these advancements, the DiGA ecosystem faces persistent challenges. Manufacturers encounter rigorous requirements for evidence generation, often preferring randomised controlled trials, which can be resource-intensive. Stringent data security and privacy compliance, including new BSI TR-03161 mandates for app hardening and penetration testing, pose considerable hurdles. Furthermore, a persistent lack of awareness and varying levels of digital literacy among healthcare providers and patients continue to impede widespread adoption and sustained usage. Economic concerns regarding long-term financial sustainability for manufacturers also remain pertinent.
The future trajectory of DiGA involves a maturing regulatory landscape, characterised by the inclusion of higher-risk Class IIb medical devices, the implementation of mandatory success measurement (AbEM), and a shift towards outcome-based pricing. Enhanced technological integration, particularly in Artificial Intelligence (AI) and seamless interoperability with electronic patient records (ePA), is central to its ongoing evolution.Germany's pioneering role in this domain offers crucial lessons and serves as a blueprint for digital health integration globally.
II. Introduction to the German Digital Health Act (DiGA)
Strategic Genesis: Background and core objectives of the Digital Healthcare Act (DVG) and Digital Act (DigiG)
The German Digital Healthcare Act (Digitale-Versorgung-Gesetz, DVG), enacted on December 19, 2019, marked a transformative legislative milestone in Germany's healthcare system. This act was conceived to accelerate the digital transformation of healthcare, aiming to enhance efficiency, foster patient-centricity, improve safety, and elevate the overall quality of care. The DVG's introduction was a direct response to the inexorable trend of digitalisation permeating all societal sectors, including healthcare, where increasing interlinkages between healthcare participants (hospitals, physicians, health insurers, patients) and the proliferation of digital health applications necessitated a robust regulatory framework. A primary concern addressed by the DVG was ensuring the reimbursement of novel digital health services and safeguarding sensitive health data.
Building upon the DVG, the Digital Act (DigiG), passed in February 2024, further solidified Germany's commitment to digital health. The DigiG aims to exploit the full potential of digital transformation in healthcare and nursing by addressing existing challenges associated with integrating digital solutions. Key objectives of the DigiG include the widespread integration of the electronic patient file (ePA) through an opt-out solution and the binding development of e-prescriptions, both intended to enhance patient safety and care quality. These legislative acts collectively underscore Germany's strategic vision to embed digital innovation deeply within its primary care infrastructure, moving from a system traditionally characterized by persistence to one embracing agility in healthcare delivery.
Defining DiGA: "Apps on Prescription" as regulated medical devices (Class I, IIa, and recent inclusion of IIb)
At the heart of the German digital health strategy are Digital Health Applications, or DiGAs. Colloquially known as "apps on prescription," DiGAs are digital tools—which can be mobile apps, web applications, or other digital medical devices—that doctors can prescribe to patients for a variety of diagnoses. This concept is revolutionary, as it officially integrates digital healthcare innovation into primary care, allowing costs to be reimbursed by all statutory health insurers.
A fundamental characteristic distinguishing DiGAs from conventional "lifestyle and well-being apps" is their classification as medical devices. Initially, DiGAs were limited to risk categories I and IIa under the European Medical Device Regulation (MDR) or Medical Device Directive (MDD), undergoing a rigorous certification process overseen by the German Federal Institute for Drugs and Medical Devices (BfArM). This certification mandates CE marking, proven medical evidence, robust quality management systems, and stringent data protection measures. The main function of a DiGA must be substantially based on digital technologies, and its medical purpose must be primarily achieved through this digital function, differentiating it from applications that merely read out or control other devices. DiGAs are designed to support the recognition, monitoring, treatment, or alleviation of diseases, injuries, or disabilities, and are intended for use by the patient alone or in conjunction with a healthcare provider, but not exclusively by healthcare professionals as "practice equipment".
A significant regulatory update, the Digital Act (DigiG) of February 2024, expanded DiGA eligibility to include medical devices of risk class IIb. This expansion allows for DiGAs in more complex treatment settings, such as tele-monitoring, though it imposes more stringent criteria for demonstrating evidence and proving positive care effects. DiGAs are not intended for primary prevention, focusing instead on secondary or tertiary prevention by addressing existing risk factors or preventing disease worsening and complications.
The Fast-Track Process: Overview of BfArM's expedited assessment and listing procedure
The DiGA "Fast-Track" process, overseen by the BfArM, is a cornerstone of Germany's strategy to rapidly integrate digital health innovations into standard care. This procedure is designed to significantly reduce time to market for digital health applications without compromising patient safety. The BfArM commits to assessing applications within a maximum of three months from the receipt of a complete submission.
