DIGITAL HEALTH: PRESENT AND FUTURE By: Erin M. Bosman and Julie Y. Park January 19, 2018
Digital Health Is the Future • Digital health uses software and technology to deliver health care to
patients.
• Includes Internet of Things (IoT) healthcare, wearable technology, medical mobile apps, electronic health records.
• Many current medical devices fall within digital health. But it is an ever growing and expanding market.
• Presents a tremendous opportunity. As it grows, companies must plan ahead to mitigate risks.
Morrison & Foerster LLP 2
Current Digital Health Technology • Even what consumers think of as “traditional” medical devices are
part of digital health:
• Pacemakers
• Glucose monitors
• Blood pressure machines
• X-Ray machines
• MRI
• EKG
Morrison & Foerster LLP 3
Traditional Digital Medical Devices
• Traditional medical devices are increasingly incorporating digital elements or pairing with digital applications.
• For example:
• Medical devices that interface with mobile apps
• Wireless medical devices
• Connected medical devices
• Health IT
Morrison & Foerster LLP 4
• Benefits of incorporating digital elements into traditional medical devices include:
Traditional Digital Medical Devices
Morrison & Foerster LLP 5
Reduced Costs
Personalized Health Data
Efficiency Increased Accuracy
Wearable Devices • Growth in the last decade.
• Fitness trackers expanding into health monitoring.
• Activity
• Calories burned, step count
• Sleep
• Development of sleep tracking and sleep stages
• Heart rate
• News of medical conditions diagnosed
• Further development underway
• Huge potential for development as medical devices.
Morrison & Foerster LLP 6
• Wireless Electronic Skin. New electronic skin devices are designed with soft material that conforms to the body allowing for greater flexibility, smaller size, and more placement options than existing wearable technology.
New Advances in Wearable Technology
• Smart Rings. Smart rings are currently available on the market that offer various health and wellness features, such as activity monitoring, heart rate tracking, and sleep monitoring.
Morrison & Foerster LLP 7
• Seeks to modify patient behavior.
• Provide remote monitoring of conditions such as diabetes, heart disease, and high blood pressure.
• Apps or wearables allow patients to continuously monitor vital stats, ensure adherence to medications, and set prompt reminders.
• Digital therapeutics companies tend to perform clinical trials and seek regulatory approval for their apps in an effort to emulate the drug industry’s practices and standards.
• Global digital therapeutics market is anticipated to reach $9.4 billion by 2025.
Digital Therapeutics
Morrison & Foerster LLP 8
Other Novel Uses for Digital Health • Wearables and Ingestibles with Biosensors
• Diabetes and obesity management
• Quantifying patient adherence to dosing regimen
• Symptom detection
• Biologics: Digital Drug Delivery Devices
• Fully digital, soft mist inhaler
• Delivers different size medication droplets to different areas of the lungs
• Allows users to verify dosage in real time through mobile app
• Opioid Addiction: Controlled delivery – like nicotine patch, with sensors
Morrison & Foerster LLP 9
Medical Mobile Apps • 259,000 mobile health (mHealth) apps in 2016.
• 32.5% annual growth rate; projected $102.43 billion global market (2022).
• Examples:
• InsightOptics • Facilitates vision screening & prompt specialist review to prevent vision loss.
• Primary care physician connects ophthalmoscope to smartphone.
• Video of retina sent to opthamologist for analysis.
• ChronicCareIQ • Lets patients answer questions remotely on a daily basis.
• Medisafe • Virtual pillbox on a smartphone.
• Stores schedules of pills/dosages.
• Differentiates pills by color using image capturing.
• Push notifications on smartphone.
Morrison & Foerster LLP 10
Electronic Medical Records • Electronic Medical Records increasingly common.
• Use has nearly doubled since 2008.
• Growth in use means huge amounts of data.
• EMRs will soon be combined with data captured from wearable technology.
• Health apps communicating with physician’s EMR systems.
Morrison & Foerster LLP 11
• Better monitor patients remotely.
• Expand the reach of patient care to rural areas.
• Improve the amount of data physicians receive.
• Interoperable medical devices have the ability to connect to different technologies and devices.
• These devices can provide valuable data to health care providers and patients, but also have unique safety risks.
Interoperable Medical Devices
Morrison & Foerster LLP 12
• Many medical devices may have interoperable applications, for example:
• Pacemakers
• Blood pressure monitors
• Pulse oximeters
• Ventilators
• Central monitoring stations
• Digital health devices may be considered both consumer products within CPSC’s jurisdiction and medical devices within FDA’s jurisdiction.
• For example: A wearable device that helps users track their heartrate and also claims to be an electrocardiograph monitor.
