"The global digital health market was valued at USD 111.4 billion in 2019 and is expected to reach USD 510.4 billion by 2025…Different technologies such as mhealth, electronic health record (EHR), healthcare analytics, and telemedicine contributed to the digital health market size .”
VynZ Research, May 2020
1. IP protection: Life sciences businesses typically rely heavily on patent protection to protect their innovation and to recover their R&D investment. However, digital health technologies will require a broader IP strategy as some Digital Health technologies may fall within the exclusions from patentable subject matter (eg as a computer program or a mathematical method in the case of an AI algorithm). Unregistered IP rights may be relied on instead (eg copyright in source code, database rights in structured datasets, and development know-how may be confidential or a trade secret), but a business wanting to rely on these rights will need to put in place certain measures at the outset to demonstrate ownership and to enforce these rights more easily. In addition, if key individuals move to competitors or set up rival businesses, it will be critical to protect valuable business information and police any potential misuse of IP by ex-employees.
2. Data protection: Getting data protection compliance right will be important to mitigate exposure to liability when processing sensitive health data. It will also be critical to engendering trust amongst end users and partners. Amongst other issues, providers must: be alive to the limitations of relying on consent for data processing (such as in the context of clinical trials); ensure that any consents obtained from users are explicit, specific and informed, including in relation to proposed data sharing (see further issue 6 below); ensure that any secondary uses of data (such as for research purposes) are appropriately notified to data subjects and conducted in a way that still enables data subjects to exercise their rights; and appropriately allocate compliance responsibilities to entities impacted by data flows, whether public or private healthcare providers, pharma businesses or other service providers.
3. Tax: Where new IP is created (which, in the context of digital health technologies may consist of a variety of IP rights), companies need to consider whether the ownership and intra-group licensing structure for such IP is aligned with the existing tax structure and if not, analyse what amendments need to be made. Where personalised treatments and solutions are being developed for patients, this drives companies to shift from a “product” to a “products + services” business model and the tax treatment of this new supply chain flow will need to be reassessed. There are also new, significant taxation rules that are expected to come out of the OECD “BEPS 2.0” project which is aimed at addressing the challenges relating to the taxation of the digital economy.
4. Regulatory compliance: Over the past few years, the regulatory framework for digital health technologies has become increasingly dense (with various code and regulations emerging), as healthcare regulators try to catch up with technology in the sector. A key issue will be whether a digital health solution constitutes a medical device under the Medical Devices Regulation (and equivalent laws) recognising that it provides for new, stricter rules on software qualification and classification. Manufacturers may also seek reimbursement of their technologies by private insurers or through public funds. Recent guidelines on the reimbursement of digital health technologies have clarified how market access strategies are expected to be revamped throughout the EU in coming years. Further, in some countries, interactions between patients, patient organisations, healthcare professionals and institutions may be subject to ethical and legal restrictions (see for example, the updated rules of deontological business practice enacted by European and local MedTech industry associations).
5. Product liability: Crucial to the existing product liability regime is the determination of the “producer” of the product, ie the person liable for damages caused by a product defect. Under the Product Liability Directive, a producer is anyone, acting in a professional capacity, manufacturing a product, producing raw materials, or manufacturing a component part of the product. For digital health products there may be many people who meet this criteria and could be involved in litigation: eg the data provider, the software developer, the hardware manufacturer and the company commercialising the solution. In the past, the definition of a “product” under the Directive has been understood to mean products only, not services. It may be unclear whether a digital health technology, which may be perceived as a service or including a service element, even constitutes a “product” under the Directive. In view of these difficulties, the European Commission has recently indicated its intention to address certain aspects of the Directive to ensure that it is fit for purpose in the digital age.
6. Anti-trust: A key antitrust concern for digital health providers will be striking the right balance between data sharing and data blocking. Digital health solutions will often have health data at their core. However, unlike other digital solutions where data liberalisation is generally viewed positively, health data liberalisation is a complex issue. Over-sharing can lead to serious regulatory issues (not limited to antitrust), but under-sharing (or plainly blocking) can lead to a strengthening of market power which could result in market dominance. This does not have to be a bad thing, but it does come with its own set of antitrust issues: notably ensuring the provider does not abuse its dominance. An abuse of dominance is a serious antitrust breach which can result in heavy fines, director disqualifications and/or follow on actions for damages.
7. Employment: The adoption of personalised digital health technologies by employers for use by employees is likely to increase as a result of the pandemic. From heat sensors mapping social distancing in work areas, to monitoring the temperature or stress levels of employees. However, the ability to analyse data via these products (even on an anonymous basis) may increase an employer’s responsibility and risk. An employer may be liable where harm to an employee’s health was reasonably foreseeable, or where support should have been offered because the employer knew or ought to have known that an employee had a disability/long term health condition. As foreseeability depends on what the employer knows (or ought to know) about each employee; access to additional employee data will need to be considered carefully when rolling out such products. Digital health providers should also ensure it is clear that personal health data will not be shared with the employer where that is the case, to help minimise the risk of liability and strengthen an employer’s position.
8. Cybersecurity: Healthcare sector-specific regulations and standards for data and technology are emerging. In the UK, all organisations accessing NHS patient data and systems must comply with a Data Security and Protection Toolkit and take steps to demonstrate that compliance; and a new NHS Digital, Data and Technology Standard Framework is currently in draft form. Moulding digital health solutions to fit the security and other requirements of these instruments will be challenging for all providers, not least those who may have deployed their products and services in other sectors with their own standards and are now seeking to repurpose their offerings in a healthcare context (an example is the rise of “immunity passports” to help alleviate social distancing measures based on existing identity verification technology).
9. Ethics of AI powered digital health: Whilst there is not yet much regulation which applies specifically to the use of AI in digital health, there is an increasing focus on the ethical use of AI both generally and in the healthcare sector. We are seeing increasing scrutiny of bias and discriminatory decision-making by AI systems (particularly involving personal data and/or protected characteristics such as race and gender). As a result of this, there are increasing calls for AI systems to be more transparent or “explainable” (a concept we expect to be reflected in future regulation). Organisations should, therefore, ensure that they are able to explain how their AI systems operate and, in general, implement good governance around the procurement and use of AI.
10. Supply of digital content: There are new EU Directives which are expected to significantly raise the threshold for compliant digital content or services in the EU. For example, the Digital Content Directive, which is required to be transposed by all Member States by 1 July 2021 (and will be in force from 1 January 2022) applies to any digital content or service that constitutes a medical device, such as a health app, that can be obtained by a consumer without being prescribed or provided by a healthcare professional. The Directive will provide for new liability principles, including in cases where traders fail to supply digital (health) content or services in accordance with new standards (eg regarding their description, interoperability, fitness-for-purpose instructions and updates).
Found this article useful? Read others in our TechNotes series.
.jpg?crop=300,495&format=webply&auto=webp)
