California’s Senate and Assembly unanimously approved AB 375 (also known as the California Consumer Privacy Act of 2018), on June 28, 2018. This new consumer privacy bill will be the most progressive and comprehensive privacy law in the United States, reaching far beyond California’s borders to give California consumers more visibility and control over their personal information.
Across the health care sector, telemedicine is naturally and strategically being integrated into health care delivery and treatment plans as targeted and efficient solutions to specific health issues by hospitals, medical groups and drug-to-consumer telemedicine companies.
Telemedicine is no longer viewed as a secondary option for care—it is a new standard of care that is both expected by patients and popular with providers. Consumers expect to see health care adapt—like many other industries already have—to fit within their daily lives and schedules. Whether it’s electronic check-in procedures or better automated systems, health care providers are beginning to treat their patients a little bit more like customers, and see telemedicine and patient engagement tools as a means of improving customer loyalty and engagement while reducing costs.
However, complex billing structure and payor and reimbursement issues can create significant hurdles for health care providers looking to advance telemedicine programs. Telemedicine billing requires special attention, and if not enough consideration is given on the front end of programs, organizations may be surprised to find that that something they thought was a billable service is, in fact, not.
The Bipartisan Budget Act, which provided for the reimbursement of the distance provider, significantly increased the telemedicine use cases that are approved under the Medicare reimbursement structure. However, because Congress will now pay for it, there is a new expectation that hospitals that do not have particular areas of expertise available on-site will investigate opportunities to incorporate a telehealth programs that ensure adequate patient care.
The standard of care continues to improve as patients have greater access to nationwide physicians and as new technology like telestroke and clinical decision support tools become more widely available. For example, a stroke neurologist in one New York can now diagnose a stroke patient in Florida, and then facilitate an emergency room physician to treat that stroke. Telestroke programs check off all of the right boxes: better quality care, better access to care, and overall lower cost of care.
As use cases like this continue to be integrated into health care delivery and familiarity builds around how telemedicine can be used effectively, expectations shift around the standard of care and new questions arise around the risks of integrating—or failing to integrate—telehealth programs. If the tools are available and easily accessible, and if there is a supportive reimbursement model, how much a part of the standard of care does telemedicine become and what is the risk of failing to embrace these tools? If hospitals choose not to implement telehealth programs, and then patients suffer harm as a result, for example a delayed diagnosis and treatment of a stroke, could that lead to increased medical malpractice suits or other types of liability?
In the newest episode of the Of Digital Interest podcast, McDermott Digital Health partners, Lisa Schmitz Mazur and Dale Van Demark, share their perspectives on these questions and the various barriers, risks and opportunities associated with the rise of telemedicine and other technological advancements in health care delivery. Access this episode at www.mwe.com/mcdermottdigitalhealth or subscribe to the podcast on iTunes, Pocket Casts or Soundcloud.
As the health industry evolves to meet consumer expectations for better quality, lower-cost and more convenient health care options, the demand for technology-driven innovation is accelerating as is the level of interest and investment among stakeholders or all sorts.
Health systems and other institutional providers are playing a more active investment role in the commercialization of biomedical, digital health, and other important health care discoveries in order to remain competitive, secure their positions as industry leaders and generate growth opportunities. This more active role also affords their internal innovators (e.g., physicians and scientists) to play a meaningful role in accelerating the commercialization of home-grown discoveries that may otherwise be left in “the valley of death” between government-funded basic research and later stage, industry-funded commercialization. Drug and medical device manufacturers, venture capital, private equity firms, large donors and other investors are injecting significant capital into fueling research, development and commercialization of health care technology innovation. On the one hand, health care systems and providers welcome such external co-investors who bring sophisticated expertise in product and market research, technology innovation, valuation and strategy capabilities, as well as access to networks of potential co-investors. For such external co-investors, on the other hand, joining forces with health care institutions affords much needed access to the expertise and thought leadership of clinicians, scientists and health technology innovation; a ready‑made proving ground and “anchor customer” for the product; and the halo effect of the health care provider around the co-investor’s clinical care and research reputation. The theory and the hope is that the combined capital and the different, but complementary, expertise, experience and perspectives of such co‑investors provides a formula for financially successful innovation that is transformative and not merely disruptive. Continue Reading Blazing New Trails in Health Care and Technology Innovation Ventures
Join McDermott next Wednesday for a live webinar on the unique considerations in developing and procuring AI solutions for digital health applications from the perspective of various stakeholders. We will discuss the legal issues and strategies surrounding:
- Research and data mapping essential to the development and validation of AI technologies
- Protecting and maintaining intellectual property rights in AI solutions
- Technology development
- Risk management and mitigation for various contractual arrangements, including contracts with customers, vendors and users
We will also focus on the trends in US law for AI solutions in the digital health space, and present actionable advice that will help you develop an effective strategy for developing and procuring AI solutions for digital health applications.