The Fast-Track procedure offers two primary routes for a DiGA to be listed in the official DiGA directory and become eligible for reimbursement:
Permanent Listing: This path is available if the manufacturer can immediately provide robust, scientifically proven evidence of a "positive healthcare effect" (pVE) at the time of application. This evidence typically comes from completed quantitative comparative studies, often randomised controlled trials (RCTs), conducted in Germany, demonstrating the DiGA's superiority to standard care or non-treatment.
Provisional Listing: This route is particularly beneficial for startups and manufacturers who have not yet gathered comprehensive clinical evidence. A DiGA can be provisionally listed for a trial phase of up to 12 months (extendable by another 12 months) if it meets basic requirements for safety, functionality, quality, data protection, and information security, and plausibly demonstrates its potential to improve healthcare. During this provisional period, the DiGA can be prescribed and reimbursed, allowing manufacturers to collect the necessary real-world evidence for permanent listing. If sufficient data is not provided by the end of the trial period, the listing is revoked.
Key prerequisites for any DiGA application include CE certification as a medical device (Class I or IIa, now also IIb), a clear definition of its medical purpose, and adherence to various regulatory and normative requirements such as MDR, IEC 62304 (software lifecycle), IEC 62366-1 (usability), ISO 14971 (risk management), and ISO 13485 (quality system). Manufacturers must also establish an integrated management system encompassing quality and IT security, with certification for IT security management and data protection becoming mandatory from 2024. Penetration tests are a crucial and mandatory component of proving IT security. The BfArM offers advisory services, including kick-off meetings, to guide applicants through the process and ensure comprehensive support.
III. DiGA Implementation and Successes
Market Adoption and Utilisation
The DiGA framework has significantly expanded the accessibility of digital health solutions within Germany. As of December 31, 2024, the DiGA directory maintained by the BfArM listed 68 approved applications, a substantial increase from 24 at the end of 2021. By July 1, 2024, there were 56 DiGAs listed, comprising 35 permanently and 21 preliminarily approved applications. This growth reflects a nearly 200% expansion over three years, indicating a dynamic shift in a healthcare system traditionally known for its slower pace of change.
Prescription trends demonstrate increasing, though still evolving, utilization. Total prescriptions have risen
considerably, jumping from approximately 41,000 in the initial period (September 2020-September 2021) to 209,000 in the latest reporting period (October 2022-September 2023). Cumulative reimbursements reached €234 million by December 2024, with GKV expenditure increasing by 71% between 2023 and 2024. The analysis of the top 15 DiGAs, which account for 82% of total prescriptions, reveals that these applications receive between 8 to 77 daily prescriptions, with native apps and early market entrants showing higher rates.Approximately 81% of prescriptions issued have been activated by patients, suggesting active utilisation rather than mere prescription.
Patient awareness and willingness to use DiGAs are encouraging, yet actual adoption remains limited. A survey among rheumatology patients between February and April 2025 found that while 39.8% were aware of DiGAs, only 12.6% had actually used one. A significant majority (72.4%) expressed willingness to regularly use a DiGA, and 72.8% were open to recommendations from their rheumatologists or health insurers. This indicates a substantial gap between patient interest and current usage, highlighting a need for improved integration into clinical practice.
Physician perception of DiGAs is largely positive regarding their potential, but adoption rates are hindered by practical barriers. A 2022 survey of general practitioners revealed that 67% considered DiGAs reliable and 61% secure. Furthermore, 92% of internal medicine physicians surveyed in 2024 believed DiGAs could improve patient care. However, only 14% of general practitioners had prescribed a DiGA, and a mere 31% of internal medicine physicians had done so. Key barriers cited by physicians include a lack of knowledge (60%), insufficient time for patient onboarding (27%), and concerns about patient adherence (21%). Many physicians (56%) also reported feeling ill-equipped to provide comprehensive app-related advice. These findings suggest that while the legislative framework is in place, widespread clinical integration requires enhanced education and streamlined workflows for healthcare providers.
Manufacturers must demonstrate at least one of these positive care effects through rigorous scientific studies.For permanent listing, this typically requires a completed quantitative comparative study, with randomised controlled trials (RCTs) being the preferred "gold standard". These studies must be conducted in Germany and registered in a public study registry, with full results published.
DiGAs currently listed cover a wide range of therapeutic areas. As of July 1, 2024, the largest categories include mental health (26 DiGAs, predominantly for conditions like depression, anxiety, insomnia, and stress/burnout), followed by endocrine and metabolism (8 DiGAs, including those for diabetes and obesity), and musculoskeletal conditions (7 DiGAs for back pain, knee osteoarthritis). Other indications include tinnitus, migraines, and endometriosis.
