USA Law and Practice Contributed by: Nadia de la Houssaye, Allison Bell, Emily Degan Vorhoff and Keiana Palmer, Jones Walker LLP
Telehealth State licensing requirements traditionally limited cross-border practice, but the Interstate Medi- cal Licensure Compact (adopted by a majority of US states) has streamlined multi-state licens- ing. Medicare telehealth coverage expanded dramatically during COVID-19, with some pro- visions being made permanent while others remain temporary through September 2025. State telehealth parity laws often mandate insur- ance coverage for virtual visits comparable to in-person services. These specialised frameworks continue to evolve as technologies advance and new chal- lenges emerge in digital healthcare implementa- tion. 2.6 Sufficiency of Legislative Framework The current legal and regulatory framework for digital healthcare in the United States presents a mixed picture, with significant gaps, despite substantial coverage in certain areas. Areas of Relative Regulatory Sufficiency These include: • health information privacy through HIPAA/ HITECH (though limited to covered entities); • traditional medical device regulation through established FDA processes; • telehealth practice standards through state medical board regulations; and • reimbursement mechanisms for established telehealth services. Identified Regulatory Gaps These include: • protection of health data collected by non- HIPAA-covered entities (eg, consumer health apps, wearables);
(FTC) rules regarding advertising claims and state-level consumer protection and privacy laws. The My Health, My Data Act in Washing- ton State exemplifies new protections for health- related data collected by non-HIPAA-covered entities. Cybersecurity and Data Protection HIPAA and the HITECH Act establish federal standards for protecting health information, requiring covered entities to implement admin- istrative, physical and technical safeguards. The Consolidated Appropriations Act of 2023 added Section 524B to the FFDCA, requiring medical device manufacturers to include cyber- security information in pre-market submissions. The HIPAA Breach Notification Rule mandates reporting procedures for data breaches affecting protected health information. AI and ML Regulatory oversight is evolving rapidly, with the FDA developing frameworks for managing adaptive ML algorithms based on quality sys- tems, pre-market assessment, monitoring and transparency principles. In March 2024, the HHS Office for Civil Rights (OCR) issued guidance on AI-driven tracking technologies, requiring com- pliance with HIPAA for use of protected health information. Environmental, Social and Governance (ESG) Although the current administration is pressuring regulators and businesses to turn away from or minimise ESG efforts, digital health companies continue to face expectations regarding sustain- ability, equity and ethical governance. While not specifically regulated under healthcare laws, these considerations affect investment deci- sions, partnerships and reputational standing.
154 CHAMBERS.COM
Powered by FlippingBook