k schneider welch slides

AHLA

Fundamentals of Health Law ● November 13-15, 2016

K. What the Tech!: Technology’s Relevance in Today’s Health Care Ryann Marie Schneider Parallon Business Performance Group Franklin, TN Sidney S. Welch Polsinelli PC Atlanta, GA

1

What the Tech!Technology’s Relevance in Today’s Healthcare

What the Tech!Technology’s Relevance in Today’s Healthcare

American Health Lawyers AssociationFundamentals of Health Law

November 13‐15, 2016Chicago, Illinois

Ryann M. Schneider, Esq.Counsel, Parallon Business Performance Group

Sidney S. Welch, J.D., M.P.H.Chair, Health Care Innovation, Polsinelli PC

Relevance of Healthcare Technology

National Healthcare Expenditure for 2015 was expected to hit $3.207 trillion in 2015

U.S. Population for same time period was 320M, yielding an average healthcare spend of $10,000 per person.

Triple Aim, Donald Berwick , 2008*– Better Care for Individuals– Better Care for Populations– Reduce Per‐Capita Costs

Disruptive innovation– A disruptive innovation is an innovation that creates a new market and value

network and eventually disrupts an existing market and value network, displacing established market leaders and alliances. Christensen, Hwang, and Grossman, “The Innovator’s Prescription: A Disruptive Solution for Health Care”

*http://content.healthaffairs.org/content/27/3/759.abstract

1

2

Reflected in Marketplace

2016 is on track to be the biggest year for digital health funding– At close of Q3, $6.5B in deals recorded– Two record breaking deals at over $500M

The top‐funded subsector focuses on patient/consumer experience

Caregiver market opportunity expected to reach $72B in 2020 alone, more technologies expected to cater to this demographic

2

EPS for Digital Health Public Companies

3

3

Front and Center: Clinical Technologies

Technology is increasingly integrated in clinical operations– TeleHealth and mobile clinical applications

• Specialty Consult (Stroke)• Chronic Care Management

– Medical devices, implantables, robotics– Electronic Health Records, e‐prescription– Personal healthcare applications and wearables

4

Behind the Curtain: Foundational Technology

5

These are the fundamental technologies supporting provider operations – Off‐site computing and storage – the “cloud”– Connectivity and the Internet‐of‐Things– Interoperability– Infrastructure – Security

Behind the scenes but form the backbone of healthcare operations

4

The Role of the Lawyer:Fundamental Legal Considerations

Applicable statutes and regulatory considerations

Intellectual Property

Technology Contracting

6

The Hodgepodge of Regulatory Agencies

7

OIGCMS

AGOSHA

FCCStateLicensing

IRS

DOJ/OIG

HHS

FTC/DOJ

OCR

FTC

FDA

5

Statutory/Regulatory Checklist

Federal Stark Law Federal Anti‐Kickback Statute Federal Reimbursement Laws Payments to Physicians in Sunshine Act IRS Intermediate Sanctions Federal Antitrust laws Federal Controlled Substance Act Ryan Haight Online Pharmacy Consumer

Protection Act HIPAA/HITECH Federal Credentialing Requirements Federal Food and Drug Act Federal Trade Commission Laws Federal Communication Commission Laws Federal Children’s Online Privacy Protection

Laws

State Medical Practice Act State Informed Consent Law State Licensure Laws State Prescribing Laws State Records Retention Laws State Children’s Online Privacy

Protection Laws State Self‐Referral Statutes State Anti‐Kickback Laws State Reimbursement Laws State Health Privacy Laws State Corporate Practice of Medicine State Fee Splitting State Certificate of Need

8

Agenda: Crash Course in Some Innovative Technologies & Associated Legal Issues

Telemedicine Electronic Health Records Mobile Health (“mHealth”) Big Data/Data Analytics Social Media Technology Contracting Intellectual Property

9

6

Healthcare Tech: No Longer Science Fiction

10

Telemedicine

11

7

What is Telemedicine?

“The practice of medicine using electronic communications, information technology, or other means between a licensee in one location and a patient in another location with or without an intervening healthcare provider.” Federation of State Medical Boards.

