This digest covers key virtual and digital health regulatory and public policy developments during October and early November 2024 from the United States, United Kingdom, and European Union.
In this issue, you will find the following:
U.S. News
- FDA Regulatory Updates
- Health Care Fraud and Abuse Updates
- Corporate Transactions Updates
- Provider Reimbursement Updates
- Privacy and AI Updates
- Policy Updates
U.S. Featured Content
Women's health and reproductive care transactions have seen an uptick in the corporate world. Maven Clinic secured $125 million in a series F funding round last month, valuing the startup at $1.7 billion. Maven plans to deploy the new funds to further support its fertility benefits administration platform, Maven Managed Benefit. Oura Health Ltd, the maker of the popular smart ring that provides personalized health data on over 20 biometrics including fertility and sleep tracking, announced it will acquire data company Sparta Science, a Silicon Valley-based software company, which will enable customizable solutions to either integrate with a customer's existing system or create customized dashboards and workflows directly.
EU and UK News
EU/UK Featured Content
Regulatory and legislative reform is on the horizon in both the UK and in the EU, which will impact software and artificial intelligence (AI) medical devices. The UK government recently published the new medical devices post-market surveillance rules, which could be in place by summer 2025. Further, the Medicines and Healthcare products Regulatory Agency's (MHRA) priorities until spring 2025 are focused on the draft pre-market rules for devices, the in vitro diagnostics (IVD) roadmap, and guidance on AI development and deployment. In the EU, industry should watch the potential upcoming reform of the Medical Devices and In-Vitro Medical Devices Regulations, with increasingly urgent calls for reform from key stakeholders gaining traction with the institutions.
U.S. News
FDA Regulatory Updates
FDA Publishes Article on AI in the Journal of the American Medical Association (JAMA). On October 15, 2024, JAMA published a Special Communication titled, "FDA Perspective on the Regulation of Artificial Intelligence in Health Care and Biomedicine," which U.S. Food and Drug Administration (FDA) Commissioner Robert Califf, M.D. and other FDA officials authored. The article highlights issues that are relevant to FDA's regulation of AI, including: AI regulation within the broader U.S. government and global context; keeping up with the pace of change in AI; flexible approaches across the spectrum of AI models; the use of AI in medical product development; preparing for the unknowns of large language models and generative AI; the central importance of AI life cycle management; the responsibilities of regulated industries; maintaining robust supply chains; finding the balance between big tech, start-ups, and academia; and the tension between using AI to optimize financial returns versus improving health outcomes. The article also provides examples of current and potential uses of AI in drug development and clinical research, such as: predicting efficacy and adverse events based on compounds' specificity and affinity for a target; aiding in dose optimization in populations with limited data (i.e., pregnant populations); detecting and evaluating adverse event associations from medical literature and social media.
Health Care Fraud and Abuse Updates
North Carolina Physician Assistant Sentenced to
Six Years in Prison for Role in $10 Million Genetic Testing Fraud
Scheme. On October 4, 2024, Colby Edward Joyner was
sentenced to 72 months in prison for his role in a $10 million
genetic testing scheme. Between 2018 and 2019, Joyner, a physician
assistant, signed fraudulent prescriptions for medically
unnecessary genetic testing for over 600 North Carolina Medicare
beneficiaries with whom Joyner either only had brief telephone
conversations or no interactions at all. See further coverage of
the Joyner case in the July 2023 digest.
Senators Question Manufacturers on New Telehealth
Platforms. On October 21, 2024, U.S. Senators Dick
Durbin, Peter Welch, Elizabeth Warren, and Bernie Sanders issued
letters to Pfizer and Eli Lilly, addressing the pharmaceutical
companies' recent implementation of direct-to-consumer
telehealth platforms PfizerForAll and LillyDirect, respectively.
The letters probed the companies on various aspects of their
relationships with telehealth providers.
Various Members of Moscow-Based Criminal
Organization Plead Guilty in $1.7 Billion International
Telemedicine Scheme. On October 22, 2024, Hafizullah
Ebady pleaded guilty to health care fraud conspiracy for his role
in a $1.7 billion international telemedicine scheme to obtain
pharmacies across the country with pre-existing relationships with
private health insurance companies. Under this scheme, Brian
Sutton, the leader of the organization, led co-conspirators to
oversee call centers based in Utah and later operated in Russia and
other foreign nations. Call center employees called beneficiaries
enrolled in private insurer health care plans to offer prescription
medication at little to no cost without concern of whether these
medications were medically necessary. The defendants also allegedly
recruited doctors to review prescriptions by nurse practitioners
and physician's assistants after telemedicine visits. However,
in many instances, there were no telemedicine visits between the
beneficiaries and any medical professionals. Many beneficiaries
never received the medications. Six of Ebady's co-defendants
previously pleaded guilty while Sutton currently remains at
large.
