Digital Health Newsletter

Vital Signs: Digital Health Law Update | Fall 2020

Note From the Editors 

As this Fall 2020 issue of Vital Signs marks our first full year of digital health law updates, we thank you, our clients, for the opportunity to meet and support your growing digital health legal and regulatory needs. We hope this collection of "must know" updates and resources on digital health law since our last issue assists with your ongoing efforts.

Innovation continues to be an important development in the health industry and a core hallmark of digital health. As such, this issue's "Industry Insights" section spotlights important considerations in developing and protecting these innovations and related intellectual property. In fact, as we detail below, regulators are crafting encouraging policy for innovation with (i) FDA's unveiling of its Digital Health Center of Excellence and advances to its Pre-Cert Program and (ii) the European Commission's focus on novel contract tracing and interoperability apps and capabilities. While innovation drives development of novel clinical capabilities, regulators undoubtedly race, as described below in several new actions, to catch up with new reimbursement and nuanced regulatory requirements in both the United States and European Union. Given these evolving regulatory requirements (and increasing litigation and enforcement attention), attention to your compliance capabilities and strategies for digital health offerings is necessary. Jones Day's digital health team will be closely involved, integrated, and ready to help clients with these nuanced digital health law requirements and compliance considerations.

As consistent with our "One Firm Worldwide" mission at Jones Day, this publication is a broad effort by our global digital health team who is tracking all things digital health. We hope you find this Fall 2020 issue to be a thoughtful and curated one-stop resource for the latest developments in digital health law.

Industry Insights 

IP Protection for Virtual Health Treatment Modalities

By Carl Kukkonen and Stephanie Brooker

With increased virtual health adoption and advances in technology, there is no longer a need for a "one size fits all" virtual care solution for consumers. Health platforms are now being customized to facilitate a range of consumer, caregiver, and solution-provider preferences. Along with customization comes technology innovation―much of which warrants sound strategies for intellectual property ("IP") protection. 

Virtual health technology solutions can include a range of innovations to facilitate wholly different and customized consumer and caregiver experiences. For example, some consumers may prefer using a mobile phone to interact with a caregiver while others may prefer a laptop interface. Similarly, some caregivers may prefer secure texting and more casual interaction with patients while others may prefer video-enabled interactions.

Other types of relevant customizations may be based upon the types of patients a caregiver sees, the states in which a caregiver is licensed, or the caregiver's role in the caregiving, such as whether the caregiver is serving a patient triage, assessment, treatment, or follow-up role and the types of information that various caregivers need to access in real time to facilitate care of the patient. And yet other customizations also can include technologies to facilitate patient access to and interaction with secure medical records, general educational materials, and triage algorithms. The list of possible technological solutions to address the vast range of functions and preferences relevant to the virtual care experience presents an endless array of innovation possibilities. 

Technology innovations themselves are being informed by the rich data obtained via virtual health software and devices that can characterize health and behavioral traits of consumers. Artificial intelligence ("AI") models are being developed to consume and train from the big data generated by virtual health interactions, wearable sensors, and digital health apps. Other innovative technologies are then required to ensure that patient privacy is maintained with regard to the large amounts of consumer data generated. This includes protecting for data transport over the distributed networks required by virtual health delivery as well as secure data storage. All of these technologies, as well as the big data generated by and used to train the various technologies, may be worth IP protection efforts―whether such technologies and data are homegrown or co-developed with partners. 

A sound IP protection strategy can and should consider the range of IP protections available, including patent protection, controlled branding opportunities (e.g., trademarks, trade dress, etc.), trade secret protection, and copyright protection. 