“The use of medical information exchanged from one site to another via electronic communications to improve a patient’s clinical health status. Telemedicine includes a growing variety of applications and services using two‐way video, email, smart phones, wireless tools, and other forms of telecommunications technology.” American Telemedicine Association.

Telehealth & telemedicine often used interchangeably.

Applicable laws/regulations define what constitutes “telemedicine” & what technologies captured.

12

Telemedicine: 2 Types

Asynchronous, Store & Forward Communications

– Services that transmit medical data, x‐rays, images, lab results to a distant site practitioner for later assessment

Synchronous, Real‐Time Communications

– Provision of medical services through use of simultaneous, two‐way communications between a patient/ provider & distant site provider.

– Interactive telecommunications devices (a/v equipment, e‐stethoscopes, remote monitoring devices)

13

8

Examples of Telemedicine

Teleradiology Telestroke Telepscyh Telederm Active heart monitoring BP monitoring Diabetes/glucose monitoring Prescription compliance Sleep apnea diagnosis/treatment

14

How is Telemedicine Being Used?

Source: The Advisory Board Company

15

9

Telehealth Projections

16

Barriers (Legal Issues) to Telemedicine

Public and Private Reimbursement Conflicting State Laws/Regulations Credentialing HIT Interoperability Fraud & Abuse Laws/Regulations (State & Federal) Malpractice Liability Risks/Inconsistent Insurance Coverage

17

10

Barriers to Telemedicine: Reimbursement

Medicare Reimbursement:

– Medicare Conditions of Payment for Telehealth Services (42 C.F.R. § 410.78):

1. Qualifying distant site practitioner (licensed MD, PA, APRN, CNS)

2. Distant site practitioner authorized by state scope of licensure laws/regulations to perform services offered via telehealth

3. Patient located at a qualifying originating site:

• Health Professional Shortage Area (“HPSA”) outside of a Metropolitan Statistical Area (MSA)

• HPSA in rural census tract (defined by Office of Rural Health Policy)

• County not in an MSA

4. Medical Exam controlled by the distant site practitioner

5. CMS authorized reimbursement for those services

18


– CMS’s 2016 Physician Fee Schedule (PFS) Final Rule (FR) added the following to the list of services that can be furnished under the Medicare telehealth benefit:

• ESRD‐related services

• Advanced care planning

• Telehealth consultations for a patient who requires clinical care services

– CMS’s 2015 PFS FR added:• Psychoanalysis

• Family Psychotherapy

• Prolonged evaluation and management services

– CMS’s Next Generation ACO Model requires provider participants to offer telehealth services. Stakeholders view this development as acknowledgement of telehealth’s value.

19

11


Medicaid Reimbursement:

– Differs from state to state (detailed conditions of payment to no coverage)

– Medicaid Agencies authorized to provide reimbursement for telemedicine services that “satisfy federal requirements of efficiency, economy, and quality of care.” Outside this criteria, state’s discretion to determine:

• If will reimburse for telemedicine services at all

• Which services will be reimbursed

• Conditions of payment (criteria)

• Authorized locations within the state where telemedicine services may be provided

– 48 state Medicaid programs offer some type of coverage

– 32 states + D.C. require private insurance plans to cover telemedicine services

20

Barriers to Telemedicine: Conflicting State Laws

States have implemented a variety of telemedicine laws, which range from very restrictive to very flexible in defining a valid telemedicine encounter.

Additionally, states have differing laws, policies, regulations that may impact the legality of a telemedicine encounter:

– Licensure– Prescribing– Formation of physician‐patient relationship– Documentation (recordkeeping & medical necessity)– Requisite Consent (care of minors & end of life care)– Standards of Care and Scope of Practice– Insurance Laws/Regulations

Intrastate telemedicine encounters complicated by variations

21

12

State Telemedicine Law Developments

22

Source: American Telemedicine Association 2015 Source: American Telemedicine Association 2016

State Telemedicine Law Composite Grade Score, 2015 State Telemedicine Law Composite Grade Score Change, 2014‐2015

Barriers to Telemedicine: Licensure

State licensure laws often require physicians who are providing medical care

to patients within a state to obtain a full license to practice medicine.