Developing and Procuring Digital Health AI Solutions: Advice for Developers, Purchasers and Vendors
Wednesday, June 13, 2018 | 11:00 am CT | 12:00 pm ET
The digitization of health care and the proliferation of electronic medical records is happening rapidly, generating large quantities of data with potential to provide valuable insights into disease and wellness and help solve challenging public health problems.
There is tremendous enthusiasm over the possibilities of leveraging this data for secondary use–i.e., a use of data that is distinct from the purpose for which it was originally collected. However, such secondary use is often subject to intersecting legal and regulatory regimes–including HIPAA, the Common Rule, and the Federal Food, Drug, and Cosmetic Act and its implementing regulations–that are not fully harmonized. This lack of harmonization in requirements, coupled with the wide range of industry players involved–including regulators, academic medical centers, health systems, payers, technology companies, manufacturers and industry entities, research institutions, registries, and professional societies, to name a few– presents challenges that require careful planning and implementation. While regulators have recently taken significant steps to reconcile the differences among these laws and provide a path forward for harnessing the potential of big data, some specific requirements within these individual regulations continue to present challenges.
It is critical for academic medical centers and teaching hospitals, which stand at the intersection of government-funded research and industry-sponsored research, and are also paving the way in partnerships with non-traditional health care players—to understand the evolving legal framework and business and compliance imperatives behind the quest for digital health information.
During the AHLA Annual Meeting on Tuesday, June 26, McDermott partner Jiayan Chen will review trends and the value proposition relating to secondary use, with a particular focus on challenges presented by secondary use in the precision medicine and digital health context. Along with co-presenter Leah Voigt, she will explore key regulatory and sub-regulatory developments relating to the secondary use of data under FDA regulations, the Common Rule, and HIPAA, and will also use case studies to explore, in a practical context, the challenges and ambiguities that remain when pursuing internal secondary use initiatives and external collaborations, including implementation and contracting tips, insights, and strategies.
Recycle, Recycle, Recycle: Key Considerations for Research, Medical Education, and Other Secondary Uses of Data
AHLA Annual Meeting, Chicago, IL | June 26, 2018 | 9:45 – 10:45 am | Registration and program details.
McDermott’s Cocktail Reception during the AHLA Annual Meeting
The Art Institute of Chicago | June 26, 2018 | 6:00 – 8:00 pm
Following the programming on Tuesday, we invite you to join us for our annual cocktail reception at The Art Institute of Chicago. We look forward to an evening of networking, cocktails and private gallery tours with our colleagues, friends and fellow AHLA members. RSVP today!
As Europe’s General Data Protection Regulation (GDPR) takes effect, companies around the world are racing to implement compliance measures. In parallel with the GDPR’s development, China’s new data protection framework has emerged over the past year and is in the final stages of implementing the remaining details. With similar and often overlapping obligations, full compliance with the GDPR and China’s data protection framework presents a significant new challenge for companies with operations in China.
Does the GDPR Apply to Companies in China?
The GDPR applies to the processing of personal data of people who are in the European Union, even for a controller or processor in China, where the processing of the data is related to:
- The offering of goods or services to the data subjects in the European Union, regardless of whether a payment is required; or
- The monitoring of people’s behavior in the European Union.
