Join our mailing list to receive the latest updates and alerts Flag Subscribe

Healthcare attracts some of the most innovative minds in the world, but there are legal speed bumps in the adoption of digital healthcare innovation. Inconsistent regulatory regimes, varying reimbursement models, potential litigation and the ethical concerns of protecting the privacy, life and health of patients mean the healthcare industry often moves more cautiously than other sectors.

Rapid technology developments and exponentially increasing computer processing speeds continue to indiscriminately disrupt businesses across industries and are a prologue for what is now happening in digital health. Traditional business models have been upended and successful companies adapt quickly.

In order for healthcare companies, providers, third-party payers and investors to capitalize on these technological developments, they will need to incorporate legal strategies that will help them overcome the following regulatory and legal hurdles.

Compliance Risks

Healthcare is a highly regulated industry which is subject to active enforcement by the Office of the Inspector General and the Department of Justice of the federal Anti-Kickback Statute, Stark Act, False Claims Act and Sunshine Act as well as various enforcement actions by state attorney generals under various state laws. Digital health businesses are also subject to these laws, and as digital health business models evolve, the OIG and DOJ are likely to scrutinize those models. Compliance programs and training will need to be tailored to address the unique digital health business models and resulting payment mechanisms.


Digital health seeks to make healthcare more efficient by developing business models that utilize vast troves of patient data. Digital health companies with access of protected health information will need to comply with standards for protecting or de-identifying that PHI. Privacy legal experts will need to be on hand with knowledge of US HIPAA laws, privacy laws of other geographies where PHI is gathered or used and also of the risk of private lawsuits resulting from common law breach of privacy claims.


Digital health companies will continue to be targeted by hackers who seek to obtain the information and sell it, hold hacked companies for ransom, manipulate stock prices or disrupt the health and safety of patients. More than ever, digital health companies must have effective cybersecurity protocols, conduct meaningful cybersecurity training and ensure that third party vendors (contractually and otherwise) have similar protocols and training. Contingency planning for potential breaches is also critical and cybersecurity insurance should be considered.

Intellectual Property

Protection of novel inventions related to digital health can dramatically increase the value of the companies that develop them, legally restrict competition and appropriately reward the sweat equity of innovators. Digital health developments, however, create unique challenges in appropriately protecting intellectual property. Digital health companies need to determine whether the invention is most appropriately protected through patent, copyright or trade secret protection. The U.S. Supreme Court’s decision in Alice and related case law creates some unique issues in the patenting of software and algorithm-assisted treatment paradigms. Trade secrets may be used increasingly to protect digital health innovation. Finally, the rapid evolution of technology in the digital space may mean that companies may choose to move forward without formal IP protection at all and instead focus on staying ahead of the technology curve.


As companies develop new digital health offerings, they will need to determine what role the FDA and other regulatory agencies play in approving and monitoring those offerings. To date, the FDA and U.S. Senate has taken a somewhat hands-off approach regarding health apps and software; however, as software is increasingly integrated into devices and research, expect the FDA and other regulatory agencies to closely monitor and review those integrated approaches.


As the value proposition associated with digital health offerings evolve, digital health companies will need to demonstrate that value proposition to various third-party payer programs. Some digital health offerings, such as telemedicine, provide an analogue to existing reimbursement models; in the case of telemedicine, the analogue is a physician visit. Others, such as the use of predictive algorithms or AI to help streamline diagnosis, coordination of care platforms or integrated devices have less clear analogues. Health care providers, business leaders and policy makers will be constantly evaluating which of those offerings are reimbursable and which are not. Those decisions and being able to navigate the third-party payer universe will have a dramatic impact on the evolution of digital health.


Like other digital industries, digital health has the potential to make national and state boundaries somewhat abstract in the delivery of solutions. Physicians in one jurisdiction may rely on experts in another jurisdiction for patients who reside in a third jurisdiction and monitoring and records are outsourced to yet another jurisdiction. For a number of legal and tax-related issues, digital health companies will need to determine when the laws of one jurisdiction apply to its services and ensure that it is following those laws as this digital commerce passes through those jurisdictions.

Practice of Medicine

Similarly, digital health allows the potential for enhanced patient outcomes through the collaboration of providers and experts around the globe. It also can create issues related to laws restricting the practice of medicine to individuals who are licensed in a given jurisdiction. Those laws are changing, but are doing so at different rates and with differing approaches both in the United States and around the globe. Understanding the licensing requirements within each state is critical to avoid civil penalties and in some cases criminal violations for digital health companies and their customers.

Joint Ventures/Collaboration

Expect to see the need for more partnering transactions that stop short of full-blown acquisitions. In the digital health space, there may be more need for joint ventures and collaboration as different companies bring different pieces of the digital health puzzle to bear. For example, increasingly medical device and biotech companies will need to utilize larger datasets that are held by providers to conduct research to advance their therapies.

Structural Considerations

As digital health business models evolve, companies will need to take the right steps to ensure that they are able to monetize the various business models associated with their digital health offerings. For example, patient data may have unique value separate and apart from the app-based generator of that data. A research technique using AI to mine patient data may have separate value from the clinical outcomes of that technique. In order to monetize those business models and also to create efficient tax structures around those business models, companies and their lawyers will need to design effective corporate and contractual structures to ensure that the created value is not lost as a variety of exit scenarios become available.

Digital health business models will continue to develop and will drive value for companies and deliver improved outcomes for patients, all while lowering overall system costs. With advance planning, the challenges identified in this article can be overcome. Those who are able to navigate this landscape effectively will drive innovation while advancing both their mission and their business.


Jump to Page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.