Digital Health

In this bonus edition of our checkup series, Covington’s global cross-practice Digital Health team considers some additional key questions about product liability and insurance coverage that companies across the life sciences and technology sectors should be asking as they seek to fit together the regulatory and commercial pieces of the complex digital health puzzle.

1. What are the key questions when crafting warnings and disclosures?

If your product is regulated, your warnings and disclosures will need to comply with any relevant regulations. In the case of a product not regulated by the FDA or equivalent regulatory body, first consider how your warnings and disclosures will be incorporated into the use of the product.

Some disclosures, like an explanation of the data source used by software, may fit best in terms and conditions that a user sees before using the product. Key warnings, however, may be more appropriately placed as part of the user experience.

Example: A warning that patients should consult their doctors if necessary may need to be placed in proximity to specific medical content.

Best Practice: Consider your intended audience: are you writing warnings for doctors, patients, or institutions? The appropriate types of disclosures will vary across populations. Patient-directed warnings may also need to be written in simplified language.

Best Practice: Consider whether it is appropriate for your product to have users to accept or otherwise be required to agree to the warnings and disclosures.

2. How should you craft contracts with vendors or service providers to control your risks?

When drafting or reviewing a proposed indemnification clause, consider whether the proposed language:

  • will benefit or bind the intended parties, including successors-in-interest;
  • encompasses the intended subsets of costs or expenses from which indemnification will be provided, including attorneys’ fees, internal forensic and other response costs, government investigation costs, and settlements with third parties;
  • the circumstances in which the indemnification obligation will arise, such as upon a suspected network security event or only upon a third-party asserting a claim;
  • the nexus required between the indemnity-triggering event and the indemnity obligation, with common nexus phrases being “directly caused by” and “arising out of” or “in connection with;” and
  • the point when the indemnification will be owed for an indemnity-triggering event such as a network security breach: for example, when a reasonable suspicion of the event arises, or only after proof that the event did in fact take place.

Best Practice: In addition to the indemnification clause, you should consider whether the contract counter-party has sufficient financial resources to fulfill its indemnity obligations. An insurance procurement clause, specifying the types and amounts of insurance coverage the counter-party must carry, is often the best way to back up your indemnification protection. An insurance clause requires careful attention, however, with an eye to the principal risks involved in the particular contract.

It is not enough merely to specify “cyber insurance” in an insurance procurement clause: cyber policies vary as to the categories of risks they cover, and their non-standardized wordings vary in scope and clarity of coverage for those risks. The contract’s insurance procurement clause should specify which cyber-related risks must be insured, and with what minimum limits; and it should permit you to review the actual policies procured, to confirm their suitability.

 The contract should also address whether the counter-party is required to make you an additional insured under its policies. Again, a right to review the actual policies—not merely certificates of insurance—is important to ensure that the policies properly implement the additional-insured requirement.

3. What traps should you look for in your own insurance policies?

Digital health solutions can give rise to a broad range of risks, including alleged data breaches, privacy violations, faulty technology, theft, bodily injury, property damage, business interruption or extra expense, government demands, and shareholder suits. These risks could involve an equally broad range of insurance policies, including cyber, technology errors and omissions, professional liability, commercial crime, media liability, commercial general liability, products liability, property, and directors and officers liability.

Best Practice: In assessing whether and how your insurance coverage aligns with the risks that your particular digital health solution presents, pay close attention to potential gaps between the various insurance policies that are intended to cover those risks, including policies under which your company qualifies as an “additional insured.”

Professional services are often excluded from general and products liability policies on the theory that the policyholder can purchase separate professional liability insurance to cover that risk. But if the definition of “professional services” used in the exclusion to your general or products liability policy is broader than the definition of “professional services” used in the insuring agreement for your professional liability policy, a protection gap may arise between two policies that were meant to provide seamless coverage. Particularly if your company provides post-sale support for a digital health solution, you should carefully review the “professional services” language in all potentially applicable policies to be sure that they are consistent.

Many cyber policies exclude bodily injury, while cyber-related exclusions have recently appeared on many commercial general liability policies, which have traditionally covered bodily injury arising from products. If, for example, a cyber hacker could injure a patient by remotely manipulating the digital settings on your medical device, you should be alert both for injury-related exclusions in your cyber policies and for cyber-related exclusions in your general liability or professional liability policies. If you find an insurance gap, you may need to explore specialty insurance products designed for so-called “cyber-physical” risks.

