330 likes | 345 Views
Managing Emerging Technology In Healthcare. Moderator : Pamela Labaj, Senior Counsel, Panasonic Panelists - Thomas Strachan: VP, Legal, Compliance, Payor Relations, Preventice Solutions Group - Brandy Canady: Assoc. General Counsel, Contracts & Transactions, Presence Health
E N D
Managing Emerging Technology In Healthcare Moderator: Pamela Labaj, Senior Counsel, Panasonic Panelists - Thomas Strachan: VP, Legal, Compliance, Payor Relations, Preventice Solutions Group - Brandy Canady: Assoc. General Counsel, Contracts & Transactions, Presence Health - Jerry Kolosky: Senior Healthcare Advisor, Panasonic - BeniSurpin: Partner, Foley & Lardner LLP
Managing Emerging Technology in Healthcare SUMMARY INTRO Medicine is a science and thus is data driven Collection, analysis and use of data is essential to enabling appropriate diagnosis, treatment, prevention and cure of disease for patient and populations Emerging technology is enabling unprecedented changes at a record pace in all aspects of healthcare: delivery of healthcare improvements in patient outcomes with reduced costs introduction of incentives and penalties to effectuate desired migration from a fee for service model to a value based reimbursement solution involvement of patients with their own data collection accelerated communication of increased quantities and quality of health-related data between patient and physician, physicians (EMR/EHR), providers, payers, across the ocean(s), etc. expanded and multi-locational storage of and access to health-related data
Managing Emerging Technology in Healthcare SUMMARY(continued) Data privacy and security is a critical concern to providers, payers, patients and regulators (U.S. and OUS) Ever increasing need for international expansion vs. conflicting or varying data privacy, IP and related individual country regulations Rapidly Emerging Technology in Healthcare Telemedicine technology option designed to improve patient health, throughput and patient satisfaction includes two-way, real-time and near real-time interactive communication between patient and physician decreases costs associated with traditional F2F provision of medical care requires appropriate hardware, software, workflow and clinical/practitioner integration Medical Devices – hardware (FDA, CE, FCC, etc.) Remote diagnostic cardiac monitor (safety, functionality, design control) External (Holter, cardiac event, mobile cardiac telemetry) Internal (implantable)
Managing Emerging Technology in Healthcare SUMMARY(continued) Software device (algorithms) client or cloud-hosted applications (location of server/data access points) services (remote cardiac monitoring services) mobile applications (end-user centric) sharing of patient data (across-borders)
Managing Emerging Technology in Healthcare CHALLENGES No workable plan to migrate from emerging technology to consistently useful, cost-efficient output for patients, physicians Limited and reactionary collaboration between interested parties Danger of short-term thinking in a healthcare world currently evolving around emerging and inherently limited life technology rapid obsolescence of devices (hardware) and software creates obstacles to long-term planning and risk management Healthcare system currently lacks workable/scalable legal and compliance best practices system does not yet cause or enable medical device manufacturers, software developers, providers, sub-providers, payers, regulators, etc. to be on the same page about emerging technology, costs, value-based reimbursement (codes, payment, etc.), use and related guidelines Limitation of laws, regulations (FDA, FCC, CMS, HIPAA, etc.) Gaps and inconsistencies in varying medical reimbursement policies creating obstacles and confusion
Managing Emerging Technology in Healthcare CHALLENGES (continued) Increasing threat of data breaches, hackers, phishing, ransomware need for privacy and security of patient data (e.g. medical devices, software, international implications) create potential roadblocks Varying and inconsistent regulations, policies and organizational expectations related to necessary and required protection for patient data Reimbursement/Payment Data Disconnects Technology has sped past reimbursement structure Medicare/private payer prohibitions related to patient data access/use need for increased education of payers by certain technology/services providers (investigational/experimental) inadequate direct involvement of practitioners with payers Limited Workable/Scalable Guidelines for technology, data security, reimbursement/payment, etc. Intellectual Property Obstacles sole/joint ownership challenges (i.e. cloud-based platforms deliverables when dealing with source code) international implications for use of emerging technology OUS
