Vital Signs: Digital Health Law Update | July 2022

Lawyer Spotlight

Artificial intelligence innovations continue to fuel advances across diverse life science applications, including drug discovery and digital health. This month, we highlight two lawyers who help clients deploy, market, and protect their AI innovations, whether in-licensed or internally developed. Colleen M. Heisey (Washington, Health Care & Life Sciences) advises life sciences companies on legal requirements and obligations arising from FDA-regulated therapeutic products, including the application of AI in drug and device development and marketed products. Carl A. Kukkonen (San Diego, Intellectual Property) helps life science and technology companies license AI technologies and data sets, develop litigation-ready AI patent portfolios, and minimize infringement risk.

Note From the Editors

2022 shows no signs of slowing down on digital health developments across different areas. We bring you Vital Signs, a curated, one-stop resource on the most notable digital health law updates from our global team.  

In Industry Insights, our lawyers take an in-depth look at new developments on the interplay between AI and the FDA with regard to medical therapeutics and diagnostics, as well as pharma AI-oriented partnerships and intellectual property protection mechanisms for AI other than by way of patents. In our Federal and State sections, you'll read highlights of significant U.S.-based developments. Don't miss several updates from Europe and a short summary of new cybersecurity requirements for medical devices in Japan. Thank you to our contributors who are committed to bringing you curated updates covering digital health developments of interest.

Dobbs Impact: We have been closely following post-Dobbs impacts to health care delivery throughout the United States. Telehealth providers are seeking to quickly understand the parameters of laws, regulations, and related enforcement in states where their patients reside (the so-called "trigger" and "zombie" laws in particular). An individualized, state-by-state analysis and risk assessment is essential for providers delivering care services related to family planning, contraception, or pregnancy termination, including those that provide advice, operational support, or other assistance to these providers. The impact of Dobbs cannot be understated with essential considerations arising in privacy, technology, data collection, sharing and custody, medical records, patient intake, and pharmaceutical offering, among others. We encourage you to involve in-house or outside counsel directly in planning and risk discussions because (i) uncertainty exists due to the lack of recent enforcement history, judicial interpretation, and the widely varying state laws, thus staying in close contact with knowledgeable legal counsel is key, and (ii) to protect those discussions with the attorney-client privilege to the greatest extent possible.

Industry Insights

Developments in Artificial Intelligence and Machine Learning Prompt Change to FDA Regulations and U.S. Patent Law Principles 


As artificial intelligence ("AI") capabilities continue to advance and integrate into health delivery systems, lawmakers must grapple with the tension of encouraging the benefits posed by this AI integration, while also ensuring that patients and consumers are adequately protected from the natural limitations and potential abuses of AI-inspired medical innovations. On November 16, 2021, the Centers for Medicare and Medicaid Services ("CMS") took its first step toward legitimizing automated health care delivery by establishing reimbursement for a health care service provided entirely by AI—the interpretation of remote retinal imaging by AI (CPT Code 92229). As stated by CMS in the Medicare Physician Fee Schedule rule that set out payment for this AI service, "[r]apid advances in innovative technology are having a profound effect on every facet of the economy, including the delivery of healthcare." CMS's recognition of AI as a legitimate resource to advance the provision of health care aligns with recent trends in the life sciences and biopharmaceuticals space—where stakeholders are capitalizing on AI and machine learning to advance the effectiveness and efficiency of medical technology. This issue's Industry Insights discusses the impact of AI on two bodies of law: (i) The Food and Drug Administration's ("FDA" or the "Agency") regulatory landscape and (ii) U.S. patent law. The first section provides an overview of the FDA's recent attempts to balance the opportunities and risks of AI technologies as applied to medical therapeutics and diagnostics. The second section ponders AI's impact on patent law principles and explains how AI technology may challenge traditional patent law concepts in coming years. 