Patent protection should be considered for innovations that relate to improved patient care, whether through virtual or remote health applications or devices, or for advanced in-person technologies. For example, AI can be used for triaging patients whether in person or remote to ensure that caregiver resources are optimally allocated. Given the current pandemic, there is increased interest in kiosk registration stations, screening of patients (such as using infrared to detect fevers and the like), and patient visit management. AI also can be used to match a patient with a particular caregiver based, for example, on the ailments identified by the patient, the patient's past interactions with other caregivers, the caregiver licensure, and/or the caregiver's expertise and past interactions with other patients. The user interface also can be the subject of patent protection whether it be through utility or design patents.

Controlled branding opportunities, which are sometimes the more important type of IP protection, should be used to clearly identify the particular technology or service to the public. Various platform layouts and designs, as well as digital health apps, are often great targets for branding protection.

Trade secret protection is often well suited for innovations such as various AI algorithms that exploit user data (e.g., triage algorithms) and the big data used to train the algorithms. Algorithms associated with secure data storage may also be well suited for trade secret protection to the extent it does not overlap with any patent strategy.

Copyright protection is one way for solution providers to protect, for example, uniquely developed treatment guidelines or caregiver educational materials. Original source code for virtual health software can also be protected through copyright. 

Finally, some innovations will be amenable for protection using multiple strategies. Behavioral guidance apps (e.g., apps or messaging technologies to comply with post-treatment care regimens), physiological sensors (e.g., heart sensors), and physical therapy apps and devices can, for example, be protected through patent filings as well as controlled branding protection (e.g., trademark registrations, etc.). Novel treatment guidelines, triaging guidelines, or caregiver educational materials may, likewise, be protected through both copyright and trade secret protection. 

In summary, the value of innovations relating to the vast breadth of innovative virtual and remote health care technologies can be captured through a holistic IP strategy that considers different forms of IP protection, including patent filings, trademark registrations, trade dress, as well as trade secrets. Innovators should keep this in mind as they develop technologies and look to harvest the full value of those technologies.

United States Developments 


CMS Continues Focus on Telehealth Reimbursement

Congress has yet to pass permanent legislation allowing for continued coverage of telehealth services available to Medicare beneficiaries during the public health emergency ("PHE"). Thus, current waivers supporting Medicare telehealth reimbursement rely on extensions of the PHE declaration, recently renewed for the third time since it went into effect in late January 2020. The Centers for Medicare & Medicaid Services ("CMS"), however, has taken several steps within its authority to advance permanent coverage for telehealth services. On October 14, 2020, CMS added another 11 services to the list of some 130+ services that CMS has covered when delivered via telehealth during the PHE. Further, the 2021 proposed physician fee schedule ("PFS") includes adding a number of services to the list of covered telehealth services that will continue after the expiration of the PHE and a category of services that CMS will cover through the end of the calendar year when the PHE expires. In the 2021 PFS, CMS would also permanently reduce the frequency that telehealth services can be reimbursed when utilized to support nursing home patients from 30 days to three days. Despite these positive steps, the 2021 PFS signals what could be a return to more restrictive requirements after the PHE expires for audio-only services and remote supervision supporting telehealth services, in addition to clarifications that limit remote patient monitoring capabilities. Industry stakeholders, such as the American Heart Association, the American Telemedicine Association, and the National Health Council, have encouraged CMS to advance telehealth policy and cautioned against rolling back certain flexibilities that have enabled telehealth during the PHE.

University of Chicago Escapes Class Action Lawsuit for Its Sale of De-Identified Electronic Medical Records to Google

In September 2020, the Northern District of Illinois dismissed a lawsuit (Dinerstein v. Google, LLC, No. 19 C 4311, 2020 WL 5296920 (N.D. Ill. Sept. 4, 2020)) premised upon the sale to Google by the University of Chicago and the University of Chicago Medical Center of the plaintiff's de-identified medical records. In 2017, the University of Chicago and Google had entered into a research partnership seeking to create predictive health models relying on machine-learning techniques. The University provided de-identified medical records for all adult patients having had visits between January 1, 2010, and June 30, 2016. The plaintiff was an inpatient during this time on two occasions. His lawsuit against the University was based upon two forms he signed, which he argued created a contract between he and the University not to disclose his records in such a way. Although the court agreed that the plaintiff adequately alleged the existence of a contract and that the contract had been breached, the plaintiff only alleged emotional harm (as opposed to economic harm) arising from the breach. Owners of patient data should take heed of the full details of the opinion and case―had the plaintiff alleged sufficient economic harm, it is likely that the breach of contract claim would have withstood dismissal.

