Vital Signs Digital Health Law Update social gra

Vital Signs: Digital Health Law Update | Spring 2021

Note From the Editors

The pace of impact through digital health in 2021 is off to a rapid start—be it the number of transactions, the numerous legislative proposals and actions, or the focused attention of enforcement bodies. Given the accelerated pace of tech-enabled methods, such as telehealth or product development through streamlined digital tools and decentralized clinical trials, not to mention AI and big data's impact on diagnostic and research capacity, the policy and regulatory spotlight on digital health will no doubt be bright throughout this year. In the "Industry Insights" contribution for this issue, several of our digital health experts briefly summarize the focused attention of U.S. enforcement agencies on telehealth given significantly increased reimbursement trends in the area.

In the remainder of this issue of Vital Signs, you will read about the myriad of proposed laws, regulations, and other policy actions across the EU, Asia, and in the United States making for what will undoubtedly be a watershed year pertaining to digital health policy. Our team, recognized as Law360's Health Care Practice Group of the Year, will continue to monitor and bring you this curated one-stop resource quarterly on the most notable digital health law updates. The editors would like to, once again, thank contributors globally.

Industry Insights

The Intersection Between Telehealth and Fraud, Abuse, and Enforcement

By Dan Cody, Kurt Copper, Becky Martin, Kristen McDonald, and Laura Laemmle-Weidenfeld

As highlighted in our last issue of Vital Signs, digital health technologies continue to transform the health care and life sciences industry. Health care providers, life sciences entities, technology companies, private equity and venture capital firms, and research organizations remain steadfast in their focus upon the dynamic digital health sector. With relaxation of regulatory hurdles and increasing opportunities for reimbursement, the widespread adoption of telehealth typifies this evolution.

As industry veterans are well aware, liberalization and increasing reimbursement typically are accompanied by new opportunities for fraud, waste, and abuse along with an almost inevitable upswing in audit and enforcement activity. Indeed, in early 2021, the Office of Inspector General, Department of Health and Human Services ("HHS-OIG") updated its Work Plan to expressly focus upon telehealth. The updated Work Plan includes audits of two types of telehealth services provided during the COVID-19 public health emergency: (1) home health services; and (2) Medicare Part B telehealth services. The home health audit is directed towards an evaluation of the types of skilled services furnished via telehealth and whether those services were administered and billed in accordance with Medicare requirements. In the Medicare Part B audit, the OIG will conduct a series of audits in two phases to determine whether such services similarly meet Medicare requirements.

Recent enforcement activity has been focused upon the large number of so-called "telefraud" schemes in which practitioners, billing companies, or other entities allegedly have leveraged sham telehealth visits to fraudulently bill for other items or services such as durable medical equipment, compounded medications, or genetic tests. Indeed, these blatant alleged fraud schemes may result in criminal prosecution as evidenced by the recent 33-month prison term given to a New Jersey physician who pled guilty to fraudulently signing prescriptions for compound medications without even attempting to establish a remote physician-patient relationship, as part of $24 million scheme. 

In response to these and other enforcement actions, the telehealth industry has been vocal in seeking to ensure that such fraudulent schemes, which fundamentally do not involve actual telehealth services, do not threaten confidence in new technologies and care models. In an apparent partial-response to this concern, in February 2021, Principal Deputy Inspector General Christi Grimm of the HHS-OIG released a statement regarding telehealth generally and enforcement actions related to "telefraud" schemes. Grimm noted that the OIG recognizes the promise that telehealth and other digital health technologies have for improving care coordination and enhancing health outcomes and patient convenience, but the OIG is focused upon ensuring that these goals are not compromised by fraud or abuse.

Ultimately, participants in the telehealth industry should continue to monitor enforcement activity and proactively review their operations to seek to comply with applicable requirements in this fast-moving sector.

