As part of the 21st Century Cures Act, Congress gave the US Food and Drug Administration (FDA) the authority to establish a Breakthrough Devices Program intended to expedite the development and prioritize the review of certain medical devices that provide for more effective treatment or diagnosis of life-threatening or irreversibly debilitating disease or conditions. In December 2018, FDA issued a guidance document describing policies FDA intends to use to implement the Program.

There are two criteria for inclusion in the Breakthrough Device Program:

  1. The device must provide for a more effective treatment or diagnosis of a life-threatening or irreversibly debilitating human disease or condition; and
  2. The device must (i) represent breakthrough technology, (ii) have no approved or cleared alternatives, (iii) offer significant advantages over existing approved or cleared alternatives, or (iv) demonstrate that its availability is in the best interest of patients.

Continue Reading FDA’s Breakthrough Device Program: Opportunities and Challenges for Device Developers

Certain long-standing laws, such as the civil monetary penalty provision prohibiting patient inducements, have hampered providers’ ability to fully leverage remote patient monitoring and other telehealth tools. Many stakeholders are hoping that developments in the Regulatory Sprint to Coordinated Care will begin the rulemaking process to enable greater access to digital health and virtual care products.

The US Department of Health and Human Services (HHS) launched the Regulatory Sprint to Coordinated Care in 2018 with the goal of reducing regulatory burden and incentivizing coordinated care. As part of this initiative, the Centers for Medicare and Medicaid Services and other agencies are scrutinizing a variety of long-standing regulatory requirements and prohibitions to determine whether they unnecessarily hinder the innovative arrangements policy-makers are otherwise hoping to see develop. While regulations such as the civil monetary penalty prohibition on patient inducements have significant benefits for reducing fraud and abuse, they can also make it difficult for health systems to deploy digital tools that help patients track, monitor and share health data with their providers.

For example, Medicare reimbursement of digital health and virtual care products, while expanded in 2018, is still limited. This means that if a provider wants to use un-reimbursed technology, the provider must either charge the patient separately for the non-reimbursable service or provide the service to the patient for free. The former option is tricky—it can result in surprise charges for patients, and digital health services can be part of a care service plan and difficult to break out separately as a standalone billable service. As a result, many providers would prefer to offer virtual care services to the patient for free, but doing so immediately implicates the civil monetary penalties prohibition. Substantial time, effort and cost is required to evaluate the facts and circumstances, understand the available regulatory guidance and case law, and determine whether the provision of the service—which results in no increase in revenue—could result in governmental scrutiny

This is just one example of how certain long-standing regulations have become a barrier to broad adoption of digital health. If HHS chooses to update these regulations or issue additional guidance, the Regulatory Sprint to Coordinated Care could bring digital health technologies such as telehealth and virtual care products off the sidelines and into the race.

Read more at McDermott’s Regulatory Sprint to Coordinated Care Resource Center

Digital health companies face a complicated regulatory landscape. While the opportunities for innovation and dynamic partnerships are abundant, so are the potential compliance pitfalls. In 2018 and in 2019, several digital health companies faced intense scrutiny—not only from regulatory agencies, but in some cases from their own investors. While the regulatory framework for digital technology in health care and life sciences will continue to evolve, digital health enterprises can take key steps now to mitigate risk, ensure compliance and position themselves for success.

  1. Be accurate about quality.

Ensuring that you have a high-quality product or service is only the first step; you should also be exactingly accurate in the way that you speak about your product’s quality or efficacy. Even if a product or service does not require US Food and Drug Administration clearance for making claims, you still may face substantial regulatory risk and liability if the product does not perform at the level described. As demonstrated in several recent public cases, an inaccurate statement of quality or efficacy can draw state and federal regulatory scrutiny, and carries consequences for selling your product in the marketplace and securing reimbursement.

Tech companies and non-traditional health industry players should take careful stock of the health sector’s unique requirements and liabilities in this area, as the risk is much higher in this arena than in other industries.