Jones Day has successfully defended a health system in a similar case after removing the case based on the Federal Officer Removal Statute (Jane Does I & II v. UPMC, No. 2:20-cv-00359-MJH (W.D. Pa. July 31, 2020)). Upon the court's denial of plaintiffs' motion to remand and motion for certification for interlocutory appeal, the plaintiffs voluntarily dismissed their case. In particular, the court agreed that the health system's participation in CMS' Meaningful Use Program assisted CMS and other federal officers by increasing the use of electronic health records, warranting removal under the federal officer statute, 28 U.S.C. § 1442(a)(1). The plaintiffs later moved to certify the ruling for interlocutory appeal, which the court denied as well. The plaintiffs then voluntarily dismissed the case.

2020 National Health Care Fraud Takedown Includes Telemedicine Prosecutions
Every year for the last several years, the United States Department of Justice ("DOJ") and the Department of Health and Human Services Office of Inspector General ("HHS-OIG") have announced a large "takedown," which encompasses the charging of hundreds of health care providers and others with health care fraud offenses relating to a variety of schemes across the United States. Although slightly delayed this year, the two agencies made their annual takedown announcement in late September. Unlike in prior years, a high number of this year's takedown prosecutions relate to what have been described as telemedicine. As HHS Deputy Inspector General Gary Cantrell observed in HHS-OIG's press release regarding the takedown, "Telemedicine can foster efficient, high-quality care when practiced appropriately and lawfully." But, the use of "aggressive marketing techniques" may "mislead beneficiaries about their health care needs" and cause the government to pay for "illegitimate services."

In the telemedicine context, this year's takedown includes charges against more than 86 providers who allegedly submitted false or fraudulent claims to federal health care programs or private insurers, across 19 judicial districts, involving approximately $4.5 billion in claims. These cases involve common elements of similar schemes executed by different defendants in different parts of the country. Many of the schemes allegedly relied on marketing to potential patients through telemarketing calls, direct mail, television advertisements, internet pop-up advertisements, and even door-to-door marketing. Executives then allegedly paid physicians and other practitioners to prescribe medically unnecessary durable medical equipment, genetic and other diagnostic testing, and medications that were not provided to the patients and/or were worthless to them. The prescribing medical professionals allegedly did not interact with the patients at all or made their prescribing decisions based solely on a brief telephonic conversation with each patient. The government further alleges in many of these cases that the schemes' proceeds were laundered through international shell corporations and foreign banks for the defendants' benefit. Not only did these schemes allegedly cause financial losses to the federal health care programs and private insurers; in addition, the DOJ alleges, patients were misled by the "fake diagnoses" and unnecessary tests and, as a result, suffered delays in their opportunities to seek appropriate treatment. Organizations such as the American Telemedicine Association in a press release were quick to point out that such schemes "do not represent the legitimate practice of telemedicine." 

FDA Launches Digital Health Center of Excellence
The U.S. Food and Drug Administration ("FDA") recently launched a Digital Health Center of Excellence within the Center for Devices and Radiological Health ("CDRH"). The launch is a significant step in advancing key agency initiatives related to digital health technology, including mobile health devices, Software as a Medical Device ("SaMD"), wearables when used as a medical device, and technologies used to study medical products. The Center's focus is helping "internal and external stakeholders achieve their goals of getting high quality digital health technologies to patients by providing technological advice, coordinating and supporting work being done across the FDA, advancing best practices, and reimagining digital health device oversight." CDRH aims to evolve and innovate regulatory approaches to provide efficient and the "least burdensome" oversight while maintaining standards for safe and effective products. 