The FDA Considers a Regulatory Framework to Appropriately Address AI as a Tool for Advancing Medical Therapeutics and Diagnostics

By Colleen Heisey, Kyle Diamantas, and Sarah Gaskell

In recent years, the FDA has demonstrated support for AI and machine learning ("AI/ML") as tools for advancing medical therapeutics and diagnostics in the health care space and beyond. For example, in its March 2022 proposed recommendations for the fifth reauthorization of the medical device user fee program, the Agency reaffirmed its commitment to building software and digital health expertise and streamlining FDA review processes for digital health products. Specifically, as part of its proposed process improvements, the FDA stated that it will continue to "provide assistance for premarket submissions that include software, interoperable devices, or otherwise incorporate digital health technologies, such as artificial intelligence or machine learning (AI/ML), Virtual, Mixed, and Augmented Reality (VR/MR/AR) and wearables." This proposed assistance for specific premarket submissions, along with other process improvements outlined in the proposed recommendations, are aimed at reducing the average total decision time for premarket approval applications and premarket notification submissions, while maintaining standards for safety and effectiveness. 

The Agency also continues to review and authorize a growing number of devices utilizing AI/ML across many different fields of medicine. In the first half of 2022, the FDA granted 510(k) clearance to a number of AI/ML-enabled devices, including the VoqX Electronic Stethoscope, which detects infrasound acoustic waves not audible to the human ear and uses AI algorithms for advanced disease classification of cardiopulmonary issues; Viz ANEURYSM, which analyzes CT scans using an AI algorithm to detect suspected brain aneurysms; and Cardio AI, which uses AI and deep learning to analyze cardiac MRI images to aid in the diagnostic process.

Additionally, the FDA has continued its commitment to developing a regulatory framework for the oversight of AI/ML-enabled devices. The Center for Devices and Radiological Health is considering a total product lifecycle-based framework for these technologies that would "allow for modifications to be made from real-world learning and adaptation, while ensuring that the safety and effectiveness" of these devices are maintained. Though the Agency has not yet published its long-awaited draft guidance on Marketing Submission Recommendations for a Change Control Plan for AI/ML-Enabled Device Software Functions, it published draft guidance for the Content of Premarket Submissions for Device Software Functions in November 2021. This guidance describes the information that the FDA considers important during its evaluation of the safety and effectiveness of a device in a premarket submission and may help facilitate FDA's premarket review. When finalized, it would update and replace guidance previously issued in 2005.

The FDA's efforts related to AI/ML extend beyond medical devices, as the Agency itself seeks to use predictive analytics capabilities to increase the safety and effectiveness of other FDA-regulated products. For example, as part of the FDA's New Era of Smarter Food Safety, which seeks to create a safer and more digital, traceable food system, the Agency conducted a pilot program that leverages machine learning to strengthen its ability to predict which shipments of imported foods pose the greatest likelihood of containing potentially contaminated products. The FDA is currently reviewing findings from the program to examine the deployment of AI/ML models as a tool for enhancing its predictive capability for other types of regulated products. To support its goals related to enhanced technologies and data modernization, the FDA has requested $68 million in its 2023 budget request specifically for "critical enterprise technology capabilities," including data-informed capabilities, "such as artificial intelligence, machine learning and state-of-the-art solutions like blockchain," which the Agency states will be critical to supporting its public health priorities. The FDA also seeks funds for data modernization to allow it "to review large volumes of data more quickly to identify critical safety signals or emerging outbreaks." As the Agency embraces AI/ML in its own efforts, so too will it continue to consider how to regulate AI/ML-enabled products to ensure consumer safety while allowing the benefits of AI it espouses. 

Opportunities for Pharmaceutical and AI Partnerships and Challenges to Traditional Patent Law Concepts

By Patricia Campbell, Carl Kukkonen, Gurneet Singh, and Sabrina Jones

Over the last five years, interest in and use of AI in several sectors of the life sciences industry, particularly biopharmaceuticals, has rapidly increased and continues to grow. By the end of 2022, AI-facilitated solutions in the pharmaceutical sector are projected to achieve a revenue of more than $2 billion.

The burgeoning interest in AI's applications in pharmaceuticals makes sense, as AI can help new drugs reach the clinical stage five times faster and cut industry costs by 30%. For example, AI can predict drug-target interactions, which allow for the repurposing of existing drugs. Several industry leaders in the biopharmaceutical and AI spaces have taken advantage of this opportunity by collaborating to develop new drugs and gene-based therapies at accelerated rates. These new pharmaceutical AI-lead developments challenge traditional concepts in patent law. 