Corporate Transactions Updates
Will Digital Health Shape the Future of Female
Care? While reproductive issues were on the ballot in 10
states in the November 2024 election, a couple of deals and funding
rounds for companies focusing on women's health and
reproductive care were also making headlines.
On October 8, 2024, Maven Clinic, a women-focused digital health
care startup and the largest virtual clinic for women's and
family health, secured $125 million in a series F funding
round, valuing the startup at $1.7 billion. The funding round
brings Maven's total funding to over $425 million and was led
by StepStone Group. It also had participation from other investors
including General Catalyst, Oak HC/FT, Sequoia, and Lux Capital.
Maven plans to deploy the new funds to further support its
fertility benefits administration platform, Maven Managed
Benefit.
On October 31, 2024, Oura Health Ltd, the maker of the popular
smart ring used primarily by women that provides personalized
health data on over 20 biometrics including fertility and sleep
tracking, announced it will acquire data company Sparta Science, a
Silicon Valley-based software company. This marks Oura's third
acquisition in two years, including its acquisition of Veri, a
metabolic health company, in September 2024. Oura's latest
acquisition will enable customizable solutions to either integrate
with a customer's existing systems (such as athlete management
systems, electronic medical records, and research and operational
data platforms) or create customized dashboards and workflows
directly. Earlier this month, the U.S. Defense Health Agency awarded a $96.1 million firm-fixed-price
contract to Oura Health Ltd to allow the U.S. Department of Defense
to better track the health and wellness of personnel and "put
smart rings and services in the hands of service members."
Provider Reimbursement Updates
Physician Fee Schedule Final Rule. On
November 1, 2024, CMS issued the calendar year (CY) 2025 Medicare
Physician Fee Schedule (PFS) final rule. Among other updates, CMS
finalized several proposals regarding Medicare payment for
telehealth services and digital health therapeutics.
Telehealth Services. As we covered in the July 2024 digest, CMS made a number of
proposals regarding Medicare payment for telehealth services,
including extending some flexibilities. CMS finalized the following
proposals:
- Expanding the list of services payable under the PFS when furnished via telehealth to include caregiver training and counseling for pre-exposure prophylaxis to prevent human immunodeficiency virus
- Continuing to suspend the frequency limitations for CY25 for telehealth subsequent care services in inpatient and nursing facility settings, as well as for critical care consultation services
- Revising the regulatory definition for "interactive telecommunications" to allow telehealth services furnished to a beneficiary in their home (where it is a permissible originating site) to occur via two-way, real-time audio-only communication technology, but only if the physician or practitioner is technically capable of using an interactive telecommunications system and the patient is not capable of, or does not consent to, the use of video technology
- Extending the definition of "direct supervision" to include audio-video communications technology through CY25, and permanently for a subset of incident-to services furnished by employed auxiliary personnel for level 1 office or other outpatient evaluation or management visits
Digital Therapeutics. Historically, CMS has faced
challenges in attempting to fit digital therapeutics into the
existing benefit structure under the PFS. In a major advancement in
reimbursement policy for such items, CMS finalized three codes
(G0552, G0553, and G0554) for purposes of paying practitioners for
furnishing digital mental health treatment (DMHT) devices furnished
incident to professional behavioral health services, in association
with ongoing treatment under a plan of care by the billing
practitioner. In order for payment to be available, the billing
practitioner must diagnose the patient with a mental health
condition, prescribe or order the device, and incur the cost of
furnishing the device to the patient. Payment for code G0552
(supply of DMHT device, initial education, and onboarding) will be
based on contractor pricing and valuing of codes G0553 and G0554
(timed monthly treatment management with a HMHT device intended as
a therapeutic intervention) based on direct crosswalk to codes for
remote therapeutic monitoring.
CMS clarified that the new codes apply to devices cleared under
section 510(k) of the FD&C Act or granted de novo authorization
by FDA. In both cases, the device must be classified under 21 CFR
882.5801 for mental or behavioral health treatment, and the device
must be used in accordance with its classification. While CMS
reiterated that the DMHT definition encompasses only part of a
broad spectrum of digital therapeutics, and that broader coverage
under the PFS might require a new statutory Medicare benefit
category, this nevertheless represents a win for industry and new
pathways.
