Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
© 2016 Husch B lack we l l LLP
The Role of Emerging
Technology in Healthcare
Texas Hospital Association
Texas Health Law Conference
October 9-11, 2016
Julian RiveraPartner, Husch Blackwell
[email protected](512) 479-9753
© 2016 Husch B lack we l l LLP
In the office of the General Counsel …
YOU WON’T BELIEVE THIS NEW TECHNOLOGY…!!!
2
© 2016 Husch B lack we l l LLP
Emerging Technology
• Mobile Applications (mHealth) & Internet of
Things (IoT)
• Digital Medications
• Personalized Shareable Medical Records
• Big Data and Data Analytics
• Artificial Intelligence
• Telemedicine & Telephony
• Blockchain
• Virtual Reality
3
© 2016 Husch B lack we l l LLP
Legal Considerations
This is all coming, and in most cases, has arrived …
what do you need to consider?
Follow the hyperlinks in these slides as a starting point.
4
© 2016 Husch B lack we l l LLP
Not Legal Advice. All facts about specific technologies in
this presentation are based on information gathered from
public websites. Nothing in this presentation should be
considered legal advice in general or specifically
applicable to the technology.
5
© 2016 Husch B lack we l l LLP
Broad Issues to be Discussed Later:
– Fraud and Abuse
– Contractual Considerations
– Risk Mitigation
6
© 2016 Husch B lack we l l LLP
Mobile Apps (mHealth)
$15 billion industry by 2017
Simplest – base Apple Health app
– Collects general wellness data (activity, sleep,
mindfulness, nutrition)
Data mostly entered by the user
Advanced
– App works with devices to collect, analyze, and
transmit data to the user’s physician
7
© 2016 Husch B lack we l l LLP
Babyscripts
Doctor delivered digital health tool (app) that is a “to-do
list” which guides mother through each gestation period
with practice-specific, provider-approved tasks
– Includes an internet enabled scale and blood
pressure cuff – “Mommy Kit”
Readings are automatically uploaded to mother’s
Babyscripts profile. Permits real-time feedback and
intervention from the comfort of the patient’s home.
9
© 2016 Husch B lack we l l LLP
Internet of ‘Medical’ Things (IoMT)
IoT technology – worth $6.2 trillion by 2025
In and outside of the hospital
Tele-monitoring
12
© 2016 Husch B lack we l l LLP 13
Source: Glorium Tech
© 2016 Husch B lack we l l LLP
App & IoMT Legal Considerations
• Privacy
– HIPAA - Is the data being collected by or on behalf of
a covered entity?
– FTC privacy implications
– OCR/ONC/FTC tool
• Security
– Is data transferred? How?
– How is data entered and accessed within an app?
– HIMSS Mobile Health Security Kit
– Wireless spectrum integrity considerations
14
© 2016 Husch B lack we l l LLP
App & IoMT Legal Considerations (cont.)
FDA & OCR Guidances on Mobile Apps
– Is the app or device regulated as a “medical device”?
– Is the data gathered for a covered entity?
Standard of Care vs Reliance on Patient Produced Data
– With more information can come higher expectations
of care
– Is data entered by patients or collected by their off-
the-shelf product reliable?
– When is treatment engaged?
Informed Consent
15
© 2016 Husch B lack we l l LLP
Digital Medications
Medication containing sensors
Transmits data to a system to track adherence to a
medication plan
16
© 2016 Husch B lack we l l LLP
Proteus
Proteus is comprised of ingestible sensors, small
wearable sensor patch, an application on mobile device
& provider portal
Not yet fully FDA approved. Pill & sensor are approved
by FDA, but not combination
– Additional data requested by FDA
17
© 2016 Husch B lack we l l LLP
Digital Medications Legal Considerations
Privacy
Security
– Wireless spectrum
– Mobile app
– Data in transit between device patch app
medical record system
Reliance on data
FDA approval
Informed consent
Provider liability
19
© 2016 Husch B lack we l l LLP
Personalized Shareable Medical Records
Electronic application used by patients to acquire,
maintain and manage their health information
Not patient portal
Patient does not access provider EMR system directly
20
© 2016 Husch B lack we l l LLP 21
2007 Source: Markle Foundation
© 2016 Husch B lack we l l LLP
Apple - Gliimpse
• Gliimpse recently acquired by Apple
• Collects & combines disparate threads of PHI
• Users pull their own medical info into single virtual
space, ability to add documents & pictures for profile
• Users can share data (as comprehensive picture)
• Rumors of Apple’s healthcare platform expansion plans:
• “Smartphone serving as an aggregating middleman”
• FDA-regulated sensors
• Advanced clinical decision support
• Electronic health records
22
© 2016 Husch B lack we l l LLP
Personalized Sharable Medical Records -
Legal Considerations
Privacy & Security
– How does HIPAA apply?
