The demand for healthcare innovation is driving collaboration between formerly disparate healthcare companies and bringing in new players, such as technology companies and start-ups, into an already complex space. As companies build partnerships and pool resources – particularly healthcare data – data ownership presents numerous challenges that need to be addressed throughout the lifecycle of
Digital health companies face a complicated regulatory landscape. While the opportunities for innovation and dynamic partnerships are abundant, so are the potential compliance pitfalls. In 2018 and in 2019, several digital health companies faced intense scrutiny—not only from regulatory agencies, but in some cases from their own investors. While the regulatory framework for digital technology in health care and life sciences will continue to evolve, digital health enterprises can take key steps now to mitigate risk, ensure compliance and position themselves for success.
- Be accurate about quality.
Ensuring that you have a high-quality product or service is only the first step; you should also be exactingly accurate in the way that you speak about your product’s quality or efficacy. Even if a product or service does not require US Food and Drug Administration clearance for making claims, you still may face substantial regulatory risk and liability if the product does not perform at the level described. As demonstrated in several recent public cases, an inaccurate statement of quality or efficacy can draw state and federal regulatory scrutiny, and carries consequences for selling your product in the marketplace and securing reimbursement.
Tech companies and non-traditional health industry players should take careful stock of the health sector’s unique requirements and liabilities in this area, as the risk is much higher in this arena than in other industries.
This post was guest authored by lawyers from MWE China Law Offices, McDermott Will & Emery’s strategic alliance in Shanghai.
Data compliance in China’s health care industry is multifaceted and highly sensitive, and applies to numerous types of data generated across the continuum of care. Multiple pieces of legislation prescribe complex regulatory requirements governing different types of data, and various supervisory authorities frequently conduct inspections and investigations, paying special attention to health care multinationals with operations in China.
This article explores four key questions on the regulatory requirements for health care data in China, along with key compliance steps for multinationals throughout the entire life cycle of health care data, including collection, storage, transfer and use.
1. What types of health care data are regulated in China? What are the key compliance points related to these types of health care data?
Data compliance rules apply to various sources and types of health care data, including medical record information, medical insurance information, health care logs, human genetic resources, medical experiments and scientific data. The table below lists the various types of health care data governed by China’s laws and regulations related to health care and personal information, as well as the key regulatory compliance focus for each category.
|Category||Definition||Key Regulatory Compliance Focus|
Health Care Big Data
The Administrative Measures on Standards, Security and Services of National Healthcare Big Data (for Trial Implementation)
Data relating to health care generated in the course of disease prevention and control as well as health management
Note: the Measures do not clarify what data qualifies as health care “big” data.
Localisation and storage
Transfer: Cross-border data transfer is subject to security assessment.
Human Genetic Resources
The Interim Administrative Measures for the Management of Human Genetic Resources
|Genetic materials and related information, including organs, tissues, cells, blood, preparations, recombinant deoxyribonucleic acid (DNA) constructs containing human genome, genes and their products.||
Collection: Complex approval procedures are required, and collection by foreign entities or individuals is restricted.
Localisation and storage
Transfer: Approval from administrative bodies is required before cross-border transfer.
The Pharmaceutical Data Management Specification (Draft for Comments)
|Data from all activities in a product’s life cycle, such as R&D, production, circulation, post-marketing monitoring and evaluation.||Laws and regulations on personal information protection, health care big data protection and human genetic information protection, etc., may apply under certain circumstances.|
Medical Device Data
The Guidelines for Technical Review of Network Security Registration for Medical Devices
|Health care data and device data.||Laws and regulations on personal information protection, health care big data protection and human genetic information protection, etc., may apply under certain circumstances.|
The Regulations for Medical Institutions on Medical Records Management
All texts, symbols, graphics, images and slides produced in medical activities by medical personnel, including outpatient (emergency) and hospitalisation medical records.
Medical records are filed as medical history.
Collection: Consent from data subject is required.
Transfer: Medical institutions should keep records strictly confidential except under specific circumstances.
The Measures for the Management of Scientific Data
|Primarily data produced from basic research, application research, pilot development and other endeavours in such areas as natural science and engineering technology science, and the original data and data derived via observation and monitoring, survey and investigation, and inspection and detection that is used for scientific research activities.||Transfer: Data involving state secrets are strictly forbidden to be transferred to a third party.|
2. What are the key compliance steps for health care data collection in China?
Collection of any health care data involving personal information should be based on the three principles of China’s Cybersecurity Law (legitimacy, justification and necessity) and requires the consent of the data subject. The rules, purposes, methods and ranges of such collection should also be disclosed to the data subject.
Collection of human genetic information by foreign entities or foreign individuals is strictly regulated, and such collection is subject to the approval of regulatory authorities.
Multinationals may wish to consider taking the following steps to be compliant with Chinese laws:
Join us on November 8, 2018, for the third installment of McDermott’s live webinar series on digital health. In this installment, partners Bernadette M. Broccolo, Jiayan Chen and Vernessa T. Pollard will explore opportunities for accelerating biomedical research, development and commercialization through digital health tools and solutions, such as end-user license agreements (EULAs), wearables…
Companies looking to enter the digital health field face myriad legal implications unique to doing business in this sector. Whether emerging or established, companies exploring health care opportunities benefit from careful planning around complex issues such as pace of development, reimbursement systems, strategies for responsible data collection and use, and effective corporate compliance programs. In this podcast, McDermott partners Sarah Hogan, Lisa Schmitz Mazur and Dale Van Demark take a closer look at these and other important factors companies should review when contemplating a move into the digital health ecosystem.