• Manufacturers of digital health products may need to consider regulations imposed by CPSC, FDA, or both.
U.S. Regulation of Digital Health
Morrison & Foerster LLP 14
Consumer Product Safety Commission • Oversight of most consumer products in the United States.
• Responsible for consumer product safety.
• Currently does not have oversight of other consumer issues (such as privacy), but that might happen in coming years.
Morrison & Foerster LLP 15
FDA’s Digital Health Innovation Action Plan (July 2017)
• An effort to “reimagin[e] its approach to digital health medical devices”
• Precertification Pilot Program
• Focus is on the software or digital health developer, not the product.
• FDA can pre-certify eligible digital health developers to market lower-risk devices without (or with streamlined) FDA review.
• In October 2017, FDA announced 9 participating companies, many of which have tech rather than healthcare origins.
• FDA’s effort to prioritize higher risk products.
Morrison & Foerster LLP 16
Clinical and Patient Decision Support Software • FDA draft guidance issued in December 2017.
• Addresses provisions of the 21st Century Cures Act.
• Clinical decision support software (CDS) is software that intends “to provide decision support for the diagnosis, treatment, prevention, cure, or mitigation of diseases or other conditions.”
Morrison & Foerster LLP 17
• Discusses a related category of software – patient decision support software (PDS) – intended for patients and caregivers as opposed to healthcare professionals.
• FDA clarified the scope of its regulatory oversight of CDS and PDS.
Software as a Medical Device • FDA final guidance issued in December 2017.
• Adopts principles agreed upon by the International Medical Device Regulators Forum.
• Attempt to harmonize and streamline regulation of digital health products internationally.
Morrison & Foerster LLP 18
• Software as a Medical Device (SaMD) is “software intended to be used for one or more medical purposes that perform these purposes without being part of a hardware medical device.”
• Establishes common principles for evaluating safety, effectiveness, and performance of SaMD.
• Provides globally recognized principles for analyzing and assessing SaMD based on the overall risk of the product.
General Wellness Devices • FDA’s policy for low-risk devices.
• Intended use that either:
Morrison & Foerster LLP 19
• Example: A portable product that is intended to monitor the pulse rate of users during exercise and hiking.
• FDA does not intend to enforce Food, Drug & Cosmetic Act against general wellness devices.
• Final Guidance published in July 2016. No FDA action yet for products falling outside of guidance.
• Relates to maintaining or encouraging a general state of health or a healthy activity; or
• Relates the role of healthy lifestyle with helping to reduce the risk or impact of certain chronic diseases or conditions.
Medical Mobile Apps
• FDA guidance issued in 2015; amended by a draft FDA guidance in December 2017.
• Applies to software applications that can be run on a mobile device.
• Mobile apps are medical devices if intend to:
• Diagnose disease or other conditions
• Cure, treat, or prevent disease
• Affect the structure or any function of the body
• Mobile apps are generally not medical devices if they relate to developing or maintaining general fitness, health, or wellness. For example:
• Providing dietary logs or calorie counters
• Tracking general daily activities
Morrison & Foerster LLP 20
• Interoperable medical devices connect across different platforms.
• FDA Guidance on connected medical devices issued in September 2017.
• Encourages manufacturers to consider the following:
• Purpose of the Electronic Interface
• Anticipated Users
• Risk Management
• Verification and Validation
• Labeling Considerations
• Use of Consensus Standards
Interoperable Medical Devices
Morrison & Foerster LLP 21
• FDA issued guidelines for “additive manufacturing” – or 3D printing – of medical devices.
• Makes “patient-matched devices” possible.
• Can facilitate anatomically matched devices and surgical instrumentation by using the patient’s own medical imaging.
• FDA anticipates standard premarket submission process will apply to additive-manufactured devices.
3D Printing of Medical Devices
Morrison & Foerster LLP 22
• Additional considerations for patient-matched devices:
• Effects and necessity of imaging
• Clinical and patient interactions with design models
• Maintenance of data integrity of complex design files
• Cybersecurity of personally identifiable information
FDA Guidance on Cybersecurity • Postmarket Management of Cybersecurity in Medical Devices
(December 2016).
• FDA’s central belief that medical device manufacturers should manage cybersecurity risks.
Morrison & Foerster LLP 23
• Be able to monitor and detect cybersecurity vulnerabilities.
• Understand, assess and detect the level of risk a vulnerability poses to patient safety.
• Have a plan to share information about potential vulnerabilities (known as a “coordinated vulnerability disclosure policy”).
• Send out software patches or other fixes early, to reduce the risk of harm.