– Laws do not contemplate provision of medical care from another state.

Licensure process varies and is dictated by each state’s Medical Practice Act.

– Obtaining eachmedical license may take up to 2 months (from initial application to grant

of license) & state licensing fees ($200 to $1,000).

– Applicants must submit info that may impact their ability to practice (i.e., health status,

malpractice actions/settlements, & criminal convictions)

Proposed Solution: FSMB Interstate Medical Licensure Compact

– Participating state medical boards would retain licensing/disciplinary authority but agree

to share info & processes essential to licensing & regulating physicians who practice

across state borders.

23

13

Regulatory Checklist

State Telemedicine Laws

State Licensure Laws

Federal and State Laws related to prescribing

Federal (e.g., HIPAA/HITECH) and State Medical Record Retention Requirements

Federal and State Privacy and Security Laws

Federal Trade Commission Laws

Federal (Medicare), State, or Accreditation Agency (e.g., The Joint Commission) Credentialing Requirements

Federal Food and Drug Administration Requirements and Guidance (if mobile app constitutes a “device”)

Federal Communications Commission Laws

Federal and State Children’s Online Privacy Protection Laws (if services are provided to minors)

Federal and State Fraud and Abuse Laws (Stark, AKS, FCA etc.)

Federal Medicare Telehealth Reimbursement Laws

State Medicaid Telehealth/Telemedicine Reimbursement Laws

24

Electronic Health Records

25

14

EHR Acronymns

Electronic Medical Records (EMRs) are digital records of the paper charts in clinician offices, clinics, and hospitals.

Electronic Health Records (EHRs) are built to go beyond standard clinical data collected in a provider’s office and contain information from all the clinicians involved in a patient’s care.

Personal Health Records (PHRs) contain some of the same types of information as EHRs but are designed to be set up, accessed, andmanaged by patients.

26

Electronic Health Records (“EHR”) Systems

HITECH Act of 2009 directed the Office of the National Coordinator for Health Information Technology (“ONC”) to promote the adoption & meaningful use of EHRs

Adoption Rates: – Jan. 2015, 83% of office‐based physicians adopted an EHR– April 2015, 96.9% of non‐Federal acute care hospitals adopted a

certified EHR Satisfaction Rates:

– 67% of providers do not like the functionality of their EHR – 40% of hospital executives are indifferent or dissatisfied with their

current EHR systems

27

15

EHR Systems: Unique Legal Issues

EHR Billing and Coding Errors

– EHRs can generate billing & coding errors that can result in reverse false claims act liability for providers participating in a federal healthcare program.

– Section 6402(a) of ACA (42 U.S.C. § 1320a‐7k(d)) expanded the basis for false claims act liability to when a provider knowingly fails to (1) report & return an overpayment to the government within 60 days after the date it was ‘identified’ or a corresponding cost report is due (if applicable) and (2) notify the government in writing of the reason for the overpayment.

– “Overpayments”: “any funds that a person receives or retains under [Medicare] or [Medicaid] to which the person, after appropriate reconciliation is not entitled.” 42 U.S.C. § 1320a‐7k(d)(4)(B).

– Reverse False Claims Act liability due to:

• Software glitches causing improper coding/upcoding

• Failure to sign/certify medical record

• Improper documentation of medical necessity

28

EHR Systems: Unique Legal Issues

Malpractice – Increased risk of malpractice claims during EHR implementation:

• Overlook critical data in mass of info in EHR• Incorrectly input data relied on by consulting physicians

– Physician liable if relied on CDSS to drive decision‐making? – What records constitute the “legal medical record” that must produce?

Recordkeeping – What records must be preserved following EHR transition (How? What form?)

HIPAA/HITECH

– Providers are responsible for protecting the confidentiality, integrity, and security of ePHI stored in EHR in accordance with HIPAA, the HITECH Act, and non‐conflicting state privacy laws and regulations.