Privacy and AI Updates
AI Standards Coalition Releases Draft Frameworks for
Certification of Health AI Tools. On October 18, 2024, the
Coalition for Health AI (CHAI), a non-profit organization founded
by, among others, the Mayo Clinic, Johns Hopkins Medicine, and
Kaiser Permanente, whose mission is to establish standards for the
responsible use of AI in health care, released advanced draft
frameworks for certification of independent "AI assurance
labs" to test health AI models based on criteria set forth in
so-called "Model Cards." CHAI's goal is that
certified assurance labs will provide a reliable and consistent
source of information on the quality and integrity of health AI
tools by testing AI developers' algorithms against a set of
industry-approved guidelines. Among the requirements for labs to be
certified under the CHAI certification program framework are that
they disclose any conflicts of interest they may have with model
developers, and commit to the protection of the security and
integrity of data and intellectual property.
Although CHAI is a nongovernmental organization, FDA and other U.S.
Department of Health and Human Services (HHS) officials reportedly
participate in CHAI working groups, and the draft Model Cards
incorporate the 31 requirements for transparency under the final
Health IT Certification Program regulations (HTI-1 Rule) promulgated by the HHS Office of
the National Coordinator for Health Information Technology in
December 2023. Under the HTI-1 Rule, health IT developers must
disclose specific information about their clinical decision support
(CDS) algorithms, including (among many other things) the
algorithms' intended use, what populations the algorithms were
trained on, the fairness of the algorithms' outcomes, and what
kind of ongoing changes developers are making to the algorithms to
promote equal outcomes.
As explained by CHAI, the draft CHAI Model Cards
are designed to assist organizations in evaluating AI models during
the procurement process, including vendors of electronic health
records regulated under HTI-1 Rule. CHAI completed an assessment of
all of the HTI-1 requirements and considered recommendations from
clinicians, health system organizational data custodians, and
developers about what additional information should be included in
the Model Cards beyond the existing regulatory requirements. As
currently drafted, the Model Cards would disclose the identity of
the AI tool's developer, the tool's intended uses, target
patient populations, AI model type, data types, key performance
metrics, security and compliance accreditations, maintenance
requirements, known risks and out-of-scope uses, known bias,
ethical considerations, and third-party information (such as
relevant clinical studies).
CHAI anticipates finalizing the AI assurance lab certification
process and the Model Card design by the end of April 2025,
following a process of review and feedback by CHAI members,
partners, and the public.
Policy Updates
Senate Finance Chairman Probes UnitedHealth Group on Cyberattack Response. On October 18, 2024, Chairman Ron Wyden (D-OR) sent a letter to the CEO of UnitedHealth Group asking for additional responses to questions that were not "satisfactorily answered" during the Senate Finance Committee's May 2024 hearing assessing the Change Healthcare cyberattack. Chairman Wyden requests responses to several questions by November 8, 2024, including information related to the company's previous auditing records, techniques used to hack into Change Healthcare's active directory server, and defensive steps that UnitedHealth Group has taken to avoid future cyberattacks.
EU and UK News
Regulatory Updates
New Post-Market Surveillance (PMS) Legislation Could Be Introduced in the UK by Summer 2025. On October 21, 2024, the UK government laid before Parliament the draft statutory instrument setting out proposed new PMS requirements for medical devices in Great Britain. The amendments will bring PMS requirements in Great Britain broadly into alignment with those in the EU Medical Devices Regulation 2017/745 (MDR) and the EU In Vitro Diagnostic Medical Devices Regulation 2017/746 (IVDR). Further, the new PMS requirements will apply to all medical devices placed on the market in Great Britain, including devices CE marked under the EU regimes and made available in Great Britain under transitional arrangements. Read more in our Blog post.
MHRA Sets Out Key Points To Expect From Its
Regulatory Reforms to Medical Devices in 2024 and
2025. In a recent blog post, the MHRA sets out its
priorities for the reform of the rules for medical devices over the
next year. The industry can expect an early draft of the pre-market
legislation by the end of the year, and the full text by spring
2025. In addition, the MHRA expects to publish draft guidance on AI
development and deployment, as well as a revised IVD roadmap by
spring. The MHRA also reminds readers about the transition
timelines that will be included in the regulations that are being
developed, noting that next year will not be a regulatory
"cliff edge."
