Digital health solutions are fundamentally transforming the quality and delivery of healthcare. As the doctor-patient relationship evolves beyond the in-person encounter, digitized data and technology have converged with healthcare delivery and payment. Our digital health team works with clients to create solutions that improve access to medical services and engage patients in managing their healthcare, with an eye toward the complex and ever-evolving regulatory considerations affecting healthcare innovation.
We offer guidance on all aspects of digital health, including the formation, financing and governance of business entities, joint venture arrangements, and mergers and acquisitions. Drawing on our vast institutional knowledge and the creativity to drive forward-looking solutions, we counsel clients in a wide range of areas, including development, reseller marketing and distribution arrangements, intellectual property protection and licensing agreements, systems integration agreements, internet and new technology issues, product liability matters, and employment and noncompetition agreements, as well as related personnel issues.
Our team leads emerging and established organizations through the unique—and often unanticipated—transactional, regulatory and compliance challenges they face. Uniting our depth of experience and our ability to anticipate change, we help clients develop creative solutions to the obstacles that slow adoption and growth so they can keep moving forward in an ever-changing industry.
Complex legal and compliance issues surround the acquisition, implementation, use and management of health information technology (HIT). Our team offers advice on key matters in a quickly changing landscape, including patient consent issues involved with health information exchanges; electronic communication issues among and between providers, payers and patients; and matters involving electronic health records (EHRs), health information exchanges (HIEs), and the use and disclosure of protected health information (PHI). We also counsel our clients on compliance with the Health Insurance Portability and Accountability Act, state breach notification laws, Medicare and Medicaid EHR Incentive Program requirements, the False Claims Act, the Anti-Kickback Statute, and other federal and state healthcare regulatory laws.
For clients ranging from physicians, hospitals and health systems to practice management companies, HIT vendors and medical billing companies, we offer skillful support with software and hardware procurement, implementation, service level agreements and warranties, and associated contract and regulatory compliance aspects.
Mobile healthcare devices, including wearables and medical apps, empower patients to better understand their health. These devices capture consumer-generated health data, analyze it and provide mobile feedback to consumers. These mHealth applications may also deliver healthcare information to providers and researchers in order to facilitate efficient coordination of care. Our team assists clients with the transactional and regulatory issues that arise when businesses engage with patients, consumers, providers or researchers about their health needs, whether through mobile devices or other connected devices outside of traditional healthcare provider settings. We also offer counsel on issues arising from emerging digital health tools, such as mobile medical apps, that the US Food and Drug Administration (FDA) may consider regulated devices.
Big Data and Data Strategies
We assist clients with the design and deployment of big data strategies. Supported by a flexible, yet sustainable, privacy and security protection infrastructure, big data strategies can capture, aggregate, transform and analyze key data. Businesses use these sophisticated analytics to effectively implement improvements in healthcare quality, coordination, accessibility and affordability for the benefit of payers, employers and healthcare consumers. Our team helps identify, manage and resolve legal issues associated with high-volume analytics and data mapping, privacy and security protections, data licensing and clinical research activities, including federal and privately sourced data. We also assist in forging collaborations between industry stakeholders to leverage strengths and accelerate initiatives.
Data Privacy/Security HIPAA and State Laws
The Health Insurance Portability and Accountability Act (HIPAA) governs the use and disclosure of identifiable health information. Using our industry-leading best practices, we counsel a diverse range of clients in navigating these complex rules. We conduct audits, develop customized plans, policies and procedures for privacy and security compliance, and even facilitate HIPAA-related training sessions.
If a crisis does arise, we also advise clients regarding security breaches, risk assessment, mitigation and remediation, and negotiate settlements and resolution agreements with the US Department of Health and Human Services Office for Civil Rights. Together with lawyers in our privacy and data protection practice, our digital health team has guided companies through the successful resolution of many privacy and security incidents, including hundreds of incident responses and breach remediation efforts involving PHI. From cyber attacks and malicious insiders, to lost laptops, unsecured data and mailing mishaps, we have handled the full spectrum of information incidents.
We draw on this experience to bring calm to the storm and provide guidance from beginning to end, including developing and implementing effective audits, protection and loss-prevention programs, and simplifying the notification process across jurisdictions.
Bringing the doctor-patient relationship out of the confines of an in-person encounter, telehealth integrates information technology with traditional healthcare and wellness practices. Remote healthcare, also called telemedicine, is changing the way medical services are delivered. Thanks to advances in technology and information systems, these new diagnostic tools and methodologies can improve access to and consistency of medical services—an important benefit to consumers and providers alike. Our clients turn to us for guidance regarding licensure, patient consent and recordkeeping, data privacy, risk mitigation, and navigating the varied state-based regulations and regulatory definitions associated with telehealth. We help assess business strategies and advise on government and commercial reimbursement standards so clients can succeed in this rapidly changing, highly regulated industry.
A regional health services management company in settlement negotiations with the US Department of Health and Human Services, Office for Civil Rights with respect to allegations of HIPAA violations
New Univision Enterprises, LLC, a subsidiary of Univision Communications Inc., in its collaboration with a discount health plan and insurance provider for the creation of UniConsulta, a telehealth program focused on providing virtual care to Spanish speakers via email, text, online chat or phone
A Fortune 500 company in conducting HIPAA-compliance reviews, working with a health IT vendor on the development, deployment and operation of an mHealth app
A Chicago academic medical center on a range of HIPAA and other data privacy and protection matters in response to potential security breaches
A biopharmaceutical company on state and federal data privacy issues in the development of digital health projects
Manufacturers regarding the applicability of FDA medical device regulations to health IT products currently under development
A biopharmaceutical company in negotiating a license agreement for integrated third-party services into a mobile application
An international diagnostics and laboratory services company in negotiating software license agreements with several health IT companies permitting development and distribution of such solutions as integrated services to customers
An EMR company on the regulatory implications of developing a cloud-based software system and drafting data sharing agreements
A large informatics company on the development of a research data acquisition and analysis platform, including federally and privately sourced data
A leading multi-state health insurer responding to two major security breaches affecting more than 100 million people with advice on notification obligations and response to regulatory investigations
A national multihospital consortium with regulatory compliance and contract strategy for a comparative database and decision support system
A large multinational technology company regarding all health care regulatory aspects of its health data analytics software and service lines
An EHR vendor with the creation and deployment of de-identified health data sets from patient information, including HIPAA de-identification opinion, data privacy, and security policies and procedures, as well as agreements with pharmaceutical and biotech companies seeking data set access
Massachusetts eHealth Collaborative as outside general counsel
A nonprofit health system in a transaction to outsource the infrastructure needed to support the system’s enterprise-wide data center for the provider and health plan operations
A life sciences company on the range of transactional and regulatory issues raised by the launch of a Bluetooth-enabled injection device for a biologic product and the related mobile app
A health industry consortium of academic medical centers on the formation of a strategic partnership with another leading consortium to provide enhanced data warehousing and analytical capabilities to health providers across the country
A regional health system in its development of one of the first community health information networks and community clinical data repositories