Managing Emerging Technology in Healthcare SOLUTIONS (macro: system-wide) Foster pro-active communication, education, collaboration between all interested parties despite varying motivations create mutually beneficial environment for consistent development and application of clinical guidelines, protocols, medical policies, reimbursement standards Enable greater data predictability to allow for improved day to day analysis/response Redirect focus towards “big picture” data collection solutions data collected should be most relevant, most reliable – for proper diagnosis, treatment and for predictability analysis include viable, measurable data points – reduce admissions and readmissions for patients and populations push for review/revision of existing federal, state, international regulations – accommodate existing data privacy concerns and allow for expansion to predictable future environments
Managing Emerging Technology in Healthcare SOLUTIONS (micro: organizational/enterprise-level) Design appropriate processes to consistently identify, mitigate risk create and communicate appropriate risk assessment and incident response guideline train, test, retrain, ensure compliance facilitate expedited means to make necessary changes to policy Create environment of collaboration between Legal and IT include Legal/Compliance Groups early and often at front end of business discussions/decisions related to uses of technology foster continued open lines of communication between groups ensure appropriate data integrity, privacy, security Require collaboration between varying providers and partners review existing EMR/EHR systems create workable, scalable standards Be prepared to have difficult discussion about privacy, security, data liability (OUS), shared IP rights, costs, reimbursement
Managing Emerging Technology in Healthcare SOLUTIONS (micro: organizational) Understand and monitor IT and network risks AND review insurance coverage ensure insurance policy includes adequate “cyber insurance” to protect organization from data breaches, network security failures, etc. – beware of exclusions! conduct cyber risk assessments, incident response planning Communicate and educate Board of Directors to relevant technology changes in healthcare, regulatory landscape, applicable risks, proactive solutions, mitigation, etc. be proactive, fiduciary duties, director liability Revise contract forms as necessary to include reasonable T&Cs Expedites negotiations Seek and engage knowledgeable and experienced business partners outside counsel, IT/security, audit, experts
Emerging Care Delivery Model Telemedicine cart/robot Patient Portal & App Wearable/Monitoring Device
limited FDA regulation encourages innovation • Degree to which developer(s) can shift liability • accuracy/reliability of warranties regarding effectiveness/efficacy; evidence-based representations • liability may extend outside stream of commerce Provider Liability for Mobile & Emerging Health Technology • HIPAA regulatory enforcement • increasing FTC activity in assuring privacy/security of health care services • private right of action under state law • interactions with other systems & products • right to data • institution’s vicarious liability for a provider’s actions • nexus between patient and provider • provider’s engagement with a specific patient’s case • Prevailing standards of care for prescription/recommendation (or lack thereof) of apps/devices
Contracting for Security* *See “Buying IoT Technology: How to Contract Securely, Merker, Nicholas R., Law360, June 17, 2016 (available at: http://www.law360.com/articles/808010/buying-iot-technology-how-to-contract-securely)
An Opportunity for Transformation An unsustainable system must either change, or break down Aging societies & the “Tectonics of Demography” Example: Retirement of Baby Boomers 80% of age 65+ suffer from one or more chronic conditions – as do many of the poor CCM 75% of the US healthcare spend.
Within 25 Years, In Japan... • Seniors will outnumber children age 15 and under by more than 4 to 1 • 40% of Japanese will be 65 or older • Younger generations of Japanese face significant decline in standard of living due to the "Parent Care Tsunami"
The Inevitability of Change • Pressing need for innovative models of care delivery supported by contemporary technologies • Emergence of value-based reimbursement, payer-provider alliances, & patient self-management • Healthcare transformation will require secure, networked technologies, a flexible legal & policy framework, user experience optimization & technical / workflow interoperability across the continuum-of-care
A Population Health Framework • Imperatives of the “Triple AIM” • Per-Capita Cost Reduction • Improved Outcomes • Enhanced Patient Satisfaction • Chronic Care Management • Informed Care Transitions • Health & Wellness • Fusion of Clinical, Behavioral, & Social Factors
State Level Policy Initiatives • Medicaid Innovation • Private Payor Telehealth Reimbursement Parity • Subsidies for Rural & Urban Broadband • State Boards of Medicine Licensing • Health Information Exchange • Community Service Organizations • Innovation Partnerships
Federal Policy Initiatives • Medicare • Increased support for remote patient monitoring services in conjunction with accountable care, bundled payments and other coordinated care models • Telehealth Reimbursement for Critical Access • Lift Restrictions for “Originating Sites” (e.g. Home) • FCC Support for Broadband Expansion • Veterans Health Initiatives • Standards for HIE and Interoperability
