We use cookies to personalise the website and offer you the greatest added value. They are, among other purposes, used to analyse visitor usage in order to improve the website for you. By using this website, you agree to their use. Further information can be found in our data privacy statement.

Legal pitfalls in the context of digital communication with patients


published on 11 November 2020 | Reading time approx. 10 minutes

Digitalisation also expands the possibilities for communication with patients and also offers innovative care structures, which can contribute to better healthcare. However, what may be technically possible and communicatively desirable does not necessarily have to be legally permissible. Pharmaceutical companies, as well as doctors, therapists and pharmacies that take advantage of the opportunities and benefits of digitalisation must be aware of the regulatory requirements and ensure compliance. The current legal framework is complex and also characterised by numerous reforms that the legislator considers necessary in order to respond to technical innovations. The following article is intended to provide an overview and address specific issues in order to show where legal pitfalls can lurk in the context of digital patient communication. 

Case scenarios of digital patient communication

The topic of digital patient communication covers various case scenarios. On the one hand, it is about companies communicating with patients for very different purposes. For example, to inform and promote their medicines not only to healthcare professionals but also to the lay public, to create awareness of a particular medicine even before it is launched on the market, to increase awareness of certain diseases and indications through disease awareness campaigns, to support patient recruitment for clinical studies or to improve access to their own medicines through patient support programs. This digital communication takes place, e.g. via corporate websites, newsletters, social media, video platforms such as YouTube, apps, e-commerce platforms such as Ebay and Amazon, blogs and influencers, and call centers. 

On the other hand, the topic also covers communication between doctors, therapists, pharmacies and patients through the use of digital communication technologies, i.e. online patient portals, communication by e-mail or SMS via smartphones and other chat applications or even video conferences/telephone for the purpose of online consultation. This is because the possibilities of digital patient communication are also being used more and more in the field of health care, e.g. telehealth, i.e. diagnostics and therapy by bridging a spatial or temporal (“asynchronous”) distance between doctor, therapist, pharmacist and patient or between two consulting doctors via electronic information and telecommunication technologies.

Legal challenges

The opportunities offered by digital communication in the pharma and health care sector also face enormous legal challenges. In this respect, it should be noted that in principle the conventional legal framework also applies to digital communication. That is especially the rules on advertising of medicinal products and medical devices as well as the regulations on privacy and intellectual property rights. To this it adds the general pharmacovigilance and obligations of the marketing authorization holder as well as the post-market surveillance obligations of the manufacturer of medicinal products.

It should be noted in this respect that the EU legal framework for human medicines (Directive 2001/83/EC) as well as the Member States laws (in Germany Therapeutics Advertising Act Heilmittelwerbegesetz – HWG), set strict standards for the advertising of medicinal products. For instance, there is a ban of advertising of pre­scription drugs directly to consumers, i.e. patients. The German HWG limits the advertising of such drugs to the so-called professional circles (doctors, therapists, pharmacists, etc.). In addition, the law prohibits companies from promoting medicinal products in respect of which a marketing authorization has not been granted, including pre-marketing and the promotion of off-label uses, that is, for a non-authorized indication or in a non-authorized form, strength, or dosage. 

Moreover, certain marketing activities in relation to consumers are prohibited at all, among others promotion containing information or representations referring to scientific studies and professional publications or to an individual’s medical history as well as surreptitious advertising. Also, the offer or supply of gifts are generally forbitten for medicinal products, including offers such as “buy-one-get-one-free” are prohibited. Moreover, Regulation (EU) 2017/745 sets out rules on claims made for medical devices, prohibiting especially to use texts, names, trademarks, pictures and figurative or other signs that may mislead the user or the patient with regard to the device's intended purpose, safety and performance. This ban on misleading advertising is as well established in the German HWG which also applies to medical devices. In addition to these special legal regulations, companies must also comply with the rules of competition law in the context of patient communication.

Another important set of regulations to be observed in digital patient communication are regulated by data protection law. First of all, EU General Data Protection Regulation No 679/2016 applies to any processing of personal data (both identification data as name, surname; and particular data, as health data). Furthermore, local laws may directly rule telemedicine, teleconsultation, online reports and electronic health file. The above laws set very tough and challenging rules:

  • First each company/organisation before processing personal data should evaluate the risk and the impact of any processing operation and the organisational and technical measures to be taken to mitigate the risk.
  • Secondly, implement the measures.
  • thirdly check the correct implementation and operation of the solutions themselves. In other words, any company/organisation is required to adopt an approach aimed at accountability.

In the following we look at some selected issue regarding digital patient communication both from the point of view of advertising restrictions and the need for data protection.