FDA and Digital Health: Digital Software Precertification ("Pre-Cert") Program Announcement
The FDA Pre-Cert Program is a pilot launched in 2017 and intended to characterize and develop a novel certification process for digital health companies that are engaged in developing various digital health technologies. In September 2020, FDA updated stakeholders on the Pre-Cert Program, reporting it had learned of various "refinements" that will be needed across the program to drive repeatability of the processes, improve the quality and quantity of information, provide clarity to stakeholders, and reduce stakeholder time burden. The agency laid out next steps, identifying that it will evaluate learnings from the evaluation and testing activities conducted to date and will iterate and revise its approach; refine the review framework; and simulate scenarios to test interdependencies and uncover unknowns. Ultimately, the goal of the program is to provide a pathway for digital health companies to interact in a more streamlined manner with FDA and, to that end, FDA seems to be reaffirming its intent to make that goal a reality. 


Tax Burdens on Digital Health Providers in the Wake of COVID-19
Employees of digital health and telemedicine providers often work remotely―this practice has likely expanded greatly in the context of the COVID-19 pandemic. Remote work can increase state and local withholding tax compliance burdens for employers and providers. States vary widely on whether employees working in their state solely due to COVID-19 restrictions will trigger tax withholding obligations. Some states have issued guidance stating that new tax obligations will not be created by employees temporarily working in state due to COVID-19, while others have stated that their rules apply regardless of the pandemic. Many states have not issued any guidance at all, leaving employers in a tough spot. This state-based analysis is further worsened for employers who do not have robust systems in place for tracking the work location of their employees. 

Another ongoing taxation development relevant to digital health providers is the application of sales and use taxes on their software offerings. The success of digital health and telemedicine providers during the COVID-19 pandemic has been widely reported and will undoubtedly draw attention from state and local legislatures and tax agencies looking for new sources of revenue. States were, even before COVID-19, increasingly attempting to tax the digital economy. Expect more states and local governments to consider new taxes on the digital health and telemedicine industry, or to "shoehorn" digital health and telemedicine providers into charging sales tax or some other existing tax for portions of their services. State and local withholding, income tax, gross receipts tax, and sales tax issues are best addressed proactively. With state and local governments reeling from significantly lower- than-expected tax collections in 2020, digital health companies should be prepared for potentially more aggressive tax enforcement going forward. 

California Governor Signs Amendment to the California Consumer Privacy Act to Align It More Closely With Federal HIPAA Requirements
Signed into law by California Governor Gavin Newsom on September 25, 2020, AB 713 makes four key changes to the California Consumer Privacy Act ("CCPA") that are relevant to the health care and life sciences industries. First, it adds an exception for business associates under the Health Insurance Portability and Accountability Act ("HIPAA") that supplements an existing exception for HIPAA-covered entities. Second, it expands the existing exception for research to more fully cover the collection, use, and disclosure of information in the course of such research. Third, to address concerns that information de-identified under HIPAA may still be subject to the CCPA, it adds an express exception for such de-identified information—noting, however, that re-identifying the information will bring it back under the CCPA unless another exception applies. Lastly, it adds new notice and contractual requirements related to de-identified data and any sale or licensing of such data. Each of these changes should further harmonize the CCPA with federal law, although the limits of the exceptions and the new rules on de-identified information should be carefully reviewed and implemented. AB 713 became operative immediately, although the law's new contractual requirements begin January 1, 2021.

