Digital Health & Artificial Intelligence

We assist clients with:

AI governance

We help life sciences and health care organizations address risks associated with the development and deployment of AI through AI governance programs. Our assistance, for example, involves helping clients to create and document an AI governance team structure, assisting them in preparing and implementing governance and usage policies and procedures tailored to their individual risks and risk tolerance, and providing tools for vendor diligence, contracting, and management. We regularly advise with respect to:  

• ISO and NIST AI frameworks
• The EU AI Act and EU Medical Device Regulation
• FDA law, regulation, guidance, and action plans
• Other U.S. federal and state AI laws and regulations

To learn more about the firm’s broader, industry-agnostic AI capabilities, please visit our Artificial Intelligence page.

FDA and related EU regulatory  

Our FDA and EU regulatory teams are regularly called upon to help clients in the digital health and AI solution space. We routinely counsel on:

• Product classification. Accurate product classification is key because it determines which regulatory regimes apply, the level of scrutiny, and the pathways available. We help clients define and refine intended use, functionality, and marketing to align with regulatory expectations while minimizing the compliance burden where appropriate. We routinely assess whether a digital health product will be treated as a medical device, software as a medical device, an accessory, a wellness product, or a non-device software tool. For example, for clinical decision support, we analyze whether the software meets the criteria for device regulation or falls within an exception.  
• Product/solution launches, including advice on relevant approval pathways and communication with government bodies, and assistance in designing marketing plans that are both compliant and commercially compelling.
• Product claims, which are a critical component of a product launch. We review claims, marketing materials, and websites to ensure they are consistent with the cleared intended use and do not trigger unintended reclassification or enforcement risks.
• Leveraging digital health tools in a compliant fashion to obtain real world data or real world evidence, as well as leveraging AI to zero in on and extract relevant RWD/RWE. We design compliant programs that leverage wearables, patient-reported outcome platforms, electronic health record (EHR) integrations, registries, and remote monitoring systems while meeting regulatory and ethical expectations.

To learn about the firm’s broader capabilities, please visit our FDA & EU Regulatory, Compliance, and Enforcement page.

Telehealth

Telehealth, including telemedicine and telepharmacy, has expanded patients’ access to clinical care, allowing providers and patients to overcome previously challenging barriers, including limited geographic access to care, travel time, possible stresses for the patient, and cost. Along with this provision of health services and the sharing of information come a number of important regulatory considerations for companies, including the safety and security of patient data, U.S. corporate practice of medicine laws and state health care professional licensing concerns, and enrollment and reimbursement issues.

In the United States, our team has been advising on these issues for years and continues to be at the forefront of helping businesses navigate these regulatory challenges. Our specific telehealth capabilities include advising clients on new compliance issues arising from the relevant regulations both in the United States and internationally, including state medical practice, telemedicine, and pharmacy laws and regulations. We also have significant experience representing digital health clients before the Centers for Medicare & Medicaid Services (CMS) in matters relating to Medicare and Medicaid enrollment and reimbursement across multiple states.

As companies explore or enter into new types of service delivery models, they must be acutely aware of the regulatory landscape and state-specific laws governing the operation of digital health businesses. We have significant experience analyzing and understanding the nuances from state to state, having guided clients as they evaluate entering new markets or consider strategic partnerships or other types of business transactions. We frequently advise clients on state laws prohibiting the corporate practice of medicine, and we regularly advise on structuring transactions in ways that will minimize the risk of running afoul of corporate practice prohibitions, as well as relevant federal and state fraud and abuse laws. In addition, we have represented clients in responding to investigations by state agencies and medical boards alleging violations of the ban on corporate practice.

Finally, we regularly advise emerging companies on entering the digital health and telemedicine space, including on state licensure and pharmacy laws applicable to the delivery of telemedicine services and electronic prescribing.

In Europe, our team has also been advising on a range of telehealth activities such as e-prescribing, telephone or electronic consultation, telemonitoring, remote diagnostics, teleexpertise, and teleassistance. Regulatory approaches to telehealth vary significantly by jurisdiction. In the United Kingdom, for example, there is no single, comprehensive statute dedicated to telehealth; rather, the framework is shaped by guidance from health care regulators and industry bodies, together with general health care, medical device, and data protection requirements. We have a deep understanding of this complex and evolving landscape, and we support clients in navigating country-specific rules and expectations. In addition, we advise on how the health technology assessment bodies in major EU member states are developing methodologies for evaluating telehealth products and services, including standalone software and apps, to inform market access, reimbursement, and evidence generation strategies.

Fraud and abuse

We have considerable experience helping digital health clients account for risk when modern technology has far outpaced federal and state regulatory frameworks – and we are counseling more and more clients with AI solutions in this area.  

We tailor our advice under federal and state Anti-Kickback Statutes and other fraud and abuse authorities to consider our clients’ specific technologies, including AI solutions. We have extensive experience counseling on collaboration agreements, value-based arrangements, strategic data partnerships, product/tool development, and commercial strategies for clients with modern technologies and AI solutions or clients contemplating the use of such tools.

To learn about the firm’s broader capabilities, please visit our Life Sciences Manufacturer Regulatory, Compliance, & Operations Counseling page and our Health Care Services Regulatory & Compliance Counseling page.

