Digital health companies are producing increasingly innovative products at a rapidly accelerating pace, fueled in large part by the expansive healthcare data ecosystem and the data strategies for harnessing the power of that ecosystem. The essential role data strategies play make it imperative to address the data-related legal and regulatory considerations at the outset of the innovation initiative and throughout the development and deployment lifecycle so as to protect your investment in the short and long term.

The Evolution of Digital Health

Digital health today consists of four key components: electronic health records, data analytics, telehealth, and patient and consumer engagement tools. Electronic health records were most likely first, followed very closely by data analytics. Then telehealth deployment rapidly increased in response to both demand by patients and providers, the improved care delivery and access it offers, and more recently, the expanded reimbursement for telehealth solutions. Each component of digital health was developed somewhat independently, but they have now converged and are interrelated, integral parts of the overall digital health ecosystem.

The patient and consumer engagement dimension of digital health has exploded over the last five years. This is due, in large part, to consumer and patient demand for greater engagement in the management of their healthcare, as well as the entry of disruptors, such as technology service providers, e-commerce companies, consumer products companies and entrepreneurs. At this point in the evolution of the digital health landscape, the patient and consumer engagement tool dimension pulls in all other key components and no digital health consumer engagement tool is complete without the full package.

Data Strategies and Collaborations as Key Innovation Ingredients

No digital health initiative can be developed, pursued or commercialized without data. But the world of data aggregation and analytics has also changed significantly and become immensely complex in recent years. Digital health innovation is no longer working exclusively within the friendly confines of the electronic health record and the carefully regulated, controlled and structured data it holds. Today, digital health innovation relies on massive amounts of data in a variety of types, in various forms, from a wide variety of sources, and through a wide variety of tools, including patient and consumer wearables and mobile devices.

Continue Reading Consumer Demand in Digital Health Data and Innovation

Digital health is experiencing a boom in investment as the regulatory environment becomes more supportive of digital health services. But as companies seek to make the most of their funding and protect the innovations that drive their product, it is imperative that they protect their intellectual property from being copied or duplicated by others in the market.

What exactly is IP?

Intellectual Property (IP) is generally non-tangible property. You can hold your laptop in your hands or you can stand on a piece of land — those are both tangible examples of property. Intellectual property cannot be physically held or touched. Protections available for intellectual property generally break down into one of four areas: patents; trade secrets, trademark, and copyright.

Patent protection offers an additional layer of protection for digital health solutions compared to copyrights. For example, a company may be eligible for a patent if it has innovated a new approach to identifying data, a new approach to storing data more efficiently, or a new approach to the data structure itself—those are all ways where innovations could be patentable and help extend protection around data.

How does IP apply to data?

If, in a digital health patent application, a company focuses on innovation for a computer-specific problem—such as keeping data private, keeping data secure, de-identifying data—that is usually a homerun argument to the patent office for crossing the first threshold of eligibility for patenting.

This is one of the few areas where the patent office has made it clear that these ideas and invention types are considered patent eligible. Thereafter, of course, remains the traditional challenge of getting a patent, which is to prove that no one before you has invented what you’ve invented. But lately, in the digital health space, that challenge seems to be less difficult to overcome compared to the eligibility challenge.

How to protect IP

Continue Reading Maximizing Your IP Protections in Digital Health

Digital health companies are producing innovative products at a rapidly accelerating pace and experiencing a boom in investments and demand as the regulatory environment becomes more supportive of digital health services to both improve patient care and stay profitable. Protecting intellectual property (IP) and building a feasible data strategy to support the research and development endeavor are essential steps for companies in their drive toward commercialization and return on their investment. On this episode of the Of Digital Interest podcast, McDermott partners Bernadette Broccolo (Health) and Ahsan Shaikh (IP), explore key issues for digital health companies, their collaboration partners and investors, and start-ups to consider, including:

  • What is currently patent eligible in the digital health space?
  • What patent-eligible trends and opportunities are we seeing?
  • How do laws governing data sharing among digital health collaborators impact the research and development effort and associated IP rights?
  • What challenges and opportunities do artificial intelligence, blockchain and machine learning present for digital health innovators?