25
• Balancing individual privacy with the greater community good that can come from collecting and potentially understanding large amounts of personal data.
• Developing a security infrastructure to prevent wearable technology connected to our physiological system from being hacked, controlled, or mined for data.
• Ensuring transparency of data collection.
• Managing patient expectations
• Self-diagnosis versus physician care
• Preventing patients from neglecting to seek medical treatment
• Weighing Big Data and AI against traditional evidence-based medicine.
Ethical Considerations
Morrison & Foerster LLP
26
• New technology raises unique challenges.
• Wearable technology
• Interoperable medical devices
• Medical mobile apps
Product Liability Claims
Morrison & Foerster LLP
• Increased risk of product liability from constant use by consumers.
• Liability for health-related advice.
• Responsibility for malfunctions resulting in dangerous medical situations.
• Assigning liability among different platforms – who is at fault?
• Complying with FDA Guidance recommendations may help defend against product liability claims.
27
• Consent requirements to continuously collect and process data.
• Ownership of data between individual and device company.
• Duty to inform consumers:
• Who is collecting data?
• What data is being collected?
• How is data being collected?
• Data breaches and identity theft.
Collecting and Processing Data
Morrison & Foerster LLP
• Health data is one of the most heavily regulated types of data.
• Federal and state laws impact health data.
• HIPAA (Health Insurance Portability and Accountability Act)
• State restrictions on the use of medical information
• Security breach laws
Privacy and Security Concerns
Morrison & Foerster LLP 28
29
• HIPAA applies to “Personal Health Information.”
• 18 identifiers that must be removed, and other standards met, for information to be “de-identified.”
• If de-identified, HIPAA no longer applies.
• HIPAA does not apply to all medical information, but rather to information held and processed by certain entities.
• A covered entity is most often a “provider” – someone who provides health care such as a doctor or hospital – , or a “payer” – someone who pays for health for a person.
• HIPAA can apply to other entities, too.
• If HIPAA applies, the Privacy Rule and Security Rule apply.
Application of HIPAA
Morrison & Foerster LLP
• Some medical app developers may be subject to HIPAA.
30
HIPAA requires proper use and protection of PHI and gives patients the right to control how their PHI is collected, used, shared and retained.
HIPAA – Organized into Two Parts
Morrison & Foerster LLP
Privacy Rule Specifies patient rights to authorize how PHI may be collected, used, shared and retained/disposed to protect its privacy Requires information governance to proper manage PHI across its lifecycle
Security Rule
Specifies administrative, physical and technical safeguards to achieve three objectives: Confidentiality (protect ePHI from unauthorized access) Integrity Availability
31
• Many states also restrict the use of medical information.
• These laws typically impose higher burdens than HIPAA.
• In some cases, asking patients for permission to use their medical information is more restricted than under HIPAA.
State Restrictions on the Use of Medical Information
Morrison & Foerster LLP
32
• Connected devices, IoT, and medical mobile apps raise questions about new avenues of liability and concerns about the potential for data breaches and outside interference.
• Healthcare providers accounted for 78% of all reported healthcare breaches in 2016, with hacking being the primary vulnerability.
• As of August 2017: 233 reported breach incidents.
Data Breaches and Cybersecurity
Morrison & Foerster LLP
• October 2016: Medical device maker acknowledged a security vulnerability in its insulin pump.
• January 2017: FDA found certain pacemakers and defibrillators were vulnerable to cybersecurity exploits.
33
• Certain states include “medical information” and “insurance information” within the definition of Personal Information in their Security Breach Laws.
• This means that if a company has this kind of medical information it may have to give notice of a security breach to its customers or individuals.
Security Breach Laws
Morrison & Foerster LLP
34
• Digital health leaves a much larger data trail to consider in litigation.
• Law enforcement
• Private claims
• Data could support defenses in personal injury litigation.
• Patients’ failure to use technology could help support arguments about assumption of risk, proximate cause, contributory negligence, and/or mitigation of damages.
• Data as evidence of injury – or lack thereof – in personal injury cases.
• E.g., a wearable device that tracks motion may be used to show that the plaintiff was able to walk.
• Judges will be asked to analyze complex issues related to possession, custody, and control of digital health data.
Additional Considerations in Litigation
Morrison & Foerster LLP
35
• Digital health presents opportunities and challenges
• Long-term success requires anticipating and planning
• Know the regulatory landscape for potential legal issues
• Consumer product safety
• Drug and medical device safety
• Privacy and data security
• Anticipate other legal risks
• Personal injury litigation
• Foreseeable misuse
• Data breaches and cyber attacks
Conclusion
Morrison & Foerster LLP