California Serves as Reminder That Digital Health Providers That Are Not Ordinarily Health Care Providers Under HIPAA May Still Be Subject to State Privacy Laws
On September 17, 2020, the California Attorney General ("AG") announced a settlement of $250,000 with Glow, Inc. ("Glow"), with respect to its fertility-tracking mobile app. While Glow admitted no fault, the AG alleged that the app (i) failed to adequately safeguard health information; (ii) allowed access to users' information without consent; and (iii) had additional security problems related to the app's password change function. The AG based its allegations on California's Confidentiality of Medical Information Act ("CMIA") and various other California laws. According to the AG, the app fell under the scope of the CMIA because the CMIA deems such a business as a "provider of health care" that maintains medical information. This settlement should serve as a reminder that companies offering mobile applications and online platforms, yet not typically considered a health care provider, may still fall under the CMIA's (and other state) confidentiality requirements.

States Permanently Adopt COVID-19 Telehealth Waivers
Several states have made permanent the temporary waivers of telehealth restrictions originally adopted in response to the COVID-19 pandemic. In Idaho, the Governor signed on June 22, 2020, an executive order permanently relaxing telehealth and other health care access rules that he had temporarily waived earlier in response to COVID-19. In August, the Alaska Department of Law and Lieutenant Governor made permanent emergency regulation changes regarding telemedicine (effective September 20, 2020) that the State Medical Board first issued temporarily in May. Similarly, the Alaska Board of Nursing made permanent its emergency regulations setting forth standards for telemedicine for nurses. 

In addition, the governors of Colorado, Nevada, Oregon, and Washington announced on August 5, 2020, a plan to coordinate with each other, and with the federal government, to address telehealth access and coverage. The joint statement emphasized, "telehealth is here to stay," and noted that it will focus on seven areas, including access, payment or reimbursement, patient choice, confidentiality and informed consent, equitable access to address disparities in care, standards of care, and stewardship. Despite the progress, licensure may be an issue because, of the four states, only Oregon is not part of the Interstate Medical Licensure Compact. So far, both Washington and Colorado have approved bills that will permanently expand telehealth coverage and access in those states. Colorado Bill 212 includes several important provisions that will (i) expand coverage to include speech therapy, physical therapy, occupational therapy, hospice care, home health care, and pediatric behavioral health care; (ii) allow home health care providers to supervise their own telehealth services; and (iii) require the state Medicaid program to reimburse for telehealth services at rural health clinics, federally qualified health centers, and the federal Indian Health Service at the same rate as for in-person treatment. Washington Bill 5385 requires telemedicine payment parity and expands the coverage of use of store-and-forward technology.  

State Regulatory Boards Increase Enforcement of Telehealth Activities

State regulatory boards are adjusting their approach to enforcement of telehealth activities following the increase in utilization of telehealth services. For instance, on September 11, 2020, the Florida Board of Medicine published a proposed rule that would amend its disciplinary guidelines to address violations by telehealth providers registered in the state. Notably, the amendments extend existing penalties and guidelines for various violations, such as aiding the unlicensed practice of medicine, to registered telehealth providers, while specifying which violations are not applicable to registered telehealth providers. The proposed amendments also stipulate that "for telehealth registrants, a suspension may be accompanied by a corrective action plan that addresses the conduct which resulted in the underlying disciplinary action." In addition, the Texas Medical Board ("TMB") has been applying increased scrutiny to telehealth providers in recent months. Indeed, on June 12, 2020, the TMB brought disciplinary action against a physician for failure to adequately establish a patient-provider relationship by conducting a telephonic patient visit without using store-and-forward technology. The TMB also has incorporated telehealth into its disciplinary procedures more broadly. For example, recent enforcement actions have expressly precluded disciplined physicians from practicing in the state in person or via telehealth. Given the recent increased use of telehealth, telehealth companies should expect a continued uptick in enforcement action for telehealth violations, and are encouraged to monitor the applicable regulatory frameworks in the jurisdictions where they offer telehealth services to limit liability.