Continue Reading Three Tips for Tackling Risk in Digital Health

Investment in artificial intelligence (AI) and digital health technologies has increased exponentially over the last few years. In the United Kingdom, the excitement and interest in this space has been supported by NHS policies, including proposals in the NHS Long Term Plan, which set out ambitious aims for the acceleration and adoption of digital health and AI, particularly in primary care, outpatients and wearable devices.

Although these developments are encouraging to developers, there is still no clear framework for reimbursement or tariffs for digital health tools and AI.

At the same time, the plethora of new technologies has led to increased calls for regulation and oversight, particularly around data quality and evaluation. Many of these concerns may be addressed by the new Medical Device Regulation (MDR) and other regulatory developments. In fact, there is some risk that while regulatory landscape is moving quickly, the pricing environment is still a way behind.

In May 2020, the new MDR will change the law and process of certification for medical software. The new law includes significant changes for digital health technologies which are medical devices. In March 2019, the National Institute for Health and Care Excellence (NICE) also published a new evidence standards framework for digital health technologies. The Care Quality Commission (CQC) already regulates online provision of health care, and there are calls for wider and greater regulation. The government has also published a code on the use of data in AI.

Digital Health Technologies and the MDR

The new MDR will mean a significant change to the regulatory framework for medical devices in the European Union.

As with the previous law, the MDR regulates devices through a classification system.

The new regime introduces new rules for medical software that falls within the definition of device. This will mean significant changes for companies that develop or offer medical software solutions, especially if their current certification has been “up-classed” under the MDR.

Key Takeaways for Investors in Digital Health Tools

Companies and investors in digital health should:
Continue Reading Digital Health in the UK: The New Regulatory Environment Under the Medical Device Regulation

As part of its efforts to provide patient-centered care and reduce costs for Medicare beneficiaries, the Centers for Medicare and Medicaid (CMS) have developed an Innovation Center model for ambulance care teams: Emergency Triage, Treat, and Transport (ET3). As part of this model, the agency has proposed two potential telehealth offerings: 1) An individual who calls 911 may be connected to a dispatch system that has incorporated a medical triage line to be screened for eligibility for medical triage services prior to ambulance initiation, and 2) telehealth assistance via audiovisual communications technologies with a qualified provider once the ambulance arrives.

Key participants in the ET3 model will be Medicare-enrolled ambulance service suppliers and hospital-owned ambulance providers. In addition, to advance regional alignment, local governments, their designees or other entities that operate or have authority over one or more 911 dispatches in geographic areas where ambulance suppliers and providers have been selected to participate in the ET3 model will have an opportunity to access cooperative agreement funding. As such, both state regulations and CMS regulations will apply to the use of telehealth offerings under ET3. This post explores early-stage questions of ET3 implementation and reimbursement, the intersection of state laws governing telehealth, and what potential participants and telehealth companies should know about the program.

How will CMS support the ET3 model implementation?

The key telehealth development for the ET3 program is that CMS expects to waive the telehealth geographic and originating site rules as necessary to implement the model, including waivers that will allow participants to facilitate telehealth at the scene of a 911 response. Additional information on these waivers is expected to accompany the ET3 Request for Applications (RFA), slated for release this summer. Overall, Medicare coverage requirements provide that the patient must be in an approved originating site at the time of the telehealth visit (e.g., hospital) and must be located within a rural area. CMS has waived these two requirements for other programs, such as the SUPPORT for Patients and Communities Act (the SUPPORT Act) in October 2018, which eliminated the originating site restriction for substance use disorder treatment, because doing so is necessary for these programs to succeed.

Continue Reading CMS Innovation Center Proposes Telehealth Solutions in ET3 Model

International law firm McDermott Will & Emery was named 2019 “Healthcare Team of the Year” by Chambers USA at its awards ceremony celebrating legal excellence. This is the fourth time McDermott has received the honor – more than any other law firm in the awards’ history.