United States Developments


Critical Federal COVID-19 Telehealth Waivers Remain Tied to HHS Continuation of Emergency Declaration

A report from the Centers for Disease Control ("CDC") examining trends in the use of telehealth among health centers during the pandemic found that telehealth visits declined as the number of new COVID-19 cases decreased but plateaued as the number of cases increased, concluding that "maintaining the expansion of telehealth remains critical to providing access to care" as the pandemic continues. At the federal level, the expansion of telehealth largely remains tied to the COVID-19 "public health emergency" ("PHE") declared by the secretary of the U.S. Department of Health and Human Services ("HHS") and any renewal of such declaration. In particular, the Centers for Medicare & Medicaid Services' ("CMS") waivers of Medicare conditions of participation and payment, including geographic restrictions, for many virtual care services remain in effect only for the duration of the COVID-19 PHE. The current renewal of the PHE was slated to remain in effect only until April 2021; however, then-Acting Secretary Norris Cochran said in a January 2021 letter to governors that the PHE will likely remain in place for the entirety of 2021 and that HHS will provide states with 60 days' notice prior to termination or expiration. An overview of the existing federal COVID-19 telehealth waivers is available in our Spring and Summer 2020 issues of Vital Signs. Health care providers that have modified operations based upon these temporary waivers are advised to monitor the expiration date for the PHE, as well as proposed legislation discussed below that may make such expiration—and the need to transition operations to conform to longer-term solutions—moot.

Leaders and Lawmakers Signal Support for Continued and Expanded Telehealth Flexibilities

Throughout the first quarter of 2021, lawmakers and other leaders signaled strong support for the expansion of telehealth flexibilities, as evidenced not only by the introduction of numerous telehealth-expanding bills, but also by public statements from the secretary of HHS and other leaders. During his Senate confirmation hearing, then-nominee Xavier Becerra signaled his support for permanent telehealth expansions, emphasizing the importance of learning from the COVID-19 pandemic how telehealth can help save lives. Similarly, during a virtual hearing on "The Future of Telehealth: How COVID-19 Is Changing the Delivery of Virtual Care," leaders of the House Energy and Commerce Committee's Subcommittee on Health signaled support for making permanent various telehealth flexibilities for Medicare beneficiaries that were enacted for the COVID-19 pandemic. Members of the subcommittee maintained that the use of telehealth throughout the pandemic has proven telehealth can effectively address such issues as specialist shortages, stating, "It's time to make Medicare reimbursement for telehealth permanent."

Proposed Federal Legislation Seeks to Expand Telehealth Temporarily and Permanently

Since the beginning of 2021, a number of bills have been filed or reintroduced that seek to expand telehealth access and coverage through and beyond the COVID-19 pandemic. Some of these bills seek to make permanent certain telehealth flexibilities for Medicare coverage established in response to COVID-19, such as the Protecting Access to Post-COVID-19 Telehealth Act (H.R. 366), which would eliminate most geographic and originating site restrictions on the use of telehealth in Medicare and establish the patient's home as an eligible distant site, and the Ensuring Telehealth Expansion Act (H.R. 341), which would permanently extend telehealth provisions in the Coronavirus Aid, Relief, and Economic Securities (CARES) Act. Others would make temporary changes that last for the duration of the PHE only, for example, the Temporary Reciprocity to Ensure Access to Treatment (TREAT) Act (H.R. 708), which would provide temporary licensing reciprocity for telehealth and interstate health care treatment, allowing any health care professional in good standing with a valid practitioners' license to render services—including telehealth—anywhere for the duration of the COVID-19 pandemic.

Beyond proposed legislation arising out of the COVID-19 pandemic, other bills have been introduced that seek to expand telehealth flexibilities unrelated to the pandemic, often targeting narrower issues but capitalizing on the general atmosphere of support for telehealth. Among these are the Tech to Save Moms Act (H.R. 937), which would integrate telehealth models in maternity care services, and the Telehealth Improvement for Kids' Essential Services (TIKES) Act (H.R. 1397), which would provide for strategies to increase access to telehealth under the Medicaid program and Children's Health Insurance Program. Finally, some bills seek to bring telehealth to other key issues in health care, such as mental health and substance use disorders, including the Tele-Mental Health Improvement Act (H.R. 2264), which would require parity in the coverage of mental health and substance use disorder services provided to enrollees in private insurance plans, whether such services are provided in-person or through telehealth. Health care providers are advised to monitor not only the expiration date for the PHE, but also such proposed legislation that may provide for long-term telehealth flexibilities regardless of the continuation of a PHE.