Listen now

When it comes to market success for digital tools in the health sector, business strategy can be far more complex than in other industries. Understanding customer-driven market trends is important, but healthcare’s complexity can camouflage customer demand and its regulatory ecosystem adds layers of additional considerations.

Customer Demand and Digital Solutions

The convenience, competitive pricing, answers-at-your-fingertips responsiveness and hyper-personalization delivered by top technology brands and their integration into other industry sectors has created an expectation for digital health solutions that deliver the same experience.

In some instances, consumers are finding the solutions. For example, telemedicine is gaining momentum as consumers discover that digital interactions with high-quality providers are oftentimes more convenient and less expensive than face-to-face encounters. Other tools are providing access to prescriptions, better health condition management solutions, better information sharing enabling smoother transitions among care settings, and more efficiency in everything from hospital operations to scheduling appointments to identifying in-network care options.

When it comes to business strategy, however, digital health solutions need to recognize that consumer pressures are frequently at odds with existing incentives within care delivery systems and, perhaps legal and regulatory requirements. Accordingly, it is critical not just from a compliance perspective but also from a business strategy perspective to navigate the healthcare industry’s unique market and regulatory dynamics.

Balancing Demand with Reality
Continue Reading Digital Health Business Strategy: A Careful Balance

With the California Consumer Privacy Act of 2018 (CCPA) having taken effect on January 1, 2020, the privacy and data security landscape for insurance carriers, producers and insurtech (collectively, “insurers”) continues to grow more complex. A number of states have also recently passed laws regulating data security in the insurance industry, with the first transition period under a number of these laws set to end in 2020. Given the significant amount of sensitive personal information that insurers collect, process and retain, this trend of increased privacy and data security regulation within the insurance industry is likely to continue. To stay ahead of these new privacy and data security requirements, insurers need to take steps now to navigate the increasingly complex regulatory landscape.

How Does the CCPA Impact Insurers?

On January 1, 2020, California became the first state in the United States to enact comprehensive privacy legislation that governs the collection, use and sale of personal information of California residents (i.e., consumers) and households. Personal information is broadly defined as any information that identifies, relates to, describes is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. The CCPA applies to “businesses,” which are for-profit entities that determine the purposes and means of processing consumers’ personal information that do business in California and meet certain applicability thresholds.

Insurers operating in California that meet the CCPA applicability thresholds will be deemed “businesses” subject to a number of obligations under the CCPA, including disclosure obligations and requirements related to consumer privacy rights. While these obligations can be quite onerous, the vast majority of personal information that many personal line insurers collect, process and retain will likely fall under an exemption in the CCPA. The CCPA includes exemptions for:

Continue Reading Privacy and Data Security: 2020 Considerations for the Insurance Industry

The digital health space had a strong start to 2020 with two of the industry’s largest conferences leading the conversation on what’s to come for digital health companies, deals, products and the regulatory outlook in the coming year. The Consumer Electronics Show (CES) launched its Digital Health programming track in Las Vegas this year and the J.P. Morgan Healthcare Conference continued to bring thousands of healthcare investors from numerous sectors together in San Francisco.

On this episode of the Of Digital Interest podcast, McDermott partners Sarah Hogan and Dale Van Demark share their takeaways from the conferences, where they were on the ground and moderating discussions. This episode explores:

  • The role of digital therapeutics in the digital health marketplace
  • The role of the consumer in digital health adoption
  • Forward-looking thoughts on digital health collaborations
  • The importance of data, privacy and trust for the future of digital health solutions

Click here to listen to the full episode.