Best Practice: Make sure you have insurance policy limits that are large enough to match your likely liabilities and that your excess policies are as broad as your primary policy.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Covington Digital Health Team

Stakeholders across the healthcare, technology and communications industries seek to harness the power of data and information technology to improve the effectiveness and efficiency of their products, solutions and services, create new and cutting-edge innovations, and achieve better outcomes for patients. Partnering with…

Stakeholders across the healthcare, technology and communications industries seek to harness the power of data and information technology to improve the effectiveness and efficiency of their products, solutions and services, create new and cutting-edge innovations, and achieve better outcomes for patients. Partnering with lawyers who understand how the regulatory, IP, and commercial pieces of the digital health puzzle fit together is essential. Covington offers unsurpassed breadth and depth of expertise and experience concerning the legal, regulatory, and policy issues that affect digital health products and services. To learn more, click here.

Photo of John Buchanan John Buchanan

John Buchanan, senior counsel in Covington’s Washington office and the firm’s first Insurance Practice Group Coordinator, has represented policyholders in insurance coverage advocacy, dispute resolution and counseling for nearly four decades. His practice has ranged from the early DES and asbestos coverage…

John Buchanan, senior counsel in Covington’s Washington office and the firm’s first Insurance Practice Group Coordinator, has represented policyholders in insurance coverage advocacy, dispute resolution and counseling for nearly four decades. His practice has ranged from the early DES and asbestos coverage litigation to claims for some of the largest cyber losses in history. John has litigated, arbitrated or negotiated a wide variety of complex property and casualty insurance claims, from railroad derailment claims to satellite-in-orbit claims, and from silver-theft claims to cyber claims. The National Law Journal named him an Insurance Trailblazer in 2021, and Best Lawyers has twice named him Washington Insurance Lawyer of the Year. Chambers USA has also consistently recognized him in its national rankings for insurance coverage lawyers (currently as Senior Statesman, previously in Band 1), as have Best of the Best USA, Who’s Who Legal and other peer reviewed lawyer registries.

John became involved with emerging cyber-related coverage issues in the mid-1990s and co-authored one of the earliest treatise chapters on cyber insurance coverage in 2001. Starting with the network intrusion and payment card thefts discovered by TJX in 2006, he has represented policyholders pursuing claims for losses arising from data breaches reported to involve tens of millions of compromised records. John also regularly advises businesses in the management of their cyber and cyber-physical risks, such as those arising from products or services involving the Internet of Things (IoT)-, Artificial Intelligence (AI), Connected and Autonomous Vehicles (CAVs), and the Metaverse or “Web3.”

Photo of Libbie Canter Libbie Canter

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports…

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state privacy laws, including the California Consumer Privacy Act and California Privacy Rights Act.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations.

Photo of Scott Levitt Scott Levitt

Scott Levitt has over twenty-five years of experience representing policyholders in numerous types of insurance coverage claims. These matters include cyber-risk, mass tort, asbestos, silica, mixed dust, environmental, product liability, employment discrimination, errors and omissions, first-party losses, crime and employee dishonesty. Scott has…

Scott Levitt has over twenty-five years of experience representing policyholders in numerous types of insurance coverage claims. These matters include cyber-risk, mass tort, asbestos, silica, mixed dust, environmental, product liability, employment discrimination, errors and omissions, first-party losses, crime and employee dishonesty. Scott has successfully represented policyholders in insurance recovery proceedings in federal and state trial and appellate courts around the U.S., as well as in mediation and international and domestic arbitrations. Scott’s practice often involves negotiating and implementing complex settlements involving multiple parties outside of litigation.

Photo of Emily Ullman Emily Ullman

Emily Ullman has a complex civil litigation practice focusing on products liability and mass torts work, primarily representing members of the life sciences industry and consumer goods manufacturers and suppliers across federal and state courts. In addition, she counsels companies facing transactions, regulatory…

Emily Ullman has a complex civil litigation practice focusing on products liability and mass torts work, primarily representing members of the life sciences industry and consumer goods manufacturers and suppliers across federal and state courts. In addition, she counsels companies facing transactions, regulatory interactions, or strategic decisions that expose them to tort risk.