Is BloodPressureDB a DiGA?
When the Federal Ministry of Health issued a press release on July 10, 2019 (https://www.bundesgesundheitsministerium.de/presse/pressemitteilungen/2019/3-quartal/dvg-kabinett.html), it stated the goal that "diaries for diabetics or apps for people with high blood pressure" could be prescribed by doctors:
{Fehler für :template{template="Blutdruckdaten" param1="Blutdruckdaten" param2=" "}
Excerpt from the BMG press release of July 10, 2019, emphasis added by us
In practice, though, it all went wrong. First of all, simple diary apps aren't medical devices. You need a bit more than that, which isn't necessarily a bad thing. The idea that a doctor could receive well-documented and processed data from a DiGA and use it to treat the patient is sensible.
Suddenly, however, the BfArM made it clear that a DiGA must be aimed only at the patient. If the purpose is to collect data for the doctor, it's no longer a DiGA. That turned the big benefit these apps can offer into a problem. Such functions should not be the main purpose of the application.
However, patients who use an app demonstrably achieve faster and better-controlled blood pressure. There are already studies with various apps showing this. We can also easily demonstrate it with existing data. In most cases, though, it's not the app that ultimately lowers the blood pressure, but rather the doctor, by prescribing medication. That makes it hard to prove the app's benefit without the doctor. More on that later.
Because we're not done yet. Lawmakers deliberately introduced the so-called "patient-relevant structural and procedural improvements" as evidence endpoints. That means an app that helps a patient manage their illness can be approved as a DiGA.
But there was quick disappointment here too. To prove this, of course you need a study. Unfortunately, there are hardly any validated measurement instruments for the relevant endpoints of such a study that the Federal Institute for Drugs and Medical Devices (BfArM) will accept. These instruments are usually questionnaires. They must be validated for Germany. That is, taking an English questionnaire and simply translating it is not enough; it must be tested in its own study. The BfArM has meanwhile allowed translations under certain conditions in a webinar, but in a consultation they gave us slightly different conditions. None of the statements are binding. In short, it's possible, but with an uncertain outcome as to whether a study would be accepted in the end or whether the whole effort was wasted.
But that's not enough. We were made very clearly aware that patient-relevant structural and procedural improvements are nice, but a blood pressure app must of course prove it lowers blood pressure. And we're back to the problem that this blood pressure reduction must happen without the doctor.
In practice, you do a randomized study where one group gets the app and the other doesn't. Blinding, as is usually done, is unfortunately not possible, because the patient can tell whether they're using an app or not. The BfArM likes to point out in its presentations that there is a high placebo effect specifically for blood pressure. In the end, you can only solve this by running a study with very, very many patients. You also have to be careful that the effect doesn't come from the doctor having better data. Then the effect would be with the doctor and not the app, and approval as a DiGA would not be possible. The costs for this quickly run into the high six- to seven-figure range.
Ongoing costs arise from new requirements for data protection and security (ISO 27001, BSI TR-03161, data protection certificate, ...), unclear interoperability requirements, further requirements every few months, and the costs for a study. Whether that would lead to approval is anyone's guess. If the BfArM doesn't want it, it will always find some small thing that doesn't fit. There is unfortunately no legal certainty.
And when weighing usability against data security, the Federal Office for Information Security (BSI) unfortunately grants the user no leeway. Screenshots are banned and many other restrictions will likely spoil the fun for older users.
A DiGA should, please, only be usable on the newest smartphoneson older ones the fingerprint sensor might not meet the highest security requirements.
Dominik Burziwoda, founder of the DiGA manufacturer Perfood, criticizes the poor usability of his own app due to the strict rules:
"If the phone doesn't have a password-protected screen lock, the app automatically logs out after 2 minutes of inactivity. That means you have to re-enter email and password over and over again." (Source).
"If the phone doesn't have a password-protected screen lock, the app automatically logs out after 2 minutes of inactivity. That means you have to re-enter email and password over and over again." (Source).
We hope your blood pressure monitor measures quickly. Most people will probably skip the second measurement after 12 minutes. Because even then a new authentication the technical term for logging in is required. Often with two factors. Two-factor authentication is mandatory, even though very few users actually know what that is.
Please don't get us wrong: we very much welcome high standards for the security of your data, especially given the many problems in this area. In practice today, however, those who fall victim to data theft are often not complying with existing rules. This usually isn't done intentionallymistakes happen. Adding new requirements on top of existing ones instead of enforcing the current ones isn't helpful. Constantly adding new rules steals time from the actual work and, in our opinion, creates more problems rather than fewer.
The BfArM is also creative in coming up with new absurdities. For example, a DiGA must delete all data after the prescription ends. That means if the patient doesn't immediately get a follow-up prescription, all stored data are simply gone. The patient can export the data and import them again later. That's how a federal office imagines data protection.
Push notifications are also not always allowed for DiGAs. They would go through Apple and Google's servers. American providers are repeatedly excluded from data processing. There are occasional agreements with the USA that allow data processing; these are then banned again through litigation. This game has been going on for several years. The idea is fundamentally reasonable, but if you don't want data with Apple or Google, there's not much left in the smartphone world. In practice, privacy experts argue whether push notifications are not allowed at all or whether they just cannot contain health data. Of course, the DiGA itself already reveals it's health-related. If I use a blood pressure app on an Android phone, Google knows. But if a push message is then delivered via Google's servers, suddenly that's a problem?
Conclusion
The BloodPressureDB app grew out of everyday practice, built by our founder to meet his own needs and keep his blood pressure under close watch. Thanks to the interest of other users and their donations, a proper company was able to form. Because the app can also be used largely free of charge, it's not a particularly profitable company, but it still covers employee salaries and really helps about 200,000 people with high blood pressure per year.
Even if approval as a DiGA were to succeed, prescriptions would have to cover the costs. If a diary app is held to the same standards as a cancer drug, that pushes the price to absurd heights. Suddenly we're looking at a DiGA that costs 250300 for three months, where previously 50 for the year was enough. It's no surprise that health insurers protest. And yet bankruptcies among DiGA providers show the costs would have to be even higher.
Update from 2024-01-03: The first DiGA for high blood pressure actually costs 593.81 per 90 days. That's a hefty 2,408.23 per yearmore than 48 times as expensive as BloodPressureDB.
Update from 2025-06-25: The price has since been reduced to 289.17.
So we have affordable apps that many patients use voluntarily, at their own expense, with plenty of evidence for their benefit. Run through the health system's grinder, you get DiGAs that more than ten to twenty times up to fifty times more expensive and that come with a number of mandated limitations in function and usability.
That's not good for blood pressure. Given all this, and despite the enormous effort we've put into the project so far, we are not pursuing inclusion as a DiGA at the moment.
{Fehler für :template{template="{-%-13/%/}" param1="horst" param2="06/2025" param3="croci"}
