Health IT, Startups

How should digital health vendors interpret New York’s move to flex its regulatory muscle?

What are lawyers reading into New York Attorney Generals’ move earlier this year to take the initiative in reaching settlements with digital health vendors?

Compliance concept with icons for regulations, law, standards, requirements and audit on a virtual screen with a business person touching a button

Compliance concept with icons for regulations, law, standards, requirements and audit on a virtual screen with a business person touching a button

The move by New York’s attorney general’s office to slap fines on three digital health app developers as part of settlements over allegedly false marketing claims and “irresponsible” privacy practices was a striking development on the regulatory frontier. And it didn’t go unnoticed by the legal community.

A few lawyers shared their perspectives on what to infer from New York’s actions in regulating digital health vendors via email.

The enormous number of health apps vendors have produced and the limited time and resources the Federal Trade Commission and the U.S. Food and Drug Administration have to follow up on dubious claims and practices by some of these companies have spurred the private sector to develop alternatives. Apple has taken a more restrictive approach to vetting apps seeking to be part of its marketplace. Mount Sinai’s App Lab rolled out the distribution platform Rx Universe to make it easier for physicians to prescribe appropriate digital health tools to patients. Xertia, a joint effort by healthcare industry groups to improving the quality, safety, and effectiveness of mobile health applications through a partnership with the American Medical Association, the American Heart Association and the Healthcare Information Management and Systems Society (HIMSS), launched last year.

“The New York Attorney General Office’s moves should be viewed by the digital health industry as a strong signal that those offices will scrutinize digital health or lifestyle app marketing as well as data collection and use practices claims,” noted James DeGraw, a partner in Ropes & Gray’s corporate technology group.

Bradley Merrill Thompson, a partner with Epstein Becker Green said it could set up a regulatory showdown between states and the federal government.

“It would appear that the New York Attorney General is not satisfied with the level of consumer protection being pursued by the federal government… [He] clearly wants to make a name for himself in this domain. This step certainly establishes that office as a force to be reckoned with.”

Still, Thompson cautioned that it’s too early to call it a trend.

“We should not overblow this. One data point does not make a trend. I am not aware of any other states that are imminently going to be pursuing such prosecutions. And indeed, the future depends in part on what the FDA and the FTC decide to do about future prosecutions.”

Some lawyers said they expected other states to step up their oversight of digital health companies, although they pointed out that New York isn’t the first to do this in matters of privacy and health. Barry Boise and Sharon Klein are partners and the co-chairs of Pepper Hamilton’s digital health practice.

“New York’s actions are not unique to that state or its laws. In the area of privacy, almost all states have been active in passing legislations expressing an interest in privacy; taking enforcement, and communicating with Congress their intent to take a role in enforcing privacy laws, and not have Congress override this ability,” Boise and Klein said. “In the area of health, nearly all State AGs similarly have been active bringing enforcement actions, where they believe there is false and misleading activity. For digital health, it brings together both of these interests.”

Although they acknowledged it would be hard to predict which state will begin reaching similar settlements with startups, some seemed to think California would be next.

“There are dozens of states that have expressed interest; however, if [we] had to pick one, it would be California, said Boise and Klein in an email. “There are a breadth of laws to enforce, and the ability of Counties and Municipalities to bring actions in the name of the People of California, so the opportunity to bring enforcement and reach settlements is greater.”

A greater willingness by states to take the initiative in an area where federal regulation by the FTC has more or less prevailed could further muddy the regulatory landscape for digital health companies who may already be vexed by the diversity of state medical privacy laws.

DeGraw noted that New York’s actions indicate that no matter what the enforcement priorities for the Trump administration are, state Attorneys General can and will pursue what they regard as their priorities and may step up their own enforcement efforts. He pointed out that when U.S. Senator Kamala Harris (D-California) was the California Attorney General, she was able to push through changes in general technology data protection practices through her enforcement efforts and industry outreach.

“The New York settlements also have some noteworthy and potentially far-reaching features, including the New York Attorney General Office’s apparent view in its settlements that data anonymization techniques present a real risk of reidentification that should be disclosed. Whether the Office intends to apply that view more broadly remains to be seen.”

Credit: NicoElNinom, Getty Images