Digital health is a rapidly emerging field, rich with innovation and promise, where freedom to operate involves a special suite of legal challenges.
The touchstone of this field is the application of digital technology – including software, IT, and analytics, as well as the hardware necessary to support them – to health care. The field includes applications driven by the needs of medical care institutions, such as electronic health record (EHR) systems, health information exchanges (HIEs), and emergency care tracking. It includes applications used by the research and development companies that support the medical care institutions, such as platforms for analysis of genomic data, tools for virtual drug design, and discovery of diagnostic tests. It also includes the burgeoning domain of consumer-focused websites, apps, and gadgets, driven by the interest of individuals in health and wellness.
Investment and innovation in digital health are racing towards their mutual vision of a world where personal health information is gathered, shared, mined, and leveraged for the benefit of individuals, companies, and society as a whole. Funding of start-ups has risen dramatically in the last two years, to almost $2 billion in 2013, with almost half of such companies now in Silicon Valley. In addition, the established giants in the computer and mobile phone industries are fostering development of new ecosystems for yet further innovation. The result is an astounding wealth of new companies with innovative products and services, some disruptive and some mere improvements, whose impact and success remain to be seen.
Legal Challenges for Digital Health Companies
Despite the diversity in their focus, digital health companies share a common suite of legal challenges affecting their ability to operate freely:
- Acquisition of intellectual property. The validity of existing patents and the ability to get new patents on digital health innovations is uncertain in view of recent Supreme Court decisions on the eligibility for patent of innovations involving software, abstract ideas, and natural laws. In addition, copyright generally cannot be used to protect the information content of databases, but the alternative of keeping data as a trade secret limits its utility. Trademark is an important tool but the rapid entry of new companies and products, extensive use of apps, and changes in domain names all demand extra diligence.
- Navigation of regulatory requirements. Whether digital health innovations are subject to FDA regulation is similarly uncertain, due in part to the discretion that can be exercised by the FDA and due also to developing changes in its rulemaking. For example, databases are no longer subject to regulation, but the rules for regulation of mobile medical apps, as outlined in the FDA’s 2013 Guidance, remain open to interpretation. In addition, mobile devices are subject to regulation by the FCC.
- Satisfaction of privacy laws. Much of the information underlying digital health innovations is personal health information. As such, it may be subject to both state and federal privacy laws, including HIPAA and HITECH. A company that is not a “covered entity” subject to HIPAA may still be a “business associate” under HITECH and thereby become subject to HIPAA requirements.
- Avoidance and/or use of the courts. There is already substantial litigation for digital health companies. For example, numerous class actions were filed against 23&me as a result of the warning letter it received from the FDA. In the patent realm, the early acquisition of patents by innovators has resulted in bet-the-company lawsuits among competitors in several areas. In addition, many relatively early software patents foreshadow innovations that are now being developed and commercialized, and are being asserted by monetization entities.
The challenges are not unique to digital health, but their combination may be, and digital health companies need to balance the special risks and demands in the following four areas to remain viable and productive.