Digital Health

In the first of a three-part series, Covington’s global cross-practice Digital Health team answers key questions that companies across the life sciences, technology, and communications industries should be asking as they seek to fit together the regulatory and commercial pieces of the complex digital health puzzle.

Key Regulatory Questions About Digital Health Solutions

1. What are your digital health solution’s intended uses?
Understand whether the components of the solution (or in some cases, the sum of the parts) are regulated by one or more regulatory authorities and, if so, the associated regulatory classification and requirements.

In various jurisdictions, including the U.S., EU, and China, a digital health solution could potentially be regulated as a medical device or a drug-device combination product, or it could be a consumer product not regulated under medical product authorities. Much would depend on the solution’s intended use and functionality, and the claims made by the product’s manufacturer. U.S., EU, and Chinese laws acknowledge that standalone software can be a medical device. A digital health software solution could be regulated as a medical device if is intended by the manufacturer to have a medical purpose or otherwise affect patient care. If the solution is intended to “e-enable” a drug or otherwise intended for use with a drug, it could create a drug-device combination product. In the U.S. and China, such drug-device combinations may be regulated under the drug marketing application or under a separate device marketing application. In the EU, such drug-device combinations are regulated as medicines. Alternatively, the solution could be a consumer product that is not subject to medical product regulation if it is not intended for use with a drug and is positioned as a “lifestyle/general wellness” tool, rather than a tool with a medical purpose.

2. What kind of claims can you make about your digital health solution?
Also establish what level of substantiation is required for those claims. If you are a pharmaceutical company, consider whether your or your collaborator’s digital health solution may impact the marketing of your drug(s) (e.g., would the digital solution be considered by FDA, EMA, DOJ, FTC, China’s CFDA or SAIC and/or another regulatory authority to be drug advertising, promotion, or labeling; does testing it require an investigational application; do you need to file a supplemental drug application or variation to a marketing authorization).

Permitted claims will depend on the regulatory classification of your solution. For example, e-enabling and other digital health components of approved/authorized medicines can create combined drug-device combination products, which will need to comply with U.S. and EU drug laws. This will impact permitted advertising and promotion and will often require specific product labeling. It could also require a supplement or variation to an existing marketing authorization.

In the U.S., if your solution is a medical device, its advertising and labeling will be subject to FDA and/or FTC regulation. Both agencies have authority to take action against false or misleading promotion, including claims that are not supported by appropriate clinical data. There are no harmonized EU medical device advertising rules. You will need to consider at an EU member state level whether there are any restricted audiences before promoting your device. In China, any therapeutic claims would be subject to restrictions under China’s drug and/or device regulations and its Advertisement Law, and CFDA must pre-approve all advertisements and medical information websites.

3. Are your warnings and disclosures tailored to your intended audience and use(s), not merely boilerplate?
Understand whether they reasonably warn about possible adverse health consequences to patients. Even in the absence of regulatory labeling requirements, you may have duties to your customers under tort law or general consumer protection legislation.

The adequacy of warnings will depend on the risk and classification of the solution and the purpose of the disclosure. Different considerations apply depending on whether the disclosure is intended to provide legally mandated information or to warn against unintended uses or functions. For example, in certain instances a manufacturer may accept that its solution is a regulated product and seek to include appropriate warnings in associated materials. In other cases, the solution could be unregulated and warnings and disclosures could be applied as protection against unintended use of the product.

4. What other regulations apply to your digital health solution?
Depending on the nature of the digital health solution, several other laws and regulations may apply. For instance, if the solution is offered through health care providers or health plans or if it interacts with the electronic health record systems of health care providers, compliance with the HIPAA privacy and other data privacy laws, security and breach notification rules may be required.

In the U.S., federal laws intended to protect against fraud and abuse, such as the Anti-Kickback Statute and the Stark physician referral statute, may also be implicated. In addition, consideration should be given to analogous state laws and to state laws governing the practice of medicine.

In the EU, the digital health solution may also be a regulated health service. Many jurisdictions will require that entities or organizations delivering a health service have some kind of register or permit from a relevant regulator. This would include, for example, the Care Quality Commission in the UK, which will register an entity as a health service provider only once it has carried out an audit and subject it to periodic re-inspections. Moreover, if that health service provider wishes to provide services specifically to a national or regional health service provider, it may need to hold other permits or meet certain additional standards.

Additional laws and regulations may also apply in China. For example, similar to the EU, in China health services are subject to strict regulation. These services must typically be managed through an institution with a health care institution license, and advertisements for health services must be submitted by that institution to the provincial-level health authorities for pre-approval. Health information websites must also meet specific regulatory and pre-approval requirements. China’s increasing body of regulation on cybersecurity, Internet information, and health privacy may also impose requirements on the flow of personal health information to and from a medical device or consumer product.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Covington Digital Health Team

Stakeholders across the healthcare, technology and communications industries seek to harness the power of data and information technology to improve the effectiveness and efficiency of their products, solutions and services, create new and cutting-edge innovations, and achieve better outcomes for patients. Partnering with…

Stakeholders across the healthcare, technology and communications industries seek to harness the power of data and information technology to improve the effectiveness and efficiency of their products, solutions and services, create new and cutting-edge innovations, and achieve better outcomes for patients. Partnering with lawyers who understand how the regulatory, IP, and commercial pieces of the digital health puzzle fit together is essential. Covington offers unsurpassed breadth and depth of expertise and experience concerning the legal, regulatory, and policy issues that affect digital health products and services. To learn more, click here.

Photo of Wade Ackerman Wade Ackerman

Wade Ackerman advises companies and trade associations on complex and novel FDA regulatory issues that require coordinated legal, regulatory, and public policy strategies.