For instance, one requirement for U.S. patent protection is for the invention to be nonobvious. 35 U.S.C. § 103. Whether an invention is obvious is analyzed through the eyes of a hypothetical person of ordinary skill in the art ("POSITA"). There are concerns over whether AI recalibrates the obviousness standard since AI increases what a POSITA has the capacity to recognize as obvious. The American Intellectual Property Law Association posited that what seems nonobvious to a human "could be rather obvious to an artificial intelligence machine because it has the capability to crunch through a bunch of numbers in a very fast period of time and come up with an answer to a problem in minutes that would take a human being a lifetime." 

AI use in the pharmaceutical space is also challenging traditional considerations of inventorship. Under U.S. patent law, inventorship determines patent ownership. There is widespread debate over whether AI can be considered an inventor for purposes of securing a patent. A key area of the debate focuses on whether AI is simply a tool or something more. One of the essential criteria for inventorship is conception that goes beyond supplying abstract ideas or merely executing others' ideas. Conception is about abstract thinking, an ability that even the world's most sophisticated forms of AI currently lack. In the AI and legal communities, the majority viewpoint is that AI techniques are merely tools in a human inventor's hands. While the AI community has expressed criticism of the anthropomorphization of AI, some have persuasively argued that AI is simply a tool when a human uses AI to facilitate the inventive process in the same way as one would use any other tool like a microscope. There, the inventor would be the person using the AI, not the individual who developed the AI algorithm. In other words, patent law recognizes an inventor in the individual who engaged in thinking and decision-making to solve problems assisted by AI. That individual would be the researcher or scientists screening, developing, and discovering drugs in the biopharmaceutical context, not the one who developed the basic AI algorithm of a general-purpose nature. Additionally, if "mere implementation of instructions" would not suffice for a human inventor to be entitled to a patent, AI creating output from human input cannot be a standalone inventor either. 

Critics of the world's majority position of inventorship believe that this stance makes AI-facilitated inventions and discoveries unpatentable. Some have suggested turning to trade secrets, which offer the advantages over patents of not requiring public disclosure and retaining protection for unlimited periods of time. As long as an invention can be protected by employing reasonable measures to maintain it as a secret, the trade secret will offer protection. 

Even if inventorship were to be recognized in AI, the question of ownership would remain. In cases where the patent applicant is different from the inventor, the patent applicant must show it properly obtained ownership from the inventor. An AI machine can neither hold title to an invention nor pass title to a patent applicant under current U.S. patent law.


As AI technologies continue evolve, so too must the laws that govern them. In the coming years, lawmakers and the agencies charged with administering and enforcing these laws will be challenged to create a regulatory structure that nurtures the appropriate use of AI in health care systems by embracing opportunities for innovation, while also protecting from potential abuse. 

United States Developments


OIG Issues Special Fraud Alert

On July 20, 2022, the Office of Inspector General of the U.S. Department of Health and Human Services ("OIG") issued a Special Fraud Alert to advise health care providers to exercise caution when entering into arrangements with "purported" telemedicine companies. The OIG provides an illustrative, nonexhaustive list of suspect characteristics of allegedly fraudulent schemes it has investigated whereby companies exploit the growing acceptance and use of telehealth. These characteristics may include: patients identified/recruited by the telemedicine company and directed to the provider; little or no contact between the provider and patients; the health care provider is compensated based on the volume of items or services prescribed or ordered; the telemedicine company only furnishes one product or a single class of products to effectively restrict a health care provider's treating options; and the telemedicine company does not expect providers to follow up with patients. The OIG views these schemes as resulting in unnecessary care, substandard of care, and outright fraud causing considerable harm to federal health care programs and their beneficiaries. OIG warns health care providers to avoid entering into these arrangements, noting that criminal, civil, or administrative liability may result pursuant to the Civil Monetary Penalties Law, the False Claims Act, OIG's exclusion authority related to kickbacks, and various state civil and criminal health care fraud statutes.    

HHS-OIG Launches Webpage Focused on Telehealth Oversight, Showcasing New Audits and Research and Potentially Informing Future Enforcement Priorities

The Health and Human Services Office of Inspector General ("HHS-OIG") has launched a webpage to centralize information related to its oversight of telehealth services. To promote access to health care during the pandemic, the Centers for Medicare & Medicaid Services ("CMS") significantly expanded coverage for telehealth services by granting a range of emergency reimbursement, modality, and geographic flexibilities. These policies led to a steep increase in the number of telehealth services covered by federal health care programs. In light of greater federal expenditures in this area, telehealth has been subject to escalated enforcement activity. The webpage spotlights a number of OIG reports that detail patterns and challenges in expanded telehealth use as well as plans for future OIG auditing of telehealth offerings. This new webpage can be leveraged by industry stakeholders to orient compliance efforts in the years to come. 

