On June 22, 2021, Congressional leaders Diana DeGette (D-DO) and Fred Upton (R-MI) released a bipartisan follow-up to the 2016 21st Century Cures Act“Cures 2.0”—a “discussion draft” at this stage—is intended to build upon the Cures Act.  The draft lays out several notable policies related to digital health, real-world data/evidence (RWD/E), and telehealth, among other provisions:

  • Sec. 301: Report on Collaboration and Alignment in Regulating Digital Health Technologies.  This provision requires FDA to submit a report to Congress on the efforts to ensure collaboration and alignment across FDA offices with respect to the regulation of digital health technologies.  The report must include recommendations on topics such as the use of digital endpoints for regulatory review, the use of digital health technologies in patient-focused development of products, and the use and validation of digital health technology tools (e.g., wearable devices, virtual reality headsets, artificial intelligence-/machine learning-based analytics, cloud services, etc.).  The report also must describe how FDA coordinates with foreign regulators to ensure harmonized regulation and use of such digital health technologies.
  • Sec. 302: Grants for Novel Trial Designs and Other Innovations in Drug Development.  Sec. 302 directs FDA to award grants for “incorporating complex adaptive and other novel trial designs into clinical protocols and applications for drugs pursuant to an exemption for investigational use under section 505(i) of the Federal Food, Drug, and Cosmetic Act . . . or section 351(a) of the Public Health Service Act” and “the collection of patient experience data with respect to drugs and the use of such data and related information in drug development.”  In awarding grants, the provision directs FDA to prioritize the incorporation of digital health technologies and RWE in drug development.
  • Sec. 304: Increasing Use of Real-World Evidence.  This section builds on FDA’s mandate in the Cures Act to establish an RWE Program by requiring (1) FDA to issue guidance on the use of RWE in evaluating the safety and effectiveness of drugs approved pursuant to certain expedited pathways; (2) HHS to identify and implement approaches for using RWE; and (3) HHS to establish a RWE Task Force to coordinate the programs and activities of the Department with regard to the collection and use of RWE.  The RWE Task Force is required to develop and periodically update recommendations on ways to encourage patients to engage in generation of RWE and participate in post-approval clinical trials for collection of RWE.
  • Sec. 402: Strategies to Increase Access to Telehealth Under Medicaid and Children’s Health Insurance Program.  This provision requires HHS to provide guidance to states on strategies for facilitating access to telehealth under the Medicaid and Children’s Health Insurance programs.  This provision also requires studies to be conducted evaluating the impact of telehealth and collaboration among agencies with respect to telehealth services.

Cures 2.0 demonstrates a recognition of the importance of evolving digital health and health data analytics in medical innovation and the delivery of healthcare. Interested stakeholders should consider providing comments to Reps. DeGette and Upton.  Enactment of Cures 2.0, whether as standalone legislation or as part of next year’s FDA medical product user fee reauthorization, would create new opportunities for FDA and HHS to take additional steps to advance digital health policies and initiatives.

In April 2021, the European Commission released its proposed Regulation Laying Down Harmonized Rules on Artificial Intelligence (the “Regulation”), which would establish rules on the development, placing on the market, and use of artificial intelligence systems (“AI systems”) across the EU. The proposal, comprising 85 articles and nine annexes, is part of a wider package of Commission initiatives aimed at positioning the EU as a world leader in trustworthy and ethical AI and technological innovation.

The Commission’s objectives with the Regulation are twofold: to promote the development of AI technologies and harness their potential benefits, while also protecting individuals against potential threats to their health, safety, and fundamental rights posed by AI systems. To that end, the Commission proposal focuses primarily on AI systems identified as “high-risk,” but also prohibits three AI practices and imposes transparency obligations on providers of certain non-high-risk AI systems as well. Notably, it would impose significant administrative costs on high-risk AI systems of around 10 percent of the underlying value, based on compliance, oversight, and verification costs. This blog highlights several key aspects of the proposal. Continue Reading European Commission Proposes New Artificial Intelligence Regulation

On May 3, 2021, the European Commission (the “Commission”) opened a further public consultation (“Consultation”) on the European Health Data Space (“EHDS”).

This follows a consultation earlier in the year, on the Commission’s “Inception Impact Assessment” in relation to the EHDS.  (For further information on the earlier consultation and an overview of the EHDS, please see our blog post available here).

