The 21st Century Cures Act, enacted in December 2016, amended the definition of “medical device” in section 201(h) of the Federal Food, Drug, and Cosmetic Act (FDCA) to exclude five distinct categories of software or digital health products. In response, the US Food and Drug Administration (FDA) issued new digital health guidance and revised several pre-existing medical device guidance documents. FDA also stated that it would continue to assess how to update and revise these guidance documents as its thinking evolved.

Late last week, FDA issued five final guidance documents and re-issued a draft guidance document to better reflect FDA’s current thinking on software as a medical device (SaMD) and other digital health products:

Most of the guidance documents reflect modest changes to prior draft guidance documents that describe categories of low-risk health and wellness devices that FDA does not intend to regulate. FDA’s new draft Clinical Decision Support (CDS) Software guidance, however, provides a new and more detailed analysis of risk factors that FDA will apply to determine whether a CDS tool is a medical device. FDA updated its previously issued draft CDS guidance without finalizing it. Although the new guidance does not explain why FDA is reissuing the CDS guidance in draft, the new draft guidance seems to reflect the agency’s attempt to better align its definition of non-device software with the often misunderstood and misinterpreted statutory definition of CDS in section 520(o)(1)(E) of the Cures Act. The chart below summarizes the key provisions and changes to these guidance documents.

Digital health products can present a particular challenge for developers and regulators in assessing the appropriate regulatory pathways for a new product. The updated guidance documents reflect the need for a more flexible, risk-based approach to regulation that accommodates a rapidly evolving technological landscape. These documents also reflect what appears to be the new normal for digital health regulation—the need for iterative thinking and ongoing revisions to interpretive guidance documents to keep pace with a constantly changing marketplace.

Click here to read the full client alert on this issue. 

The demand for healthcare innovation is driving collaboration between formerly disparate healthcare companies and bringing in new players, such as technology companies and start-ups, into an already complex space. As companies build partnerships and pool resources – particularly healthcare data – data ownership presents numerous challenges that need to be addressed throughout the lifecycle of the collaboration. In this episode of the Of Digital Interest podcast McDermott partners Jiayan Chen and Jennifer S. Geetter explore:

  • Key concerns for companies executing data-driven collaborations
  • Consumer expectations surrounding data use, data privacy and their impact on digital health collaborations
  • The role of HIPAA and federal and state regulators in regulating data use
  • Common questions about secondary use and identifiable and deidentified data
  • Commercialization strategies and “green flags” for identifying the right collaboration partner

Click here to listen to this episode.

In preparation for GDPR compliance, organizations around the globe worked months in advance of the deadline to ensure compliance. But what happened after the date of effectiveness? McDermott set out to learn how companies fared across the United States, Europe, China and Japan.

In digging deeper, we discovered valuable findings, including:

  • Countries and regions are at different points in their GDPR compliance awareness and execution journeys.
  • Businesses across the globe continue to face challenges in understanding and responding to EU data breaches, despite making investments in new personnel and changing business practices.

In partnership with the Ponemon Institute, we released our latest study, “Keeping Pace in the GDPR Race: A Global View of GDPR Progress in the United States, Europe, China and Japan.” This report sheds new insight and provides ways to improve resiliency and mitigate risk for your company.

Click here to see our key findings and download the report. 

 

In response to the rapid pace of innovation in the health and life sciences arena, the US Food and Drug Administration (FDA) is taking a proactive, risk-based approach to regulating digital health products. Software applications and other transformative technologies, such as artificial intelligence and 3D printing, are reshaping how medical devices are developed, and FDA is seeking to align its mission and regulatory obligations with those changes.

FDA’s digital health software precertification program is a prime example of this approach. Once fully implemented, this voluntary program should expedite the path to market for software as a medical device (SaMD), and promote greater transparency between FDA and regulated entities.

Under the program, FDA will conduct a holistic review of the company producing the SaMD, taking into account aspects such as management culture, quality systems and cybersecurity protocols, to ascertain whether the company has developed sufficient infrastructure to ensure that its products will comply with FDA requirements and function safely as intended. Companies that fulfill the requirements of the excellence appraisal and related reviews will receive precertification that may provide for faster premarket reviews and more flexible approaches to data submissions at the outset.

Continue Reading To Market, To Market: FDA’s Digital Health Precertification Program

As the telemedicine regulatory and reimbursement environment becomes more cohesive and providers and patients alike embrace technology, opportunities for telemedicine collaborations are likely to grow. Like any collaboration, finding the right partner is crucial for success, particularly at the highly-scrutinized intersection of healthcare and technology. This post explores the factors to address when evaluating service providers and vendors for your next telemedicine collaboration.