Data Monetization and Privacy/Cybersecurity Agenda • Data Monetization • Extracting Value from Connectivity • Monetizing Device Health Data • Data Ownership and PHI Restrictions • Privacy and Cybersecurity • Legislative and Regulatory Overview • FDA & FTC Regulations • Privacy Requirements and FDA Guidance • Cost of Data Breach • Guidance for Businesses
Data Monetization: Extracting Value from Connectivity • Use of IoT in healthcare expected to grow to $117B revenue by 2020 • “Big Data” analytics from health care information could be worth $9 billion to U.S. public health surveillance (by improving detection of and response to infectious disease outbreaks) and $300 billion to American health care in general (McKinsey & Company Data Valuations) • BUT most organizations have yet to derive significant commercial value • More than 200 businesses created since 2010 developing innovative tools to make use of available health care analytics • Companies offer platforms to connect disparate data from across IoT devices for actionable insights (patterns, diagnoses), and turn these into revenue through productized services for external business partners and clients • Hospitals are able to run more efficiently and improve quality of care
Data Monetization: Monetizing Device Health Data Areas in which health care data can be monetized: • Mobile Applications • Web Based Technologies • Technology/infrastructure – Data storage, Security and access • Expanding Data Access and Scaling Data Use • Marketing and Sales • Research • Data Analytics
Data Monetization: Data Ownership and PHI Restrictions • HIPAA only applies to medical devices (as defined by the FDA) that send data directly to a covered entity: • Patients own their own Health Information • State law may assign ownership to records that contain Health Information • HIPAA does not apply for most other wearables, personal “medical” devices, and other health related platforms used by consumers: • Consumers generally own this data, but may be modified by the manufacturer’s Terms of Use • Most emerging technology Terms of Use have broad use rights for the vendor, even if they don’t change the ownership. Vendors own derivative works created from the exploitation of the licensed data • May include “social media” applications like FitBit, Jawbone, etc. • HIPAA Final Omnibus Rule (2013) restricts covered entity from selling identifiable PHI or using PHI for marketing communications without permission from the individual • But if PHI is properly sold to a third party not covered by HIPAA (e.g. data analytics company), third party may use, disclose or sell the data • Sale of de-identified PHI is permissible
Privacy and Cybersecurity: Legislative and Regulatory Overview • FTC Act • FDA (FDA Guidance on Mobile Medical Applications) • HIPAA & HITECH • Children’s Online Privacy Protection Rule (COPPA) • European GDPR
Privacy and Cybersecurity: FDA & FTC Regulations • FDA has power to dictate cybersecurity and privacy requirements of regulated medical devices (subject to pre-marketing and post-marketing regulatory controls) • Many devices sold directly to consumers explicitly disclaim their device is a medical device • FTC has power to hold organizations responsible for their cybersecurity and privacy practices under Section 5 “unfair and deceptive practices”
Privacy and Cybersecurity: Privacy Requirements and FDA Guidance • HIPAA Privacy Rule (for Protected Health Information) • If device is a “Medical Device,” information collected is likely governed by HIPAA as PHI • FTC Section 5 (for other types of information not regulated by HIPAA) • European GDPR and restrictions on data transfer • FDA recommends medical device manufacturers proactively plan for and assess cybersecurity vulnerabilities consistent with the FDA’s Quality System Regulation • Implement core principles of identify, protect, detect, respond, and recover from NIST’s Framework for Improving Critical Infrastructure Cybersecurity • Understanding, assessing and detecting presence and impact of a cybersecurity vulnerability • Define essential performance and develop mitigations to protect, respond and recover from cybersecurity risk
Privacy and Cybersecurity: Costs of Data Breach • Healthcare industry has highest cost per capita in event of a data breach • $402 compared to overall mean of $221 • However, for “consumer” wearable industry, costs are more in line with average • $218 per record • 2/3 of these costs may be “indirect” costs, including abnormal churn
Contact Information Pamela Labaj Senior Counsel Panasonic (908) 377-5525 plabaj@verizon.net Brandy Canady Associate General Counsel, Contracts and Transactions Presence Health 312.308.3267 brandy.canady@presencehealth.org Thomas Strachan Vice President - Legal, Compliance & Payer Relations Preventice Solutions Group (281) 760-0500 tstrachan@preventice.com Beni Surpin Partner Foley & Lardner LLP 858.847.6736 bsurpin@foley.com Jerry Kolosky Senior Healthcare Advisor, Office of the CTO Panasonic 914.260.2001 jkolosky@igctel.com