– EHRs generate increased risk of inadvertent disclosures– In selecting vendor must:

• Ensure EHR capable of achieving HIPAA compliance• Negotiate liability for breaches & managing the breach disclosure process (operationally &

financially)

29

16

mHealth

30

Mobile Health Applications (mHealth)

mHealth:– “[T]he use of mobile & wireless devices to improve health outcomes,

healthcare services, and health research.”

– “[T]he delivery of healthcare services via mobile communication devices.”

31

17

Prevalence of mHealth

58.23% of surveyed mobile phone users have downloaded at least 1 mobile health app. JMIR 2015 Study.

The majority (612/934, 65.5%) of respondents opened their health apps at least once per day, and 44.4% (415/934) used their apps for 1‐10 minutes. JMIR 2015 Study.

Purposes:– Track food intake, physical activities, sleep, weight– Communicate with provider/health system

• Review own medical records• Make appointments• Two‐way communication with provider

– Medical monitoring (track symptoms for diagnostics)• Echocardiograms (ECG) • Blood pressure monitoring

32

Drivers to mHealth Utilization

Population Health Management (transition from fee‐for‐service

to quality‐based reimbursement)

Declining Reimbursement Rates (avoid quality‐associated

reimbursement penalties)

Personalized Medicine

Opportunity (ubiquity of mobile devices)

Enhance Existing Research (cross‐analyze lifestyle data with other collected data)

33

18

mHealth: Legal Issues

HIPAA compliance FDA compliance (Is it a regulated device?) FCC compliance FTC/COPPA compliance Malpractice:

– Formation of physician‐patient relationship– Recordkeeping (What is health record?)– Insurance coverage

34

mHealth: HIPAA Compliance

HIPAA compliance– Cannot rely on device manufacturer to achieve HIPAA compliance

• But must verify technology capable of HIPAA compliance

– Data transmissions between mobile devices & provider locations invite greater opportunity for HIPAA breaches

• HITECH Act defines “breach” at 42 U.S.C. 17921(1) as “the unauthorized acquisition, access, use or disclosure of protected health information which comprises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information.”

35

19

mHealth: FDA Compliance

FDA Regulatory Compliance– FDA applies its regulatory oversight discriminately to regulate

mobile apps based on their intended functionality and relative risk to the public, not based on the technology or software platform

– FDA believes “[m]any mobile apps are not medical devices (meaning such mobile apps do not meet the definition of a device under section 201(h) of the Federal Food, Drug, and Cosmetic Act (“FD&C Act”)” to authorize the FDA’s regulation of them; while, some mobile applications may meet the definition of a ‘medical device’ but pose an insufficient risk of public harm to merit enforcing the FD&C Act over these.

36

Does the FDA Regulate the App?

Mobile App. vs. Mobile Medical App.

A “mobile application” or “mobile app” is defined as a software application that can be executed (run) on a mobile platform (i.e., a handheld commercial off‐the‐shelf computing platform, with or without wireless connectivity), or a web‐based software application that is tailored to a mobile platform but is executed on a server.

“Mobile medical application” is a mobile app that meets the definition of device in Section 201(h) of the FD&C Act and either is intended:

1. To be used as an accessory to a regulated medical device; or2. To transform a mobile platform into a regulated medical device.

37

20


Mobile Apps that FDA regulates: – Apps that transform the mobile platform

into a regulated medical device by using attachments, display screens, sensors or include functionalities similar to currently regulated medical devices

– Apps that perform patient‐specific analysis and provide patient‐specific diagnosis

– Apps that are extensions of medical devices (control the device or used in active patient monitoring or analyzing medical device data)

Mobile Apps that FDA does NOT intend to regulate:

– Apps intended to provide access to medical textbooks, reference materials

– Apps intended for providers to use as educational tools (initial medical training or reinforce past training)

– Apps intended for general patient education & facilitate access to commonly used reference materials (filters info based on patient characteristics) to increase patient awareness, education, empowerment

– Apps that automate general office functions (reminders, appointment‐making)

38


The Grey Zone (FDA will exercise its discretion to regulate the following): – Apps that provide or facilitate supplemental clinical care (by coaching or prompting patients to manage their health in daily environment)