Service Provider Evaluation

  • Ask around “town” – What is the collaborator’s reputation? What independent feedback is provided in references?
  • Determine if the service provider’s stage in the organizational “life-cycle” and its affiliated relationships are the best fit for the strategic goals of your partnership (e.g. should you partner with an early-stage company or a longstanding organization?)
  • Assess the capabilities of potential collaboration partners for meeting your organization needs, and pressure test their ability to come up with back-up options, should the need arise throughout the course of the collaboration.
  • Determine whether collaborator has state specific and service specific policies and procedures governing the provision of telemedicine services, including: Continue Reading Vetting Relationships for Telemedicine Collaborations

Telemedicine collaborations, whether between technology companies and providers, health systems and patients, or other creative partnerships we have yet to see in the industry, can present numerous benefits to our healthcare delivery system and patient outcomes. However, such collaborations present a variety of regulatory, logistical and operational concerns that should be strategically addressed from the ideation stage of the collaboration onward.

Early-Stage Considerations

The strategy behind the collaboration should be developed with an eye towards the duration of the relationship and the development of mutually beneficial goals and objectives that are clear and measurable. Each party should be transparent about their capabilities and strategic vision at the outset of the collaboration talks to avoid any surprises or disappointments deeper in the future. Questions for potential collaboration partners include:

  • Is this an experimental partnership or a long-term plan?
  • What do I bring to the table? How can this partner supplement or support my capabilities?
  • How will this relationship be branded and marketed? Do I need greater visibility than my partner, or will we come together under a new brand?
  • Do we have the IT infrastructure and vendor relationships in place to execute this collaboration? If not, how will secure what we need?
  • Do we have the resources to meet the regulatory requirements of the partnership?
  • How will we measure the success or failure of the collaboration?

Considerations in the RFP Stage

After the initial strategy discussions have taken place, the proposal period raises its own series of considerations. After ensuring that the arrangement proposed can address the goals and objectives of the collaboration, regulatory and transactional issues take center stage. Rights and responsibilities of each party, reporting and compliance mechanisms, fees, credentialing, licensing and privacy compliance and liability issues, to name a few concerns, are addressed at this point in the process. Fees structures and compliance with the evolving federal and state laws regulating telemedicine providers are particularly complex issues that should be addressed at this point.

Questions to address regarding fees include:

Continue Reading Telemedicine Collaborations and Partnerships: Key Considerations for Success

In April 2019, the US Food and Drug Administration (FDA) issued a white paper, “Proposed Regulatory Framework for Modifications to Artificial Intelligence/Machine Learning (AI/ML)-Based Software as a Medical Device,” announcing steps to consider a new regulatory framework to promote the development of safe and effective medical devices that use advanced AI algorithms. AI, and specifically ML, are “techniques used to design and train software algorithms to learn from and act on data.” FDA’s proposed approach would allow modifications to algorithms to be made from real-world learning and adaptation that accommodates the iterative nature of AI products while ensuring FDA’s standards for safety and effectiveness are maintained.

Under the existing framework, a premarket submission (i.e., a 510(k)) would be required if the AI/ML software modification significantly affects device performance or the device’s safety and effectiveness; the modification is to the device’s intended use; or the modification introduces a major change to the software as a medical device (SaMD) algorithm. In the case of a PMA-approved SaMD, a PMA supplement would be required for changes that affect safety or effectiveness. FDA noted that adaptive AI/ML technologies require a new total product lifecycle (TPLC) regulatory approach and focuses on three types of modifications to AI/ML-based SaMD:

Continue Reading Reviewing Key Principles from FDA’s Artificial Intelligence White Paper

During the second quarter of 2019, DOJ continued its focus on enforcement activity in telemedicine. As reported in prior editions of the Quarterly Roundup, telemedicine is an expanding field, causing DOJ to pay particular attention to the industry.

In April 2019, DOJ indicted the owner and operator of 1stCare MD and ProfitsCentric with one count of conspiracy to pay and receive kickbacks. The defendant’s arrest and federal indictment is part of a nationwide law enforcement action, as reported in the Q1 2019 Quarterly Roundup, that targeted 24 defendants involved in alleged extensive healthcare fraud schemes focused on telemedicine and durable medical equipment (DME) marketing. These schemes allegedly resulted in losses amounting to more than $1.2 billion. The indictment alleges that from 2016 to 2019 the defendant defrauded HHS in its administration and oversight of Medicare by conspiring with others by paying and receiving kickbacks and bribes in exchange for doctors’ orders for DME for Medicare beneficiaries. Prosecutors also alleged that the defendants, 1stCare MD and ProfitsCentric, through their network of doctors, generated thousands of doctors’ orders for DME absent a pre-existing doctor-patient relationship and a physical examination, and that the orders were based solely on a short telephone conversation. The indictment alleges that these activities resulted in the submission of approximately $40 million in fraudulent Medicare claims for DME.