FCC Actions Signal Expansion of Agency Regulation of Telehealth

Following an additional $249.95 million funding allocation from the Consolidated Appropriations Act in December 2020, the Federal Communications Commission ("FCC") on February 2, 2021, adopted a Report and Order expanding the administrative responsibilities of the Universal Service Administrative Company ("USAC") to include the COVID-19 Telehealth Program. The Program was established in March 2020 to help health care providers offer telehealth and connected care services and connected devices to patients at their homes or mobile locations in response to the COVID-19 pandemic. The FCC tasked USAC with administering the remainder of the first round of funding under the CARES Act and this additional funding, although the FCC will retain the final funding decision-making authority. The FCC also announced that it will accept applications for the second round of the COVID-19 Telehealth Program from April 29 to May 6. The FCC has been involved in promoting broadband-enabled telehealth services, focusing on access barriers for low-income consumers, particularly those in rural areas, since 2018.

FCC Investigates Alabama Dental Board for Using Regulations to Stifle Competition

The Federal Trade Commission ("FTC") has taken an aggressive stance against regulations promulgated by the Alabama Dental Board, which effectively ban certain business models that employ unlicensed personnel to remotely conduct mouth scans and send them digitally to dentists to make clear teeth aligners. The Alabama Dental Board sued FTC in response, claiming state immunity from antitrust investigations. FTC defeated that claim in federal court and will continue its investigation. This case has strong implications for state professional boards that would seek to regulate the industry in a manner intended merely to stifle competition from digital health disruptors.

Digital Health App Forced to Uphold User Data Privacy Promises

On January 13, a menstruation-tracking app ("Flo") settled with the FTC over claims alleging the app sent user data to outside data analytics providers such as Facebook and Google after promising that such data would remain private. The deal forces the company to commission an independent third-party review of the app's privacy practices, among other obligations aimed at informing users of Flo's information privacy policies and requiring affirmative consent before using user data.

HRSA Announces Federal Funding Opportunity for Telehealth Programs

In January, the Health Resources and Services Administration ("HRSA") announced that it was accepting applications for the Evidence Based Telehealth Network Program to award up to $350,000 to entities with experience using telehealth technologies to serve rural underserved populations. The program seeks to demonstrate how health care systems can increase access to health care services utilizing direct-to-consumer ("DTC") telehealth technologies, and to conduct evaluations of those efforts to establish an evidence base for assessing the effectiveness of DTC telehealth care for patients, providers, and payers. The program primarily seeks to expand access to health services in primary care, acute care, and behavioral health care, but also allows applicants to address a secondary focus in maternal care, substance use disorder, or chronic care management. Applications were due April 2.

FDA Emergency Use Authorizations for Remote, At-Home COVID-19 Testing

In the first quarter of 2015, FDA issued Emergency Use Authorizations ("EUA") for multiple COVID-19 testing devices that make entirely remote testing possible. This includes FDA's March 5, 2021 EUA for the first molecular non-prescription, at-home test." Remote testing options now involve at home specimen collection with and without requirements for telehealth monitoring; at home processing; both prescription and non-prescription options; and the gamut of antigen, antibody, and molecular testing. Many of these offerings do still require a prescription and a digital health component via a health app or telehealth partner, which has resulted in an expansion of clinical services toward COVID-19 testing services for many telehealth companies.

