Technology companies widely use open source software (“OSS”), which carries with it many potential benefits.  It can reduce the time and cost of development, and, to the extent that the code has been vetted by numerous other developers, may contain fewer bugs.  OSS can also reduce dependency upon third party vendors and associated pricing risks.

In the healthcare space in particular, OSS has been cited as one potential way to reduce the cost of developing and delivering digital care solutions, which in turn may mean improved access to or quality of treatment for underserved populations.[1] And indeed, OSS is frequently used in healthcare IT.  In fact, the EHR system for veterans, VistA, is available as open source code[2] and now deployed by a range of healthcare organizations.[3]

Of course, as with any third party technology, when incorporating OSS into a technology, it is important to carefully consider the soundness and security of the OSS code, as well as the legal terms on which the code is made available.  Below we highlight some key considerations for digital health ventures that either currently do or wish to use OSS for their technology: (1) security, (2) how license terms may impact the ability to commercialize the technology, and (3) how the use of OSS may impact corporate transactions, such as mergers and acquisitions.


Continue Reading Open Source Considerations for Digital Health Ventures

According to a distinguished panel of lawyers from MSD and Covington & Burling, companies involved in Digital Health deals need to ask themselves the following questions:

  • What data is required to develop and deliver the Digital Health solution, and does your company have sufficient expertise in-house to analyze the data?
  • What happens if your technology

Digital Health

In the second of a three-part series, Covington’s global cross-practice Digital Health team considers some additional key questions that companies across the life sciences, technology, and communications industries should be asking as they seek to fit together the regulatory and commercial pieces of the complex digital health puzzle.

Key Commercial Questions When
Contracting for Digital

At the beginning of August, the D.C. Circuit found that the fact that a data breach has occurred and individual consumer information has been lost may constitute sufficient injury to confer standing on those individual victims at the pleading stage–irrespective of whether any stolen information has been misused. Specifically, Attias, et al. v. CareFirst, Inc.,

The UK Information Commissioner’s Office (“ICO”), which enforces data protection legislation in the UK, has ruled that the NHS Royal Free Foundation Trust (“Royal Free”), which manages a London hospital, failed to comply with the UK Data Protection Act 1998 in providing 1.6 million patient records to Google DeepMind (“DeepMind”), requiring the Royal Free to sign an undertaking committing to changes to ensure it is acting in line with the UK Data Protection Act.

On September 30,  2015, the Royal Free entered into an agreement with Google UK Limited (an affiliate of DeepMind) under which DeepMind would process approximately 1.6 million partial patient records, containing identifiable information on persons who had presented for treatment in the previous five years together with data from the Royal Free’s existing electronic records system.  On November 18, 2015, DeepMind began processing patient records for clinical safety testing of a newly-developed platform to monitor and detect acute kidney injury, formalized into a mobile app called ‘Streams’.
Continue Reading ICO Rules UK Hospital-DeepMind Trial Failed to Comply with UK Data Protection Law

StartUp Health, a New York-based accelerator, and Rock Health, a San Francisco-based seed fund, each recently released its independent 2015 mid-year report on venture funding and transactional data of the digital health sector.  The following are some key observations:

  • Funding Levels Are Keeping Up With the Record-Breaking Levels in 2014. While this year

Teladoc, Inc. started the long road to an IPO yesterday, announcing that it had taken the first step in the process by submitting an S-1 registration statement — the very detailed disclosure document required by regulators — with the U.S. Securities and Exchange Commission.
Continue Reading Teladoc Embarks on Road to an IPO

StartUp Health, a New York-based accelerator, and Rock Health, a San Francisco-based seed fund, each recently released its independent 2015 first quarter report on venture funding and transactional data of the digital health sector. The following are some key observations:

  • Funding is Down Compared to Last Year’s First Quarter. While 2014 was a record-breaking year for digital health funding—increasing by more than double compared to 2013—both reports show that 2015 is off to a slower start. StartUp Health reported a decrease in overall venture funding in the digital health sector from $1.5 billion in the first quarter of 2014 to $900 million in the first quarter of 2015, while Rock Health, which uses different reporting metrics, reported a decrease from $700 million in the first quarter of 2014 to $630 million in the first quarter of 2015.


Continue Reading Digital Health Venture Funding and M&A Activity in the First Quarter of 2015

Healthcare providers, health plans, and other entities are increasingly utilizing cloud services to collect, aggregate, store and process data.  A recent report by IDC Health Insights suggests that 80 percent of healthcare data is expected to pass through the cloud by 2020.  As a substantial amount of healthcare data comprises “personal information” or “protected health information” (PHI), federal and state privacy and security laws, including the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, raise significant questions for healthcare providers and health plans utilizing the cloud in connection with such data.  Such questions include whether HIPAA requirements extend to cloud providers, how and if entities storing health data on the cloud will be notified in case of a breach, and whether storage of data overseas by cloud providers triggers any additional obligations or concerns.
Continue Reading Moving to the Cloud: Some Key Considerations for Healthcare Entities

The excitement around eHealth innovations was palpable throughout San Francisco this week as the annual JP Morgan healthcare conference flooded the city.  JP Morgan itself offered panels and presentations from industry leaders and emerging companies, while simultaneously occurring conferences, speaker programs, and networking events throughout San Francisco featured discussions on the changing face of healthcare in today’s world of increasing digitization, economic transformation and regulatory oversight.

Major deal announcements were also triggered by the “Superbowl of Healthcare” buzz this week, including scores of new eHealth initiatives and start-ups.  We’ve highlighted a few of the big deals of the week below.

Complex Cross-Disciplinary Approaches: Roche and Foundation Medicine Announce New Partnership

In an approximately $1.2 billion deal, Roche agreed to acquire a majority stake in cancer diagnostic maker Foundation Medicine.  The companies simultaneously entered into a series of commercial arrangements in which Foundation’s tumor analysis and cancer genetics capabilities will be incorporated into Roche’s clinical development platform.  The companies will also collaborate to co-develop novel cancer diagnostics as well as to educate physicians about genetic informatics-based cancer care. 
Continue Reading JP Morgan Conference Highlights eHealth Technologies, Data-Driven Therapeutics