USA Law and Practice Contributed by: Nadia de la Houssaye, Allison Bell, Emily Degan Vorhoff and Keiana Palmer, Jones Walker LLP
• indemnification provisions allocating respon- sibility among technology partners; • carefully drafted scope-of-service descrip- tions that accurately represent capabilities; and • clear disclaimers regarding technology limita- tions and appropriate use cases. Insurance coverage includes: • specialised cyber liability insurance for data breach incidents; • technology errors and omissions insurance for software failures; • professional liability coverage extended to telehealth activities; and • directors and officers (D&O) insurance addressing management decisions. Affirmative defences include: • statutes of limitations restricting the time- frame for claims; • contributory negligence or comparative fault when patient actions contribute to harm; • a learned intermediary doctrine potentially shielding technology vendors when health- care providers intervene; and • pre-emption arguments when federal regula- tions may supersede state requirements. Successful defence strategies typically com- bine multiple approaches, emphasising both technical compliance and process excellence. Organisations often develop comprehensive risk management frameworks that integrate legal compliance, technical safeguards and clinical governance to address the multifaceted nature of digital health risks. The evolving regulatory landscape requires con- tinuous monitoring and adaptation of defence
strategies. As new technologies such as AI and ML become more prevalent in healthcare, defence approaches must address novel liabil- ity scenarios not fully contemplated in existing frameworks. 5. Emerging Legal Issues and Reform 5.1 Emerging Legal Issues in Digital Healthcare Several significant developments are reshaping the digital healthcare regulatory landscape. AI Governance The rapid advancement of AI in healthcare has prompted increased regulatory attention. In March 2024, the HHS issued updated guid- ance on AI-driven tracking technologies such as Google Analytics and Meta Pixel, emphasis- ing HIPAA compliance requirements. State-level initiatives, such as California’s investigation into algorithmic discrimination in healthcare, signal growing scrutiny of AI fairness and transparency. Expanded Data Privacy Frameworks Beyond traditional HIPAA protections, com- prehensive state privacy laws are increasingly addressing health-related information. Wash- ington State’s My Health, My Data Act exem- plifies this trend, establishing consent require- ments and private rights of action for health data collected outside HIPAA’s scope. More than a dozen states have enacted consumer privacy laws, with almost two dozen considering similar legislation. Telehealth Permanence As pandemic-era telehealth waivers transition to permanent policies, new regulatory frameworks are emerging. CMS has made certain Medicare
161 CHAMBERS.COM
Powered by FlippingBook