This digest covers key virtual and digital health regulatory and public policy developments during January and early February 2025 from the United States, United Kingdom, and European Union.
In this issue, you will find the following:
U.S. News
- FDA Regulatory Updates
- Health Care Fraud and Abuse Updates
- Corporate Transactions Updates
- Provider Reimbursement Updates
- Privacy and AI Updates
- Policy Updates
U.S. Featured Content
On February 6, 2025, the National Science Foundation, on behalf of the Office of Science and Technology Policy, released a Request For Information (RFI) related to the development of the Trump administration's "AI Action Plan." The RFI is broad, seeking input on artificial intelligence (AI)-related priorities from academia; industry groups; private sector organizations; state, local, and tribal governments; and any other interested parties. The RFI encourages respondents to address "any relevant AI policy topic," including, for example, AI application and use, explainability and assurance of AI model outputs, cybersecurity, and data privacy and security throughout the lifecycle of AI system development and deployment. RFI submissions are due by March 15, 2025.
EU and UK News
EU/UK Featured Content
There have been some useful international guidance documents published this month from the International Medical Device Regulators Forum (IMDRF). These include Guiding Principles on Good Machine Learning Practices (GMLP) that build on the principles previously set out by the U.S. Food and Drug Administration (FDA), UK Medicines and Healthcare products Regulatory Agency (MHRA), and Health Canada, and guidance on characterization and risks of medical device software. The continued development of international guidance in this area highlights the importance of coordination between regulatory authorities and standardized guidance for these products. There have also been important developments in ongoing litigation relating to digital technologies, although whether these developments provide clear guidance to manufacturers remains to be seen.
U.S. News
FDA Regulatory Updates
FDA Denies Citizen Petition Asking to Rescind the
2022 Clinical Decision Support (CDS) Software Functions Final
Guidance. On January 17, 2025, FDA replied to two
citizen petitions submitted by the CDS Coalition, the first being a
2016 petition requesting FDA issue guidance on FDA's policies
for CDS software, and the second a 2023 petition in which the CDS
Coalition requested FDA rescind the agency's 2022 final
guidance on CDS software functions. In the 2023 petition, the CDS
Coalition had taken issue with certain aspects of FDA's
interpretation of the 21st Century Cures Act CDS exemption. In
responding to the petitions, FDA found the CDS Coalition's 2016
petition to be moot and denied their 2023 petition requests.
FDA Alerts Patients and Their Caregivers to
Reports of Missed Alerts From Diabetes Devices. On
February 5, 2025, FDA issued an alert to patients who use diabetes
devices and their caregivers regarding reports where users of such
devices did not receive or did not hear alerts from their
smartphones. In the alert, FDA identifies certain configurations,
changes, and updates that could lead to critical alerts not being
received as expected and also recommends steps that patients,
caregivers, and health care providers can take to help prevent
missed alerts.
FDA also explains that the agency is working with manufacturers to
ensure (1) that smartphone alert configurations of their
diabetes-related medical devices are carefully evaluated before use
by patients and (2) that settings in smartphones and mobile medical
apps that may impact safety alerts are continuously tested, and any
updates to recommended configurations are communicated quickly and
clearly to users.
Former FDA Commissioner Expresses Concerns About
FDA's CDS Software Guidance. On February 6, 2025,
the Journal of the American Medical Association Health Forum
published an article by Scott Gottlieb, former Commissioner of FDA.
In the article, Gottlieb expresses concerns that under FDA's
current CDS software guidance, integrating AI functionality into an
electronic medical record (EMR) could result in the EMR being
considered a medical device. Gottleib suggests that FDA return to
the intent of the 21st Century Cures Act and the agency's
policies from 2017 to 2019.
Health Care Fraud and Abuse Updates
Iowa Health Care Practitioners Involved in a Telemedicine Scheme Agreed to Pay $150,000 to Resolve Civil Allegations. On January 16, 2025, in separate enforcement actions in the Southern District of Iowa, two health care practitioners entered into civil settlement agreements to resolve False Claims Act allegations. In both cases, health care practitioners participated in telemedicine schemes where they placed orders based on cold calls to Medicare beneficiaries.
From October 2021 to November 2022, Iowa nurse practitioner Cori Lempiainen placed orders for orthotic braces and other unnecessary durable medical equipment, resulting in over 650 false Medicare claims without any patient contact. Lempiainen agreed to pay $150,000 to resolve the Medicare overbilling claims.