As a result, even if a Chinese company does not have any formal establishments in the European Union, the GDPR will nonetheless apply if it is conducting either of these two types of activities.
What Are the Requirements for Companies in China Subject to the GDPR?
The GDPR primarily focuses on two categories of entities: “controllers” and “processors.” These two types are similar to concepts in the Chinese rules. “Controllers” are entities that, alone or jointly with others, determine the purposes and means of the processing of personal data. “Processors” are entities that carry out the processing of personal data on behalf of the controllers.
Key requirements for most controllers under the GDPR: Continue Reading The GDPR’s Effects in China: Comparison with Local Rules and Considerations for Implementation
Lack of a sufficient risk analysis continues to be one of the most commonly alleged violations in Office for Civil Rights (OCR) HIPAA enforcement actions, appearing in half of all OCR settlements announced in the last 12 months and in almost all of the $1 million-plus settlements during that time period. Significant confusion remains across the health care industry as to what actually constitutes a compliant risk analysis for purposes of the HIPAA Security Rule. On April 30, 2018 OCR issued guidance discussing the differences between a HIPAA Security Rule risk analysis and a HIPAA compliance “gap analysis.” Drawing from our experience reviewing clients’ historical risk analysis documents, helping clients to navigate OCR investigations and negotiating several recent HIPAA settlements with OCR, we elaborate on what constitutes a compliant HIPAA Security Rule risk analysis, discuss common risk analysis misunderstandings and pitfalls, and encourage covered entities and business associates to consider whether to conduct these reviews under attorney-client privilege.
Fortune’s April 2018 cover story, “Tech’s Next Big Wave: Big Data Meets Biology,” conveys loudly and clearly that technological innovation is transforming the health care continuum—changing the way care is delivered, as well as how patients manage their ongoing health—and as patient demand for health innovation increases, more companies seem eager to hop on the digital health bandwagon. The article provides a thoughtful, realistic (and somewhat sobering) perspective on digital health innovation’s successes and other results to date. It also quite effectively uses real world stories to convey the human dimension of digital health. One is the story of a mother who manually sampled and recorded her son’s glucose levels 20 times a day before an automated monitoring system connected to a mobile app allowed them both to live their lives without constant interruption by this critical care management function. Another describes use of an artificial intelligence “command center” to expedite access to life-saving surgery by a man with an aortic dissection. These real-world examples drive home the fact that digital health is already making a profound difference in our lives by removing barriers to care that are critical to saving lives and managing chronic diseases.
What the article does not touch on, however, are the myriad, complex legal challenges that must be addressed at the earliest stages of the planning process and the intensifying interest of government oversight and enforcement bodies, such as the Federal Trade Commission, the Food and Drug Administration, the Office of Civil Rights of the Department of Health and Human Services, and the Securities and Exchange Commission, interested in protecting the safety and privacy of patients and consumers. Just last month, we saw the SEC charge Theranos’ CEO Elizabeth Holmes with fraud for allegedly misleading investors about the company’s ability to detect health conditions from a small sample of blood. Earlier this year, another “unicorn” start-up, Outcome Health, settled with the federal government after The Wall Street Journal reported that they allegedly misled advertisers with manipulated information. The United States has also brought claims against the private equity company investor of a compounding pharmacy that allegedly paid illegal kickbacks to marketing firms to induce prescriptions written by telemedicine providers for costly compounded drugs reimbursed by TRICARE.
Opportunities and Challenges of the Patient Data “Gold Rush”
Eric Topol, MD, director at the Scripps Research Institute, told Fortune that “the quest to retrieve, analyze and leverage” data “has become the new gold rush. And a vanguard of tech titans—not to mention a bevy of hot startups—are on the hunt for it.” There is no doubt that harnessing and analyzing big data provide virtually limitless fuel for digital health innovation of the type patients and consumers are demanding and that tech companies are eager to develop and commercialize. While optimism about the quest for big data is certainly justified, it must be tempered by caution and careful consideration of complex, multi-dimensional legal and regulatory requirements that can shape the strategy for the exchange, use and exploitation of identifiable personal health data and other personal data. As innovation continues to move in many directions and at light speed, it can be easy to get wrapped up in the excitement, but it’s worth taking a step back to take a look at the legal implications of doing so.