– FTC
– Personal health record system a business associate?
– Clearinghouse for other organizations?
Reliance on records provided by patient
– Raised standard of care
Informed consent for system vendor to release records
Regulated medical device?
23
© 2016 Husch B lack we l l LLP
Big Data / Data Analytics
– Predictive Modeling
– Delivering the right intervention at the right time
– Adjusting treatment programs
Improved healthcare analytics leads to improved
programs & ability to create new ones
– Reduce healthcare costs by preventing medical
issues rather than treating
– Artificial Intelligence
24
© 2016 Husch B lack we l l LLP
Artificial Intelligence (AI)
EMR Notifications
– Information provided by the system to the physician
within a medical record
– Vanderbilt University
Alerts tell providers when a drug might not work for
a patient with certain genetic traits
With single click, doctor can prescribe another
medication
Patient intake & preliminary algorithms
Learning by modeling/iterations
25
© 2016 Husch B lack we l l LLP
IBM Watson
Aims to make sense of a growing pool of health care-
related data to help patients and providers make better
decisions
Presents probable diagnosis based on symptoms
identified by the physician
– As more data is provided, the diagnosis will become
more accurate
– Cardiology, Orthopedics, Oncology …
26
© 2016 Husch B lack we l l LLP
Big Data & AI Legal Considerations
• Practice of Medicine? Reliance on analytics.
• Provider liability
• Privacy and security at all phases
– Collection, storage, use, disclosure
– Data is in its raw form
– Three of largest health data breaches occurred in 2015
– Cyber crimes
• Alert fatigue
• Defintion of “medical record”?
28
© 2016 Husch B lack we l l LLP
Telemedicine Ecosystem Snapshot
29
© 2016 Husch B lack we l l LLP
CMS Innovation Center - Telemedicine
Congress created the Innovation Center for the purpose
of testing “innovative payment and service delivery
models to reduce program expenditures …while
preserving or enhancing the quality of care”
Healthcare Innovation Awards includes 22 projects
focusing on telehealth
30
CMS Value Based Programs – Waivers? ACO, CIN, Bundled Payments
Combined Joint & Hip Replacement
© 2016 Husch B lack we l l LLP
New Texas Call Coverage Rule
Two models for physician call coverage in Texas:
1) “Non-Reciprocal Call Coverage”
a) Physicians are not of the same or similar specialty,
or
b) Physician who requests call coverage never
reciprocates by providing call coverage for the covering
physician
Requires a written Call Coverage Agreement (CCA)
2) “Reciprocal Call Coverage”
Physicians are of same or similar specialty & take call
for each other’s patients
Allows for the CCA to be oral or in writing
31
© 2016 Husch B lack we l l LLP
Texas e-Health Alliance* – Draft BillCategory Current Statutes/ Regulations Draft Bill
Store-and-ForwardTechnology
Not defined – falls into definition of “telemedicine medical service” as ‘advanced telecommunication technology’
The transmission of medical information to a physician for the physician’s review at a later time…
Establishing a Physician-Patient Relationship
Establishing a diagnosis through the use of acceptable medical practices, including … physical examination that must be performed as part of a face-to-face or in-person evaluation
Practitioner complies with the same standards of appropriate practice as those standards for health care services provided in an in-person setting without sole reliance on audio-only, e-mail, or instant messaging.
OR practitioner contacts a patient, regardless of the method of contact, pursuant to a call coverage agreement with a physician requesting coverage of medical care for the patient.
