While digital health innovation empowers us to better manage our health and live more productive lives, it also poses myriad regulatory, strategic and operational challenges. Edited and authored by McDermott’s team of distinguished digital health lawyers, The Law of Digital Health offers an overview of the highly dynamic and integrated components of the digital health ecosystem, with the goal of helping businesses thrive in this ever-evolving landscape. Over five chapters, we explore a broad spectrum of digital health innovation opportunities and the corresponding value proposition; review current and evolving legal and regulatory frameworks, theories, interpretations, and policy and enforcement initiatives in both the public and private sectors; and provide practical planning and implementation strategies for achieving the appropriate balance between the benefits of digital health innovation opportunities and the need to manage associated legal and regulatory risks.
The General Data Protection Regulation (GDPR) establishes protections for the privacy and security of personal data (Personal Data) about individuals in the European Union (EU) single market countries, and potentially affects the clinical and other scientific research activities of academic medical centers and other research organizations in the United States.
This On the Subject includes frequently asked questions that discuss the extent to which United States research organizations must comply with GDPR when conducting research. Future coverage will address the impact of GDPR on other aspects of the United States health care sector.
Enforceable in all EU member states on 25 May 2018, the General Data Privacy Regulation will require action by organisations both inside and outside the European Union to ensure compliance with this far-reaching privacy legal framework. Compliance is even more urgent given that the GDPR provides for large penalties in cases of infringement. As some entities are not yet aware of the extent to which GDPR may be applicable to them, the GDPR expressly applies to organisations established outside the European Union that offer paid or free goods or services to EU data subjects or monitor EU data subjects’ behaviour.
Within this article, we review steps for a risk based, prioritization approach to GDPR compliance and how companies can adjust their policies and practices on a pragmatic basis to help ensure compliance.
As digital health innovation continues to move at light speed, both new and incumbent stakeholders find themselves on a new frontier—one that challenges traditional health care delivery and payment frameworks, in addition to changing the landscape for product research, development and commercialization. Modernization of the existing legal framework has not kept pace with the rate of digital health innovation, leaving no shortage of obstacles, misalignment and ambiguity for those in the wake.
What did we learn in 2017 and what’s to come on the digital health frontier in the year ahead? From advances and investments in artificial intelligence (AI) and machine learning (ML) to the increasingly complex conversion of health care innovation and policy, McDermott’s Digital Health Year in Review details the key developments that shaped digital health in 2017, along with planning considerations and predictions for the health care and life science industries in 2018. Continue Reading On the Digital Health Frontier: Developments Driving Industry Change in 2018
Stephen Bernstein, global chair of McDermott’s Health Industry Advisory Practice Group, sat down with This Week in Health Innovation at the J.P. Morgan Healthcare Conference in San Francisco.
Stephen and Dr. Andre Berger, CEO of National ACO, discussed the role of advancing technologies in enhancing collaboration between key players in digital health—including doctors, heath plans, investors, and consumers and patients—and how digital health is necessary for improving care delivery and managing costs.
Throughout 2017, the health care and life sciences industries experienced a widespread proliferation of digital health innovation that presents challenges to traditional notions of health care delivery and payment as well as product research, development and commercialization for both long-standing and new stakeholders. At the same time, lawmakers and regulators made meaningful progress toward modernizing the existing legal framework in a way that will both adequately protect patients and consumers and support and encourage continued innovation, but their efforts have not kept pace with what has become the light speed of innovation. As a result, some obstacles, misalignment and ambiguity remain.
We are pleased to bring you this review of key developments that shaped digital health in 2017, along with planning considerations and predictions for the digital health frontier in the year ahead.
Blockchain is rapidly becoming the focus of conversations regarding health care disruption, and for good reason. What started out as a means for cryptocurrency is now making waves in a variety of industries, set to revolutionize how data is stored and shared.
The inability to easily and securely store and share data has long been a burden on the health system. Blockchain poses a solution to that through encryption and highly advanced technological assets which open the doors to health care innovation. Today we see blockchain being used with electronic health records (EHRs) so that a patient’s medical history is easily accessible to him/her, as well as his/her doctors, insurance providers, etc. It’s also providing the “how” in implementing value-based payment agreements, which link payment to performance of a drug or medical device. Blockchain is currently being used both in the private and public sectors, including the FDA and the CDC. While the full potential of this new technology is not yet known, the industry seems eager to find out.
Ahead of this year’s J.P. Morgan Healthcare Conference, we sat down with Lee Schneider, our top blockchain thought leader, to talk specifically about how this new technology is revolutionizing (or has the potential to revolutionize) the health care space. Continue Reading Blockchain: Health Care’s Next Great Disruptor?
In the final days of 2017, the vice chairman of the Standing Committee of China’s National People’s Congress (NPC) submitted a report to the Standing Committee of the NPC detailing the Network Security Law enforcement inspection project that began earlier in the year. This inspection had focused on five key points under the government’s overall data protection strategy:
- Legal education
- Supporting laws and regulations
- Protection of critical information infrastructures and the application of graded protection for network security
- Illegal network information
- Personal information protections
As the Federal Communications Commission repeals the Open Internet Order—more commonly known as the net-neutrality rules—health care consumers and providers have been left wondering how this change will affect their ability to receive and deliver health care using digital health tools. In this On the Subject, we outline how changes in internet access will affect digital health and what the regulatory landscape will look like in the coming months and years.
China’s new data protection framework clearly creates a requirement for local storage and conducting a security assessment before personal information or important data is shared with other jurisdictions, but it is currently much less clear what types of entities fall under this requirement.
Localization and Transfer Assessment Requirements Related to CII Operators
Under the People’s Republic of China Network Security Law, also known as the Cybersecurity Law, personal information and important data collected and generated in the operation of critical information infrastructure operators (CII operators) is required to be stored in China and, before providing that information abroad, a security assessment is required to be passed. This new requirement caused a significant amount of concern for entities that fall within the category of CII operators because of the need to potentially restructure their data systems, but there was also a general appearance of acceptance within the business community due to the relatively targeted scope of the definition of CII operators and acknowledgement that critical infrastructures require elevated protections. Continue Reading Transferring Data from China: Who Must First Pass a Pre-Export Security Assessment?