There are many current laws protecting patient data privacy, confidentiality and security that limit the type and extent of data-sharing that patients and digital health technology innovators demand. For instance, some state and federal privacy laws that protect particularly sensitive information (e.g., information concerning HIV/AIDS, mental health, substance abuse, and genetic testing and counseling) are more restrictive than the Health Insurance Portability and Accountability Act (HIPAA) and may require express written patient consent for uses and disclosures that HIPAA would permit without consent, and the Genetic Information Nondiscrimination Act of 2008 also limits access to genetic information by group health plans, health insurers and issuers of Medigap policies.
Prioritizing Comprehensive Compliance Programs
While the Fortune article states that transformative technologies are putting consumers “in the driver’s seat,” there are still legal barriers that are currently keeping them in the passenger seat. To that end, and at the earliest stage of the research and development life cycle, companies must thoroughly think through key compliance considerations such as the nature and frequency of necessary patient and consumer consents, how they will substantiate claims they make in marketing and selling a product, what pre‑market regulatory approvals they need to obtain and how they will support the application for such approvals, to name just a few. A comprehensive corporate compliance program that incorporates the essential elements identified by the Office of the Inspector General can help companies identify, address and manage regulatory and compliance challenges before they become a serious problem that will threaten the success of the digital health initiative and expose them to government enforcement actions and third party lawsuits.
To learn more about the legal barriers that exist in the digital health space, as well as the need for and value of a proper and thorough compliance program, read “The Law of Digital Health,” written by members of the McDermott Will & Emery Digital Health Team. Be sure to also stay up to speed on all of the regulatory challenges and growth opportunities in health care technology today by bookmarking our “Of Digital Interest” blog.
Follow us on LinkedIn at McDermott Will & Emery LLP.
As the telemedicine landscape continues to evolve and new capabilities come to bear, those working in the industry will face a diverse mix of legal and regulatory hurdles as stakeholders begin to leverage new avenues and options for care delivery. This evolution requires practitioners to understand the legal frameworks that will continue to change as regulators attempt to keep pace with evolving technology.
To help address the complexities of the telemedicine regulatory environment — and those across the digital health ecosystem at large — we partnered with the American Health Lawyers Association to release “The Law of Digital Health,” which details legal realities for digital health leaders and their advisors looking to bring new tools to market or expand their existing positions.
Unique Legal and Regulatory Considerations Applicable to Telemedicine
The “telemedicine sector” is undoubtedly complex and rife with nuance, beginning with how it is defined, which significantly varies among payers, regulators, accrediting bodies and providers. Adding to the intricacy are the variations in telemedicine regulation, depending on factors such as the patient’s location/geography and care setting, coverage and reimbursement or type of technology used. Despite these complexities, organizations are moving forward with their telemedicine initiatives and navigating these issues because of the great potential telemedicine has to expand access to care. Continue Reading Telemedicine’s Complex Legal Landscape
Earlier this month, more than 45,000 attendees descended on Las Vegas, NV, for the nation’s largest annual health care technology conference: the 2018 HIMSS Conference & Exhibition (HIMSS18). Conversations and educational sessions covered a wide range of health tech topics, with thought leaders, solutions developers, health system executives, patient advocates and care providers coming together to discuss the myriad obstacles and opportunities facing the health care technology industry today.
On Tuesday March 6, during the HIMSS conference, McDermott Will & Emery along with our friends at Capstone Headwaters convened a panel discussion on “Financing High-Growth Healthcare IT Companies, which I had the pleasure of moderating. The seasoned mix of health care finance and private equity professionals discussed the various types and sources of capital available to fuel high-growth health IT organizations and how to choose the right mix of capital to support a company’s growth needs. We also reviewed the legal and regulatory implications for investments in health care IT companies, and discussed considerations for optimal positioning in a value-based care environment. Continue Reading Financing High-Growth Health IT Companies: McDermott and Capstone’s Panel Recap from HIMSS 18