Reported outcomes from studies and real-world usage show varied but promising results. For instance, DiGAs for mental health, such as Deprexis and Somnio, have demonstrated effectiveness in reducing depressive symptoms and improving sleep. Zanadio, an app for obesity, has supported over 30,000 patients. While studies consistently focus on medical benefits, particularly health status improvement, there appears to be an underutilisation of patient-relevant structural and procedural improvements in demonstrating healthcare impact. Some studies indicate symptom improvement (e.g., 51% of patients using DiGAs reported symptom improvement in rheumatology, with significant reductions in exhaustion and specific improvements for back pain and insomnia). However, overall significant changes in broader patient activation or health literacy are not consistently detected across all DiGAs.
The DiGA framework has established a clear and streamlined mechanism for the reimbursement of digital health applications, a critical factor for market entry and developer sustainability. Once a health application receives official DiGA certification from the BfArM, practitioners can prescribe it to their patients. The process mirrors traditional drug or therapeutic appliance prescriptions: a form is completed and given to the patient, who then submits it to their health insurer. The insurer, in turn, provides an access code for the app to the patient, enabling free usage at no upfront cost. This "one deal covers all" approach is a significant advantage for DiGA developers, as it eliminates the need to negotiate separate contracts with numerous health insurance companies, thereby reducing complexity, bureaucracy, and increasing predictability in insurance coverage.
The economic impact of DiGAs is becoming increasingly tangible. The annual market volume for DiGAs reached approximately €110 million by the end of 2024, representing a 72% increase over the previous year.Since the inception of the DiGA system, total expenditures by statutory health insurance funds have amounted to about €234 million.
Pricing for DiGAs follows a specific trajectory. For the first 12 months after provisional or final listing in the DiGA directory, the manufacturer is free to set the price for their application. Initial prices for a 3-month DiGA prescription typically range from approximately €200 to €700, with a median price of €514. After this initial period (or four months after final listing for those immediately approved), price negotiations commence between the manufacturer and the National Association of Statutory Health Insurance Funds (GKV-Spitzenverband).
These negotiations are scheduled for a five-month period, often involving three to four meetings. If no agreement is reached, an arbitration board determines the price. Following these negotiations, prices typically see a significant reduction, settling at a median of €221 for a 3-month prescription, representing about a 50% decrease from initial prices. The GKV-Spitzenverband has characterised the initial pricing phase as "startup financing without return," particularly when DiGAs are removed due to insufficient evidence, leading to concerns about economic risk and repayment assurance, especially given instances of manufacturer insolvencies. Conversely, the Spitzenverband Digitale Gesundheitsversorgung (SVDGV) views the initial pricing and provisional listings as a feature of a learning system that provides space for innovation.
IV. Key Challenges and Barriers to DiGA Integration
Despite the strategic intent and early successes of the DiGA framework, several significant challenges impede its comprehensive integration and broader impact within the German healthcare system. These obstacles span evidence generation, data security, healthcare provider engagement, patient adherence, and market sustainability.
Rigorous Evidence Generation
A primary challenge for DiGA manufacturers lies in meeting the stringent requirements for demonstrating a "positive healthcare effect" (pVE). While the fast-track process allows for provisional listing, requiring only a plausible demonstration of benefit and a study plan, final listing demands robust, scientifically proven evidence.The BfArM and the regulatory framework show a strong preference for randomised controlled trials (RCTs) as the "gold standard" for proving medical benefit, despite the Digital Healthcare Act encouraging alternative study designs.This preference presents considerable hurdles, especially for smaller companies and startups, who often lack the extensive knowledge of clinical research methods, the resources, and the time required to conduct such high-quality studies efficiently and within limited budgets.
The requirement for studies to be conducted within Germany further narrows the scope and increases complexity for international manufacturers. Manufacturers must define the target patient population precisely using ICD-10 codes and ensure the study population is representative. The need to demonstrate superiority over standard care, rather than mere equivalence, adds another layer of difficulty. The process of collating sufficient medical evidence within the one-year provisional listing period, which often extends to two years, reflects the extensive effort required to demonstrate clinical efficacy. The fact that only 18% of DiGAs demonstrated proven benefits upon initial inclusion, with a significant number failing to provide sufficient evidence and subsequently being removed from the directory, underscores the demanding nature of these requirements. The lack of harmonisation in evidence requirements and value assessment processes across EU member states also contributes to the challenge for digital therapeutics broadly.
