Webinar Series on AI, Machine Learning and Data in Health Care Part 7

AI and IoT: Apps, Bots and Body Area Networks William A. Tanenbaum Iliana Peters

Overview

• Role of Law Department • Devices and Apps • Structuring Relevant Agreements for Device Use• Body Area Networks • Handling Data Generated by Body Area Networks• Data Privacy and Security• Combing Body Area Networks and the Internet of Medical Things• Edge Computing• 5G Wireless Networks

2

Wearable Device Hypothetical

• Device worn during and after stay in treatment facility with accompanying app

• Technology company receives data from device• Provides data and AI evaluations through Internet platform and app • Agreements

• Technology company with its data providers• Technology company and app development company • With device manufacturer – technology company or facility? • Between technology company and treatment facility • Between technology company and patients

3

Structuring the Agreements

• Key step is to obtain and verify a data flow chart• Identify points where regulatory analysis is appropriate • Clearly define platform services and complimentary professional

services and tie to payment terms• Determine scope of facility’s service rights and data rights• Which party is responsible for device

4

Structuring the Agreements

• Technology company needs separate agreements with facility and with patients

• Which party obtains which consents? • The scope of each party’s rights to commercialize or

use the data• Scope of the device manufacturer’s rights in data

5

Body Area Networks – Overview

• Turns sensors or devices on the skin or in the body into a data source or a connected network of devices into wireless networks

• Transmit data to other network, a personal base station (at home) or to remote network (telemedicine)

• Can orchestrate delivery of medicine and feedback loop back to network

• Eliminates external wires• Can make easier to move patients within hospital

6

Body Area Networks

• Examples• Implantables (pacemakers)• Ingestibles (digital pills) • Smart bandages • Wearables (from rings to sensors) • Used in conjunction with smart hospital beds

• Use of data • As a network • As source of data for Machine Learning • As early warning system

7

Body Area Networks and the FCC

• MBAN = Medical Body Area Network• FCC adopted rules enabling MBAN by allocating a protected

spectrum in 2360-2400 MHz specifically for wireless medical devices• MBAN use spectrum under “license by rule” basis eliminates

individual transmitter licenses• Are some limitations to protect aeronautical telemetry, etc. • Also, Bluetooth

8

Digital Health vs. Digital Medicine

• Relationship between Digital Health and Digital Medicine• Where do Body Area Networks fit in Digital Health? • Where do Body Area Networks fit in Digital Medicine?

9

Body Area Networks and Data

• Body Area Networks as source of data• One device at a time • One patient at a time• Multiple patients as combined into a network

• At the device level • At the Body Area Network

10

Data Privacy and Security Issues: IoT

Internet of Things“An incredible variety and volume of Internet of Things (IoT) devices are being produced. Manufacturers can help their customers by improving how securable the IoT devices they make are, meaning the devices provide functionality that their customers need to secure them within their systems and environments. Manufacturers can also help their customers by providing them with the cybersecurity-related information they need.Draft (2nd) NISTIR 8259, Recommendations for IoT Device Manufacturers: Foundational Activities and Core Device Cybersecurity Capability Baseline, describes activities related to cybersecurity that manufacturers should consider performing before their IoT devices are sold to customers. It builds upon NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. This second public draft of NISTIR 8259 contains the same main concepts as the initial public draft, but their presentation has been revised to clarify the concepts and address other comments from the public. NIST encourages reviewers of the initial public draft to read this full draft. A public comment period for this draft document is open through February 7, 2020. See the publication details for a copy of the document and instructions for submitting comments.”

11

Data Privacy and Security Regulations

• HIPAA Privacy Rule• HIPAA Security Rule• HIPAA Breach Notification Rule• State Requirements• International Requirements

12

Individual Rights

• Individual Rights• Including Consents and Authorizations

• Consent for Treatment• Consent for Research• HIPAA Authorization

13

Data Privacy and Security Vendor Issues

• Business Associates and Vendor Agreements• Service Level Agreement• Business Associate Agreement• Data Use Agreement

14

Combining Body Area Networksand the Internet of Medical Things

• Relevant aspects of the Internet of Medical of Things• Body Area Networks as source of data

15

Body Area Networks and Data Fabrics

• What are Data Fabrics? • Technology for providing connectivity between data dispersed in

different locations, IT services in different environments and software running in different systems in different locations

• Orchestrates the use of data and software • Provides a unified stream of data on which to perform the Machine

Learning and data analytics• What problem does it solve? • Role of Body Area Networks

16

Body Area Networksand Edge Computing• The limitations of Cloud computing • Edge Computing solves the Cloud latency problem by putting the

computing itself close to the network (at its “edge”)• Edge Computing provides real-time data.