– Apps that provide simple tools to organize & track health info

– Apps that provide easy access to info on patient’s health condition or treatments

– Apps marketed to help patients document, show, or communicate potential medical conditions to providers

39

21

mHealth: FCC Regulatory Compliance

FCC regulates mHealth technologies (mobile apps, mobile medical apps, etc.) as communication devices, rather than medical devices

FCC allocated spectrum exclusively for use by mobile body area networks (MBANs) & other wireless remote monitoring technologies (mobile medical apps). The spectrum forms a personal wireless network in which data from body sensors can be aggregated into central device & transmitted in real time at rates much faster & more reliable than typical transmission.

Reduces risk of data being compromised

40

mHealth: FTC Regulatory Compliance

The Federal Trade Commission (“FTC”) is directed, under Section 5 of the FTC Act, 15 U.S.C. §45, to prevent “unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce.”

regulates truth in advertising & data privacy for mobile medical apps

– FTC v. Lasarow – FTC charged Avrom Lasarow & his company (L Health) with false advertising of its Mole Detective Apps. FTC said company “deceptively claimed the apps accurately analyzed melanoma risk and could assess such risk in early stages”. Case settled.

FTC Health Breach Notification Rule (16 C.F.R. Part 318) (applies to non‐HIPAA governed entities)

– If a business is a vendor of PHR or a PHR‐related entity and experiences an unauthorized acquisition of PHR‐identifiable health information that is unsecured and in a personal health record, then it must, within specified time periods, provide notice of the breach that includes specified information to each affected person who is a citizen or resident of the United States, the FTC, and in some cases the media.

41

22

mHealth: COPPA Compliance

Children’s Online Privacy Protection Act of 1998 (“COPPA”) requires FTC to enforce regulations concerning children’s online privacy

Applies to:

– Operators of commercial websites & online services (mobile apps) directed to children under 13 that collect, use, disclose personal info about children

– Operators of general audience websites or online services who have actual knowledge that they are collecting, using, or disclosing personal info collected from children under 13

– Websites, online services that have actual knowledge that they are collecting personal information from users of another website or online service that was directed to children under 13.

Certain requirements must be met under 16 C.F.R. Part 312

42

Data: The Game‐Changer

Data is the new king in town, but requires complex technology considerations – Electronic Data Warehousing– Data Standardization– Access and Interoperability– Strategic Analytics and Reporting– Security and Integrity

Critical to success in new payment and delivery models

43

23

What Is “Big Data”?

“By definition, big data in healthcare refers to electronic health datasets so large and complex that they are difficult (or impossible) to manage with traditional software and/or hardware; nor can they be easily managed with traditional or common data management tools and methods. Big data is overwhelming not only because of its volume but also because of the diversity of data types and the speed at which it must be managed. The totality of data related to patient healthcare and well‐being make up “big data” in the healthcare industry.”

‐ Raghupathi, Big Data Analytics in Healthcare: Promise and Potential.

44

Big Data Analytics

At its simplest: data‐driven decision‐making

Generally: Process of examining collected data to uncover hidden patterns, correlations, & other useful information to predict outcomes, steer strategic decision‐making, & improve core business processes.

Healthcare: Process of applying complex analytical techniques to the ‘big data’ already collected by healthcare providers to draw actionable & meaningful insights into how their patient care & associated processes can be improved to generate better care outcomes, cost savings & new profit opportunities. – Healthcare analytics, unlike most industries, processes “big data.”

– Experts define “big data” as a collection of datasets so vast and complex that they are difficult, if not impossible, to manage through traditional hardware/software and can only be analyzed by highly complex analytical systems and statistical techniques.

45

24

What is Big Data?

“Reports say data from the U.S. healthcare system alone reached, in 2011, 150 exabytes. At this rate of growth, big data for U.S. healthcare will soon reach the zettabyte (1021 gigabytes) scale, and not long after, the yottabyte (1024 gigabytes).” Id.

