USA Law and Practice Contributed by: Nadia de la Houssaye, Allison Bell, Emily Degan Vorhoff and Keiana Palmer, Jones Walker LLP
Enforcement by regulatory authorities includes: • investigations by the HHS OCR following data breaches or privacy complaints; • FDA enforcement actions, including warning letters, product recalls, or marketing prohibi- tions; • FTC scrutiny of deceptive marketing claims or unfair privacy practices; • DOJ and HHS-OIG investigations into tel- ehealth fraud and improper billing; • state attorney general actions enforcing state privacy and consumer protection laws; and • professional licensing board disciplinary actions against providers. Liability risks include: • medical malpractice claims resulting from misdiagnosis or treatment errors in telehealth settings; • product liability claims for defective digital health technologies that cause patient harm; • negligence claims related to cybersecurity breaches exposing sensitive patient informa- tion; • contractual liability for service disruptions or performance failures in digital health plat- forms; • intellectual property disputes regarding pro- prietary algorithms or software components; • class action litigation following data breaches or privacy violations; and • vicarious liability for health systems when affiliated providers use digital technologies. The interconnected nature of digital health tech- nologies often creates complex liability sce- narios involving multiple parties. For example, a telehealth consultation that results in patient harm might implicate the treating physician, the telehealth platform provider, the health sys-
tem, and potentially the developers of any clini- cal decision support software used during the encounter. Additionally, as AI and ML play increasingly prominent roles in clinical decision-making, questions of liability attribution become more complicated. When algorithms influence or drive medical decisions, determining responsi- bility for adverse outcomes presents novel legal challenges not fully addressed in existing liability frameworks. 4.2 Liability Frameworks The legal exposures associated with digital healthcare are addressed through multiple liabil- ity frameworks. Statutory frameworks include the following: • the HITECH Act authorises civil monetary penalties for HIPAA violations, with tiered penalty structures based on violation severity and culpability; • the Federal Food, Drug, and Cosmetic Act provides for civil and criminal penalties for violations of medical device regulations; • state data breach notification laws establish requirements for disclosing security incidents and may create private rights of action; • the False Claims Act imposes significant pen- alties for fraudulent billing practices, including in telehealth services; and • state consumer protection statutes frequently provide remedies for deceptive practices in digital health marketing. Tort liability includes the following: • medical malpractice claims follow state-spe- cific standards of care, increasingly address- ing telemedicine practice;
159 CHAMBERS.COM
Powered by FlippingBook