Through more than 19 years of experience in private practice and positions within the FDA and on Capitol Hill, Wade…

Wade Ackerman advises companies and trade associations on complex and novel FDA regulatory issues that require coordinated legal, regulatory, and public policy strategies.

Through more than 19 years of experience in private practice and positions within the FDA and on Capitol Hill, Wade has acquired unique insights into the evolving legal and regulatory landscape facing companies marketing FDA-regulated products. He co-leads Covington’s multidisciplinary Digital Health Initiative, which brings together the firm’s considerable global resources to advise life sciences and health technology clients harnessing the power of information technology and data to create new and cutting-edge innovations to improve health and achieve better outcomes for patients.

Until June 2016, Wade served as Senior FDA Counsel to the U.S. Senate Health Education, Labor & Pensions (HELP) Committee Ranking Member Patty Murray (D-WA) and, prior to that, Chairman Tom Harkin (D-IA). While at the HELP Committee, Wade was involved in all major FDA legislative initiatives, oversight hearings, and other Senate HELP Committee activities concerning the FDA and the Federal Food, Drug, and Cosmetic Act. From January 2015 through June 2016, he helped negotiate many of the FDA-related provisions in the 21st Century Cures Act, which included reforms to FDA’s review and approval of new drugs, devices, combination products, and digital health software. He also worked closely with the FDA and other stakeholders as Congress examined legislative reforms in other key areas, including diagnostics and laboratory developed tests, cosmetics, and over-the-counter drugs.

Before taking his Senate role, Wade served for more than five years as Associate Chief Counsel within the FDA’s Office of Chief Counsel. He was responsible for providing legal advice to the FDA’s Center for Drug Evaluation and Research (CDER) and the Office of Commissioner (OC) on a wide range of issues. While at FDA, he also helped to develop and implement the Food and Drug Administration Safety and Innovation Act (FDASIA) of 2012 and the Drug Quality and Security Act (DQSA) of 2013—both significant reforms to FDA’s regulatory authorities.

Photo of Nigel Howard Nigel Howard

For over 30 years Nigel Howard has specialized in technology transactions such as M&A, strategic alliances, licensing, distribution agreements and outsourcing. Clients range from start-ups and emerging companies to international corporations. He has led negotiations of billion dollar service agreements that were critical…

For over 30 years Nigel Howard has specialized in technology transactions such as M&A, strategic alliances, licensing, distribution agreements and outsourcing. Clients range from start-ups and emerging companies to international corporations. He has led negotiations of billion dollar service agreements that were critical to his client, and successfully handled the intellectual property and data issues on over 250 venture capital and M&A transactions.

Nigel is a “tremendous attorney” singled out for his detail-oriented approach, according to clients interviewed by Chambers and Partners. Peer commentators note his admirable commercial awareness, which achieves business-focused results, often in the most challenging of circumstances. He uses his extensive experience with IP and technology to advise on the commercial imperatives underlying these agreements.

Nigel has been ranked by Chambers Global, Chambers USA, Legal 500, Best Lawyers in America, and Who’s Who in American Law. He is frequent speaker on AI, data, distribution, and technology legal issues. His past and current clients include American Airlines, the American Bankers Association, American Express, AstraZeneca, British Airways, Brown Brothers Harriman, Cathay Pacific, Cisco, CoBank, DoubleClick, Etihad, HPE, Farelogix, Iberia, Mars, Merck, Merrill Lynch, Microsoft, NCR, the NFL, Novartis, P&G, Philippine Airlines, Promontory Financial, Singapore Airlines, Teva, TouchTunes, UBS, and Wyeth.

Photo of Daniel Pavin Daniel Pavin

Daniel Pavin advises clients on a wide range of transactions involving intellectual property, technology and data.

He has extensive experience advising pharmaceutical, biotechnology, medical device and technology companies in connection with licensing, collaborations and other strategic agreements. He also advises clients in connection…

Daniel Pavin advises clients on a wide range of transactions involving intellectual property, technology and data.

He has extensive experience advising pharmaceutical, biotechnology, medical device and technology companies in connection with licensing, collaborations and other strategic agreements. He also advises clients in connection with investments, fundraisings and M&A.

Daniel has a particular focus on digital transformation in the life sciences and healthcare sectors, including digital health transactions, and data-driven and AI drug discovery and development projects.

Daniel is one of the leaders of Covington’s global, multidisciplinary Digital Health Initiative, which brings together the firm’s considerable resources across the broad array of legal, regulatory, commercial, and policy issues relating to the development and exploitation of digital health products and services.

Chambers UK (2024) notes, “Daniel Pavin has very strong legal and commercial acumen.” “Daniel Pavin is very knowledgeable about life sciences and the data and digital areas. He sits where tech and life sciences come together.” “He is incredibly knowledgeable. He is very inclusive and happy to draw colleagues into conversations.”

Prior to his legal career, Daniel worked as a computer programmer, developing microscope image processing software. He is the co-inventor of a patented invention in the field of social network analytics.

Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection…

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection laws, and regularly represents clients in responding to investigations and enforcement actions involving their privacy and information security practices.

Lindsey’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of artificial intelligence, data processing for connected devices, biometrics, online advertising, endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, e-mail marketing, disclosures of video viewing information, and new technologies.

Lindsey also assesses privacy and data security risks in complex corporate transactions where personal data is a critical asset or data processing risks are otherwise material. In light of a dynamic regulatory environment where new state, federal, and international data protection laws are always on the horizon and enforcement priorities are shifting, she focuses on designing risk-based, global privacy programs for clients that can keep pace with evolving legal requirements and efficiently leverage the clients’ existing privacy policies and practices. She conducts data protection assessments to benchmark against legal requirements and industry trends and proposes practical risk mitigation measures.