Similarly, from May 2022 to August 2022, Idaho doctor Paul Baumert billed Medicare for office visits and medical discussions that did not occur. During this same time period, Baumert placed orders for orthotic braces and other unnecessary durable medical equipment resulting in 380 false claims billed to Medicare. Baumert agreed to pay $14,325.96 to resolve these allegations.
Corporate Transactions Updates
Not Just a Pandemic Fad: Continued Deal Activity
Suggests Digital Health Sector Still a Cash Cow. As the
COVID-19 pandemic faded, there was speculation that the digital
health industry would similarly wane. Nearly five years after the
onset of the pandemic, digital health is still entrenched in the
health care system and appears to be booming with potentially
lucrative strategic partnerships and acquisitions.
On February 5, 2025, Teladoc Health, a top telemedicine provider by
market share, announced it would acquire at-home testing
startup Catapult Health in an all-cash deal worth $65 million, with
up to $5 million in additional contingent earnout consideration.
Teladoc Health plans to leverage Catapult Health's at-home
health care offerings platform, VirtualCheckup, which allows
patients to collect blood samples, check blood pressure, and obtain
other health screening data from home to enhance telehealth visits.
The acquisition, which will build on Teladoc Health's
93-million-member base, is expected to close by the end of March
2025. This announcement comes less than a month after Teladoc
Health shared its partnership with Amazon Health
Services, which will allow Amazon Health Services customers who are
eligible for Teladoc Health's virtual cardiometabolic programs
to enroll in benefits available through their employer or health
plan at no extra cost via Amazon's health benefits
connector.
On February 6, 2025, DarioHealth Corp. (Nasdaq: DRIO), a digital
health company specializing in chronic condition management, announced its new partnership with a Blue
Cross Blue Shield (BCBS) health plan. The partnership allows
DarioHealth Corp. to integrate its AI-powered coaching and
monitoring tools into BCBS' offerings. DarioHealth Corp. has
framed this partnership as a strategic move to secure a spot in the
cardiometabolic disease care market, which is projected to surpass
$1.2 trillion by 2033.
Provider Reimbursement Updates
Medicare Administrative Contractors Await Telehealth
Guidance. As we covered in our January 2025 Digest, in December 2024,
Congress extended Medicare telehealth flexibilities through March
31, 2025. Because these flexibilities were set to expire at the end
of 2024, they were not included in the Physician Fee Schedule for
2025. Despite the 90-day extension, the Centers for Medicare and
Medicaid Services has yet to release guidance updating payment
codes for the telehealth services extended through March, which has
created an uncertain reimbursement landscape.
Drug Enforcement Administration Proposes Special
Registration Framework for Telehealth Prescribing. In
the final days of the Biden administration, the U.S. Drug
Enforcement Administration (DEA) proposed a special registration
framework to allow the prescription of controlled substances
through telehealth, incorporating several more restrictive
requirements compared to the telehealth flexibilities established
during the COVID-19 Public Health Emergency (PHE).
As we covered in our December 2024 Digest, for the third time, DEA
extended temporary exceptions originally authorized under the
COVID-19 PHE regarding the prescription of controlled substances
via telehealth through December 31, 2025. DEA stated the extension
would provide time for the agency to develop final regulations on
the issue.
DEA proposes three types of special registrations for telemedicine
(Telemedicine Prescribing Registration, Advanced Telemedicine
Prescribing Registration, and Telemedicine Platform Registration),
under which clinician practitioners, certain specialized clinician
practitioners, and telemedicine platforms would need to apply to
prescribe or dispense controlled substances via telehealth without
a prior in-person evaluation. Such special registrations would be
limited to practitioners who demonstrate a "legitimate
need" to prescribe controlled substances through telehealth;
authority to prescribe Schedule II controlled substances would be
reserved for only the "most compelling" use cases.
DEA proposes several restrictions regarding special registration
prescriptions. For example, prior to issuing a telehealth
prescription, special registrants would be required to check
prescription drug monitoring programs (PDMPs) in all 50 states and
any U.S. district or territory that maintains its own PDMP.
Moreover, given the higher potential for abuse and dependence of
Schedule II controlled substances, DEA would require that the
number of special registration prescriptions for Schedule II
controlled substances be less than half of the total number of
Schedule II prescriptions issued by the clinician special
registrant in their telemedicine and non-telemedicine practice in a
calendar month.
It is uncertain whether the Trump administration will finalize
these proposals.
