Product liability considerations are not likely the first concerns that spring to mind for the many companies working to develop digital health countermeasures and other products related to COVID-19. Yet even while putting together solutions on an accelerated timeline, there are some straightforward actions that companies can take that may reduce litigation risk down the road.
PREP Act Immunity
First, a company preparing medical countermeasures for COVID-19 should consider whether its activities are immune from suit under the federal Public Readiness & Emergency Preparedness Act (“PREP Act”). The PREP Act applies to a broadly defined set of activities related to “Covered Countermeasures,” including “the manufacture, testing, development, distribution, administration, and use of the Covered Countermeasures.” “Covered Countermeasures” include drugs, devices, or biologics used to treat COVID-19, as well as “product[s] or technolog[ies] intended to enhance the use or effect of such” treatments, but only as long as FDA has approved the countermeasure or authorized it for emergency use. The PREP Act also includes other limitations and restrictions, including the requirement that the activity in question must have a nexus with a federal, state, or local government authorization or agreement. However, the immunity it provides, if an activity qualifies, is broad.
Regardless of whether the PREP Act applies to a particular digital health application, developers of such applications should consider other measures they can take to reduce liability risk. Many of the common product liability theories under which a company might be sued, such as design defect and failure to warn, apply a rule of reasonableness, such that a claim often will not succeed if the company took reasonable precautions under the circumstances. What “reasonable” means in this context will depend on the facts of a particular case, but a company can take several steps to increase the likelihood that a potential litigant or court will view its conduct as reasonable. These considerations apply to any digital health solution, but especially in the rapidly-evolving COVID-19 environment where there are unlikely to be clear industry guidelines or precedents to follow.
Accuracy and Understandability
First, a company should ensure that its application provides accurate and understandable information. In addition to carefully reviewing content to confirm its accuracy, a digital health company should conduct testing before consumers use a new product. Similarly, if an application includes medical content, the company should consider consulting with a healthcare professional. Such a consultation will help ensure accuracy and completeness and also mitigate the risk of an allegation that individuals with relevant training and expertise were not involved in the design of the product.
Further, if the application offers medical recommendations or recommendations about seeking medical care, a company should 1) thoroughly vet any external sources for accuracy and 2) transparently inform users about the bases for any recommendations. For example, if the software incorporates (or relies upon) data from external sources, such as the Centers for Disease Control (“CDC”) or the World Health Organization (“WHO”), the application should disclose its use of such sources. The company should also consider taking the additional step of providing links to such external data sources in the application, which could reduce the risk of a failure-to-warn claim by providing the user with additional independent sources of information. Finally, companies should develop and present content with the end user in mind. For instance, the company should present any complex or technical information in a format that an ordinary person could understand. All of the above steps could serve as evidence that the company took reasonable precautions when developing its product.
Warnings and Disclaimers
Additionally, proper disclaimers can reduce potential liability for breach of warranty. Generally, there are two types of warranties: 1) express warranties (statements made by the manufacturer or seller of the product to the consumer), and 2) implied warranties (implied in the sale of the product). A company’s application should explicitly disclaim such warranties, including (in particular) the implied warranties of merchantability and fitness for a particular purpose.
Monitoring for Issues
Finally, a digital health company should consider creating policies and procedures to monitor performance of the application and assess any problems that might arise. Such steps could serve as important evidence that the company behaved reasonably. Ideally, this would include a system for users to report problems or concerns, as well as policies to guide the company’s review of such reports and a notification plan for affected users. Even if a company cannot create such a comprehensive monitoring system, it should at least consider designating an individual with responsibility for monitoring the application’s performance and developing a plan to address any issues that may arise. Further, a company should consider whether any employees — such as those who might review or evaluate medical information from users — should have medical training or be supported by employees with appropriate medical training.
 42 U.S.C. § 247d-6d.
 85 Fed. Reg. 15201.
 85 Fed. Reg. 15,198, 15,199 (Mar. 17, 2020).
 For example, at the time of publication, the CDC maintains a webpage devoted to information on COVID-19. See CDC, Coronavirus Disease 2019 (COVID-19), https://www.cdc.gov/coronavirus/2019-ncov/index.html. The WHO maintains a similar website. See WHO, Coronavirus Disease 2019, https://www.who.int/emergencies/diseases/novel-coronavirus-2019.