The “Healthcare Team of the Year” award comes on the heels of McDermott’s industry-leading health practice garnering a national Band 1 ranking in the Healthcare category of the 2019 edition of Chambers USA for the 10th consecutive year – also the only firm to hold that distinction.

“Our team is dedicated to helping health care companies push the boundaries of what it means to be innovative,” said McDermott Will & Emery Partner and International Head of McDermott’s Health Industry Advisory Group, Eric Zimmerman. “Receiving Chambers’“Healthcare Team of the Year” award is a powerful testament to that work and to our passion for contributing to the health care and the legal industries at the highest levels. Thank you to our clients and to Chambers for recognizing McDermott again this year.”

McDermott Will & Emery is the nation’s leading healthcare law firm. The Health Industry Advisory group is the only health practice to receive top national rankings from U.S. News – Best Lawyers “Best Law Firms,” Chambers USAThe Legal 500 US and Law360. The practice was also recognized by Chambers as “Health Team of the Year” in 2010, 2013 and 2017. McDermott has held the top spot in PitchBook’s League Tables as the most active firm for healthcare private equity since 2017.

About Chambers USA

Chambers USA covers all the states in the U.S. Law firms that have a national presence are also ranked in Nationwide tables (which focus on those firms that are the country’s best in their respective areas of practice). Chambers USA rankings and editorial commentary are based on independent research, and interviews with clients and other purchasers of legal services. Chambers & Partners is one of the premier directories for legal services and in a recent survey of 20,000 in-house counsel over half reported that their directory of choice when reviewing law firms and individual lawyers is Chambers & Partners.

This post was guest authored by lawyers from MWE China Law Offices, McDermott Will & Emery’s strategic alliance in Shanghai. 

Data compliance in China’s health care industry is multifaceted and highly sensitive, and applies to numerous types of data generated across the continuum of care. Multiple pieces of legislation prescribe complex regulatory requirements governing different types of data, and various supervisory authorities frequently conduct inspections and investigations, paying special attention to health care multinationals with operations in China.

This article explores four key questions on the regulatory requirements for health care data in China, along with key compliance steps for multinationals throughout the entire life cycle of health care data, including collection, storage, transfer and use.

1. What types of health care data are regulated in China? What are the key compliance points related to these types of health care data?

Data compliance rules apply to various sources and types of health care data, including medical record information, medical insurance information, health care logs, human genetic resources, medical experiments and scientific data. The table below lists the various types of health care data governed by China’s laws and regulations related to health care and personal information, as well as the key regulatory compliance focus for each category.

Category Definition Key Regulatory Compliance Focus

Health Care Big Data

The Administrative Measures on Standards, Security and Services of National Healthcare Big Data (for Trial Implementation)

Data relating to health care generated in the course of disease prevention and control as well as health management

Note: the Measures do not clarify what data qualifies as health care “big” data.

Localisation and storage

Transfer: Cross-border data transfer is subject to security assessment.

Human Genetic Resources

The Interim Administrative Measures for the Management of Human Genetic Resources

Genetic materials and related information, including organs, tissues, cells, blood, preparations, recombinant deoxyribonucleic acid (DNA) constructs containing human genome, genes and their products.

Collection: Complex approval procedures are required, and collection by foreign entities or individuals is restricted.

Localisation and storage

Transfer: Approval from administrative bodies is required before cross-border transfer.

Pharmaceutical Data

The Pharmaceutical Data Management Specification (Draft for Comments)

Data from all activities in a product’s life cycle, such as R&D, production, circulation, post-marketing monitoring and evaluation. Laws and regulations on personal information protection, health care big data protection and human genetic information protection, etc., may apply under certain circumstances.

Medical Device Data

The Guidelines for Technical Review of Network Security Registration for Medical Devices

Health care data and device data. Laws and regulations on personal information protection, health care big data protection and human genetic information protection, etc., may apply under certain circumstances.