Q. What issues should companies consider before they enter today’s digital health care market?
DV: The first and perhaps most important thing to focus on is the business plan. A lot of business plans that may work in other service sectors may not work in the health care industry because of the way that it is structured or because of consumer expectations.
Beyond that, there are real cultural differences that we see technology companies come up against when they enter into the health care market. Frequently, technology companies are used to a very fast pace. They are used to making mistakes and learning from them, and evolving and developing to move forward. The health care industry has traditionally been much slower and more deliberative, with the goal of getting it right the first time being predominant. That cultural difference can cause problems in building relationships and setting expectations for both pace and service levels.
Finally, understanding the complexity of health care infrastructure is very important. Understanding how the health care system works and how your product, service and business plan work within that ecosystem is critical to establishing the relationships you want and really selling into that marketplace.…
The interest in leveraging the value of big data in digital health has become a focus of health care industry mainstays and newcomers alike. Within a challenging regulatory landscape, it is critical for those looking to play in this space to be proactive in planning their data strategy, with an eye towards compliance planning and solid due diligence to maximize its value. In this Q&A, big data thought leaders Bernadette Broccolo and Sarah Hogan, both partners in McDermott Will & Emery’s Health Industry Advisory group, discuss the challenges and opportunities that health industry stakeholders face when stepping into the world of big data.
For information on this topic and to hear the full Q&A with Bernadette and Sarah, listen to the newest episode of the Of Digital Interest podcast. You can access the full episode at here or subscribe to the podcast on iTunes, Pocket Casts or Soundcloud.
Q. Where is the value in big data in digital health? Who is seeing value today and what are their motivations?
BB: The best short answer is that everybody is seeing value – both long standing industry players and newcomers. The real value in big data comes not from raw data or just having a lot of data, but in the ability to use it and mine it, to have it in a form that’s analyzable. What’s very surprising too, in addition to the speed with which the interest in big data has escalated, is who is interested. In the past, one certainly expected academic medical centers and universities that have major research initiatives and clinical trial initiatives to be interested. But now others like molecular lab testing organizations, CLIA regulated laboratories and entrepreneurs are interested in capturing data.
SH: I think one of the surprising players is actually the pharma companies. It may sound odd to say that, but they have a lot of data – including a lot of clinical data – that they’re looking at mining to determine how they can target their therapeutics in a way that helps patients more efficiently. They are looking at themselves and asking “What does the 21st century pharma company look like?”…
As the health industry evolves to meet consumer expectations for better quality, lower-cost and more convenient health care options, the demand for technology-driven innovation is accelerating as is the level of interest and investment among stakeholders or all sorts.
Health systems and other institutional providers are playing a more active investment role in the commercialization of biomedical, digital health, and other important health care discoveries in order to remain competitive, secure their positions as industry leaders and generate growth opportunities. This more active role also affords their internal innovators (e.g., physicians and scientists) to play a meaningful role in accelerating the commercialization of home-grown discoveries that may otherwise be left in “the valley of death” between government-funded basic research and later stage, industry-funded commercialization. Drug and medical device manufacturers, venture capital, private equity firms, large donors and other investors are injecting significant capital into fueling research, development and commercialization of health care technology innovation. On the one hand, health care systems and providers welcome such external co-investors who bring sophisticated expertise in product and market research, technology innovation, valuation and strategy capabilities, as well as access to networks of potential co-investors. For such external co-investors, on the other hand, joining forces with health care institutions affords much needed access to the expertise and thought leadership of clinicians, scientists and health technology innovation; a ready‑made proving ground and “anchor customer” for the product; and the halo effect of the health care provider around the co-investor’s clinical care and research reputation. The theory and the hope is that the combined capital and the different, but complementary, expertise, experience and perspectives of such co‑investors provides a formula for financially successful innovation that is transformative and not merely disruptive.…
The digitization of health care and the proliferation of electronic medical records is happening rapidly, generating large quantities of data with potential to provide valuable insights into disease and wellness and help solve challenging public health problems.
There is tremendous enthusiasm over the possibilities of leveraging this data for secondary use–i.e., a use…
Fortune’s April 2018 cover story, “Tech’s Next Big Wave: Big Data Meets Biology,” conveys loudly and clearly that technological innovation is transforming the health care continuum—changing the way care is delivered, as well as how patients manage their ongoing health—and as patient demand for health innovation increases, more companies seem eager to hop on…
Earlier this month, more than 45,000 attendees descended on Las Vegas, NV, for the nation’s largest annual health care technology conference: the 2018 HIMSS Conference & Exhibition (HIMSS18). Conversations and educational sessions covered a wide range of health tech topics, with thought leaders, solutions developers, health system executives, patient advocates and care providers coming together to discuss the myriad obstacles and opportunities facing the health care technology industry today.
On Tuesday March 6, during the HIMSS conference, McDermott Will & Emery along with our friends at Capstone Headwaters convened a panel discussion on “Financing High-Growth Healthcare IT Companies, which I had the pleasure of moderating. The seasoned mix of health care finance and private equity professionals discussed the various types and sources of capital available to fuel high-growth health IT organizations and how to choose the right mix of capital to support a company’s growth needs. We also reviewed the legal and regulatory implications for investments in health care IT companies, and discussed considerations for optimal positioning in a value-based care environment. …