The Federation of State Medical Boards Adopts New Policy on Telemedicine Technologies

In April 2022, the Federation of State Medical Boards ("FSMB") adopted new guidelines on the "Appropriate Use of Telemedicine Technologies in The Practice of Medicine," updating its prior telemedicine guidance issued in 2014. Though policy statements are nonbinding, advisory opinions from FSMB—the representative body for 71 state and territorial medical boards—often inform medical board practice and state law reform. In updating its policy, FSMB set out to build on the lessons learned from the pandemic and "enable wider, appropriate adoption of telemedicine technologies." In this regard, the policy (i) acknowledges telemedicine as a core component of health care delivery post-pandemic; (ii) emphasizes and advocates for the role telemedicine can play in improving access and reducing inequities in the delivery of health care; and (iii) recognizes broad exceptions to licensure for physician-to-physician consultations, prospective patient screenings for complex referrals, episodic follow-up care for established patients, and decentralized clinical trials. 

In other respects, however, the recommendations in the policy may not align with regulatory trends and allowances that have facilitated telemedicine's adoption in recent years. Most notably, the policy incorporates several modality limitations, including suggesting that audio-only communications should only be used when a patient is unable or unwilling to access other live-interactive modalities or when audio-only interactions are considered the standard of care for the service being delivered, emphasizing the need for physicians to have the opportunity and ability to ask iterative follow-up questions, and recommending physicians use digital images, live video, or other modalities if the standard of care in-person would have required a physical examination. In addition, the policy includes recommendations regarding referrals, in-person capabilities, and patient abandonment, as well as recommendations regarding medical records and patient engagement that could impact technology and operational capabilities for many telehealth platforms and which potentially conflict with traditional legal and regulatory structures applicable to in-person settings. 

Medicare Telehealth Reimbursement Flexibilities to Extend for 151 Days After End of Public Health Emergency

On March 15, 2022, President Biden signed into law the Consolidated Appropriations Act, 2022, extending certain Medicare telehealth reimbursement flexibilities for 151 days following the end of the declared COVID-19 public health emergency. At the beginning of the pandemic, the CMS implemented certain blanket waivers of Medicare telehealth coverage requirements. These waivers removed the geographic and originating site limitations, expanded the types of health care providers that can furnish telehealth services to Medicare beneficiaries, and allowed for the use of audio-only equipment to furnish certain telehealth services. With the passage of the Act, the waivers—which were set to expire immediately upon expiration of the public health emergency—will now remain in effect for 151 days after the end of the public health emergency. CMS announced the renewal of the public health emergency for another 90 days on July 15, 2022. 

HHS Clarifies Covered Entities' Obligations and Potential Liability Concerning Business Associates' Compliance With Certain HIPAA Requirements

On March 22, 2022, the Department of Health and Human Services ("HHS") issued guidance to clarify covered entities' obligations and potential liability concerning business associates' compliance with certain Health Insurance Portability and Accountability Act ("HIPAA") Administrative Simplification requirements.

In its guidance, HHS confirmed that the HIPAA Administrative Simplification requirements related to standards for electronic transactions, code sets, unique identifiers, and operating rules apply only to covered entities. HHS further explained that these particular requirements apply indirectly to business associates because the HIPAA regulations state that covered entities must require business associates to comply with them. In light of this framework, HHS warned that engaging a business associate to provide services related to standard transactions does not relieve a covered entity from its responsibility to comply with all applicable HIPAA requirements. HHS advised that a covered entity is responsible for its business associate's failure to comply with the applicable requirements and that the actions or inactions of that business associate will be imputed to the covered entity. Further, HHS noted that this responsibility would apply even if the vendor engaged to conduct covered transactions as a business associate on the covered entity's behalf is also considered a covered entity in other contexts.

