Mobile Apps Archives - OF DIGITAL INTEREST

Mobile Apps

Access To Digital Health Applications And Digital Care Applications In Germany

by Stephan Rau | May 17, 2021 | Data Privacy, Mobile Apps, Telehealth

On 20 January 2021, the German Federal Cabinet approved the draft law on the digital modernization of healthcare and nursing care. The draft has been criticized for not taking into account lessons learned from the implementation of the 2019 digital health applications law.

The legally enforceable right of patients insured in the Germany statutory healthcare system (SHI) to be able to access digital health applications (DiGAs) was included in the German SHI code (SGB V) at the end of 2019.

DiGAs are low-risk medical devices (risk class I and IIa) that are primarily based on digital technologies and support the detection, monitoring, treatment, or alleviation of diseases, injuries, or disabilities. Under the SGB V, DiGAs have to be approved by the German Federal Institute for Drugs and Medical Devices (BfArM) and included in the DiGA List before doctors can prescribe them to their patients on an individual basis and at the SHI’s expense. Among the DiGAs listed by BfArM since the first listing in October 2020, are those that support patients with light depression, insomnia, obesity, or tinnitus.

Privacy Considerations for COVID-19 Digital Contact Tracing

by McDermott Will & Emery | Sep 15, 2020 | Data Privacy, Mobile Apps

Generally, contact tracing refers to an effort by public health officials to identify individuals with whom a patient who has tested positive for an infectious disease has been in close proximity. Public health officials will inform these individuals that they were exposed to a contagious patient and encourage them to monitor their symptoms and quarantine for a period of time.

In response to COVID-19, governments around the world have explored using digital contact tracing, by which smartphone users download an application (app) to enable public health officials to track infected individuals’ contacts. In addition, private sector companies are exploring how digital technologies can be used for contact tracing on employees as they reenter the workplace.

(more…)

Uber Criminal Complaint Raises the Stakes for Breach Response

by Todd McClelland, Austin Mooney and McDermott Will & Emery | Sep 3, 2020 | Big Data, Cybersecurity, Data breach, Data Privacy, Enforcement, Mobile Apps

On August 20, 2020, a criminal complaint was filed charging Joseph Sullivan, Uber’s former chief security officer, with obstruction of justice and misprision of a felony in connection with an alleged attempted cover-up of a 2016 data breach. These are serious charges for which Mr. Sullivan has the presumption of innocence.

At the time of the 2016 data breach, Uber was being investigated by the US Federal Trade Commission (FTC) in connection with a prior data breach that occurred in 2014. According to the complaint, the hackers behind the 2016 breach stole a database containing the personal information of about 57 million Uber users and drivers. The hackers contacted Uber to inform the company of the attack and demanded payment in return for their silence. According to the complaint, Uber’s response was to attempt to recast the breach as a legitimate event under Uber’s “bug bounty” program and pay a bounty. An affidavit submitted with the complaint portrays a detailed story of deliberate steps undertaken by Mr. Sullivan to allegedly conceal the 2016 breach from the FTC, law enforcement and the public.

Contemporaneous with the filing of the complaint, the Department of Justice (DOJ) submitted a press release quoting US Attorney for the Northern District of California David L. Anderson:

“We expect good corporate citizenship. We expect prompt reporting of criminal conduct. We expect cooperation with our investigations. We will not tolerate corporate cover-ups. We will not tolerate illegal hush money payments.”

The press release also quoted Federal Bureau of Investigation (FBI) Deputy Special Agent in Charge Craig Fair:

“Concealing information about a felony from law enforcement is a crime. While this case is an extreme example of a prolonged attempt to subvert law enforcement, we hope companies stand up and take notice. Do not help criminal hackers cover their tracks. Do not make the problem worse for your customers, and do not cover up criminal attempts to steal people’s personal data.”

Collectively, the case and statements from the DOJ are probably a unicorn based on, if the facts as alleged are true, a case involving a deliberate cover-up of a data breach in the course of an active FTC investigation. However, many of the statements from the DOJ and the specific allegations in the complaint appear to have potentially far-reaching implications (for companies, their executives and cybersecurity professionals) that breach response counsel must seriously consider in future incidents.

A common question when responding to a ransomware or other cyberattack is whether and when to inform law enforcement. The criminal complaint has the potential to make this an even more difficult decision for future cyberattack victims. Further, while the alleged conduct at issue may seem particularly egregious, the DOJ’s statements could cause a blurring of the lines between what the government may contend is illegal concealment of a security incident and activities generally thought to be legitimate security incident risk and exposure mitigation. We explore these and other key takeaways from the criminal complaint in more detail below.