Payment and reimbursement

We provide our clients with digital health and AI solutions, with advice related to compliance with coding, coverage, and reimbursement requirements and have advised a client with an AI solution on how to obtain coverage and reimbursement for the solution. Our broader digital health work has included advocacy with payors and regulators, including drafting extensive comment letters in response to crucial proposed rulemaking, as well as proposed payor policies that would have drastic impacts on our clients.

To learn more about the firm’s broader capabilities, please visit our Drug & Device Pricing and Reimbursement page and our Health Care Services Regulatory & Compliance Counseling page.

Investigations

Our clients’ technological innovations often outstrip relevant legislation and regulation, which can heighten the likelihood that they receive inquiries, civil investigative demands, and other outreach from governmental bodies, and present challenges in demonstrating compliance with traditional frameworks by which governments are attempting to regulate them. Our team frequently leverages deep understanding of both our clients’ products and solutions and the relevant FDA and related EU regulatory, fraud and abuse, reimbursement, and privacy frameworks to defend our clients in these situations.

To learn more about the firm’s broader capabilities, please visit our Health Care & Life Sciences Investigations page.

Contracts

We help our clients get deals done. We use our legal and technical experience to draft and negotiate sophisticated contract terms for clients that clarify party roles, identify the AI aspects of the solution, allocate intellectual property rights and responsibilities, and protect data. We also advise our clients with respect to tiering risk from AI cases and evaluating the risk from the current contract language as applied to the associated AI use case. For example, deploying generative AI may be a higher-risk use case than deploying predictive AI, and the contract terms should reflect that difference. Finally, our clients appreciate our development of negotiating playbooks so they can handle certain negotiations on their own.  

To learn more about the firm’s broader capabilities, please visit our Life Sciences Commercial Contracting page.

Product liability risk assessment counseling

For MedTech companies navigating the evolving landscape of digital health and AI, we offer comprehensive product liability risk assessments and risk mitigation counsel. Our offering includes a thorough assessment of product/solution design, labeling, and documentation to identify and address potential claims, including failure-to-warn and design defects. We can also benchmark company conduct against prevailing industry standards and regulatory requirements, ensuring your practices are defensible even as technology and laws evolve.  

In conjunction with our regulatory colleagues, we can also advise on regulatory submission strategies, including the implications of FDA review, and help maintain robust documentation to support litigation defense. Our services extend to reviewing scientific literature, ongoing surveillance, and contractual risk allocation with vendors and developers. To further strengthen your position, we assist with incident response protocols (in conjunction with our cybersecurity colleagues), litigation-ready evidence files, and tailored training for legal, compliance, and technical teams.  

Our cross-disciplinary approach prioritizes holistic risk management, empowering your company to innovate confidently while minimizing exposure to product liability litigation in the digital health era.

To learn more about the firm’s broader product liability capabilities, please visit our Life Sciences Product Liability page.

Privacy and data protection

Health data is a key enabler for digital transformation in the industry, and our global team has deep experience in data protection and privacy for health care and life sciences companies in the United States, the European Union, key Asia jurisdictions like Singapore and China, and beyond. We advise on the full range of regulatory, transactional, and litigation needs that may arise as the digital health and AI industry grows and the amount of health care data and regulations around its use continue to change and expand.  

For many innovators in the digital health and AI space, one of the biggest risks stems from the absence of a single health information privacy framework. To help mitigate this risk, we start by identifying our clients’ data strategy goals as well as their current data uses and transfers. We then identify the applicable regulatory regimes (including data privacy and protection, IT security, data sharing, and AI laws) and sources of risk, and work with clients to strategically position their digital health and AI solutions to appropriately maximize access and control of data. This often involves advising on product development and commercial strategies as well as assisting in establishing data governance frameworks for AI projects, including data collection, storage, and use.

We help clients manage risk through strong compliance programs and via contracts with customers, vendors, and users. We support clients as they engage in new and innovative ways of delivering care, contemplate strategic ventures and transactions, seek to anonymize/de-identify and use personal information (PI) or protected health information (PHI), negotiate with and manage third parties who will have access to PI/PHI, and more.  

To learn more about the firm’s broader capabilities, please visit our Health Care & Life Sciences Privacy and Data Protection page.

Transactions

Our team also has the experience to counsel on the corporate, financial, and regulatory aspects of every deal. Our digital health and AI team includes members of our Emerging Companies / Venture Capital (ECVC) practice, who focus on start-ups in the life sciences and health industry and who are well-versed in the unique needs of innovative companies at this stage in their growth. Our ECVC lawyers support investors in these start-ups – including venture capital funds, private equity funds, and corporations that make venture investments – with targeted due diligence, negotiating financing documents and addressing portfolio company matters throughout the life cycle of an investment.  

We are also regularly called upon to perform the regulatory due diligence – among the many aspects of a deal – in a variety of transactions in the digital health space. Finally, our team provides digital health focused integration of target companies and their digital assets when those companies are acquired by large, multifaceted life sciences companies.

To learn more about the firm’s broader capabilities, please visit our Health Care & Life Sciences Transactions page.