Data Security and Privacy Compliance
Data security and privacy are paramount within the DiGA framework, reflecting Germany's strong regulatory stance on health data protection. DiGAs must comply with the General Data Protection Regulation (GDPR) and are subject to additional stringent requirements outlined in the Digital Health Applications Ordinance (DiGAV).
A significant new challenge for DiGA providers emerged with updated data security requirements from the Bundesamt für Sicherheit in der Informationstechnik (BSI), effective January 1, 2025. These BSI TR-03161 guidelines mandate a more rigorous and dedicated examination of data security for web apps, mobile apps, and backend systems, moving beyond the streamlined review previously conducted as part of the Fast-Track process. Key requirements include:
Comprehensive Penetration Testing: DiGAs must undergo extensive penetration tests conducted by BSI-accredited examiners, including manual code reviews and white-box tests, to verify that security measures can withstand real-world cyberattacks. These tests must be repeated when new interfaces are added or relevant libraries are updated.
App Hardening: DiGAs must implement advanced hardening measures to prevent reverse engineering, tampering, and other threats. This includes detecting and responding to operating system manipulation (e.g., root/jailbreak), preventing startup in debug environments, detecting unusual user rights, and operating in secure runtime environments that verify device integrity.
Information Security Management System (ISMS): Manufacturers are obliged to establish and certify an ISMS (typically compliant with ISO 27001) to ensure permanent information security and protect patient health data from unauthorised access.
Non-compliance with these new security standards carries severe consequences, including financial and reputational damage, and the potential removal of the app from the market. Past security vulnerabilities in listed DiGAs, such as those allowing access to other patients' data, underscore the critical need for robust security measures and continuous monitoring.
Another significant privacy challenge pertains to data processing outside Germany. The DiGAV strictly limits the location of personal data processing to Germany, EU member states, EEA contracting states, and Switzerland, or countries with an adequacy decision under GDPR Article 45. This means that processing based solely on standard contractual clauses (Article 46 GDPR) or binding corporate rules (Article 47 GDPR) is not permitted for DiGAs. This restriction poses challenges for manufacturers relying on cloud providers with parent companies in the USA, requiring specific adherence to the EU-US data protection framework or strict encryption with key management within the EU.
Furthermore, explicit and informed consent from users is mandatory for processing personal data, and data can only be used for the purposes specified in the DiGAV, strictly prohibiting use for advertising or other non-medical purposes. DiGAs must provide clear privacy policies, detailing data handling, retention periods, and mechanisms for users to revoke consent or request data deletion from within the app.
Healthcare Provider Engagement and Education
A persistent barrier to the widespread adoption of DiGAs is the limited engagement and knowledge among healthcare providers. Surveys indicate a significant lack of familiarity with the contents of the Digital Healthcare Act among physicians. While a majority of general practitioners (67%) and internal medicine physicians (92%) perceive DiGAs as reliable, secure, and potentially beneficial for patient care, actual prescription rates remain low (14% for GPs, 31% for internal medicine physicians).
The primary reasons cited by physicians for this adoption gap include:
Lack of Knowledge: A substantial proportion (60% of internal medicine physicians, 87.6% of healthcare professionals) report insufficient information or knowledge about DiGAs and how to implement them effectively. Many feel ill-equipped to provide comprehensive advice on app usage.
Time Constraints: Physicians often cite a lack of time for patient onboarding and education about DiGAs (27% of internal medicine physicians). Integrating new digital tools into busy clinical workflows requires dedicated time for explanation and support, which is often scarce.
Skepticism and Trust: Despite a fundamentally positive attitude towards digitalisation, skepticism about "apps on prescription" and potential risks still prevails among some medical professionals. Concerns about medical evidence and technological uncertainties also contribute to this hesitancy.
Reimbursement for Related Services: Healthcare professionals also express concerns about the reimbursement for DiGA-related medical services, which can impact their willingness to integrate these tools.
These factors highlight a critical need for targeted educational initiatives and comprehensive training courses for healthcare providers to explain the framework, advantages, and practical implementation of DiGAs.Encouragingly, a high percentage of physicians (88%) express interest in specific training on digital tools in clinical practice.
Patient Adherence and Digital Literacy
Despite high patient interest in digital health applications, a significant gap exists between awareness and sustained usage. A 2025 survey found that while 39.8% of rheumatology patients were aware of DiGAs and 72.4% expressed willingness to use them, only 12.6% had actually used one. This indicates that patient demand is not being fully met under current conditions.