Proposed Modifications to the HIPAA Privacy Rule

On January 21, 2021, the U.S. Department of Health and Human Services ("HHS"), Office for Civil Rights ("OCR") published in the Federal Register a Notice of Proposed Rulemaking ("NPRM") proposing some significant changes to the Health Insurance Portability and Accountability Act ("HIPAA") Privacy Rule. The proposed changes, if adopted, would provide individuals with greater access to their health information and improve information sharing for care coordination and case management for individuals. The OCR initially announced a 60-day public comment period, making the deadline for comments March 22, 2021. However, on March 9, 2021, the OCR announced a 45-day extension of the public comment period, pushing the deadline to May 6, 2021. For more details on the various propose amendments to the HIPAA Privacy Rule, see here.

HHS Will Exercise Enforcement Discretion Related to HIPAA and COVID-19 Vaccine Applications

On January 19, the HHS' Office for Civil Rights announced that it will exercise its enforcement discretion and will not impose penalties for violations of the HIPAA Rules on covered health care providers or their business associates in connection with the good faith use of online or web-based scheduling applications for the scheduling of individual appointments for COVID-19 vaccinations during the COVID-19 nationwide public health emergency. This exercise of enforcement discretion is effective immediately, but has retroactive effect to December 11, 2020.

The Federal Communications Commission Expands Jurisdiction into Telehealth

On February 2, 2021, the FCC adopted a Report and Order regarding the next round of the COVID-19 Telehealth Program, noting that the Commission has found it in the public interest to expand the administrative responsibilities of the Universal Service Administrative Company (USAC) to include the COVID-19 Telehealth Program. This action signifies the breadth of agencies now involved in telehealth flexibility issues and the expansiveness of agency jurisdiction over the telehealth sector.

The Fifth Circuit Restricts Applicable Penalties by HHS OCR For HIPAA Security Violations

The Fifth Circuit's ruling in University of Texas MD Anderson Cancer Center v. U.S. Dep't of Health and Human Services, No. 19-60226 (January 14, 2021), restricts the ability of HHS Office of Clinical Research to use HIPAA regulations to police security lapses by covered entities and issue fines for the same. Specifically, the Court adopted a narrower interpretation of the HIPAA Security Rule's requirement to "[i]mplement a mechanism to encrypt" ePHI or adopt some other "reasonable and appropriate" method to limit access to patient data. The Court further held that HHS OCR could not prove that the covered entity "disclosed" ePHI in violation of the requirement, without proving that an unpermitted person outside the covered entity actually received it. Finally, the Court found that the $4.3 million civil monetary penalty was arbitrary and capricious because it violated the statutory cap for "reasonable cause" violations. 


Various States Propose and Adopt Legislation Advancing "Audio-Only" as a Telehealth Modality

Several states have introduced legislation that could impact modality requirements in the state. Of note, Arizona House Bill 2454, Arkansas House Bill 1063, Florida Senate Bill 700, Indiana Senate Bill 3, Louisiana House Bill 270, Montana House Bill 43, New Jersey Assembly Bill A4179, Ohio House Bill 122, Oklahoma House Bill 1689, and Oregon Senate Bill 423 have proposals either creating more flexibility for the use of audio-only interactions as a type of telehealth or clarifying potentially confusing language in existing statutes or regulations. Georgia House Bill 307's proposed legislation (out for signature by the Governor) incorporates the use of audio-only services, but "only when no other means of real-time two-way audio, visual, or other telecommunications or electronic communications are available to the patient due to lack of adequate broadband access, or because the use of other means of real-time two-way audio, visual, or other telecommunications or electronic communications is infeasible, impractical, or otherwise not medically advisable, as determined by the healthcare provider." Further, West Virginia enacted legislation that incorporates audio-only as a modality within the definition of telemedicine technologies and affirms that a provider-patient relationship may be established via real-time means using audio-only modalities while noting that a patient communication through audio-visual communication is "preferable, if available or possible".

New South Dakota Legislation Goes Technology Neutral

By modifying its definition for telehealth, South Dakota clarifies its stance as a modality neutral state relying rather on the health provider to independently determine and meet the relevant standard of care in each circumstance. The new law is effective July 1, 2021.

