The DVG: an opportunity for digital health

DVG lets doctors prescribe digital health apps on health insurance. With the fast-track, the first apps will be approved from May. Read on to find out more.
The DVG: an opportunity for digital health
DVG allows digital health apps to be prescribed by doctors and paid for by insurers. Under the fast-track process, the first apps will be approved starting in May. Read on to find out more.

The Digitale-Versogung-Gesetz (DVG or digital care act) was passed in 2019. It comes into force in 2020 and aims to put Germany at the forefront of digital health. One of the central parts is allowing doctors to prescribe digital health apps, which are then funded from health insurance. This opens up a huge opportunity for digital health application developers. In order for your app to be approved you have to undergo an approval process from the regulator, BfArM. Read on to learn how your app can get approved and be eligible to access some of the €374bn Germans spend on healthcare each year.

What is the DVG?

The DVG is Germany’s new law that promotes digital health. The act was created to improve healthcare provision through digitalisation and innovation, covering a wide range of things, including digital prescriptions, telemedicine and a digital network. This act is meant to make digital health more accessible and effective.

According to German Federal Ministry of Health, this law will create an obligatory digital network for the health sector, aiming to promote the innovative power of the healthcare system and helping patients to use healthcare apps more quickly. It will be done by encouraging new ways of working: bringing online video consultations, e-prescriptions, electronic sick leave notices and financially incentivising doctors to use email rather than fax. Importantly for digital health companies, it paves the way for your app to be prescribed by doctors and funded by health insurers. eBook on MDR and eHealth

What is the effect on my business?

Germany is the largest healthcare market in the EU, spending around €374bn annually. If even a small share of this money is diverted to digital health, it will be transformative. Some other countries are already going down a similar path, and it is likely that this is the start of a funding revolution.

DVG: The German health market opportunity|

DVG focuses on apps that deliver an improvement in care. If your app falls into this category, getting approval to be listed on the BfArM directory clearly makes sense from a business perspective. The first companies to get approved will have a clear competitive advantage. This will also pay off as more countries adopt this “digital therapeutics” model.

What is the fast-track approval process?

Under DVG, digital health applications will be listed on a directory and can be prescribed by doctors. The directory will be maintained by the Federal Institute for Drugs and Medical Devices (BfArM). You can apply to get approved by BfArM through the fast-track process. The details and precise timeline are currently being finalised, but some aspects are already known. The central requirements are that your app demonstrates positive care effects and protects patient data and privacy.

Positive care effects

Any DiGA must demonstrate positive care effects. This means that using the application should improve the health and wellbeing of the patient or improve the efficacy and efficiency of their care. The fast track requires all DiGAs to be Class I or IIa certified under MDR or MDD. Apps that are approved will then have 12 months to collect evidence that proves they deliver this positive care effect.

Data protection, data security and quality

Any DiGA will have to meet strict requirements relating to data protection, data security and quality. We are waiting for the final checklists here (currently due to be released on 31 March). However, we already know some details. Firstly, you will prove that your application is GDPR compliant. This will include a need for a DPIA (data protection impact assessment). You will also have to prove you collect and store the consent of the end user. There are also requirements for data security including the need for a risk assessment. Any security breaches or data access will need to be securely logged to provide an audit trail. Finally, your application will need to meet quality requirements, however, these are already covered if you have an MDR certificate.


Currently, there is some uncertainty about the timeline for this because of the potential impact of COVID-19 (Coronavirus). The current plan is for the final guidelines to be released at the end of this month (31 March). App developers will then be able to start completing the checklists and ensuring they have everything in place to apply. The BfArM application portal is expected to open in May, with the first apps being listed in their directory a few weeks after that.

What should I do next?

If you want to submit your application for the DVG fast track, you need to start work right away. You should already have or be in the process of getting your MDR/MDD certification. You need to ensure that you are fully compliant with GDPR, including all technical and organisational measures. You need to conduct a DPIA and show how you are mitigating all data protection risks. You can also start the process of doing security risk assessments. Here at, we can help you with all these steps. As soon as the final checklists are released, we will analyse them in detail and will then be able to help you go through the application process using our unique combination of technology, legal consulting and technical know-how.

Are you intending to apply to BfArM to be listed as a DiGA? Want to know more about how to meet the privacy and security requirements? Contact us to learn more.