Several factors contribute to this challenge:
Digital Literacy: Older adults, in particular, face challenges in implementing DiGAs due to lower digital health literacy, which is a decisive predictor of lower digital health literacy. The necessity of independent use of prescribed DiGAs can be daunting for some patients.
Motivation and Onboarding: While patients are generally open-minded about trying new digital health technologies, their sustained engagement relies heavily on motivation and proper onboarding by healthcare providers. If a patient is not adequately motivated by a doctor to use the tool, the likelihood of achieving positive outcomes decreases.
Lack of Awareness and Education: Patients may simply be unaware of the existence of specific DiGAs or their potential benefits.Educational campaigns aimed directly at patients, alongside physician recommendations, are crucial to bridge this information gap.
Sustained Use: Data suggest that approximately 20% of DiGA prescriptions are repeat prescriptions, implying that many DiGAs are not yet used long-term or repeatedly. This raises questions about the efficacy, user-friendliness, or structural barriers affecting sustained integration into standard care.
To address these issues, it is crucial to not leave patients, especially older adults, alone after prescription but to maintain close contact to overcome technical and motivational barriers. Strategies involving support from digital nurses or other healthcare support staff could significantly increase usage rates and ensure DiGAs become a serious therapy option.
Market Access and Financial Sustainability
While the DiGA Fast-Track process offers accelerated market access, manufacturers face ongoing challenges related to pricing, financial viability, and bureaucratic hurdles.
Price Negotiations: After the initial 12-month period where manufacturers set their own prices (median €514 for 3 months), subsequent price negotiations with the GKV-Spitzenverband often result in a significant reduction (median €221 for 3 months). This substantial price reduction can impact the long-term profitability and sustainability for manufacturers, particularly those with high development and evidence-generation costs. The GKV-Spitzenverband has voiced concerns about the high costs of DiGAs and the financial risk associated with provisional listings that do not ultimately demonstrate sufficient benefit, referring to the initial phase as "startup financing without return".
Economic Viability: The slow growth in the number of new DiGA admissions, coupled with increasing investments required to meet evolving regulatory requirements, suggests that fewer innovative products may be reaching the market. Insolvency cases among DiGA manufacturers, even those with high reimbursements, highlight the economic pressures and risks within this nascent market.
Bureaucratic Obstacles: Manufacturers perceive the entire BfArM fast-track process as challenging, with "security and functionality, data protection and interoperability" being significant hurdles. The process for approval is criticised as bureaucratic and outdated by some, potentially blocking wider adoption. While the BfArM aims for transparency and clear specifications, the complexity of navigating multiple regulatory requirements (MDR, DiGAV, BSI TR-03161) can be overwhelming.
Addressing these financial and bureaucratic aspects is crucial for fostering a sustainable DiGA market that continues to attract innovation and ensures long-term availability of effective digital health solutions.
V. Future Direction and Evolution of DiGA
The German DiGA framework is not static; it is a dynamic ecosystem continuously adapting to technological advancements, evolving healthcare needs, and lessons learned from its initial implementation. Its future trajectory is shaped by ongoing regulatory refinements, deeper technological integration, enhanced systemic interoperability, and a potential expansion of its clinical scope.
Regulatory Landscape
The regulatory environment for DiGAs is maturing, with recent legislative changes signaling a commitment to broader integration and stricter accountability. The Digital Act (DigiG), passed in February 2024, introduced several key amendments:
Inclusion of Risk Class IIb DiGAs: Previously limited to Class I and IIa, the DigiG now explicitly lists Class IIb medical devices as eligible for DiGA inclusion, albeit with more stringent criteria for evidence generation. This expansion allows for DiGAs in more complex treatment settings, such as telemonitoring.
Pricing Based on Performance Measurement: The DigiG introduces a concept of mandatory variable price components by linking application-related performance measurement (AbEM) to a portion of the DiGA remuneration. This signifies a move towards outcome-based pricing models, aiming to ensure that reimbursement aligns more closely with demonstrated value. Mandatory success measurement (AbEM) with continuous reporting of results to BfArM and publication within the directory will be implemented from 2026.
Streamlined Processes: The DigiG mandates health insurance companies to issue activation codes more quickly (within 2 days), eliminating the previous 14-day return period for patients. It also explicitly lists the pension entitlement of pregnant women for DiGAs, addressing a previous ambiguity.
Beyond these legislative changes, data security and privacy regulations continue to evolve. From January 1, 2025, DiGA providers must meet updated data security requirements set by the Bundesamt für Sicherheit in der Informationstechnik (BSI), specifically the BSI TR-03161 guidelines.