Virginia Adopts Telehealth Legislation During Special Extended Session Impacting Controlled Substances and In-State Referral Arrangements

Effective July 1, 2021, Va. Code Ann. §§ 54.1-3303(B) requires that prescribing for Schedule II through Schedule VI controlled substances is "in compliance with federal requirements for the practice of telemedicine" and that "the prescriber maintain a practice at a physical location in the Commonwealth or is able to make appropriate referral of patients to a licensed practitioner located in the Commonwealth in order to ensure an in-person examination of the patient when required by the standard of care." 

Global Developments


COVID-19 Vaccination Digital Certificate

On 27 January 2021, following discussions between the World Health Organization ("WHO"), the European Medicines Agency ("EMA") and the European Centre for Disease Prevention and Controls ("ECDC"), the eHealth Network (a voluntary network providing assistance to Member States' competent authorities dealing with eHealth) adopted the "Guidelines on proof of vaccination for medical purposes - basic interoperability elements". The Guidelines set forth the minimum information that the digital certificate should include as well as technical guidance on the creation of an interoperable and reliable system of certification. The Guidelines also recommend specific rules to avoid discrimination against subjects who may not be vaccinated.

On 17 March 2021, building upon the Guidelines, the European Commission adopted a proposal for regulations to be adopted by the European Parliament and Council related to such COVID-19 vaccination digital certificate. The proposal would establish an EU-wide framework to issue, verify, and accept vaccination certificates within the EU as part of a "Digital Green Certificate". The proposed framework would also cover other certificates issued during the COVID-19 pandemic, such as certifications of a negative test result for SARS-CoV-2 infection as well as certifications verifying that the person concerned has recovered from a previous infection with SARS-CoV-2. This allows the free movement of persons who are not vaccinated, or who have not yet had the opportunity to be vaccinated.

The European Commission Develops E-Health App Quality Standard

The Commission started working with the European Committee for Standardization ("CEN") and the International Organization for Standardization ("ISO") on a E-Health app quality standard (Quality & reliability for health and wellness apps: CEN-ISO/DTS 82304-2). The standard aims at establishing a common framework to enable more transparency in app stores and to assist app developers in developing health apps for use in clinical care pathways and reimbursement programming. The technical specifications are expected to be published in the second quarter of 2021.

European Health and Digital Executive Agency Becomes Operational

On 1 April 2021, the European Health and Digital Executive Agency ("HaDEA") became operational. The HaDEA is set up within the Commission's Directorate in charge of health care (DG Santé) and manages European programs and initiatives on behalf of the Commission. In particular, the HaDEA contributes to implementing EU funding in the digital health sector with specific regard to the EU4Health programme, Horizon Europe (Pillar II, Clusters 1 and 4: "Health" and"Digital, Industry and Space"), Digital Europe Programme, and the Connecting Europe Facility. The expected total budget managed by the HaDEA will amount to more than € 20 billion over the seven-year period of the 2021-2027 Multiannual Financial Framework ("MFF").

European Commission to Finalize Policy on European Health Data Space

In the second quarter of 2021, the European Commission will launch a public consultation on the draft framework to establish a European Health Data Space ("EHDS"). The Commission is currently assessing the feedback received in relation to the Inception Impact Assessment (Roadmap) launched in December 2020. The EHDS initiative would develop a common framework for sharing health data (e.g., electronic health records, patient registries, genomics, etc.) across the Union. EHDS is based upon three main pillars: (i) ensuring equitable access to health data for health care delivery, research, and innovation purposes; (ii) promoting and preserving single market functioning for digital health; and (iii) fostering privacy, security, and interoperability. Industry has expressed strong support for the EHDS initiative. The Commission aims to adopt the final policy on EHDS in the fourth quarter of 2021.