On January 30, 2020, the US Department of Defense (DoD) released version 1.0 of the Cybersecurity Maturity Model Certification (CMMC) framework, which is available here, with appendices available here. This highly anticipated 390-page release supersedes the prior draft versions, the last of which was released in December 2019. The DoD will begin requiring contractors to obtain certification under the CMMC later this year, giving companies in the supply chain little time to assess their obligations, identify and remediate cybersecurity weaknesses that might preclude their desired certification, retain an appropriate certification vendor and obtain the certification.

This certification process raises a host of legal considerations. For instance, the identification of cyber weaknesses requires a candid and thorough assessment that will result in a list of the areas where the contractor’s cybersecurity is lacking. This list may be critical in mitigating cyber risks, helping to plan for certification and in reducing the business risks that would result from a failed certification effort, but it also can be highly damaging from a legal risk perspective, especially in the hands of plaintiffs’ lawyers or regulators that may want to use it to support allegations of inadequate security. The same information required to support certification could be used to establish that a DoD contractor knew of risks and failed to take action.

These considerations underscore the importance of involving legal counsel in the process and taking steps to support a claim that key self-critical deliverables are protected under attorney-client and/or work-product privileges, while also ensuring that the contractor fully prepares for CMMC certification.

Why Did the DoD Create the CMMC?

The DoD created the CMMC to combat malicious cyber actors targeting intellectual property in the DoD’s supply chain, as such attacks threaten economic security and national security. The CMMC encompasses the security requirements for controlled unclassified information (CUI) specified in NIST SP 800-171 for DFARS Clause 252.204-7012 as well as the basic safeguarding requirements for federal contract information (FCI) specified in FAR Clause 52.204-22.

Continue Reading Tackling Increased Cybersecurity Requirements in the Defense Industrial Base

Throughout the past year, the healthcare and life science industries experienced a proliferation of digital health innovation that challenged traditional notions of healthcare delivery and payment, as well as product research, development and commercialization, for long-standing and new stakeholders alike. Lawmakers and regulators made meaningful progress towards modernizing the existing legal framework to both protect patients and consumers and encourage continued innovation, but these efforts still lag behind the pace of digital health innovation. As a result, some obstacles, misalignment and ambiguity remain, and 2020 will likely be another year of significant legal and regulatory change.

Click here to read our review of key developments that shaped digital health in 2019 and set the groundwork for trends in 2020.

 

The California Consumer Privacy Act (CCPA) has forced companies across the United States (and even globally) to seriously consider how they handle the personal information they collect from consumers. By its terms, however, the CCPA only protects the privacy interests of California residents; other “copy-cat” privacy laws proposed or enacted in other states similarly would only protect the rights of residents of each state. Given the burden on businesses imposed by the rapid proliferation of privacy and data protection laws, including data breach notification obligations, requirements for data transfer mechanisms imposed by international data protection laws (such as the EU General Data Protection Regulation (GDPR)), and the imposition of a variety of data subject rights, a comprehensive US federal privacy bill appears increasingly overdue.

In the past year, US legislators have proposed a wide variety of data privacy laws—none of which seems to have gained significant traction. In November 2019, two new proposals were released in the Senate: the Consumer Online Privacy Rights Act (COPRA), sponsored by Senate Democrats, and the United States Consumer Data Privacy Act of 2019 (CDPA), proposed by Senate Republicans. Both proposals require covered entities to:

Continue Reading Comprehensive Federal Privacy Law Still Pending

The California Consumer Privacy Act (CCPA) is not yet one month old, but movement has already started on a new California privacy law. In November 2019, the advocacy group Californians for Consumer Privacy, led by Alastair Mactaggart, the architect of CCPA, submitted a proposed California ballot initiative to the Office of the California Attorney General that would build upon the consumer privacy protections and requirements established by CCPA. In December 2019, as required under state law, California Attorney General Xavier Becerra released a title for and summary of the proposed ballot initiative, which will be known as the California Privacy Rights Act (CPRA).

Key Provisions of the CPRA

CPRA seeks to give California consumers additional control over and protection of their personal information in five core ways.

Continue Reading CCPA Has Just Gone Into Effect, But Businesses May Need to Prepare for a New California Privacy Law