Putting it in Perspective: 150 exabytes– 1 Exabyte =

• 1,000,000 Gigabytes (1 Gigabyte = 1 pickup truck filled with paper)

• 1,000 Terabytes (1 Terabyte = 1 Library, 10 floors high, filled wall to wall with books)

– 5 Exabytes = All words ever spoken by a human being

Estimate: Each patient to add 4 megabytes in text data, 76 megabytes in imaging data to EMR per year

• 1 megabyte = 1 novel

Data Storage Costs: 34‐89 cents per gigabyte

46

Why Data and Data Analytics?

Exponential Growth of Datasets & Associated Costs

New Availability of Data– Rapid digitization of masses of patient data (EHRs, mHealth, insurance claims)

– Regulatory mandates to collect & report data

Changing Reimbursement Models (principal driver)– HHS’s announced goal to shift 50% of Medicare’s payments from fee‐for‐service to

bundled‐payment arrangements & to tie 90% to quality or value measures by 2018

– Quality associated reimbursement penalties

Recover Sunk Costs/Tech Expenditures (ICD‐10, PQRS, MU)

ACOs/Population Health Planning

Successes in Other Industries

47

25

Big Data Analytics: Prevalence

48

Active Analytics Users:

• 16% of hospitals with 201-500 beds

• 19% of hospitals with 501-1000 beds

• 1 in 5 hospitals already reaping rewards of a big data analytics program.

• Majority of other hospitals taking actions to make big data analytics possible.

Uses For Big Data Analytics

Hospitals & health systems can monetize their already‐collected data to offset the costs of data collection, maintenance, & storage: 1. ANALYZE data to discover opportunities for internal process improvements

2. SELL de‐identified data to others to generate new revenue streams

3. Harness data to DEVELOP new products & innovations for resale to others

49

26

Big Data Analytics: Legal Issues

Obtaining/breaching others’ proprietary rights to data HIPAA & state privacy law compliance (de‐identification of

data) Accuracy of data imported into Clinical Decision Support

Systems (“CDSS”) & care protocols CDSS & care protocols intruding on physician’s medical

decision‐making– Who should face malpractice liability if CDSS or protocol

inaccurate or is based on false data?)

50

Social Media

51

27

Social Media

Generally refers to internet‐based tools that allow individuals and communities to gather and communicate; to share information, ideas, personal messages, images, and other content; and, in some cases, to collaborate with other users in real time.

Includes: – Content production sites (blogs, Tumblr, Twitter)– Social networking sites (Facebook, Google+)– Professional networking sites (LinkedIn)– Knowledge/information aggregators (Wikipedia)

Utilization Rate: 72% of adults use some social media

52

Social Media Types

• Social networking (Facebook, Google Plus, Twitter)• Professional networking (LinkedIn)• Media sharing (YouTube, SnapChat, Flickr)• Content production (Twitter, blogs and microblogs )• Knowledge/information aggregation (Wikipedia, Pinterest)

• Virtual reality and gaming environments (Second Life)

53

28

Salomon McCowan & Co.54

Social Media

Only 16% of physicians list social media as a professional influence. 2012 survey by PricewaterhouseCoopers (PDF; registration required)

found that approximately 1/3 of individuals polled use social media sites like Twitter and Facebook to obtain health information and track and share symptoms.– Of the respondents, more than 80% aged 18 to 24 years said they share

health information via social media. – 45% of respondents aged 45‐64 felt the same way.– The disconnect between patient and physician engagement in social media

has been noted, and some start‐ups aim to bridge that gap. ‐ See more at: http://medicalmonitorusa.com/social‐media‐and‐the‐jetsons/#sthash.jEP9NWay.dpuf

55

29

Social Media Changes Everything

Social media changes all the traditional rules of engagement with the media, the public, your target audiences, your employees, health professionals and your patients.

56

Interacting Via Social Media

1. Social Media is 24/72. Instantaneous & may be viral.3. A commentator may be anonymous and/or

inaccessible to you 4. Physicians & healthcare professionals are bound by

ethical standards and confidentiality‐ others are not.5. Once social media information is created; it may live

forever.

57

30

58

Social Media: Legal Issues

Improper disclosure of PHI by providers/employees (HIPAA/HITECH Act)

Libel (written defamation) of employer, coworker, colleagues, others.