HHS's guidance makes clear that when contracting with business associates to conduct standard transactions, covered entities should consider (i) contractually requiring their business associates to comply with HIPAA requirements; (ii) monitoring their business associates' compliance with those requirements; and (iii) securing contractual remedies against their business associates for the business associates' failure to comply with HIPAA requirements.

FDA's CDHR Releases Draft Guidance on Cybersecurity in Medical Devices

On April 8, 2022, the Food and Drug Administration ("FDA"), through its Center for Devices and Radiological Health, issued draft guidance regarding cybersecurity in medical devices and digital health technologies. FDA issued the draft guidance in light of the increased integration of wireless, Internet- and network-connected capabilities, portable media, and the frequent electronic exchange of medical device-related health information. The draft guidance applies broadly to all types of devices as defined in section 201(h) of the Federal Food, Drug, and Cosmetic Act, including 510(k)-exempt devices that do not require a premarket submission. 

In the draft guidance, FDA emphasizes a need for adequate security controls and designs that are tailored to the uses and indications for use of the individual device in question and unique risks posed in each device. FDA encourages developers to use a Secure Product Development Framework, or SPDF (i.e., "a set of processes that reduce the number and severity of vulnerabilities in products"), in designing their medical devices, but indicates that sponsors may use alternative approaches that satisfy applicable statutory provisions and regulations (e.g., quality system requirements). The focus on development, security, and transparency in cybersecurity make the FDA's newly updated approach responsive to evolving changes in the medical devices space. 

SEC Proposes Amendments Regarding Cybersecurity Risk Management

As noted in a Jones DayAlert, the U.S. Securities and Exchange Commission proposed amendments to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. The amendments are intended to provide consistent and practical disclosures that allow investors to analyze, manage, and mitigate exposures to cybersecurity risks. 

Under the proposals, Form 8-K would be amended to add Item 1.05, which would require registrants to disclose material cybersecurity incidents within four business days. Registrants would be required to disclose material cybersecurity incidents under the federal securities laws even if state law would otherwise allow the registrant to delay providing notice about such incident. 

Additionally, the proposed amendments would add a new Item 106 to Regulation S-K, Form 10-Q, and Form 10-K, which would require registrants to disclose any changes to prior disclosures of material cybersecurity events, a list of immaterial cybersecurity events which become material in aggregate, and the registrant's policies and governance plans for identifying and managing cybersecurity risks. 

These proposed amendments represent a significant increase in required periodic disclosures, and would have immediate and notable impacts for registrants upon finalization.     


Uniform Law Commission Approves Uniform Telehealth Act 

On July 15, 2022, the Uniform Law Commission announced its approval of the Uniform Telehealth Act after two years in development. This model act is modality neutral and fairly simple in construct. If it gains traction in a number of states, it could provide added clarity and flexibility. Highlights include: (i) it applies across various practitioner categories and includes some unique exceptions to licensure (a registration process, a time period of cross-state care with existing providers for continuity of care, and expansive consulting provider exceptions); (ii) it prohibits state regulatory boards and enforcement agencies from treating telehealth differently than in-person care; (iii) scope of practice would remain subject to limitations of state and federal law, which likely would include prescribing limitations and restrictions on reproductive care; and (iv) it provides a potential path to expansion of consultation exceptions to licensure and expanded second opinion offerings, and limited follow-on care for relocating patients.

Kentucky Removes Barriers to Cross-State Telehealth Services

Kentucky Governor Andy Beshear signed into law House Bill 188 ("HB 188"), which took effect on July 14, 2022. HB 188 amends the state telehealth laws to ensure that state agencies do not prohibit certain cross-state telehealth activities. Under the amendments, state agencies may not (i) promulgate telehealth-related regulations that prohibit a provider credentialed by a Kentucky professional licensure board from delivering telehealth services to a permanent Kentucky resident who is temporarily located outside of the state; (ii) prohibit a provider credentialed in another state from delivering telehealth services to a person who permanently resides in the same state but who is temporarily located in Kentucky; or (iii) require that a health care provider be physically located in their state of credentialing in order to provide telehealth services to a person who is a permanent resident of the same state. The act also requires the Cabinet for Health and Family Services to define the term "temporarily located" for purposes of delivering telehealth services in the state's telehealth terminology glossary within 30 days of the act's effective date. 

