Is BloodPressureDB a DiGA?

When the Federal Ministry of Health (BMG) issued a press release on July 10, 2019 (https://www.bundesgesundheitsministerium.de/presse/pressemitteilungen/2019/3-quartal/dvg-kabinett.html), it said the goal was that "diabetes diaries or apps for people with high blood pressure" could be prescribed by doctors:

Excerpt from the BMG press release of July 10, 2019, emphasis added by us

In practice, however, this went completely wrong. First of all, simple diary apps are not medical devices. So you need a bit more than that which isnt necessarily a bad thing. The idea that doctors should get well-documented, prepared data from a DiGA that they can use for patient care makes sense.

But the BfArM suddenly made it clear that a DiGA must be aimed only at the patient. If the purpose is to collect data for the doctor, its no longer a DiGA. That turned what could have been a major benefit of such apps into a problem. Those data-sharing functions must not be the primary purpose of the application.

Still, patients who use an app demonstrably get their blood pressure under control faster and better. There are already studies with various apps. We can also easily show this with existing data. In most cases, though, its not the app itself that lowers blood pressure long-term, but ultimately the doctor, by prescribing medication. That makes it hard to prove the app's benefit without the doctors involvement. More on that later.

Were not done yet. The legislator deliberately introduced so-called "patient-relevant structural and procedural improvements" as evidence endpoints. That means an app that helps the patient manage their illness can be approved as a DiGA.

But here too reality quickly cooled hopes. To prove effectiveness you need a study. Unfortunately, there are hardly any validated measurement instruments for the relevant endpoints that the responsible Federal Institute for Drugs and Medical Devices (BfArM) accepts. These measurement tools are usually questionnaires. They must be validated for Germany. That is, you cant simply take an English questionnaire and translate it it has to be tested in its own study. Meanwhile, the BfArM allowed translations under certain conditions in a webinar, but then told us slightly different conditions in a consultation. None of these statements are binding. In short: its possible, but with an uncertain outcome you might do a study and it still might not be accepted.

And thats still not enough. We were told very clearly that while patient-relevant structural and procedural improvements are nice, a blood pressure app obviously has to prove that it lowers blood pressure. And that brings us back to the problem: the blood pressure reduction must happen without the doctor.

In practice you then run a randomized study where one group gets the app and the other does not. Blinding, as is normally done, is unfortunately not possible because the patient notices whether they are using an app. The BfArM points out in its presentations that there is a particularly large placebo effect with blood pressure. In the end you can only solve this by running a study with a very, very large number of patients. You also have to be careful that any effect isnt simply due to the doctor having better data. Then the effect would be caused by the doctor and not by the app, and approval as a DiGA would not be possible. The costs for this quickly reach the high six- to seven-figure range.

Ongoing costs also pile up for new data protection and security requirements (ISO 27001, BSI TR-03161, data protection certificate, ...), unclear interoperability requirements, new demands every few months, and study costs. Whether that would then lead to approval is anybody's guess. If the BfArM doesn't want it, it will always find some minor issue that doesn't fit. There is no legal certainty.

And when balancing usability and data security, the Federal Office for Information Security (BSI) unfortunately assigns the user almost no competence. Screenshots are banned and many other restrictions will spoil the experience, especially for older users.

A DiGA should preferably only work on the latest smartphones on older devices the fingerprint sensor might not meet the highest security requirements.

Dominik Burziwoda, founder of the DiGA maker Perfood, criticizes the poor usability of his own app due to the strict rules:
"If the phone doesnt have a password-protected screen lock, the app logs out automatically after 2 minutes of inactivity. That means you have to re-enter your email and password again and again." (Source).

We hope your blood pressure monitor takes readings quickly. Most people will probably skip the second reading after 12 minutes. Even then, a new authentication thats the technical term for logging in is required. Often its with two factors. Two-factor authentication is mandatory, even though few users actually know what that is.

Please dont get us wrong: we fully support high standards for the security of your data, especially given the many problems in this area. In practice, however, those who fall victim to data theft usually did not follow existing rules. That rarely happens on purpose mistakes happen. Adding extra requirements on top of enforcing existing ones isnt helpful. Constantly introducing new demands takes time away from the real work and, in our view, causes more problems than it solves.

The BfArM is also creative in inventing new absurdities. For example, a DiGA must delete all data after a prescription ends. So if the patient doesnt immediately get a follow-up prescription, all stored data are simply gone. The patient can export the data and re-import them later. Thats data protection as a federal agency imagines it.

Push notifications are also not always allowed for DiGAs. They would go through Apples and Googles servers. American providers are repeatedly excluded from data processing. There are occasional agreements with the USA that allow data processing, and then these are overturned in court. This back-and-forth has been going on for several years now. Conceptually its not a bad idea, but if you dont want any data with Apple or Google, theres not much left in the smartphone world. In practice, data protection experts argue about whether push notifications are not allowed at all or whether they just may not contain health data. Of course, the DiGA itself already reveals that it has something to do with health. If I use a blood pressure app on an Android phone, Google knows that. But suddenly it becomes a problem if a push notification is delivered via Googles servers?

The BloodPressureDB app was born out of everyday practice: our founder built it to meet his own needs and keep his blood pressure under good control. Thanks to interest from other users and their donations, a real company could grow out of it. Because the app can be used largely free of charge, its not a particularly profitable company but its enough to pay staff and really help about 200,000 people with high blood pressure each year.

Even if approval as a DiGA were to succeed, prescriptions would still have to cover the costs. If a diary app is held to the same standards as a cancer drug, the price is driven to absurd heights. Suddenly you have a DiGA that costs 250300 for three months, where previously 50 for a year was enough. Its no surprise the health insurers protest. And the bankruptcies among DiGA providers show the costs would likely have to be even higher.

Update 3 Jan 2024: The first DiGA for high blood pressure actually costs 593.81 per 90 days. Thats a hefty 2,408.23 per year the app is therefore more than 48 times as expensive as BloodPressureDB.

Update 25 Jun 2025: The price was later reduced to 289.17. 
Update 19 Nov 2025: The application was removed from the registry on Oct 1 and is no longer available as a DiGA. The manufacturer wrote: "Since the market launch in December 2023, several thousand patients used actensio and provided positive feedback. At the same time, the requirements for evidence, technology, and regulation involve high costs. Against this background, actensio cannot be operated economically for us as a manufacturer in the long term.".

Update 20 Jan 2026: Since Jan 19, 2026 there is a new DiGA for high blood pressure. "Oviva Direkt Bluthochdruck" costs 599 per quarter, i.e. 2,396 per year. 

So we took inexpensive apps that many patients use voluntarily, at their own expense, and with lots of evidence of benefit, ran them through the healthcare system mill and out came DiGAs that cost up to fifty times as much and come with several imposed limitations in function and usability.

Thats not good for blood pressure. Given this, and regardless of the huge effort weve already put into this project, we are not currently pursuing DiGA listing any further.

Related articles:

• Medical benefits of BloodPressureDB
• What is a DiGA?
• What is the ePA (electronic patient record)?
• Telemedicine
• Blood Pressure App with Bluetooth