[...]

Continue Reading

The Toughest Problem Set: Navigating Regulatory and Operational Challenges on University Campuses

by Jennifer S. Geetter and Michael W. Ryan | Aug 27, 2020 | Data Privacy, Mobile Apps, Workplace Privacy

When the academic year ended in the spring of 2020, many US university students assumed that a return to campus would be straightforward this fall. However, it is now clear—at least in the near term—that a return to the old “normal” will not be possible. Some universities have concluded that their best course of action is to offer only distanced learning for the time being. Other universities, however, are welcoming students back onto campus, and into residence and dining halls, classrooms, labs and libraries. Each of those universities is developing its own approach to retain the benefits of on-campus student life while reducing risk to the greatest extent possible; nevertheless, some have had to adjust their plans to pivot to remote learning when faced with clusters of positive cases on campus. One thing is clear: The fall semester will be a real-time, national learning laboratory.

Because widespread, rapid testing remains unavailable in many locations, universities have had to find innovative ways to implement testing, tracing and isolation protocols to reduce the risk of transmission among students, faculty and staff. There is no one perfect protocol—all universities are in unchartered waters. But there are a few key components university administrators may want to consider and address:

Apps: Symptom checkers, contact tracing and other apps can be useful in identifying and focusing attention on the onset of symptoms, fostering accountability and identifying high-risk exposure. In considering whether to incorporate apps and related technologies into their back to campus plans, universities must anticipate and address considerations related to privacy, security and reporting of results, and will need to consider how such apps are hosted (for example, through Apple’s App Store) and whether any third parties will have access to the personal data collected.

Contact Tracing: In addition to the issues noted above, contact tracing efforts also present other challenges, including managing reliability, over/under inclusiveness and liability (for both false positives and false negatives). In addition, the effectiveness of contact tracing is closely tied to its speed and comprehensiveness; to implement a successful contact tracing program, universities will need to balance effectiveness with privacy and autonomy.

CLIA: The Clinical Laboratory Improvement Act (CLIA) will require that many of the tests be performed in CLIA-certified (and state-licensed, where required) space. Universities will need to consider how best to handle building out additional compliant space, creating additional “point of care” testing or specimen collection sites if needed to test students, faculty and staff where they are and validating the test(s) being offered. Tests that are not yet validated likely cannot be used to return patient-specific results that inform student and staff care or be used to prompt “official” testing.

FDA/Emergency Use Authorizations (EUA): In general, the Food and Drug Administration (FDA) expects developers of molecular, antigen and (in the case of test kit manufacturers) antibody tests to obtain an EUA. However, under FDA enforcement policies during the pandemic, many of these same tests—if validated and offered with appropriate agency-mandated disclaimers—can be offered before [...]

Continue Reading

COVID-19 Causing a Surge in E-Commerce—Is Your Website Accessible?

by McDermott Will & Emery | Jun 10, 2020 | Consumer Protection, Ecommerce, Mobile Apps

Stay-at-home orders and business closures during the Coronavirus (COVID-19) pandemic have led to a sharp increase in online shopping. While e-commerce has helped businesses stay afloat during this challenging economic time, there has also been a spike in litigation alleging that certain websites are not accessible to individuals with disabilities. In an article for Bloomberg Law, Jeremy White, Matthew Cin and Brian Long review the legal landscape governing accessibility of websites – including specific rules that apply to the healthcare industry, and explore best practices for companies to mitigate their risk of facing a website accessibility lawsuit.

Click here to read the full article.

Future Forward: Data Arrangements During and After COVID-19

by Stephen W. Bernstein | May 12, 2020 | Big Data, Cybersecurity, Data Privacy, Data Transfers/Safe Harbor/Privacy Shield, General Interest, Mobile Apps, Telehealth

The need for speedy and more complete access to data is instrumental for healthcare providers, researchers, pharmaceutical, biotech and device companies and public health authorities as they work to quickly identify infection rates, disease trends, outcomes, including antibodies, and opportunities for treatments and vaccines for COVID-19.

A variety of data sharing and collaborations have emerged in the wake of this crisis, such as:

Requests and mandates by public health authorities, either directly or via providers’ business associates requesting real time information on infections and bed and equipment availability
Data sharing collaborations among providers for planning, anticipating and tracking COVID-19 caseloads
Data sharing among providers, professional societies and pharmaceutical, biotech and medical device companies in search of testing options, treatment and vaccine solutions, and evaluation of co-morbidities

CLICK HERE TO VIEW THE FULL INFOGRAPHIC.

