Digital health companies are producing innovative products at a rapidly accelerating pace and experiencing a boom in investments and demand as the regulatory environment becomes more supportive of digital health services to both improve patient care and stay profitable. Protecting intellectual property (IP) and building a feasible data strategy to support the research and development
On January 30, 2020, the US Department of Defense (DoD) released version 1.0 of the Cybersecurity Maturity Model Certification (CMMC) framework, which is available here, with appendices available here. This highly anticipated 390-page release supersedes the prior draft versions, the last of which was released in December 2019. The DoD will begin requiring contractors to obtain certification under the CMMC later this year, giving companies in the supply chain little time to assess their obligations, identify and remediate cybersecurity weaknesses that might preclude their desired certification, retain an appropriate certification vendor and obtain the certification.
This certification process raises a host of legal considerations. For instance, the identification of cyber weaknesses requires a candid and thorough assessment that will result in a list of the areas where the contractor’s cybersecurity is lacking. This list may be critical in mitigating cyber risks, helping to plan for certification and in reducing the business risks that would result from a failed certification effort, but it also can be highly damaging from a legal risk perspective, especially in the hands of plaintiffs’ lawyers or regulators that may want to use it to support allegations of inadequate security. The same information required to support certification could be used to establish that a DoD contractor knew of risks and failed to take action.
These considerations underscore the importance of involving legal counsel in the process and taking steps to support a claim that key self-critical deliverables are protected under attorney-client and/or work-product privileges, while also ensuring that the contractor fully prepares for CMMC certification.
Why Did the DoD Create the CMMC?
The DoD created the CMMC to combat malicious cyber actors targeting intellectual property in the DoD’s supply chain, as such attacks threaten economic security and national security. The CMMC encompasses the security requirements for controlled unclassified information (CUI) specified in NIST SP 800-171 for DFARS Clause 252.204-7012 as well as the basic safeguarding requirements for federal contract information (FCI) specified in FAR Clause 52.204-22.
The digital health market is expected to grow beyond $379 billion by 2024, with a 27.7 percent compounded annual growth rate over the coming years. This activity is fueled by increasing demand for remote monitoring services, favorable government initiatives and funding, and the proliferation of mobile intelligent devices. An article by Rock Health noted that in 2018, “investors poured nearly $8.1B into the sector, surpassing 2017’s record-setting total of $5.7B by a whopping 42%.”
Amidst this growth, digital health startups are seeking to make the most of their funding and protect the innovations that drive their product. To do so, they must protect their intellectual property from being copied or duplicated by others in the market. Patents offer the strongest form of protection for innovations and can lead directly lead to increased investment. For digital health startups that eventually go public, valuation can reach $1.1 million per software patent application filed.
An issued patent in the United States gives the patent owner a 20-year monopoly right to stop others from making, using or selling the patented invention. A digital health company with a patent on a software feature—for example, a unique approach to dynamically generate a questionnaire based on user information for a remote health consult—has the right to stop competitors from making, selling or using software that includes that feature. Digital health companies, particularly pre-IPO, should develop a patenting strategy to assess how best to protect the innovations that drive their business and increase the company’s monetary value and longevity. If you have ever said one of the following phrases, your company likely will benefit from a discussion with patent counsel on how to protect your inventions:
- We’re the first ones to ever do this.
- None of our competition does this.
- This feature drives a lot of business to our company.
- This feature was really hard to implement, but we found a way to do it.
Planning to be in the Chicago area on June 4? Register to attend this interactive panel discussion regarding best practices for social media policies. The panelists multi-disciplinary perspective will include privacy, intellectual property and employment law issues related to the use of social media in the workplace.
For more information and to register, click here