On September 28, the governor of California signed into law AB 2089, which expands the scope of California’s Confidentiality of Medical Information Act (“CMIA”) to cover mental health services that are delivered through digital health solutions and the associated health information generated from these services. 

Continue Reading California Expands the Scope of the CMIA to Cover Certain Digital Mental Health Services and Information

Spurred by the realities of the COVID-19 pandemic, FDA has taken a number of regulatory actions to advance the use of digital health technologies (“DHTs”) in clinical trials.  DHTs provide sponsors with opportunities to capture a broader array of information from study subjects than is typically available through traditional study designs.  This includes information from

On September 15, the Federal Trade Commission (“FTC”) adopted, on a 3-2 party-line vote, a policy statement that takes a broad view of which health apps and connected devices are subject to the FTC’s Health Breach Notification Rule (the “Rule”) and what triggers the Rule’s notification requirement.

The Rule was promulgated in 2009 under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act.  Under the Rule, vendors of personal health record that are not otherwise regulated under the Health Insurance Portability and Accountability Act (“HIPAA”) are required to notify individuals, the FTC, and, in some cases, the media following a breach involving unsecured identifiable health information.  16 C.F.R. §§ 318.3, 318.5.  Third-party service providers also are required to notify covered vendors of any breach.  16 C.F.R. § 318.3.

Continue Reading FTC Adopts Policy Statement on Privacy Breaches by Health Apps and Connected Devices

Legislation that would amend California’s Confidentiality of Medical Information Act (“CMIA”) is working its way through California’s Senate and passed in the Senate Health Committee earlier this week.  The proposed bill passed in the state’s Assembly back in April.  Introduced by Democratic California Assemblymember Edwin Chau, who sits on the Privacy and Consumer Protection Committee, the proposed legislation (AB 1436) expands the definition of “provider of health care.”  Under the CMIA, providers of health care are subject to various obligations, including provisions that restrict the disclosure of medical information without a prior valid authorization, subject to certain exceptions.
Continue Reading Proposed Bill Would Expand the Scope of the CMIA

FDA has long recognized the significant potential of artificial intelligence- and machine learning- (AI/ML-) based software as a medical device (SaMD) to transform health care as well as the unique challenges presented by AI/ML-based software under the Agency’s traditional medical device regulatory framework.  On January 12, 2021, FDA issued the Artificial Intelligence/Machine Learning (AI/ML)-Based Software

On September 2, 2020, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) announced a new “Health Apps” feature on the HHS.gov website.  The new website, which replaces the OCR’s Health App Developer Portal, highlights existing guidance for mobile health (“mHealth”) apps regarding the Health Insurance Portability and Accountability Act

On April 14, 2020, FDA issued a direct-to-final guidance outlining its “Enforcement Policy for Digital Health Devices for Treating Psychiatric Disorders During the Coronavirus Disease 2019 (COVID-19) Public Health Emergency.”  The guidance intends to “expand the availability of digital health therapeutic devices” – possibly the first time FDA has used such term in its written policies – to facilitate consumer and patient use and reduce potential exposure to COVID-19.  The guidance applies to two groups of products: (1) computerized behavioral therapy devices and other digital health devices for psychiatric disorders; and (2) low-risk wellness and digital health products for mental health or psychiatric conditions. Like FDA’s many other COVID-19 enforcement policies, the policy will remain in effect “only for the duration of the public health emergency related to COVID-19.”
Continue Reading FDA Issues COVID-19 Policy for Certain Digital Health Solutions

Germany recently enacted a law that enables state health insurance schemes to reimburse costs related to the use of digital health applications (“health apps”), but the law requires the Federal Ministry of Health to first develop the reimbursement process for such apps.  Accordingly, on January 15, 2020, the German government published a draft regulation setting