Florida Expands Prescribing Authority of Telemedicine Providers
Effective July 1, 2022, Florida expanded the prescribing authority of telemedicine providers by affording considerably greater flexibility to providers to prescribe controlled substance medications to patients seen remotely. S.B. 312, which was signed by Governor Ron DeSantis in April 2022, permits all controlled substances except Schedule II drugs to be prescribed via telemedicine. Previously, Florida law prohibited prescribing any controlled substances via telemedicine aside from limited exceptions for psychiatric treatment or inpatient care.

In-Person Requirements Regarding Telehealth Care in Alabama
In April 2022, Governor Kay Ivey signed into law Senate Bill 272, concerning the use of technology to deliver telemedicine care. Among the new law's provisions is the requirement that, effective July 11, 2022, physicians providing telehealth services to a patient for the same medical condition more than four times in a one-year period must evaluate that patient in person in order to continue treatment, or else refer the patient to a physician who can provide in-person care. Therefore, following the law's effective date, telehealth providers may need to prepare to facilitate occasional in-person treatment for certain patients.

Virginia Legislature Expands Use of Telemedicine to Certain Out-of-State Practitioners

Effective April 27, 2022, Virginia Senate Bill 369 ("SB 369") was signed into law, authorizing the in-state telemedicine practice of a profession regulated by the Virginia Board of Medicine by a practitioner licensed in another state or the District of Columbia. Per SB 369, the practitioner must be in good standing with the applicable regulatory agency where licensed. Additionally, the service must specifically be (i) for "the purpose of providing continuity of care through the use of telemedicine services" and (ii) delivered to a current patient of the practitioner with whom a practitioner-patient relationship has been established, including an in-person examination within the previous 12 months. 

Oregon Legislature Expands Telemedicine Services

In March 2022, Oregon House Bill No. 4034 went into effect, which affirmatively authorizes Oregon-licensed physicians and physician assistants to render services via telemedicine regardless if that provider is physically located in the state. The Oregon legislature broadly defined "telemedicine" to include communications through both synchronous and asynchronous technologies that permit the use of telemedicine to establish a patient-provider relationship, treat and diagnosis medical conditions, and prescribe drugs to patients in Oregon. 

Utah Enacts Comprehensive Data Privacy Law

As reported in a Jones DayAlert, on March 24, 2022, Utah Governor Spencer Cox signed the Consumer Privacy Act (the "Act"), making Utah the most recent state to enact a comprehensive data privacy law. The Act applies to entities that (i) conduct business or target consumers in Utah; (ii) generate at least $25 million or more in annual revenue; and (iii) either process or control (a) the personal data of at least 100,000 Utah consumers, or (b) the data of at least 25,000 Utah consumers and derive at least half of their gross revenue from selling personal data. 

The Act, which borrows core elements from comprehensive privacy laws previously enacted in in California, Virginia, and Colorado, requires that "controllers" give consumers clear notice and an opportunity to opt out of the processing of "sensitive data." 

Although the Act does not provide any private right of action, the attorney general has exclusive authority to enforce the law. If businesses do not cure violations within 30 days of the attorney general's notice, the attorney general may collect statutory damages of up to $7,500 per violation, as well as actual damages to the consumer.

Global Developments


European Authorities Advise Sponsors on How to Manage the Conducting of Clinical Trials During Disruptions Caused by the Russian Invasion of Ukraine
On March 30, 2022, the European Commission ("EC"), the European Medicines Agency ("EMA"), and the Heads of Medicines Agencies ("HMA") issued initial advice for sponsors on how to manage the conducting of clinical trials during the ongoing war in the Ukraine. Due to the war, sponsors may need advice on how to deal with the repercussions of protocol deviations, such as when scheduled study visits cannot take place or when a trial participant fleeing the Ukraine is transferred to investigator sites related to a trial in the European Union ("EU"). For the time being, the authorities have referred to the guidance on the management of clinical trials during the COVID-19 pandemic (link and link). Such guidance describes, for instance, the possibility of off-site monitoring through phone calls, video visits, e-mails, or other online tools, as well as remote source data verification, to ensure the quality of clinical trial data and to protect the rights, safety, and well-being of participants. The guidance highlights that verification of remotely sourced data should not be carried out if adequate data protection, including data security and protection of personal data (even if they are pseudonymized), is not ensured. Accordingly, the Clinical Trials Coordination Group (an HMA group uniting clinical trials experts) is developing additional recommendations for sponsors, and the EMA will develop additional recommendations on the methodological aspects of data from clinical trials affected by the war in the Ukraine.