Is Your Software a Medical Device? FDA Issues Six Digital Health Guidance Documents

by Anisa Mohanty, Michael W. Ryan and Vernessa T. Pollard | Oct 4, 2019 | General Interest, Mobile Apps

The 21st Century Cures Act, enacted in December 2016, amended the definition of “medical device” in section 201(h) of the Federal Food, Drug, and Cosmetic Act (FDCA) to exclude five distinct categories of software or digital health products. In response, the US Food and Drug Administration (FDA) issued new digital health guidance and revised several pre-existing medical device guidance documents. FDA also stated that it would continue to assess how to update and revise these guidance documents as its thinking evolved.

Late last week, FDA issued five final guidance documents and re-issued a draft guidance document to better reflect FDA’s current thinking on software as a medical device (SaMD) and other digital health products:

Most of the guidance documents reflect modest changes to prior draft guidance documents that describe categories of low-risk health and wellness devices that FDA does not intend to regulate. FDA’s new draft Clinical Decision Support (CDS) Software guidance, however, provides a new and more detailed analysis of risk factors that FDA will apply to determine whether a CDS tool is a medical device. FDA updated its previously issued draft CDS guidance without finalizing it. Although the new guidance does not explain why FDA is reissuing the CDS guidance in draft, the new draft guidance seems to reflect the agency’s attempt to better align its definition of non-device software with the often misunderstood and misinterpreted statutory definition of CDS in section 520(o)(1)(E) of the Cures Act. The chart below summarizes the key provisions and changes to these guidance documents.

Digital health products can present a particular challenge for developers and regulators in assessing the appropriate regulatory pathways for a new product. The updated guidance documents reflect the need for a more flexible, risk-based approach to regulation that accommodates a rapidly evolving technological landscape. These documents also reflect what appears to be the new normal for digital health regulation—the need for iterative thinking and ongoing revisions to interpretive guidance documents to keep pace with a constantly changing marketplace.

Click here to read the full client alert on this issue.

Live Webinar: Developing and Procuring Digital Health AI Solutions: Advice for Developers, Purchasers and Vendors

by Jennifer S. Geetter, Jiayan Chen, Michael W. Ryan, Paul W. Radensky, MD, Vernessa T. Pollard, McDermott Will & Emery, Bernadette M. Broccolo, Dale C. Van Demark and Jeremy Earl | Jun 8, 2018 | Cybersecurity, Data Privacy, Data Transfers/Safe Harbor/Privacy Shield, General Interest, Mobile Apps, Telehealth

Join McDermott next Wednesday for a live webinar on the unique considerations in developing and procuring AI solutions for digital health applications from the perspective of various stakeholders. We will discuss the legal issues and strategies surrounding:

Research and data mapping essential to the development and validation of AI technologies
Protecting and maintaining intellectual property rights in AI solutions
Technology development
Risk management and mitigation for various contractual arrangements, including contracts with customers, vendors and users

We will also focus on the trends in US law for AI solutions in the digital health space, and present actionable advice that will help you develop an effective strategy for developing and procuring AI solutions for digital health applications.

Developing and Procuring Digital Health AI Solutions: Advice for Developers, Purchasers and Vendors
Wednesday, June 13, 2018 | 11:00 am CT | 12:00 pm ET
Register Here

Recycle, Recycle, Recycle: Key Considerations for Research, Medical Education, and Other Secondary Uses of Data

by McDermott Will & Emery and Jiayan Chen | Jun 6, 2018 | Big Data, Data Privacy, General Interest, Mobile Apps, Telehealth

The digitization of health care and the proliferation of electronic medical records is happening rapidly, generating large quantities of data with potential to provide valuable insights into disease and wellness and help solve challenging public health problems.

There is tremendous enthusiasm over the possibilities of leveraging this data for secondary use–i.e., a use of data that is distinct from the purpose for which it was originally collected. However, such secondary use is often subject to intersecting legal and regulatory regimes–including HIPAA, the Common Rule, and the Federal Food, Drug, and Cosmetic Act and its implementing regulations–that are not fully harmonized. This lack of harmonization in requirements, coupled with the wide range of industry players involved–including regulators, academic medical centers, health systems, payers, technology companies, manufacturers and industry entities, research institutions, registries, and professional societies, to name a few– presents challenges that require careful planning and implementation. While regulators have recently taken significant steps to reconcile the differences among these laws and provide a path forward for harnessing the potential of big data, some specific requirements within these individual regulations continue to present challenges.