Individual problem areas with regard to the advertising of medicinal products and medical devices to patients

In view of the strict regulations with their numerous bans and restrictions on public advertising of medicinal products and medical devices, the distinction between advertising and mere information is extremely relevant. In particular, this also determines whether and under what conditions a company can (digitally) address patients within the framework of “disease awareness” campaigns, patient compliance programs and recruit­ment of patients for studies. And how the correction of false information about their products, which can often be found in digital media and channels in particular, can be carried out in the interest of pharmaceutical companies without infringing on the legal boundaries of advertising for medicinal products and medical devices. The key point here is the EU-wide uniform definition of “advertising” in Art. 86 (1) of Directive 2001/83/EC: it includes “any form of door-to-door information, canvassing activity or inducement designed to promote the prescription, supply, sale or consumption of medicinal products”. In plain language: advertising is product-related and requires the goal or intention of sales promotion.

However, it is not always easy to decide when this is the case. Even the Court of Justice of the European Union has stated in its landmark decision of 5 May 2011 (Case C-316/09) that the legislator assumes a very broad concept of advertising for medicinal products; at the same time, however, it has made it clear that the aim of the message is the fundamental defining characteristic of advertising and the decisive criterion for distin­guishing advertising from simple information. Advertising may thus also consist of the mere publication or communication of factual, scientific information, when the aim is to promote the sale of a medicinal product. E.g., in a ruling of 12 December 2019, the OLG Frankfurt (6 U 189/18) decided, once again that a presentation that only reproduces study results on a drug does not constitute mere information if the product name is high­lighted, since this then serves not only to provide information but also to promote sales. In addition, product-related advertising can be distinguished from image cultivation that is not product-related but company-related, which – without reference to specific products – promotes the reputation and performance of the company in general. Such company advertising is not subject to the regulatory restrictions for pharmaceuticals. The differentiation to product-related advertising depends largely on whether the overall appearance of the advertisement focuses on the presentation of the company or on the promotion of certain or at least individualized products (see inter alia BGH, judgement of 6.6.2019, I ZR 206/17)..

Direct communication of general information to (potential) patients by pharmaceutical companies to draw attention to certain diseases and their treatment, so-called disease awareness campaigns, can also be realised without having to comply with the strict advertising regulations as long as there is no, even indirect, product reference. This approach is also increasingly used in the context of so-called influencer marketing, which has gained importance especially in the context of digital patient communication. Particularly for prescription drugs, the focus is increasingly being placed on implementing “awareness marketing” with influencers, since advertising to the general public is prohibited. In campaigns of this kind, the advertising ambassador does not advertise a specific medicinal product directly, but is committed to raising awareness of the disease for which the drug from the pharmaceutical company in question is indicated. But be careful, because a product-related advertisement (as distinct from mere information) is also present if the product name is not mentioned anywhere in the advertisement, but the addressee of the advertisement can recognise that a certain drug is to be advertised due to other circumstances – such as the description of the indication area or their own market knowledge. If it is, on the other hand, purely company-related image advertising, the strict restrictions of the German HWG are not applicable, although the general principles of competition law enshrined in the German Unfair Competition Act (UWG) must be observed. In particular, the concealment of the commercial purpose (surreptitious advertising) is prohibited. Therefore, the commercial character of image marketing by influencers if they receive a consideration must also be disclosed, e.g. by indicating that it is an advertisement. Influencer marketing to consumers of non-prescription drugs and also of medical devices is subject to less strict advertising rules and can therefore in principle also be designed product-related. However, the restrictions of the HWG and of Regulation (EU) No. 2017/745 must then be observed. For instance, considering the prohibitions in Section 7 and 11 (1) No. 2 HWG, we consider the use of celebrities as testimonials as not permitted for drug advertising to consumers, even in the case of non-prescription medicinal product drugs, nor is free distribution of medicinal products to influencers/bloggers allowed.

Incidentally, these principles are also applicable in the context of patient care programs and patient compliance programs by pharmaceutical companies, in which patients are informed in more detail about the drugs prescribed to them and how to manage their therapy (especially in the case of chronic diseases). Here, too, the following applies in the context of (digital) patient communication: an exchange of information is permitted, but advertising to promote sales is not. The problem with these communication channels is therefore that drug manufacturers probably do not pursue exclusively altruistic goals if they want to inform patients directly. Instead, direct patient information is a component of their strategic and operational marketing. The boundaries between direct patient information and direct marketing are therefore fluid, especially in these areas, which is why companies are exposed to a degree of legal uncertainty when planning and implementing their communication strategy. Competent legal advice can therefore help to avoid legal infringements or at least to better assess the risks associated with patient communication.