Single European Data Space

In recent months, EU institutions have proposed and approved several legislative instruments aimed at creating a "Single European Data Space." While preserving high standards of privacy, security, safety, and ethics, this proposed "genuine single market for data" could improve data use and data access. 

Specifically, on May 3, 2022, the EC published its proposal for a Regulation on the European Health Data Space ("EHDS"). Once adopted, the EHDS will create a common space in which individuals can control their electronic health data easily and allow researchers, innovators, and policy makers to use the data securely, while preserving individuals' privacy. The regulation will apply to (i) manufacturers, suppliers, and users of electronic health record systems and wellness applications placed on the EU market and put into service; (ii) controllers and processors established in the EU processing electronic health data of EU citizens and third-country nationals legally residing in the territories of the EU Member States; (iii) controllers and processors established in a third country that have been connected to or are interoperable with MyHealth@EU; and (iv) data users to whom data holders in the EU make electronic health data available.

French Decree on the Reimbursement of Support Sessions Provided by a Psychologist Is Adopted

On February 17, 2022, the French government adopted a decree on the reimbursement of support sessions provided by a psychologist. The decree sets the terms and conditions for the creation of the MonPsy device. MonPsy is a device that allows for the reimbursement of up to eight sessions when provided by psychologists linked to the device. The decree also provides specifications on the selection of psychologists eligible for the system, for the signing of an agreement with the health insurance company, for the reimbursement of sessions for the signing of an agreement with the health insurance company, and for the reimbursement of sessions, as well as on the sanctions that may be imposed in the event of the actions described in the decree. The decree was published in the French Official Journal on February 18, 2022.

French Law Proposal on Health Innovation Is Adopted

On February 22, 2022, the French Senate proposed a law on health innovation. The proposed law aims to strengthen the ethical evaluation of health research and improve the conditions of access to innovative therapies. It is worth noting that, among the measures introduced by the proposed law, it will allow for clinical trials to be conducted in patients' homes. The proposed law is currently being discussed in the French National Assembly.


Japan: Updated Guidelines on Medical Device Cybersecurity
The Ministry of Health, Labour and Welfare ("MHLW") recently published updated guidelines on medical device cybersecurity based on the International Medical Device Regulators Forum's "Principles and Practices for Medical Device Cybersecurity." The guidelines include actions and organizational initiatives that marketing authorization holders can implement to ensure the quality, effectiveness, and safety of medical devices from a cybersecurity standpoint. The MHLW plans to develop standards for evaluating the cybersecurity of medical devices, revise its basic standards for the distribution of medical devices, and establish a system to check the cybersecurity of medical devices by 2023.

Recent and Upcoming Speaking Engagements

  • Matthew Johnson, Joshua Nightingale, Joshua Sallmen, Jones Day's 2022 Speaker Series: The Explainability of AI, March 10, 2022.
  • Laura Koman, The Business of Telehealth: Legal Issues you Need to Know, American Telemedicine Association Annual Meeting, Boston, Massachusetts, May 1, 2022.
  • Laura Laemmle- Weidenfeld, Telemedicine Post-COVID: Where are We and What's Next? American Health Law Association Annual Meeting, Chicago, Illinois, June 27, 2022. 
  • Laura Laemmle-Weidenfeld, FCA Developments Panel, Health Care Fraud Conference, Las Vegas, Nevada, June 27, 2022. 
  • Christiana Spontoni, 2022 EU Pharma Law Academy, Cambridge, United Kingdom, September 5, 2022.
  • Maureen Bennett, ACI - FDA Boot Camp: Clarifying the Approval Process for Drugs and Biologics, September 14, 2022.
  • Laura Laemmle-Weidenfeld, Effective Compliance Programs and Investigations: A Hypothetical, PLI Life Sciences 2022, New York, New York, September 28, 2022.

In Case You Missed It

Insights by Jones Day should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without the prior written consent of the Firm, to be given or withheld at our discretion. To request permission to reprint or reuse any of our Insights, please use our “Contact Us” form, which can be found on our website at This Insight is not intended to create, and neither publication nor receipt of it constitutes, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.