On the same day, DEA also issued a final rule authorizing the telehealth
prescription of a six-month supply of buprenorphine, a Schedule III
narcotic, for use in the treatment of opioid use disorder. No
special registration is required for such prescriptions. The agency
also issued a final rule authorizing U.S. Department of
Veterans Affairs (VA) practitioners to prescribe controlled
substances via telehealth to VA patients without conducting an
in-person medical evaluation, provided that another VA practitioner
has, at any time, previously conducted an in-person medical
evaluation.
Privacy and AI Updates
Trump Administration Requests Input on Development of AI
Action Plan. On February 6, 2025, the National Science
Foundation, on behalf of the White House Office of Science
Technology and Policy, issued an RFI on the development of an
"AI Action Plan." As stated in the RFI, the AI Action
Plan is to be developed pursuant to the executive order issued by President Trump in
January, which directed the Assistant to the President for Science
and Technology, the White House AI and Crypto Czar, and the
National Security Advisor to spearhead the development of an AI
Action Plan to further the U.S. policy of "sustaining and
enhancing America's AI dominance in order to promote human
flourishing, economic competitiveness, and national security."
The RFI seeks input from interested parties, including industry
groups and private sector organizations, regarding priority actions
that should be included in the plan. Responses to the RFI are due
no later than March 15, 2025.
National AI Advisory Committee Issues AI Policy
Recommendations. The National AI Advisory Committee, a
committee established under the National Artificial Intelligence
Initiative Act of 2020, recently released a draft report outlining "near-term
actionable steps" that the Trump administration can take to
"advance shared AI policy goals that further America's
competitiveness and leadership" and to "initiate a
sustained dialogue with the administration's AI
leadership." The draft report recommends solutions for 10
priority AI policy issues, including those relevant to AI in
science and health, and AI governance.
- AI in Health: The draft report recommends that the National Science and Technology Council Select Committee on AI establish a subcommittee on health care focused on the "safe, responsible use of linked, longitudinal clinical and administrative personal health information." Expanding the availability of health data for AI model development, the draft report contends, can help "unleash" a marketplace of AI-powered tools to "detect disease progression, personalize recommendations, uncover rare patterns in health data, and accelerate research."
- AI in Science: The draft report recommends that the Trump administration develop an AI funding strategy for evaluating AI investments by federal agencies such as the National Institutes of Health. The draft report identifies several ways in which to advance national priorities for AI in science, including "[e]xpanding AI expertise across a wider spectrum of scientific inquiry to enrich human capital within industry, government, academic, and nonprofit spheres."
- AI Governance: The draft report advocates developing evaluation practices that provide baselines for AI model security, and increasing funding to support the AI Safety Institute's "capacity to advance robust evaluation of AI and the science of AI safety."
Policy Updates
Senate Confirms RFK Jr. as HHS
Secretary. On January 29 and 30, 2025, the Senate Finance and HELP Committees considered Robert F. Kennedy
Jr.'s nomination as U.S. Department of Health and Human
Services (HHS) Secretary, and Senate Finance subsequently voted in
favor of his nomination in a 14-13 party-line vote on February 4,
2025. RFK Jr. was then confirmed by the Senate on February 13,
2025. As head of HHS, Sec. Kennedy said he would promote the use of
AI and eliminate "unnecessary regulatory barriers" for
innovators. While not committing to support its permanent
extension, Sec. Kennedy spoke favorably about telehealth's
potential for rural and underserved communities.
California Attorney General Issues Legal
Advisories on AI Compliance. On January 13, 2025,
California Attorney General (AG) Rob Bonta issued two legal
advisories providing guidance to businesses that develop, see, and
use AI about their obligations to follow California law. The
California AG specifically notes that "AI systems are already
widespread within healthcare" and that entities must ensure
their AI systems comply with laws protecting consumers. The
advisories provide guidance on the application of several existing
California laws to AI use in health care, including
California's consumer protection and professional licensing
laws, anti-discrimination laws, and patient privacy laws. The
advisories identify various practices involving AI that may be
unlawful in California, including denying health insurance claims
using AI in a manner that overrides doctors' views about
necessary treatment, using generative AI to draft patient notes
that include wrong or misleading information, and determining
patients' treatments using AI systems that make predictions
based on past health care claims data. The AG's advisories
emphasize the importance of being transparent about what patient
data is being used in AI systems and ensuring those systems are
trained and validated to maintain patient safety and minimize
bias.