17

Body Area Networks and 5G Wireless Networks • Compared to existing 4G wireless networks, 5G (for “fifth generation”)

provides greater speed, lower latency, and more bandwidth. • 5G enables higher-capacity mobile computing• 5G can improve remote medicine including transmission of data from Body

Area Networks • 5G can improve the delivery of health care at disaster sites and in

ambulances in combination with Body Area Networks• 5G also improves haptics, thus adding touch to sight in remote medicine

18

Need to Evaluate Existing Agreements

• Are your agreements out of date?• What do you need to put in new agreements?• Types of Agreements

• Infrastructure Services (e.g., networking, data center, hosting, etc..)• Data Use and Data Sharing Agreements• IoMT (Internet of Medical Things) Agreements• Artificial Intelligence as a Service (AIaaS)

• Perform “gap analysis” between what current agreements should provide and what existing agreements do provide

19

New Security Risks

• Any Internet of Things increase security risks because of hacking risks

• Body Area Networks and patient behaviors• Multiple vendors • Creation of new pathways for cyberattacks

20

Analysis of Existing Agreements

• What data?• What regulatory requirements: state, federal, international?• What do agreements currently require?• What should they require?

21

Conclusion and Take-Aways

• Evaluate existing agreements• Importance of validation steps in contracts for new technologies• Privacy and regulatory compliance

22

Questions & Answers

William A. Tanenbaum, New York Office

Practice Co-Chair, Health Care Technology & Innovation GroupEmail: wtanenbaum@polsinelli.comLinkedIn: https://www.linkedin.com/in/williamtanenbaum/

Iliana Peters Shareholder, Technology Transactions & Data Privacy GroupEmail: ipeters@polsinelli.comLinkedIn: https://www.linkedin.com/in/iliana-leonor-peters-441363157/

23

William A. Tanenbaum Practice Co-Chair, Health Care Technology & Innovation

Bill Tanenbaum is a “well-known and highly respected practitioner” who “has expertise in technology transactions that puts him at the very top tier of the market” and who is a “go-to expert” on “the management and protection of data across a variety of sectors.” (Who’s Who Legal 2018/2019)

William A. Tanenbaum is an IP, technology, data and cybersecurity lawyer and the Practice Co-Chair of the Health Care Technology & Innovation Group in the New York office of the AmLaw 100 firm Polsinelli PC (US News & World Report’s 2018 Health Care Firm of the Year). Bill is highly ranked by Chambers, Who’s Who Legal, and Best Lawyers in IT & Outsourcing in the U.S. and internationally. He was named as “Lawyer of the Year” in IT in New York by US News & World Report; as one of six U.S. lawyers in Best Data Lawyers, Who’s Who Legal: Data 2018; as one of the Top 30 IT lawyers in the country by Who’s Who Legal; and as one as one of the World’s 300 Leading IP Strategists. He is the only health care lawyer to be named to the top ranks of Chamber’s IT & Outsourcing lawyers.

Those legal ranking researchers find that he “is a font of knowledge on creating new IT structures,” “has strong litigation experience” that he has “formidable expertise in cybersecurity and data licensing and is considered one of the leading names in the domesticmarket;” that he is at the stage in his career where no issue is unfamiliar or too complex or intimidating to take on;” and that he “brings extremely high integrity, a deep intellect, fearlessness and a practical, real-world mindset to every problem.”

Bill is a graduate of Brown University (Phi Beta Kappa), Cornell Law School and the Bob Bondurant School of High-Performance Driving

24

Iliana L. Peters, J.D., LL.M., CISSP

• Iliana L. Peters believes good data privacy and security is fundamental to ensuring patients’ trust in the health care system, and to helping health care clients succeed in an ever-changing landscape of threats to data security. She is recognized by the health care industry as a preeminent thinker and speaker on data privacy and security, particularly with regard to HIPAA, the HITECH Act, the 21st Century Cures Act, the Genetic Information Nondiscrimination Act (GINA), the Privacy Act, and emerging cyber threats to health data.

• For over a decade, she both developed health information privacy and security policy, including on emerging technologies and cyber threats, for the Department of Health and Human Services, and enforced HIPAA regulations through spearheading multi-million dollar settlement agreements and civil money penalties pursuant to HIPAA. Iliana also focused on training individuals in both the private and public sector, including compliance investigators, auditors, and State Attorneys General, on HIPAA regulations and policy, and on good data privacy and security practices.

• As a CISSP, Iliana works hard to bridge the gap between legal requirements for the security of health data and security industry best practices, so that clients can better understand data security issues and jargon. She is excited to bring her extensive experience drafting, implementing, and enforcing health privacy and security regulations and guidance to a practice that focuses on helping clients develop and implement good data privacy and security practices to avoid risk, and helping clients prepare for and recover from emerging cyber threats.

25

Polsinelli PC, Polsinelli LLP in California | polsinelli.com

Polsinelli PC provides this material for informational purposes only. The material provided herein is general and is not intended to be legal advice. Nothing herein should be relied upon orused without consulting a lawyer to consider your specific circumstances, possible changes to applicable laws, rules and regulations and other legal issues. Receipt of this material doesnot establish an attorney-client relationship.

Polsinelli is very proud of the results we obtain for our clients, but you should know that past results do not guarantee future results; that every case is different and must be judged on itsown merits; and that the choice of a lawyer is an important decision and should not be based solely upon advertisements.© 2020 Polsinelli. All Rights Reserved. Polsinelli® is a registered trademark of Polsinelli PC. In California, Polsinelli LLP.