Europe Launches an Initiative to Achieve Digital Transformation by 2030

Between 10 February and 9 March 2021, the European Commission launched the "Europe's digital decade: 2030 digital targets" initiative. The Roadmap will provide a vision for achieving digital transformation within the next ten years. In particular, the Commission plans to:

  • Build capacities in digital infrastructure that will reduce the EU environmental footprint through the reduction and recycling of waste and promotion of individualized energy production;
  • Foster digital education and skills to ensure that the EU "trains enough of and offers best opportunities for digital engineers and specialists"; and
  • Boost private and public administration digitalization, with particular regard to SMEs.

Furthermore, the Commission intends to draft a proposal for a "Charter of Digital principles" that will set a standard for ethical and fundamental values and human rights in the digital space.

Recovery and Resilience Facility ("RRF") Funding Addresses Digital Transformation

The European Commission presented to the eHealth Network the investment possibilities under the new Recovery and Resilience facility. This facility will provide grants and loans to Member State's authorities to finance reforms and investments in a number of possible sectors and to overcome the economic and social impact of the COVID-19 pandemic. According to the latest meeting held at Council, there is a target of directing at least 20% of the total funding (672.5 billion of euro) to digital transformation.

Horizon Europe Work Program 2021-2022 to Fund Health Sector Research Initiatives

In January 2021, the European Commission adopted a draft work program for the years 2021-2022 in the context of the Horizon Europe funding initiative (2021-2027). The plan is to set aside 948 million euro in the first year for health research across six topics ("Staying healthy", "Environment and health", "Tackling diseases", "Competitive health industry", "Innovative health care", and "Digital tools") focusing on recovering from the COVID-19 pandemic and laying the foundations for a more resilient healthcare in case of future emergencies. With specific regard to the area of "Innovative health care", the purpose of the three upcoming projects is to modernize health care systems, improve their quality, develop new tools and methods for making better informed health care decisions, including artificial intelligence (AI), and support procurement. In relation to "Digital tools", the Commission's plan is to launch a 115 million euro call for projects aimed at developing: (i) smart medical devices and surgical implantation, for use in resource-constrained settings; (ii) therapies to treat highly prevalent diseases with unmet needs; and (iii) tools for the use and re-use of health data. The goal for 2022 is to deploy a total of 914.3 million euro to foster health research. With specific regard to digital health, a single stage 69 million euro call for projects will be launched in relation to projects aimed at enhancing cybersecurity tools, scaling-up computation and data anonymization, as well as exploring new payment models for health innovation.

European Union Agency for Cybersecurity Publishes Report on Secure Cloud Services in Health Sector

On January 18, 2021, the European Union Agency for Cybersecurity ("ENISA") published a report on cloud security for health care services ("Report"). The Report provides a set of 17 security measures for health care organizations—acting as cloud customers—and cloud service providers ("CSPs") to provide cybersecurity and data protection in accordance with applicable EU legislation (e.g., GDPR and NIS Directive). The set of 17 security measures and recommended practices are based on common frameworks for cloud security and the ongoing work on a cloud certification. These security measures include identifying applicable cybersecurity and data protection legal requirements, conducting a risk assessment and a data protection impact assessment, establishing processes for security and data protection incident management and response, establishing business continuity and disaster recovery plans, and enabling data encryption for data at rest and data in transit. Each suggested security measure is cross-referenced with recommended practices included in ENISA's existing Procurement Guidelines for Cybersecurity in Hospitals and applied to the different use case scenarios. Health care organizations and cloud service providers should consider using the Report as a checklist to draft and negotiate relevant provisions of their service agreements (e.g., service level agreements, limitation of liability clauses, data protection clauses, etc.) in order to mitigate data protection and cybersecurity compliance and business risks.