EU and UK News
Regulatory Updates
International Medical Device Regulators Forum Publishes Guiding Principles on Good Machine Learning Practices in Medical Device Development. Intended to promote GMLP and foster collaboration, the 10 principles highlight the importance of using representative datasets with separate sets for training and testing, as well as ensuring that the model design is suited to the data and the intended use of the device. Other principles include that the intended use of the device should be clearly defined and aligned with the context in which it will be used. This follows an earlier consultation, set out in our July 2024 Digest, and the principles previously published by the MHRA, FDA, and Health Canada.
IMDRF Publishes Guidance on Characterization
Considerations for Medical Device Software and Software-Specific
Risk. The guidance is aimed at ensuring clear and
accurate characterization of medical device software, including
developing the intended use statement. It also sets out a general
strategy for characterizing software-specific risks.
MHRA Publishes Guidance Aimed at Manufacturers of
Digital Mental Health Technologies. The guidance
explains how the intended purpose of a mental health technology can
be defined and communicated, and outlines key considerations to
understand whether the technology is regulated as a medical device.
It also provides guidance on how the appropriate risk
classification is determined for a device, emphasizing that where
mental health is being assessed, it is likely that this would
constitute providing a "direct diagnosis," which would
fall within medical device Class IIa.
International AI Safety Report
Published. The report, mandated by 30 countries and
encompassing 100 independent expert insights, informed discussions
at the AI Action Summit in France, which took place on February 10
and 11, 2025. The report addresses the capabilities of AI,
including the associated risks and how to mitigate such risks. It
identifies areas where further research is needed, such as how AI
models can be designed to behave reliably.
Hamburg Higher Regional Court Agrees That a Modified
Version of an App Designed to Review Skin Conditions Is Not a
Medical Device. In the August 2024 Digest, we reported that the
German court of appeal (OLG Hamburg) handed down a decision that considered the status of a
dermatologic telemedicine app under the Medical Devices Regulation,
and found that the app was a Class IIa medical device. In a recent
decision, the Regional Court has confirmed that a modified version
of the app, which removed some of the functionality, is
significantly different from the original app and therefore can
remain on the market. This continuing litigation has been much
criticized and discussed given some arguments that are inconsistent
with the legislation and guidance. This latest decision is unlikely
to be the last.
Liability Updates
Industry Calls on EU Legislators to Withdraw the AI Liability Directive (AILD) Proposal. The call was made by a coalition of industry associations, including the European Federation of Pharmaceutical Industries and Associations and MedTech Europe, warning that the AILD could create legal uncertainty and regulatory burdens for AI. Originally published by the European Commission in 2022, the AILD proposal has been on hold and is now set to be updated by the EU legislators to align with legislative developments, including the EU AI Act. However, industry argues that the AILD overlaps with existing frameworks (such as the Product Liability Directive, the EU AI Act, and the GDPR), and that the AILD is unnecessary in the current legal landscape.
Privacy and Cybersecurity Updates
Council of the European Union Formally Adopts the
European Health Data Space (EHDS) Regulation. The EHDS
Regulation sets out rules allowing access to electronic health data
across the EU for permitted secondary uses (e.g., research) by any
natural or legal person, provided that the access request is
approved. The regulation also imposes obligations on health data
holders, including medical technology companies, to share specific
categories of health data (e.g., personal health data automatically
generated through medical devices), and to disclose the data they
hold. To facilitate the access and sharing of the health data, HealthData@EU, a
cross-border platform for secondary data use, has been established.
The EHDS Regulation is expected to become law in March 2025, and
will apply gradually, with provisions on secondary use taking
effect as of March 2029.
EU Action Plan to Strengthen Cybersecurity in the
Health Sector Published. Aimed at improving detection,
preparedness, crisis response, and protection from cyber threats in
hospitals and health care providers, the action plan builds on
existing frameworks such as the NIS2 Directive. Some measures
planned for 2025 and 2026 include developing a regulatory mapping
tool, a European known exploited vulnerabilities catalogue for
medical devices, a framework for cybersecurity maturity
assessments, and guidelines on critical cybersecurity practices and
procurement in health care. The plan also includes pilot projects
to develop best practices for cyber hygiene and security risk
assessment, along with an EU-wide early warning subscription
service for near-real-time alerts on emerging cyber threats.
IP Updates
Abbott and Dexcom Settle CGM Patent Disputes.
In December 2024, Abbott and Dexcom announced they had settled their ongoing
global patent disputes regarding continuous glucose monitoring
devices. (See our July 2024, September 2024, and January 2025 Digests for further
context.)
Although the details of the settlement are confidential, the
companies have disclosed that all pending cases will be dismissed
and that they will refrain from litigating patent, trade dress, or
design right disputes with each other for the next 10 years, with
no money changing hands.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
