Skip to main content


Freshfields MedTech Update Q2 2023

Recent AI-based advances, particularly in generative AI, coupled with the challenging macroeconomic environment, have put the spotlight squarely on AI and data-driven offerings, shifting the focus away from other subsectors of digital health. We are seeing increased interest among biopharmaceutical, tech and MedTech companies in AI applications in healthcare, as innovators discover use cases in drug discovery and development, personalized medicine, and other applications.

At the same time, regulatory authorities around the world have stepped up efforts to oversee the development, deployment and use of such applications. Our latest MedTech insights delve further into the proposed regulatory oversight of AI applications in digital health, recently expanded federal and state protections of consumer health data and updates from the UK Westminster Health Forum on the future of diagnostics and medical devices.

Proposed Regulatory Oversight on AI in Digital Health

Recent months have witnessed a heightened interest in AI-based solutions, including in the healthcare context, as tech giants and start-ups alike test out generative AI tools and large language models in an effort to improve the patient care experience. In response, US federal agencies have proposed policies seeking to optimize, while also addressing the potential risks inherent in, the development of AI-based solutions, including in healthcare. Following the White House’s Blueprint for an AI Bill of Rights published last year, the National Telecommunications and Information Administration issued a Notice and Request for Comment, seeking input on regulatory measures and policies that would support the development of AI audits, assessments and certifications to ensure the safety, trustworthiness and effectiveness of AI systems. Additionally, the US Office of the National Coordinator for Health Information Technology recently released a proposed rulemaking titled, “Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing,” or the HTI-1 Rule. The HTI-1 Rule is designed to increase interoperability, transparency and trust in predictive decision support interventions and use of electronic health information. Notably, the HTI-1 Rule proposes to require AI developers to satisfy additional “decision support interventions” certification criterion under the Health IT Certification Program, including with respect to algorithm transparency. In response, we expect MedTech companies to continue to work collaboratively with regulatory authorities to help shape the future of AI regulation in healthcare, as well as design AI governance and accountability structures that integrate AI policies into their day-to-day operations.

Expansion of Federal and State Protections of Consumer Health Data

Recent data privacy developments on both the federal and state levels may add additional complexity for digital health companies and their data management practices. Last month the Federal Trade Commission (FTC) announced its plans to strengthen the Health Breach Notification Rule’s applicability with respect to health records collected by digital health apps. The announcement was made in response to the FTC’s enforcement action against the ovulation tracking app Premom for sharing sensitive personal information with third parties and failing to notify consumers of these unauthorized disclosures. Along with clarifying that such unauthorized disclosures constitute a security breach, the FTC proposed that companies use electronic means to notify consumers of such breaches. At the state level, the state of Washington recently enacted the My Health, My Data Act, which is set to take effect in March 2024 and designed to provide heightened protections for consumer health data that falls outside the scope of HIPAA, a US federal law that required the creation of national standards to protect sensitive patient health information from being disclosed by particular entities in specific situations. Notably, the Act grants a private right of action for individuals to seek damages for violations. The FTC actions and new Washington state law add to the ever-growing patchwork of laws and regulations that digital health companies need to navigate in the United States as federal and state authorities seek to expand protections for consumer health data.

Westminster Health Forum Policy Conference: Next Steps for Diagnostics and Medical Devices in England

In April, the UK Westminster Health Forum held a conference on “Next steps for diagnostics and medical devices in England.” The conference focused on steps for improving the development and delivery of diagnostics and medical devices in the UK in the context of the UK government’s inaugural MedTech Strategy announced in February. One key topic of discussion was the current regulatory challenges and uncertainties around CE/UKCA conformity markings, including the possibility of cooperation among regulators to implement UKCA markings on an international level. In terms of diagnostics, the discussion touched on recent developments in the achievement of earlier and more accurate diagnoses, including in the field of genomics and particularly, the use of AI-based solutions, as well as next steps for the decentralization of diagnostics away from NHS hospitals and introduction at the community level. Overall, the conference highlighted the current momentum in the UK to overhaul the MedTech regulatory landscape, as both regulators and innovators alike continue to prioritize cooperation among all relevant stakeholders to contribute to better patient outcomes.