France: RFP Issued by the CNIL to Select Digital Health Projects for Enhanced Regulatory Support

On February 15, 2021, the CNIL (the French National Agency regulating Data Protection) issued an RFP called "GDPR sandbox", which was open until April 2, 2021, to provide enhanced support and assistance to project initiators, for a specific period of time, to achieve a technological solution that complies with data protection regulations and respects privacy. The "GDPR sandbox" applied to all innovative projects, regardless of their status, size, development or sector, except for projects that were operational or had already been launched. For this first edition, the RFP targeted three innovative projects in the field of digital health and the support and assistance program is intended to last until the end of 2

France: Massive Health Data Breach and Subsequent Legal Proceedings Initiated by the CNIL to Block Online Access to Leaked Patient Data

On March 4, 2021, the Paris judicial court ordered the main internet service providers to block access to a website hosting a file containing data on nearly 500,000 patients, including health data that leaked from medical laboratories. This decision follows the investigations initiated by the CNIL after the press revealed this data breach. At this stage, the CNIL has conducted three inspections and undertaken appropriate measures with the organizations concerned to ensure that the persons whose data was released are informed of this breach by the laboratories. The CNIL is continuing its investigations, in particular to ensure that the appropriate technical measures have been taken.

France: Announcement of the Annual Investigation Program of the CNIL for 2021, Including Focus on the Processing of Health Related Data

On March 2, 2021, the CNIL announced that for 2021 it intends to focus its investigation program on three themes: (i) cybersecurity of websites; (ii) security of health data; and (iii) use of cookies. With regard to cybersecurity, this focus is a response to the fact that website security flaws are among the most frequently observed failures during inspections and may lead to data breaches. With respect to health data security, such theme is in line with the investigation program adopted in 2020, corresponds to the current sanitary context and takes into account the ever-increasing challenges linked to the digitization of the health sector. Regarding the use of cookies, this focus was initiated in 2020 in order to ensure compliance with requirements on the targeting of advertising and the profiling of internet users. The investigations shall continue this year with a wider scope. Finally, the CNIL will continue to cooperate with its European peers on cross-border processing by implementing two methods of cooperation provided for in the GDPR: mutual assistance and joint operations.

Italy Further Expands the Use of E-Prescriptions to Medications not Reimbursed by the National Health System

Italy recently extended the use of e-prescriptions of medicinal products to those not reimbursed by the national health system. The e-prescription capabilities will be provided through a specific e-portal to pharmacies.



Creation of New Guidelines for Medical Research Utilizing Human Subjects

On March 23, 2021, several Japanese Ministries, including the Ministry of Health, Labour and Welfare ("MHLW"), jointly published the new "Ethical Guidelines for Life Science, Medical and Health Research Involving Human Subjects".  These new guidelines replace both the existing "Ethical Guidelines for Medical and Health Research Involving Human Subjects" and the "Ethical Guidelines for Human Genome and Gene Research Analysis". The new guidelines provide uniform and updated rules for research involving the human body, but will not apply to clinical research regulated by Japanese laws, such as "clinical trials" under the Pharmaceuticals and Medical Devices Act and "clinical research" under the Clinical Research Act. Most significantly, the guidelines provide new rules concerning so-called "e-informed consent" whereby human subjects can provide their consent digitally. The new guidelines will become effective on June 30, 2021.

New Guidance for Applicability of Medical Device Regulations on Software

On March 31, 2021, the MHLW published its "Guidance for Applicability of Medical Device Regulations on Software". In 2013, software intended for use in the diagnosis or treatment of disease was added to the definition of a "medical device" regulated under the Pharmaceuticals and Medical Devices Act. In 2014, the MHLW issued an administrative notice concerning its basic policy for the scope of software that constitutes a medical device and has periodically updated this notice in the time since. The new guidelines clarify and refine the explanations of the MHLW's policy on the scope of software that is classified as a medical device, and supersedes the 2014 administrative notice. The guidelines provide the standards and processes to determine the applicability of medical device regulations on software, and companies that develop medical or health care-related software should examine the applicability of medical device regulations based on the new guidelines. 