Continue Reading European Commission Conducts Further Consultation on the European Health Data Space Initiative

On February 9, 2021, the UK Government’s Department for Health and Social Care (“DHSC”) announced a review into the efficient and safe use of health data for research and analysis for the benefit of patients in the health sector (“Review”). The DHSC encourages stakeholder feedback in the context of the Review, and will be of particular interest to organisations that have, or seek to have, access to NHS patient data for research purposes.

Continue Reading UK Government Announces Review Into Use Of Health Data For Research And Analysis

The Federal Trade Commission (“FTC”) announced this month a proposed settlement against Flo Health, Inc. (“Flo”), the developer of popular menstrual cycle and fertility-tracking application (the “Flo App”), resolving allegations that “the company shared the health information of users with outside data analytics providers after promising that such information would be kept private.”  The proposed settlement requires Flo, among other things, to obtain review by an “independent third-party professional” of its privacy practices, obtain users’ consent before sharing their health information, alert users whose data was disclosed, and require third-parties that previously received that data to destroy it. Continue Reading FTC Reaches Settlement with Digital Health App, Requires First Notice of Privacy Action

On January 14, 2021, the United States Court of Appeals for the Fifth Circuit vacated a $4.3 million civil monetary penalty that the Office for Civil Rights (“OCR”) of the Department of Health and Human Services (“HHS”) imposed against the University of Texas M.D. Anderson Cancer Center (“M.D. Anderson”).  OCR ordered the penalty in 2017 following an investigation into three data breaches suffered by M.D. Anderson in 2012 and 2013, finding that M.D. Anderson had violated the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information and Technology for Economic and Clinical Health Act of 2009 (“HITECH Act”).  The Court, however, held that the penalty was “arbitrary, capricious, and otherwise unlawful,” in part based on its interpretation of the HIPAA Rules. Continue Reading M.D. Anderson Wins Appeal Over $4.3 Million HIPAA Penalty

On January 6, 2021, the UK’s AI Council (an independent government advisory body) published its AI Roadmap (“Roadmap”). In addition to calling for a  Public Interest Data Bill to ‘protect against automation and collective harms’, the Roadmap acknowledges the need to counteract public suspicion of AI and makes 16 recommendations, based on three main pillars, to guide the UK Government’s AI strategy.

Continue Reading AI Update: The Future of AI Policy in the UK

On January 5, 2021, an amendment to the Health Information Technology for Economic and Clinical Health (“HITECH”) Act was signed into law.  The amendment requires the U.S. Department of Health and Human Services (“HHS”) to “consider certain recognized security practices of covered entities and business associates when making certain determinations” regarding fines, audit results, or other remedies for resolving potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  For organizations subject to HIPAA, the amendment provides substantial incentives to establish or improve their cybersecurity programs.  While it does not establish a complete safe harbor from HIPAA enforcement, the amendment does offer organizations a chance to mitigate financial penalties and other negative regulatory actions that may result from a data breach. Continue Reading HITECH Amendment Provides Some Protection For Covered Entities and Business Associates that Adopt Recognized Security Standards

On December 23, 2020, the European Commission (the “Commission”) published its inception impact assessment (“Inception Impact Assessment”) of policy options for establishing a European Health Data Space (“EHDS”).  The Inception Impact Assessment is open for consultation until February 3, 2021, encouraging “citizens and stakeholders” to “provide views on the Commission’s understanding of the current situation, problem and possible solutions”.

Continue Reading European Commission Conducts Open Consultation on the European Health Data Space Initiative

On 18 January 2021, the UK Parliamentary Office of Science and Technology (“POST”)* published its AI and Healthcare Research Briefing about the use of artificial intelligence (“AI”) in the UK healthcare system (the “Briefing”).  The Briefing considers the potential impacts of AI on the cost and quality of healthcare, and the challenges posed by the wider adoption of AI, including safety, privacy and health inequalities.

The Briefing summarises the different possible applications of AI in healthcare settings, which raises unique considerations for healthcare providers.  It notes that AI, developed through machine learning algorithms, is not yet widely used within the NHS, but some AI products are at various stages of trial and evaluation.  The areas of healthcare identified by the Briefing as having the potential for AI to be incorporated include (among others): interpretation of medical imaging, planning patients’ treatment, and patient-facing applications such as voice assistants, smartphone apps and wearable devices.

Continue Reading AI Update: UK Parliament Research Briefing on AI in the UK Healthcare System