Medical Records

The Regulations for Medical Institutions on Medical Records Management

All texts, symbols, graphics, images and slides produced in medical activities by medical personnel, including outpatient (emergency) and hospitalisation medical records.

Medical records are filed as medical history.

Collection: Consent from data subject is required.

Transfer: Medical institutions should keep records strictly confidential except under specific circumstances.

Scientific Data

The Measures for the Management of Scientific Data

Primarily data produced from basic research, application research, pilot development and other endeavours in such areas as natural science and engineering technology science, and the original data and data derived via observation and monitoring, survey and investigation, and inspection and detection that is used for scientific research activities. Transfer: Data involving state secrets are strictly forbidden to be transferred to a third party.

 

2. What are the key compliance steps for health care data collection in China?

Collection of any health care data involving personal information should be based on the three principles of China’s Cybersecurity Law (legitimacy, justification and necessity) and requires the consent of the data subject. The rules, purposes, methods and ranges of such collection should also be disclosed to the data subject.

Collection of human genetic information by foreign entities or foreign individuals is strictly regulated, and such collection is subject to the approval of regulatory authorities.

Multinationals may wish to consider taking the following steps to be compliant with Chinese laws:

Continue Reading Health Care Data Compliance in China: 4 Key Questions and Compliance Steps for Multinationals

The federal government has offered substantial incentives to providers to adopt and use certified electronic health record (EHR) technology. As of October 2018, the federal government had paid over $38 billion in EHR incentive payments through the Promoting Interoperability Program (formerly, the Meaningful Use Program). Other federal health care program policies also encourage use of certified EHR technology through enhanced payments or avoidance of decreased reimbursement. These EHR-related payment policies, however, have triggered increased oversight and enforcement attention on EHR vendors who have allegedly misrepresented the capabilities of their EHR software and allegedly paid kickbacks to customers.

In 2017, DOJ announced a settlement with eClinicalWorks (eCW), an EHR vendor, to resolve an FCA lawsuit originally brought as a qui tam action by a whistleblower. DOJ’s complaint-in-intervention alleged that eCW made material false statements and concealed material facts about the capabilities of its software in connection with the government’s EHR certification process.[1] It also alleged that eCW paid purported kickbacks in connection with certain marketing arrangements (i.e., a referral program, site visit program, and a reference program) with influential customers to induce them to recommend eCW’s EHR software, in violation of the federal Anti-Kickback Statute (AKS).[2]

As part of the settlement, eCW agreed to pay $155 million and to enter into a novel, five-year Corporate Integrity Agreement (CIA) with the HHS OIG. Among other things, the CIA required eCW to engage an independent Software Quality Oversight Organization to assess eCW’s software quality control systems and to regularly report to OIG and eCW on its reviews and recommendations. Further, the CIA required eCW to offer free upgrades and data transfers to its current customers. This was a ground-breaking settlement that raised the question of whether this was the beginning of government and whistleblower attention on (and FCA actions against) EHR vendors. This question was seemingly answered in the affirmative when DOJ announced a second settlement with an EHR vendor in early 2019.

On February 6, 2019, EHR vendor Greenway Health LLC (Greenway) entered into a similar settlement to resolve an FCA case filed by the US Attorney’s Office in Vermont. Interestingly, a whistleblower did not initiate the Greenway case. Rather, DOJ pursued it directly. Like eCW, Greenway faced allegations that its EHR system did not function in the way it represented it during the certification process.[3] One specific allegation was that Greenway provided some customers whose EHR software was improperly calculating certain meaningful use measures (which providers are required to achieve to be eligible for incentive payments) with incorrect calculations in order to enable them to receive incentive payments.[4] According to DOJ, this allegedly caused some Greenway customers to submit false claims to HHS for payment under the Promoting Interoperability Program.