32
*TeHA with various partners
© 2016 Husch B lack we l l LLP
Patient Engagement – Telephony
• Automated calls to patients about their treatment program
– Medication reminder
– Appointment reminder
– Other notices
• Make patients aware of certain emergency situations
• Caretime: Data collection for home health worker tracking
33
© 2016 Husch B lack we l l LLP
TCPA
• Telephone Consumer Protection Act (TCPA) prohibits
pre-recorded or auto-dialed calls to cell phones, with two
exceptions:
– where recipient of call provided his or her prior
express consent to be called, or
– where call was placed for an “emergency purpose”
• Roberts v. Medco Health Solutions, et. al.
– Calls related to prescription refills, order scheduling,
or confirmations can fall under emergency purpose
35
© 2016 Husch B lack we l l LLP
Blockchain
Provides secure and trackable transactions between multiple parties without the need for an intermediary
Customizable process to access the information or asset being transmitted
Redundancies within the healthcare billing cycle reduced
Scalable?
ONC NIST Blockchain Challenge
Gem
– Raised $7 mil to expand into healthcare
– Philips partnership to build out private blockchain for development of enterprise healthcare applications
36
© 2016 Husch B lack we l l LLP 37
Kyle Culver Whitepaper, 2016
Healthcare Blockchain Theory
© 2016 Husch B lack we l l LLP
Blockchain Legal Considerations
Lack of recognition as infrastructure - scalability
Privacy
Security
Contract law – “Smart Contracts”
Data accuracy during initial implementation
Infrastructure APIs
39
© 2016 Husch B lack we l l LLP
Virtual Reality (VR)
Virtual simulations for medical training and education
– Surgery
– Use of new equipment and techniques
VR therapy
– Amblyopia therapy
Play a game through virtual reality where patient is
forced integrated images shown to each eye
individually
– PTSD
40
© 2016 Husch B lack we l l LLP
Neuroscape Lab – UC-San Francisco
VR to study brain function effect of certain diseases
Patient moves through virtual world
– Monitor brain activity & reactions to certain stimuli
– Selectively challenge patient
41
GlassBrain
© 2016 Husch B lack we l l LLP
VR Legal Considerations
Studies are showing potential risk for physical &
psychological side effects
FDA regulation
– Treatment vs wellness
Physician–patient relationship
Informed consent
Provider liability
42
© 2016 Husch B lack we l l LLP
Fraud and Abuse
Fact-specific analysis
Devices & apps provided by provider to patient:
– Remuneration? FMV?
OIG Telemedicine Opinions
(AO 11-12, 98-18, 99-14, 04-07)
– Unlikely to produce referrals
– Likely pre-existing clinical affiliation
– Primary beneficiaries of arrangement are patients
– Unlikely to increase costs to federal health programs
– Reduces transfers
– Reduces disability due to delayed treatment
43
© 2016 Husch B lack we l l LLP
Contractual Considerations
Parties (generally not subcontractors/vendors)
Privacy & Security (BAA?)
Audit Rights (Privacy/Security/Compliance)
Compliance (Stark, Anti-Kickback, False Claims Act)
Intellectual Property
Hardware Ownership and Compliance
Portal User Interface
State/Federal Licensing – Professionals/Devices
Pass-through Terms of Use to Patient/Provider
45
© 2016 Husch B lack we l l LLP
Contractual Considerations (cont.)
• Specifications for Networks & User Interfaces
• Data Ownership
• Derivative Works/Secondary Revenue Source
• Warranties & Representations
• Uptime/Downtime
• Indemnity (Have a Plan B)
• Insurance
• Liability Waivers, Choice of Law
• Marketing (use of trademark, name, likeness, etc.)
• Adherence to Party’s Policies & Procedures
46
© 2016 Husch B lack we l l LLP
Risk Management
• Privacy data policies & procedures
• Physical technical & administrative safeguards
• Controlled access (contractors, subcontractors)
• Breach response policies, teams, procedures
• Independent audits & annual risk assessments
• Privacy disclosure documentation
• Business Associate Agreements
– Audit Protocols (Covered Entities; Business Associates)
• Cybersecurity policies & procedures
47
© 2016 Husch B lack we l l LLP
…….. conversation
48