Although the healthcare industry is often focused on the Health Insurance Portability and Accountability Act (HIPAA) and compliance with its privacy regulations, there are many companies that service HIPAA-regulated entities that are not subject to such HIPAA regulations themselves, such as consumer-directed digital health companies, including those providing healthcare-related or focused mobile applications. Given the complexities of complying with various privacy rules, for those working with the healthcare industry or adjacent industries, evaluating their own and their vendor’s compliance with laws when HIPAA does not apply should be an ongoing process as privacy laws evolve.
Tech & Sourcing @ Morgan Lewis
TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
As part of our Spotlight series, Dennis C. Gucciardo, who counsels medical device manufacturers throughout the product lifecycle in the US Food and Drug Administration (FDA) regulatory context, shares insight into some important considerations when creating, reviewing, and implementing medical device product warranties.
Don Shelkey and Ben Klaber will present a continuing legal education (CLE) webinar on digital health transactions on September 14 at 1:00 pm ET.
As we all try to keep up with the Metaverse and as the healthcare system wilts under a data deluge, the convergence of realities in a shared online space is not merely a chance for practitioners and patients to find each other and interact in new ways, it’s also a rare opportunity to help a new paradigm sprout. The answers to detangling some sticky wickets of Health 2.0, like ensuring efficient, secure communications and exchanges between participants, may share a common thread: clear out (not just debug) the cobwebs and flip the crypt.
As we discussed in Part 1 of this blog series, many SaaS providers are seizing opportunities to expand their offerings and become a go-to marketplace or network, but their original contract terms and procedures often don’t fit their evolving business models.
Please join us for some more Morgan Lewis Technology Marathon events.
As more and more SaaS providers, in digital health, fintech, and other industries, look for ways to integrate with and offer third-party applications (in their quest for powerful network effects), they eventually reach a point where the reality contemplated by their original standard terms and the world (or metaverse) of their now-envisioned business model diverge.
As we start 2022, as part of our Spotlight series, we connect with Reece Hirsch, the co-head of Morgan Lewis’s privacy and cybersecurity practice, to discuss the recent policy statement issued by the US Federal Trade Commission regarding the Health Breach Notification Rule and how it applies to health app developers that handle consumers’ sensitive health information. Our Tech & Sourcing @ Morgan Lewis blog also published a summary of the policy statement.
According to recent guidance from the US Federal Trade Commission (FTC), providers of health apps and connected devices that collect consumers’ health information must comply with the FTC’s Health Breach Notification Rule, 16 CFR Part 318, and therefore are required to notify consumers and others when their health data is breached.
As the availability and variety of digital health tools continue to increase, evidence is also being presented that those tools are having a meaningful impact on health outcomes. A recent report, Digital Health Trends 2021: Innovation, Evidence, Regulation, and Adoption, offered by the IQVIA Institute for Human Data Science, looks at the proliferation of digital health tools, recent innovations in the market, and contributions and barriers to their adoption.