Federal and State Legislation Pushes for Expanded Access to Telemental Health Services 

The recent increase in utilization of telemental health services has prompted a series of federal and state legislation addressing expanded access to behavioral and mental health services via telehealth. Some of these federal bills, such as S. 3999 and H.R. 7992, propose to limit the applicability of geographic and site restrictions under Medicare for tele-behavioral health services. Other federal legislation focuses telemental expansion efforts on vulnerable populations in rural communities. For instance, the Home-Based Telemental Health Care Act of 2020, introduced on June 9, 2020, would make grant funds available to expand access to telemental health services for rural, medically underserved populations and individuals in farming, fishing, and forestry occupations. Additionally, parallel bills H.R. 7571 and S. 4211 call for the expansion of telemental services in rural "Frontier States," including Alaska, Montana, Nevada, North and South Dakota, and Wyoming. State legislatures have also taken steps to expand telemental services. For instance, Louisiana's H.B. 449, effective August1, 2020, incorporates behavioral health services into the state's general telehealth framework. Similarly, Iowa recently passed Senate File 2261, allowing students to receive behavioral telehealth services at school, and Alaska passed H.B. 29 in March, requiring insurance carriers that provide coverage for in-person mental health benefits to cover the same benefits for telehealth services. Telehealth providers may want to stay abreast of the changing regulatory framework for behavioral health services, particularly as they apply to patients in rural communities.

Global Developments


European Medicines Agency Publishes Draft Guidelines on Patient Registry-Based Studies
On September 24, 2020, the European Medicines Agency ("EMA") published draft guidelines ("Guidelines") intended to optimize the use of registry-based studies as a source of real-world evidence. The Guidelines provide that registry-based studies can be used for both pre- and post-authorization phases purposes. The EMA recommends that interested companies/marketing authorization holders engage in early discussions with regulators, including registry holders and health technology assessment bodies, if relevant, to ensure compliance with applicable requirements. The Guidelines also set out a list of feasibility criteria that must be assessed, the elements the study protocol must address, and principles on data collection, management, and analysis. With respect to data protection, the Guidelines state that the collection, management, use, and storage of data from patient registries must comply with the General Data Protection Regulation. In addition, patients' informed consent for the processing of their personal data should be broad enough to cover all potential uses of registry data, including the sharing and pooling of personal data between registries and with other stakeholders.

European Commission Starts Testing Interoperability Gateway Service for National Contact Tracing and Warning Apps
Most EU Member States have launched, or are about to launch, national contact tracing and warning apps as part of their strategies to lift lockdown measures and control the spread of COVID-19. While these apps are purely national, the European Commission is supporting the introduction of a mechanism aimed at ensuring their interoperability for the benefit of intra-EU commuters and travelers. Indeed, on September 14, 2020, the European Commission started testing the interoperability gateway service for national contact tracing and warning apps. The interoperability gateway service follows the agreement by Member States on technical specifications to ensure the exchange of information between national apps' backend servers based on a decentralized architecture. The gateway will allow users, who only need to install one app in one EU Member State, to be able to report a positive infection test or receive an alert, even when they are travelling in another EU Member State. The gateway is expected to become fully operational later this month.

New EU Member States Implement ePrescription and ePatient Summary
In the past few months, a number of Member States have implemented the necessary regulations and mechanisms for the functioning of the eHealth Digital Service Infrastructure ("eHDSI"). The eHDSI is an IT infrastructure aimed at ensuring the continuity of health care for EU citizens while travelling within the Union. In particular, it allows Member States to exchange health data in a secure, efficient, and interoperable way in relation to (i) ePrescriptions, which allow EU citizens to obtain their medication in a pharmacy located in an EU Member State other than the one in which they reside; and (ii) ePatient Summaries that provide information on important health-related aspects. The ePatient summary provides doctors with essential information in their own language concerning the patient. The goal of the European Commission is to implement both services by 2021 in 22 EU countries, namely: Austria, Belgium, Croatia, Cyprus, Czechia, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Slovenia, Spain, and Sweden.