Like in the eCW case, the government complaint against Greenway also alleged that certain payments from Greenway to its customers pursuant to certain reference, referral, and site visit programs violated the AKS.[5] Additionally, the government accused Greenway of giving its favored customers extravagant gifts, including “iPads, meals, travel, tickets to sporting events and entertainment, all for the purpose of inducing these users to either continue using Greenway’s products or recommend Greenway to other health care providers . . . .”[6] To resolve these allegations, Greenway agreed to pay $57.25 million, and to enter into an eCW-like CIA.

Practice Note: While many questions remain, including whether a court would agree with DOJ that the AKS applies to these situations, we expect to see continued government and relator scrutiny of EHR vendors. In light of this continued focus, EHR vendors should ensure that they: (1) take care to accurately and transparently demonstrate their software during HIT certification program testing; (2) review, and consider improvements to, their systems and other procedures for identifying, responding to and correcting software design and quality issues that call into question EHR software’s conformity to applicable EHR certification criteria or present patient safety or clinician usability risks; and (3) review existing customer reference, referral and marketing arrangements for compliance with the Anti-Kickback Statute. If an EHR vendor receives investigative requests from the federal government, it should engage outside counsel.

This blog post was originally published in McDermott’s Health Care Enforcement Quarterly Roundup | Q1 2019. Click here to view the full report. 

[1] United States , ex rel. Brendan Delaney v. eClinicalWorks, LLC, Complaint in Intervetion, 2:15-CV-00095, D. Vermont (May 12, 2017).
[2] Id. ¶¶79-85.
[3] Id.
[4] United States v. Greenway Health, LLC, Complaint, 2:19-CV-00020 at ¶¶ 76-112, D. Vermont (February 6, 2019).
[5] Id. ¶¶113-125.
[6] Id. ¶¶ 126-27.

DOJ’s focus on individual accountability is particularly important with respect to telemedicine. Telemedicine is a burgeoning field, with a projected market increase of 18 percent annually over the next six years, reaching $103 billion in 2024. In light of this recent surge in profitability, DOJ has begun paying extra attention to telemedicine, with at least one recent HHS-OIG report asserting that more than one-third of all telemedicine claims are improper.

The report’s claim is further supported by a recent increase in telemedicine prosecutions. In April 2019, DOJ announced charges against 24 defendants, including owners of various telemedicine companies, for their alleged involvement in a health care fraud scheme resulting in $1.2 billion in loss. This scheme involved the payment of kickbacks and bribes by durable medical equipment (DME) companies to medical professionals working with telemedicine companies, in exchange for the referral of Medicare beneficiaries. DOJ alleges that the defendants paid doctors to prescribe medically unnecessary DME without ever seeing patients or after only a brief telephone conversation. The prosecution involves charges in at least seven districts across the United States, including New Jersey, Florida, Texas, Pennsylvania, and California. Additionally, DOJ prosecuted several other individuals in connection with unrelated telemedicine schemes in late 2018 (see the agency’s press releases here, here and here). In light of this recent trend, companies should exercise extreme caution and consult with regulatory experts prior to opening telemedicine practices. Companies can expect to see increased scrutiny and further prosecution of telemedicine companies moving forward.

Practice Note: DOJ has recently re-emphasized its willingness to exercise significant discretion and reward companies that invest in strong compliance programs. Looking forward, health care companies should maintain detailed and up-to-date documentation of all compliance programs, in case such an FCA case should arise. A lawyer should be consulted if an updated compliance program is needed.

This blog post was originally published in McDermott’s Health Care Enforcement Quarterly Roundup | Q1 2019. Click here to view the full report. 

We are pleased to share that Chambers USA has once again named McDermott Health the only firm to receive a Band 1 national ranking in health care. This year’s Band 1 placement marks 10 consecutive years of securing a top national ranking in this prestigious law firm directory, and the ninth year that we have held this position exclusively. The Health team also garnered Band 1 state-level rankings in California, Florida, Illinois, Massachusetts and Washington, DC—cities and states where we have substantial health law teams—and 29 McDermott health lawyers were ranked individually.

Click here to view the full announcement.