USA Law and Practice Contributed by: Nadia de la Houssaye, Allison Bell, Emily Degan Vorhoff and Keiana Palmer, Jones Walker LLP
• product liability frameworks apply to digi- tal health technologies through theories of design defect, manufacturing defect or failure to warn; and • negligence claims may address breaches of the duty of care in safeguarding health infor- mation. Contractual liability includes the following: • business associate agreements under HIPAA establish contractual obligations for handling protected health information; • service-level agreements (SLAs) between healthcare providers and technology vendors define performance expectations and rem- edies; and • end user licence agreements and terms of service establish rights and responsibilities for consumers using digital health applications. Formal redress mechanisms include: • an OCR complaint process for HIPAA viola- tions; • an FDA adverse event reporting system for medical device issues; • FTC complaint procedures for deceptive practices; • state medical board complaint processes for provider misconduct; and • alternative dispute resolution provisions in many digital health contracts. The applicability of these frameworks varies based on the specific digital health applica- tion, the parties involved and the nature of the harm. Certain digital health innovations operate in regulatory gray areas where existing liabil- ity frameworks must be adapted or extended to address novel circumstances. This creates uncertainty for providers and patients regarding
rights, responsibilities and available remedies when issues arise. 4.3 Defences Several mechanisms exist to mitigate or defend against liability exposures in digital healthcare. Regulatory compliance defences include: • demonstrating adherence to FDA quality system regulations and software development best practices; • maintaining comprehensive HIPAA compli- ance programmes with regular risk assess- ments; • following state-specific telemedicine practice standards and documentation requirements; and • implementing appropriate informed consent processes that disclose technology limita- tions. Risk-management strategies include: • robust cybersecurity frameworks with encryp- tion, access controls and incident response plans; • clear documentation of clinical decision- making, particularly when algorithmic tools are utilised; • comprehensive testing and validation of soft- ware before deployment; • regular audits and assessments of digital health systems and processes; and • thorough documentation of provider creden- tials and licensing across jurisdictions. Contractual protections include: • limitation-of-liability clauses in vendor agree- ments and user terms of service;
160 CHAMBERS.COM
Powered by FlippingBook