This applies not least also in connection with the defense of pharmaceutical companies in the event of a “shitstorm”, e.g. because their medicinal product is discussed in a massively negative way in the social media, i.e. with regard to possible side effects. It is undoubtedly in the interest of the attacked company to take up and objectively correct the criticism made, as far as it is based on an incorrect factual basis. However, here too, caution is called for, due to the ban on lay advertising for prescription drugs. After all, according to settled case law, it is sufficient for the classification as advertisement if the advertising function aimed at promoting sales is in addition to other objectives, such as the clarification of alleged false statements on the internet and through a “shitstorm” (see BGH ruling of 26 March 2009, I ZR 213/06). However, it is also recognised in case law that if there is a defensive action, advertising to the general public, which is in itself inadmissible for prescriptive drugs, cannot be prohibited by way of exception in view of the right of the companies concerned to freedom of opinion (Art. 5 (1) sentence 1 German Constitution), if certain conditions are met (interpretation of the HWG in conformity with the constitution, see BGH, cit. above; and OLG Cologne, judgment of 12 January 2018, 6 U 92/17). Here, too, companies have to perform a difficult communicative balancing act between factual information and product advertising, which is why there is an increased need for competent advice, as experience shows.

Data protection in the context of digital patient communication

Digital patient communication may involve the processing of personal data, such as identification data as name, surname; and particular data, as health data. The processing may occur, for instance, in case of telemedicine, such as teleconsultation, online health reports, electronic health dossier. The category of telemedicine includes the various ways in which remote medical services within a specific medical discipline are provided. It can take place between doctor and patient or between doctors and other health professionals. Depending on the type of relationship between the actors involved, the services provided by telemedicine can be achieved in the following ways:

Tele-check up

Tele-check up is a medical activity in which the doctor interacts with the patient at a distance. The medical diagnosis resulting from the visit may result in the prescription of medicines or treatment. A health care professional who is close to the patient can assist the doctor during the visit. The connection must allow to see and interact with the patient in real time or time-delayed.


Tele-consultation is an indication of diagnosis and/or choice of therapy without the physical presence of the patient. This is a remote consulting activity between doctors that allows a doctor to seek the advice of one or more doctors on the basis of medical information related to patient care.

Healthcare Tele-cooperation

Healthcare Tele-cooperation is an activity consisting in the assistance provided by a doctor or other health professional to another doctor or other health professionals engaged in a health act. This term is also used for advice given to emergency relief workers.


Tele-health mainly concerns the domain of primary care. It concerns the systems and services that connect patients, especially chronic patients, with doctors to assist in their diagnosis, monitoring, management and accountability. It allows a physician (often a general practitioner in collaboration with a specialist) to remotely interpret the data necessary for the tele-monitoring of a patient, and, in that case, to take charge of the patient himself. Data recording and transmission can be automated or carried out by the patient himself or a health professional. Tele-health provides for an active role both of the doctor (taking charge of the patient) and of the patient (self-care), mainly patients suffering from chronic pathologies, and includes Tele-monitoring.

All the services described above involve digital patient communication and the processing of personal identification and particular data: i.e. health data, such as vital parameters of the patient, heart rate, blood pressure, body temperature, etc. (at home, at the pharmacy, in dedicated care facilities). Furthermore, they involve also the processing of behavioural data, i.e. the monitoring data to support therapy management programmes and to improve information and training (knowledge and behaviour) of the patient.

For that reason, data protection laws apply. First of all EU General Data Protection Regulation No. 679/2016, which states that each company/organisation before processing personal data should evaluate the risk and the impact of any processing operation and the organisational and technical measures to be taken to mitigate the risk; implement the measures and continuously check their correct implementation and operation. This means, that companies/organisations processing data for digital patient communication only then act “compliant”, when they document a dedicated risk and privacy impact assessment, list the measures to be taken (among others privacy statement, consent, agreement with hospitals and patients, procedures, technical measures) and assign the task of controlling to dedicated roles (Data Protection Office, internal delegation of functions, etc). Failing this, companies/organisations may incur high penalties up to 20 mio. Euros/4 per cent annual turnover.

Furthermore, local laws may apply preventing or strictly ruling some specific operations. For examples, Italian Laws prohibit the processing of patient health data for marketing or profiling purposes and set specific ruling for health reports and electronic health dossier in terms of cybersecurity measures to be taken (e.g. segre­gation of duty, encryption) and retention of data processing.


It can be stated that digital communication can be a useful and effective tool for pharmaceutical companies, as well as for doctors, therapists and pharmacies, but that it must be carried out in a “compliant” manner. Experience has shown that there is an increased need for consulting in the pharmaceutical and health care sector, especially on this topic. With a team of specialized attorneys, Rödl & Partner advises and represents companies from the life science sector comprehensively, interdisciplinary and across national borders. Thanks to our expertise and experience, especially in the field of drug advertising on the one hand and data protection on the other, we also offer reliable and practical guidance to pharmaceutical companies as well as doctors, pharmacists and health care institutions.


Contact Person Picture

Dr. Barbara Klaus


+49 911 9193 1999

Send inquiry

Contact Person Picture

Nadia Martini


+39 02 6328 841

Send inquiry


Deutschland Weltweit Search Menu