This mandates rigorous independent testing, including penetration tests and app hardening measures, for all DiGAs, both new and already approved. These stricter controls aim to enhance the resilience of digital health apps against cyber threats and bolster patient trust in data protection.
Technological Integration
The future of DiGA is inextricably linked to advancements in digital technologies, particularly Artificial Intelligence and the seamless integration of various hardware components.
Artificial Intelligence (AI) in DiGA
The role of Artificial Intelligence (AI) in digital health applications is rapidly expanding, promising transformative potential for diagnostics, personalized medicine, and chronic disease management. While AI-powered DiGAs are already in use, the regulatory landscape for AI in medical devices is still evolving.
Currently, there are no separate, specific requirements for software medical devices with AI components within the European Medical Device Regulation (MDR) as of January 2024. AI systems are regulated under the same standards and laws as traditional software medical devices, adhering to requirements for safety, performance, risk management (ISO 14971), quality management (ISO 13485), and software lifecycle processes (IEC 62304)
However, the inherent characteristics of AI—such as its "black box" nature (interpretability challenges), continuous learning capabilities, and dependence on large datasets—introduce unique regulatory considerations related to transparency, explainability, and data reliability.
The EU AI Act, which entered into force on August 1, 2024, is directly applicable in Germany and provides additional requirements for medical applications that include or are AI systems. This act classifies AI systems into different risk categories, with high-risk systems (which would include many medical AI applications) subject to stringent obligations to ensure high levels of health, safety, and fundamental rights protection. While the BfArM's general guidance for DiGAs emphasises precise patient group identification, consistency with intended medical purpose, and robust evidence of positive care effects, specific detailed guidelines for AI-powered DiGAs are not explicitly outlined in the provided data. However, the BfArM does offer advice on regulatory and data protection requirements, evidence provision, and study design for digital applications, which would apply to AI-driven ones.
Beyond Germany, regulatory bodies like the U.S. FDA are actively developing frameworks for AI/Machine Learning (ML)-enabled medical devices, focusing on good machine learning practice, predetermined change control plans, and transparency. These international efforts may influence future BfArM guidelines for AI in DiGAs.
The future potential of AI in DiGAs is immense. AI and ML technologies can transform healthcare by deriving new insights from vast amounts of data, supporting clinical decision-making, and reducing human error. Applications include:
Disease Diagnosis and Detection: Analysing medical images, genetic data, and EHRs to detect patterns difficult for humans to discern.
Predictive Analytics and Risk Stratification: Estimating probabilities of health events (e.g., heart attack).
Personalised Medicine and Treatment Optimisation: Recommending insulin dosages or optimising treatment plans.
Remote Monitoring and Chronic Disease Management: Analysing voice, facial expressions, and usage patterns for mental health, or extracting imaging biomarkers.
Clinical Decision Support Systems (CDSS): Providing insights to healthcare providers.
Germany is actively investing in AI infrastructure, building "AI factories" with thousands of NVIDIA GPUs to generate intelligence for businesses and researchers, accelerate manufacturing applications, and streamline AI models for drug discovery. These investments, coupled with initiatives to lower the threshold for AI adoption in small and medium-sized enterprises, suggest a future where advanced AI-driven solutions will increasingly integrate into the DiGA ecosystem, potentially leading to more sophisticated and adaptive digital therapeutics.
Hardware and Device Integration
DiGAs are primarily software-based, but they can seamlessly integrate with various hardware components, including devices, sensors, and wearables, to enhance their functionality and data collection capabilities. The critical criterion for such integration is that the primary function of the DiGA remains predominantly digital, and the hardware is necessary to achieve the medical purpose. For instance, an app reminding patients to take medication and suggesting dosages can integrate with a smartwatch as optional hardware for reminders and confirmation. However, a device that merely reads out or controls another piece of hardware, or a platform application that only enables the use of multiple other DiGAs on a smartwatch without providing primary digital services itself, would not qualify as a DiGA.
The Digital Act (DigiG) aims to create greater openness between medical aids/implants and DiGAs, which should provide DiGAs access to more data sources in the future. This indicates a strategic push towards a more interconnected digital health ecosystem where data from various medical devices can feed into DiGAs, enriching their diagnostic, monitoring, and therapeutic capabilities. The interoperability requirements for DiGAs also extend to wearables and other medical devices, mandating an interoperable interface for data exchange from 2024 for devices and implants that send patient data to a manufacturer's backend or third party. This focus on integrated hardware solutions will enable more comprehensive patient monitoring and personalised interventions, moving beyond standalone app functionalities.