It is critical for academic medical centers and teaching hospitals, which stand at the intersection of government-funded research and industry-sponsored research, and are also paving the way in partnerships with non-traditional health care players—to understand the evolving legal framework and business and compliance imperatives behind the quest for digital health information.

During the AHLA Annual Meeting on Tuesday, June 26, McDermott partner Jiayan Chen will review trends and the value proposition relating to secondary use, with a particular focus on challenges presented by secondary use in the precision medicine and digital health context. Along with co-presenter Leah Voigt, she will explore key regulatory and sub-regulatory developments relating to the secondary use of data under FDA regulations, the Common Rule, and HIPAA, and will also use case studies to explore, in a practical context, the challenges and ambiguities that remain when pursuing internal secondary use initiatives and external collaborations, including implementation and contracting tips, insights, and strategies.

Recycle, Recycle, Recycle: Key Considerations for Research, Medical Education, and Other Secondary Uses of Data
AHLA Annual Meeting, Chicago, IL | June 26, 2018 | 9:45 – 10:45 am | Registration and program details.

McDermott’s Cocktail Reception during the AHLA Annual Meeting
The Art Institute of Chicago | June 26, 2018 | 6:00 – 8:00 pm
Following the programming on Tuesday, we invite you to join us for our annual cocktail reception at The Art Institute of Chicago. We look forward to an evening of networking, cocktails and private gallery tours with our colleagues, friends and fellow AHLA members. RSVP today!

Surfing “Tech’s Next Big Wave”: Navigating the Legal Challenges in Digital Health

by Bernadette M. Broccolo and Lisa Mazur | May 4, 2018 | Big Data, Consumer Protection, Data Privacy, Mobile Apps

Fortune’s April 2018 cover story, “Tech’s Next Big Wave: Big Data Meets Biology,” conveys loudly and clearly that technological innovation is transforming the health care continuum—changing the way care is delivered, as well as how patients manage their ongoing health—and as patient demand for health innovation increases, more companies seem eager to hop on the digital health bandwagon. The article provides a thoughtful, realistic (and somewhat sobering) perspective on digital health innovation’s successes and other results to date. It also quite effectively uses real world stories to convey the human dimension of digital health. One is the story of a mother who manually sampled and recorded her son’s glucose levels 20 times a day before an automated monitoring system connected to a mobile app allowed them both to live their lives without constant interruption by this critical care management function. Another describes use of an artificial intelligence “command center” to expedite access to life-saving surgery by a man with an aortic dissection. These real-world examples drive home the fact that digital health is already making a profound difference in our lives by removing barriers to care that are critical to saving lives and managing chronic diseases.

What the article does not touch on, however, are the myriad, complex legal challenges that must be addressed at the earliest stages of the planning process and the intensifying interest of government oversight and enforcement bodies, such as the Federal Trade Commission, the Food and Drug Administration, the Office of Civil Rights of the Department of Health and Human Services, and the Securities and Exchange Commission, interested in protecting the safety and privacy of patients and consumers. Just last month, we saw the SEC charge Theranos’ CEO Elizabeth Holmes with fraud for allegedly misleading investors about the company’s ability to detect health conditions from a small sample of blood. Earlier this year, another “unicorn” start-up, Outcome Health, settled with the federal government after The Wall Street Journal reported that they allegedly misled advertisers with manipulated information. The United States has also brought claims against the private equity company investor of a compounding pharmacy that allegedly paid illegal kickbacks to marketing firms to induce prescriptions written by telemedicine providers for costly compounded drugs reimbursed by TRICARE.

Opportunities and Challenges of the Patient Data “Gold Rush”

Eric Topol, MD, director at the Scripps Research Institute, told Fortune that “the quest to retrieve, analyze and leverage” data “has become the new gold rush. And a vanguard of tech titans—not to mention a bevy of hot startups—are on the hunt for it.” There is no doubt that harnessing and analyzing big data provide virtually limitless fuel for digital health innovation of the type patients and consumers are demanding and that tech companies are eager to develop and commercialize. While optimism about the quest for big data is certainly justified, it must be tempered by caution and careful consideration of complex, multi-dimensional legal [...]

Continue Reading

Older Posts »

BLOG EDITORS

Amanda Enyeart

Marshall E. Jackson, Jr.

BLOG EDITORS

STAY CONNECTED

TOPICS

ARCHIVES

RECENT POSTS