Legal advice for the healthcare sector
Health & Life Science
Digital health – implemented in a legally compliant manner
We provide security for apps, wearables, platforms and research, covering everything from GDPR to EHDS, DiGA/DiPA and TI.
Challenges
Typical pitfalls in the digital health sector
- eHealth
Develop, operate and integrate health apps, wearables, telemedicine, the cloud and IT systems in a legally compliant manner. - Research & data use
Use data in a legally compliant manner and apply and document the EHDS, the GDPR/Research Data Act and the SGB correctly. - Digital medical devices
Comply with DiGA/DiPA, data protection and security requirements, including contracts, advertising, and the advertising of therapeutic products. - Data protection & data security
Secure sensitive health data with a sound legal basis, TOMs, anonymisation/pseudonymisation and evidence. - Regulations
Assign GDPR, EHDS, GDNG, SGB and DNG per use case, prioritise requirements and translate them into processes.
How we advise you
Structure instead of chaos: your path to digital health
Our consulting services in health & life sciences:
- Comprehensive data protection and information security consulting: GDPR compliance, TOM and IT security
- Data protection audits and DPIA: compliance checks, access and authorisation concepts, and deletion and anonymisation/pseudonymisation concepts
- Regulatory mapping for health: EHDS, GDNG, SGB and DNG classification per use case
- Contract drafting and review: service provider contracts, AVV, joint controller agreements and platform/cloud clauses
- Support for the development, distribution and use of apps and wearables: store/platform and advertising requirements
- AI compliance in the health context: AI governance for use and development and preparation for the AI Regulation
- Telemedicine and platforms: legally compliant implementation, platform rules and documentation
- Cloud and IT audits: legal options, measures and implementation of IT requirements
- Digital medical devices (DiGA/DiPA): compliance requirements and contract drafting, as well as competition and therapeutic products advertising law
- Representation, procurement and training: administrative and court proceedings; procurement law in the health sector; and tailor-made training courses.
Tell us what you need and we'll clearly explain what's possible.
Lawyer, Senior Associate | Berlin
Contributions to Health & Life Sciences
Legal navigation for the healthcare industry
Would you like to familiarise yourself with the topic first? No problem! Here you will find all the articles and downloads that we have created so far in the health and life sciences field.
The impact of the Data Act on the healthcare industry
How will the EU Data Act affect connected medical devices and healthcare services? This article explains which manufacturers and providers will be affected, the obligations that will apply from 12 September 2025, and how trade secrets, contract clauses, and CE marking will now need to be reconsidered.
EHDS 2025: Rights and obligations for the use of health data
What will the new European Health Data Space (EHDS) mean for healthcare providers, manufacturers, and research institutions? This article explains the rights that patients will have in future and the obligations that will arise in terms of data access and provision. It also explains how you can prepare your organisation for the sectoral data space.
AI training with sensitive data: the ruling of the Higher Regional Court of Cologne
What requirements does the court's ruling impose on the use of sensitive health data for AI training? This article highlights the circumstances in which health and genetic data are considered particularly sensitive, the consents and purpose limitations required, and how pharmaceutical and medtech companies can systematically reduce the risks and liability associated with training data.
Cloud usage in healthcare: Section 393 SGB V & C5 certification
How secure is your cloud solution in the healthcare sector? Since the introduction of Section 393 SGB V, providers and users of cloud services involving health and social data have been subject to new requirements, including storage within the EU/EEA, the professional implementation of technical and organisational measures, and proof of a current C5 certificate. This article explains the background, obligations and practical requirements in detail.
GDNG & SGB V: opportunities for companies
What opportunities does the Health Data Use Act (GDNG) present to companies and institutions in the healthcare and research sectors? This article explains how easier access to health data and data links, as well as new evaluation and usage rights (for example, for health insurance funds under Section 25b of the SGB V), are made possible. It also explains what legal requirements apply and how organisations can prepare for this strategically.
Health data laws in the EU: New overview
This article provides a concise overview of the latest European and national legislation on the use of health data, including Regulation (EU) 2025/327 (the 'EHDS Regulation'), the Health Data Use Act (GDNG) and the Digital Act (DigiG). Read on to find out what obligations and deadlines now apply, and how you can ensure your processes are legally compliant.
Download: EHDS Whitepaper
Read our white paper to discover how the European Health Data Space (EHDS) is transforming the secure exchange and use of health data. Find out how to comply with legal requirements and promote innovative solutions.
Intro
Our motto: secure, radical, digital
SRD is the boutique law firm for digital projects, supporting you from kick-off to go-live. We combine technical innovation with compliance. We create radically clear legal scope for this.
Our awards
Our market solutions
Contact us
Your experts in health & life sciences
Lawyer, Senior Associate Berlin
Lawyer, Senior Associate Berlin
Lawyer Berlin
Contact
Bye, bye legal Standby
With us, you get clarity at project speed, so there's no need to wait for the legal team