European Parliament Calls on the European Commission To
Revise the MDR and IVDR. On October 23, 2024, the European
Parliament adopted a resolution on the urgent need to revise the
MDR and IVDR. Given implementation difficulties, delays, and lack
of harmonization across the EU, the Parliament calls on the
European Commission and notified bodies to take various actions to
ensure advances in digital health, AI diagnostics, and personalized
medicine. However, as the Parliament cannot initiate amendments to
the MDR or IVDR itself, we will need to wait for the European
Commission's response before the full impact of this resolution
is known. You can read more in our Blog post.
EFPIA Recommendations on Use of AI in Medicines
Lifecycle. The European Federation of Pharmaceutical
Industries and Associations (EFPIA) published its position on the
use of AI in the medicinal product lifecycle, and proposed six
recommendations: (1) leveraging EU regulations and guidance for AI
in medicines; (2) entrusting the European Medicines Agency (EMA)
with the regulatory oversight of AI in medicine development; (3)
clarifying EMA's risk-based approach to AI within the
regulatory framework; (4) having AI policies that balance
transparency and innovation protection when sharing AI models and
datasets; (5) aligning global regulatory approaches through
collaboration to foster safe innovation; and (6) building trust and
capabilities in AI use through collaboration with industry,
regulators, patients, and stakeholders. These recommendations were
published shortly after the EMA reflection paper on the use of AI,
which you can read about in our Blog post.
A UK National Quantum Facility Has Opened to Further
Research in AI and Health Care. The newly opened National Quantum Computing Centre will house
state-of-the-art quantum computers that will be harnessed to fuel
advancements in areas such as AI, drug discovery, energy, and
climate prediction, and help cement the UK's position as a
global leader in quantum technology.
Reimbursement Updates
UK National Institute for Health and Care
Excellence (NICE) Consults on Recommendations for Four Different AI
Tools for Examination of X-Rays. Missed fractures are
one of the most common errors in the emergency department. The hope
is that using AI, along with the assessment of a health care
professional, will reduce the number of undetected fractures at
initial presentation and promote an equal standard of care across
the country. Clinical evidence suggests that the AI technologies
may improve fracture detection on X-rays in urgent care, compared
with a professional reviewing on their own, without increasing the
risk of incorrect diagnoses. NICE has issued draft guidance for
consultation recommending the use of four AI technologies to help
professionals detect fractures in urgent care settings.
NICE Recommends Remote-Monitoring Technologies
Shown To Reduce Hospitalizations by Half. The new
technologies can detect signs of heart failure by monitoring
individuals' general activity, heart rate variability, and
heart sounds. Data can be sent in real time to hospital staff who
can provide care over the phone and determine if hospitalization is
required.
Privacy Updates
ICO Publishes Report on the Use of Personal Data
in Quantum Technologies. Quantum technology is a broad
term for a range of technologies that deploy principles of quantum
mechanics in computing, sensing, timing, and imaging, among others.
Future uses of quantum technologies within medicine are being
explored by researchers, such as simulating novel chemicals and
complex modelling in the context of drug discovery and personalized
medicine. The Information Commissioner's Office (ICO) report
considers the impact of these technologies on personal data, and
individuals' privacy and information rights. It calls for
responsible innovation and for the early consideration of privacy
and data protection implications.
Data Use and Access Bill Laid Before UK
Parliament. The new bill aims to enhance data access
in order to support economic growth. Among the draft provisions are
proposals to enable the transfer of patient data across the
National Health Service to promote faster and higher quality care.
The ICO has published a response which highlights that the bill
provides positive reform while maintaining high data protection
standards.
*The following individuals contributed to this Newsletter:
Eugenia Pierson is employed as a senior health policy
advisor at Arnold & Porter’s Washington, D.C. office.
Eugenia is not admitted to the practice of law.
Amanda Cassidy is employed as a senior health policy advisor at
Arnold & Porter’s Washington, D.C. office. Amanda is not
admitted to the practice of law.
Sonja Nesbit is employed as a senior policy advisor at Arnold &
Porter’s Washington, D.C. office. Sonja is not admitted to
the practice of law.
Mickayla Stogsdill is employed as a senior policy
specialist at Arnold & Porter’s Washington, D.C. office.
Mickayla is not admitted to the practice of law.
Katie Brown is employed as a policy advisor at Arnold &
Porter’s Washington, D.C. office. Katie is not admitted to
the practice of law.
Mimi Simmons is employed as a trainee lawyer in the firm's
London office. Mimi is not admitted to the practice of law.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.