Systemic Interoperability
Interoperability is a critical pillar for the long-term success and scalability of the German digital health system. The Digital Act (DigiG) explicitly aims to increase the binding nature of standards and profiles to achieve interoperability goals, leading to improved data availability, higher treatment quality, and greater protection of patient data.
Key aspects of advancing systemic interoperability include:
Electronic Patient Records (ePA): The ePA is envisioned as a central digital healthcare platform that connects all relevant stakeholders and facilitates optimal information flow between healthcare providers and patients. The DigiG aims for the widespread integration of ePA through an opt-out solution. DiGAs are expected to interact seamlessly with the ePA, enabling data transfer in an interoperable format. The BfArM is actively working on converting its code systems (e.g., ICD-10-GM, LOINC, OPS) into HL7 FHIR format and making them accessible via a central terminology server, which will support IT systems in the healthcare sector and the ePA.
Standardised Data Exchange: DiGAs must meet structural, syntactic, semantic, and organizational interoperability requirements. This includes enabling data export in human-readable, printable formats, as well as in interoperable formats, often leveraging standards like HL7 FHIR (Fast Healthcare Interoperability Resources). The KBV's MIO DiGA-Toolkit is particularly important for transferring data to the ePA.
Digital Identity (Health ID): From January 1, 2024, DiGAs are mandated to offer user authentication via a digital identity (Health ID), ensuring secure 2-factor authentication and providing another necessary interface to other healthcare systems based on standards like OpenID Connect.
Telemedicine Expansion: The Digital Act provides for telemedicine to become an integral part of healthcare, with previous restrictions on video consultations being lifted to make them more extensive and accessible. This expansion promotes more flexible healthcare provision, independent of geographical location.
These efforts aim to overcome the fragmentation of the German healthcare system and the diversity of information systems, which have historically led to quality and quantity losses in data exchange. By promoting common standards and interfaces, Germany seeks to ensure real-time information flow and seamless data exchange between EHRs, medical devices, and other healthcare IT solutions.
Expanding Scope
The initial focus of DiGAs has primarily been on supporting the detection, monitoring, treatment, or alleviation of existing diseases, injuries, or disabilities (secondary and tertiary prevention). However, the future direction indicates a potential expansion of this scope.
While DiGAs are explicitly not for primary prevention (preventing a disease from occurring in the first place) , the definition of "treatment" within the DiGA framework includes applications that contribute to preventing the worsening of a disease (secondary prevention) or a secondary disease or complication (tertiary prevention), provided a risk factor can be coded as a diagnosis. This nuanced definition allows for a broader range of applications that manage existing conditions or prevent their progression.
Looking ahead, Germany's digitalization strategy for health and care emphasises improving quality across preventive healthcare, diagnostics, medical treatment, and care. Digital applications are seen as crucial for detecting the risk of conditions like kidney damage in diabetics at an early stage. The further development of structured treatment programs (Disease Management Programs, DMPs) based on digitalised care processes also points towards more integrated and proactive digital health solutions. The potential for DiGAs to address more advanced diagnostics and even contribute to primary prevention in the long term, by enabling early detection and risk assessment, remains a significant area for future development, even if current regulations limit direct primary prevention claims.
International Influence
Germany's DiGA framework has garnered significant international attention and is increasingly viewed as a pioneering model for integrating digital health applications into national healthcare systems. As the first country to systematically include digital treatment methods into standard care and establish a clear, reimbursable pathway for "apps on prescription," Germany has set a precedent for global health practices.
Other European countries, including France, Belgium, and Austria, are actively studying and adopting comparable approaches for digital medical device reimbursement and integration. The European Medicines Agency (EMA) and the Heads of Medicines Agencies (HMA) are also exploring how to leverage Artificial Intelligence and new digital technologies to improve efficiency in medicines regulation, indicating a broader European drive towards harmonised evaluation and adoption of digital health technologies.
The German model's success in facilitating rapid market access (three-month approval), ensuring reimbursement by statutory health insurance, and establishing a rigorous assessment process has made it an attractive blueprint. While challenges remain, particularly in harmonising regulatory requirements and evidence generation across different countries, Germany's experience offers valuable insights for international policymakers and manufacturers considering entry into the digital health market. The ongoing evolution of DiGA, including its regulatory adaptations and technological advancements, will continue to serve as a crucial case study for the global digital health landscape.
VI. Conclusions
The German Digital Health Act (DiGA) stands as a landmark initiative, fundamentally reshaping how digital health applications are integrated into a national healthcare system. Its strategic genesis in the Digital Healthcare Act (DVG) and subsequent reinforcement by the Digital Act (DigiG) reflects a proactive commitment to leveraging technology for improved patient care, efficiency, and quality. The establishment of the BfArM's Fast-Track process, enabling "apps on prescription" to be reimbursed by statutory health insurers, has been a significant success, fostering rapid market entry and a growing number of approved digital solutions.