Further, in July 2019, DOJ indicted a New York-based anesthesiologist for her alleged role in a $7 million telemedicine conspiracy to fraudulently bill Medicare, Medicare Part D plans and private insurance plans, resulting in more than $3 million in payments on those claims.[51] According to DOJ, the indictment resulted from investigative work by the Criminal Division’s Medicare Fraud Strike Force, a joint initiative of DOJ and HHS. Eastern District of New York prosecutors charged the anesthesiologist with one count of conspiring to commit healthcare fraud by misusing telemedicine channels under agreements with unidentified companies to prescribe DME and drugs to more than 3,000 Medicare beneficiaries. The indictment alleges that, from January 2015 to May 2018, the anesthesiologist and other providers allegedly received kickback payments from unidentified companies for improper telemedicine encounters. The indictment alleges that the anesthesiologist “prescribed and ordered DME and prescription drugs for beneficiaries who were not examined or evaluated by a licensed physician.” The prosecutors alleged that the prescriptions flowing from the alleged telemedicine encounters were for DME and drugs that were neither medically necessary nor the result of genuine physician-patient relationships.

PRACTICE NOTE: Given DOJ’s recent criminal enforcement related to telemedicine, telemedicine companies should closely review their compliance with the federal and state laws that may be implicated through a telemedicine practice. Further, DOJ’s focus on individual accountability is particularly important with respect to telemedicine, given its interest in pursuing criminal actions against physicians.

This blog post was originally published in McDermott’s Health Care Enforcement Quarterly Roundup | Q2 2019. Click here to view the full report. 

As part of the 21st Century Cures Act, Congress gave the US Food and Drug Administration (FDA) the authority to establish a Breakthrough Devices Program intended to expedite the development and prioritize the review of certain medical devices that provide for more effective treatment or diagnosis of life-threatening or irreversibly debilitating disease or conditions. In December 2018, FDA issued a guidance document describing policies FDA intends to use to implement the Program.

There are two criteria for inclusion in the Breakthrough Device Program:

  1. The device must provide for a more effective treatment or diagnosis of a life-threatening or irreversibly debilitating human disease or condition; and
  2. The device must (i) represent breakthrough technology, (ii) have no approved or cleared alternatives, (iii) offer significant advantages over existing approved or cleared alternatives, or (iv) demonstrate that its availability is in the best interest of patients.

Continue Reading FDA’s Breakthrough Device Program: Opportunities and Challenges for Device Developers

Certain long-standing laws, such as the civil monetary penalty provision prohibiting patient inducements, have hampered providers’ ability to fully leverage remote patient monitoring and other telehealth tools. Many stakeholders are hoping that developments in the Regulatory Sprint to Coordinated Care will begin the rulemaking process to enable greater access to digital health and virtual care products.

The US Department of Health and Human Services (HHS) launched the Regulatory Sprint to Coordinated Care in 2018 with the goal of reducing regulatory burden and incentivizing coordinated care. As part of this initiative, the Centers for Medicare and Medicaid Services and other agencies are scrutinizing a variety of long-standing regulatory requirements and prohibitions to determine whether they unnecessarily hinder the innovative arrangements policy-makers are otherwise hoping to see develop. While regulations such as the civil monetary penalty prohibition on patient inducements have significant benefits for reducing fraud and abuse, they can also make it difficult for health systems to deploy digital tools that help patients track, monitor and share health data with their providers.

For example, Medicare reimbursement of digital health and virtual care products, while expanded in 2018, is still limited. This means that if a provider wants to use un-reimbursed technology, the provider must either charge the patient separately for the non-reimbursable service or provide the service to the patient for free. The former option is tricky—it can result in surprise charges for patients, and digital health services can be part of a care service plan and difficult to break out separately as a standalone billable service. As a result, many providers would prefer to offer virtual care services to the patient for free, but doing so immediately implicates the civil monetary penalties prohibition. Substantial time, effort and cost is required to evaluate the facts and circumstances, understand the available regulatory guidance and case law, and determine whether the provision of the service—which results in no increase in revenue—could result in governmental scrutiny

This is just one example of how certain long-standing regulations have become a barrier to broad adoption of digital health. If HHS chooses to update these regulations or issue additional guidance, the Regulatory Sprint to Coordinated Care could bring digital health technologies such as telehealth and virtual care products off the sidelines and into the race.

Read more at McDermott’s Regulatory Sprint to Coordinated Care Resource Center