The Australian Immunisation Register to be Linked to My Health Record

As part of the implementation process for Australia's COVID-19 vaccine strategy, the Australian Government has passed the Australian Immunisation Register Amendment (Reporting) Act 2021 (Cth), which makes it a requirement for all vaccination providers to report vaccinations to the Australian Immunisation Register ("AIR"), which will be linked to the national My Health Record database. The latest upgrade to My Health Record includes a consolidated immunisation page so people can access details of all immunisations, including their first COVID-19 vaccination received, and next vaccination due date. The new legislation also introduces civil penalties should recognized vaccination providers not comply with the reporting requirements.

Calls to Permanently Extend Reimbursement for Telehealth Services in Australia

Due to the rapid uptake and success of telehealth services in the wake of the COVID-19 pandemic, there has been a push by industry and consumer organizations for the government to permanently extend the reimbursement scheme. Two recent Royal Commission Reports (on mental health and aged care) made recommendations that government support for telehealth services should become a permanent feature of the Australian health care landscape. The temporary expansion of universal coverage for telehealth services was set to expire on 31 March 2021, however on 14 March 2021, the federal government announced that it would extend coverage for a further three months.

E-Prescriptions Now Available Australia-wide

The prescription landscape is rapidly changing in Australia with the fast-tracking of the electronic prescription (e-prescription) initiative in response to the COVID-19 pandemic. In medical practices with the capability to provide e-prescriptions, a patient can choose to receive their e-prescription via an app, SMS, or email in the form of a link to a unique QR code or 'token'. The token is then scanned by their selected pharmacy to unlock the electronic form of the prescription from an encrypted and secure electronic prescription delivery service. Legislative instruments, such as the National Health (Pharmaceutical Benefits) Regulations 2017 (Cth), have been amended to accommodate e-prescribing and clinicians are required to adhere to the National Health Act 1953 (Cth) and relevant state or territory regulations when prescribing and supplying medicines using an electronic prescription.

Recent and Upcoming Speaking Engagements

Annual EU Pharmaceutical Law Forum: Legal and Ethical Considerations for Digital Innovation, Virtual Program (May 2021) Jones Day Speaker: Cristiana Spontoni.

AHLA—Telehealth Reimbursement Webinar, Virtual Program (March 2021) Jones Day Speaker: Kimberly Rockwell.

AHLA—Telemedicine 0-60 MPH: Building a Pandemic Telemedicine Program from the Ground Up, Virtual Program (March 2021) Jones Day Speaker: Ann Hollenbeck.

Chicago Bar Association—The Explosive Growth of Telemedicine: Legal and Practical Considerations, Virtual Program (March 2021) Jones Day Speakers: Rachel Page and Mary Waller.

In Case You Missed It

New Florida Law Limits Liability for Defendants Facing COVID-19 Lawsuits

COVID-19 Vaccinations and Considerations for European Employers

Health Care Organizations and Cloud Service Providers Receive Guidance on Cloud Security Measures

DOJ Announces $2.2 Billion in 2020 FCA Recoveries and Identifies 2021 Priorities

Focus on Health Care Provider Bankruptcies

Stark Law Commentaries

JONES DAY TALKS®: Helping Health Care Providers Fight Human Trafficking

Human Trafficking and Health Care Providers: Legal Requirements for Reporting and Education

Fourth Circuit Rejects FCA Claims on Scienter Grounds Based on Ambiguous Regulations

New Law Eliminates 75-Year-Old Antitrust Exemption for "Business of Health Insurance"

Supreme Court Leaves Fifth Circuit False Claims Act Ruling Intact

Health Insurer Secures Judgment Against Health Care Provider for Alleged False Claims

Legal and Practical Considerations for Employers Weighing COVID-19 Vaccination as a Condition of Continued Employment

Jones Day Global Privacy & Cybersecurity Update | Vol. 27

HHS Proposes Changes to the HIPAA Privacy Rule

Insights by Jones Day should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without the prior written consent of the Firm, to be given or withheld at our discretion. To request permission to reprint or reuse any of our Insights, please use our “Contact Us” form, which can be found on our website at This Insight is not intended to create, and neither publication nor receipt of it constitutes, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.