However, the journey has not been without its complexities. The rigorous demands for evidence generation, particularly the preference for randomized controlled trials, pose substantial hurdles for manufacturers, especially startups. The evolving and increasingly stringent data security and privacy requirements, exemplified by the BSI TR-03161 guidelines and strict rules on data processing outside Germany, necessitate significant investment and expertise from developers. Furthermore, the full potential of DiGAs is yet to be realized due to persistent challenges in healthcare provider engagement, marked by a lack of knowledge and time constraints for patient education, and varying levels of patient adherence and digital literacy. The economic sustainability for manufacturers, particularly concerning price negotiations post-listing, also remains a critical area of concern.
Looking ahead, the DiGA framework is poised for continued evolution. The inclusion of higher-risk Class IIb medical devices, the shift towards outcome-based pricing models with mandatory success measurement, and the continuous strengthening of data security regulations signal a maturing and more accountable ecosystem. The deeper integration of Artificial Intelligence, from diagnostics to personalised medicine, along with seamless interoperability with electronic patient records and other connected devices, will unlock new frontiers in digital health. Germany's pioneering role in this domain offers invaluable lessons for other nations seeking to integrate digital therapeutics effectively into their healthcare systems, highlighting the delicate balance between fostering innovation, ensuring patient safety, and achieving systemic transformation. The ongoing success of DiGA will depend on addressing the identified barriers through sustained collaboration among policymakers, regulators, industry, and healthcare providers, ensuring that digital health truly serves as a cornerstone of future-proof healthcare delivery.
Nelson Advisors > Healthcare Technology M&A
Nelson Advisors specialise in mergers, acquisitions and partnerships for Digital Health, HealthTech, Health IT, Consumer HealthTech, Healthcare Cybersecurity, Healthcare AI companies based in the UK, Europe and North America. www.nelsonadvisors.co.uk
Nelson Advisors regularly publish Healthcare Technology thought leadership articles covering market insights, trends, analysis & predictions @ https://www.healthcare.digital
We share our views on the latest Healthcare Technology mergers, acquisitions and partnerships with insights, analysis and predictions in our LinkedIn Newsletter every week, subscribe today! https://lnkd.in/e5hTp_xb
Founders for Founders > We pride ourselves on our DNA as ‘HealthTech entrepreneurs advising HealthTech entrepreneurs.’ Nelson Advisors partner with entrepreneurs, boards and investors to maximise shareholder value and investment returns. www.nelsonadvisors.co.uk
#NelsonAdvisors #HealthTech #DigitalHealth #HealthIT #Cybersecurity #HealthcareAI #ConsumerHealthTech #Mergers #Acquisitions #Partnerships #Growth #Strategy #NHS #UK #Europe #USA #VentureCapital #PrivateEquity #Founders #BuySide #SellSide #Divestitures #Corporate #Portfolio #Optimisation #SeriesA #SeriesB #Founders #SellSide #TechAssets #Fundraising #BuildBuyPartner #GoToMarket #PharmaTech #BioTech #Genomics #MedTech
Nelson Advisors LLP
Hale House, 76-78 Portland Place, Marylebone, London, W1B 1NT
[email protected]
[email protected]
Meet Us @ HealthTech events
Digital Health Rewired > 18-19th March 2025 > Birmingham, UK
NHS ConfedExpo > 11-12th June 2025 > Manchester, UK
HLTH Europe > 16-19th June 2025, Amsterdam, Netherlands
Barclays Health Elevate > 25th June 2025, London, UK
HIMSS AI in Healthcare > 10-11th July 2025, New York, USA
Bits & Pretzels > 29th Sept-1st Oct 2025, Munich, Germany
World Health Summit 2025 > October 12-14th 2025, Berlin, Germany
HealthInvestor Healthcare Summit > October 16th 2025, London, UK
HLTH USA 2025 > October 18th-22nd 2025, Las Vegas, USA
Web Summit 2025 > 10th-13th November 2025, Lisbon, Portugal
MEDICA 2025 > November 11-14th 2025, Düsseldorf, Germany
Venture Capital World Summit > 2nd December 2025, Toronto, Canada
Nelson Advisors specialise in mergers, acquisitions and partnerships for Digital Health, HealthTech, Health IT, Consumer HealthTech, Healthcare Cybersecurity, Healthcare AI companies based in the UK, Europe and North America. www.nelsonadvisors.co.uk