The Belgian Government Endorses the e-PIL Pilot Project
On August 17, 2020, the Belgian Federal Agency for Medicines and Health products ("FAMHP") announced its endorsement of the pilot project "e-PIL" launched by the pharmaceutical industry at Belgian and Luxembourgish hospitals back in 2018 (available in French). The aim of the project is to replace the paper version of the package leaflet inserted in the packaging of certain medicinal products marketed on the Belgian and Luxembourg markets and restricted to hospital use with a digital version available online on trusted websites (e-PIL). The objective of the pilot project is to demonstrate that information on the safe and effective use of medicinal products can just as well be provided through an electronic leaflet. On the basis of positive intermediary results for the project, the European Commission has agreed to extend the pilot project by two more years (until August 1, 2022) and to include more medicinal products in the project.

Notification of Implants and Implant Removals in the Central Traceability Register Becomes Compulsory
On October 2, 2020, the Belgian government published the Royal Decree of September 27, 2020, relating to the Central Traceability Register (available in French). Such Royal Decree requires health care professionals to notify the insertion or removal of certain categories of implantable medical devices (such as stents, orthopaedic implants, and certain cardiac implants). This notification must be made to the already-existing Central Traceability Register developed as part of the "Traceability of Implantable Medical Devices" program aimed at increasing patient safety. While such notification was already made possible since 2014, it will become mandatory as of May 1, 2021. 

Italian Data Protection Authority Imposes Fine on Hospital and Its Data-Platform Manager
On September 17, 2020, the Italian data protection authority ("DPA") imposed a 80,000 euros fine (available in Italian) on an Italian hospital and a 60,000 euros fine (available in Italian) on the company providing data-platform management services to that hospital. Specifically, the DPA found that personal data relating to more than 2,000 nursing candidates was unlawfully disclosed on the internet due to a configuration error and that the data-platform management company failed to adopt adequate technical and organizational measures to ensure the security of personal data. 

German Parliament Adopts Draft Patient Data Protection Act
On July 3, 2020, the German Federal Ministry of Health ("BMG") announced (available in German) that the German Parliament adopted the draft Patient Data Protection Act ("the Draft Act") (available in German). The Draft Act aims to provide digital solutions to patients while protecting their personal data and grants patients the right to receive an electronic patient record ("ePA"). Furthermore, according to the Draft Act, doctors, hospitals, and pharmacies are responsible for protecting patients' personal data processed in the telematics infrastructure. Beginning in 2023, patients will be able to voluntarily make the data in their ePAs available to researchers as part of a "data donation," subject to conditions (i.e., restricted to certain research purposes, such as research on improving the quality of health care). According to the Draft Act, informed consent (which may be granted in digital form) will be required from patients. The Draft Act is scheduled to take effect in the Fall of 2020.

Electronic Discharge Summaries to Be Used in Hospitals Across England
On August 26, 2020, NHS Digital announced that a new electronic discharge summaries system was soon to be rolled out in hospitals across England. This will enable hospitals to send secure and standardized clinical patient discharge summaries and outpatient attendance information electronically to general practitioner ("GP") systems. The new system is expected to save GPs administrative time in processing and clarifying patient information, so changes can be monitored and actions taken as necessary.

NHS Digital Rolls Out Electronic Notifications for Urgent Supply of Medicinal Products
NHS Digital has rolled out an electronic notifications system to inform GPs when one of their patients receives an urgent supply of medicinal products from a community pharmacy. The notifications are sent automatically from pharmacies and received by GP practices, who can then easily amend or add any additional information to the patient's record, if necessary. This system is aimed at improving information sharing, reducing manual processing of prescriptions, as well as ensuring that patient records are up to date.

NHS Organizations Adopt Clinical Decision Support Tool to Help Decision-Making During the Pandemic
A number of NHS organizations have adopted an evidence-based knowledge system that is designed to provide clinicians with clinical decision support, that is, assistance with clinical decision-making tasks. The NHS trusts now using the tool are Leeds Teaching Hospitals NHS Trust; Bradford Teaching Hospitals NHS Foundation Trust; Walsall Healthcare NHS Trust; University Hospital Southampton NHS Foundation Trust; Great Ormond Street Hospital for Children NHS Foundation Trust; South Tees Hospitals NHS Foundation Trust; and the Dudley Group NHS Foundation Trust. Using the mobile app, clinicians can consult more than 10,000 articles providing evidence-based research and treatment recommendations on a smartphone or tablet at the point of care. During the crisis, the tool provided hospitals with access to its database on COVID-19 topics free of charge. 

New Funding Becomes Available to Help Hospitals Introduce Digital Prescribing
On September 17, 2020, Minister for Patient Safety Nadine Dorries announced that £8.7 million has been made available to help seven NHS trusts introduce digital patient records and e-prescribing. This technology enables health care professionals to access patient history and prescribe medication digitally, which can reduce errors by up to 30%. E-prescribing has already been rolled out to more than 130 NHS trusts and is part of a £78 million investment by the UK government to introduce electronic prescribing systems across the NHS.

Northern Ireland, Scotland, and England and Wales Launch COVID-19 Contract-Tracing Apps
On July 31, 2020, Northern Ireland became the first part of the United Kingdom to launch an app, "StopCOVID NI," for tracking and tracing coronavirus. Scotland and England and Wales followed shortly after with their own apps ("Protect Scotland"; "NHS COVID-19"), based on the same interface used for the Northern Ireland app. The apps tell users automatically if they have been near someone who has tested positive but do not share the identity or location of the latter. Other features―such as a symptoms-reporter tool, the means to order a coronavirus test and receive its results, a guide to the latest advice on local restrictions, financial support, and other related information―are also included.

Recent and Upcoming Speaking Engagements

ALN Academy – AI, Big Data and Infectious Diseases, Republic of Kenya, Africa (June 2020). Jones Day Speaker: Jennifer Everett.

FDLI - Digital Health Technology and Regulation During COVID-19 and Beyond, Virtual Program (September 2020). Jones Day Speaker: Ian Pearson. 

2020 EU Pharma Law Academy, Virtual Program (September 2020). Jones Day Speaker: Cristiana Spontoni.

AO2 - The Summit on Healthcare Access & Orchestration (hosted by Central Logic), Virtual Program (September 2020). Jones Day Speaker: Alexis Gilroy. 

UPMC Center for Connected Medicine Telehealth Roundtable – Top of Mind Exchange: Telehealth, Virtual Program (October 2020). Jones Day Speaker: Alexis Gilroy.

MedTech Summit - EU Medical Device Law, Virtual Program (October 2020). Jones Day Speaker: Cristiana Spontoni.

MSKCC (Memorial Sloan Kettering) - Transforming Dermatology in the Post-COVID Digital Era, Virtual Program (October 2020). Jones Day Speaker: Alexis Gilroy. 

FDLI - Advertising and Promotion for Medical Products Conference: Practical and Legal Considerations for Successful Remote Marketing Strategies, Virtual Program (October 2020). Jones Day Speaker: Colleen Heisey. 

In Case You Missed It

COVID-19 Key EU Developments, Policy & Regulatory Update No. 24

California Attorney General Proposes Third Set of Modifications to CCPA Regulations

Health Care on the Other Side: Physician Compensation Models in a Post-COVID-19 Landscape

Ohio Grants Broad Immunity From COVID-19 Lawsuits; Includes Health Care Providers

Adjusting to New Economic Realities: Department of Labor Proposes Worker Classification Test

COVID-19 Raises Various Employment Practices Liability Insurance Considerations

Insights by Jones Day should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without the prior written consent of the Firm, to be given or withheld at our discretion. To request permission to reprint or reuse any of our Insights, please use our “Contact Us” form, which can be found on our website at This Insight is not intended to create, and neither publication nor receipt of it constitutes, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.