Post unprofessional content that can reflect unfavorably on a Practice or Health System

59

31

Practical Tips for Practicing Lawyers

Patience you must have my young Padawan

60

Practical Tips

Email vs. Call

Document vs. Don’t Document

Private vs. Personal Emails/Devices

Integrating Mobile Apps

Personal & Professional Uses of Social Media

61

32

CONTRACTING WITH TECHNOLOGY VENDORS

62

Customer and Vendor Perspectives Generally

Technology vendors typically have a huge subject matter advantage when contracting with healthcare customers

Healthcare customers typically have a much higher sensitivity to safety, outcome commitments and security than other technology customers

Technology vendors are more acutely aware of the customer partnership required in sophisticated projects

Healthcare customers can have unrealistic expectations of their own resources, time and decision making required in a project

63

33

Fundamental Tensions in Tech Contracts

A few areas of tension between Provider and Vendor objectives create many of the negotiated areas in technology agreements

VENDOR PROVIDER

Revenue Recognition Financial Remedies for Performance Failures

Marketing Puffing but Contract Flexibility

Guarantees for Timing and Functionality

Controlled Use and Scaled Pricing Fixed Payment with Flexibility

My Template! No, My Template!

64

Technology Contracting Takes a Village

You don’t have to be a “techie” to successfully support your business in technology contracts, but you do need the support and involvement of business and technical specialists familiar with the deal– Plain language is the best approach to these contracts– Capturing accurate detail of the expected implementation

is the win‐win

Your team for a significant technology contract couldinclude:– Business and Technical Operations Leads– Security Specialist– Executive Lead– Regulatory Counsel and Compliance Officer– Outside Technology or IP Counsel

Start by asking questions – and then ask more questions!

65

34

Defining Implementation and Acceptance

Resource Commitments of Each Party Hardware, Environment and Connectivity Specs Data Conversion Requirements Development and Deliverables Mutually Agreeable Success Criteria Acceptance Testing Roles and Timeline Payment Milestones and Timelines

Contract Team Discussion Questions:What is this technology expected to do? Is this an established technology? Has an implementation plan been developed? How long should testing reasonably take? What is the appropriate payment amount prior to testing and acceptance?

66

Ongoing Performance and Support

Performance in Accordance with Documentation Legal and Regulatory Compliance Service Level Commitments

– Availability, Load Time, Response Time, Issue Resolution– Credits – Sole Remedy?– Reporting and Permissible Exceptions– Practicality

Support & Maintenance– Hours and Authorized Personnel– Classification of Support Issues by Criticality – Entitlement to Updates, Enhancements and Releases– Exclusions from Support and Additional Cost

Third Party Elements / Interoperability with non‐Vendor Systems

Contract Team Discussion Questions:What regulatory and compliance matters are raised in this use case? What is the worst thing that happens if this technology fails? What times are most critical for performance? What documentation would be most helpful in defining performance and functionality requirements?

67

35

License Scope & Authorized Users

Enterprise Licensing – Perpetual One‐Time Payment versus Periodic True‐Up– Acquisitions creating growth– Divestitures creating transition needs

Authorized Users or Site License– Calculation Metric & Right to Repurpose– Employees, Subcontractors, Third Parties

Permissible Uses– Uses on Behalf of Third Parties– Training, Testing, Redundancy

Contract Team Discussion Questions:Who needs to use this technology and its output? On whose behalf will the technology and output be used? What uses are needed other than live production use? How would the parties handle scope change?

68

License Restrictions & Compliance Reviews

License Restrictions– Vendor Intellectual Property Protections– Service Bureau / External Use Cases– Geographic Limitation– Competitors

Audit or Certification– Vendor, Provider or Third Party Performance of Review– On‐Site and Timing Requirements– Technical Monitoring Permissibility– Cost of Audit and Remedy for Non‐compliance

Contract Team Discussion Questions:How are the parties comfortable reviewing license compliance? Who will pay the cost of the review? How will the parties resolve any identified non‐compliance?

69

36

Security and Data Use

Culture of Security– Training, Educational and Remediation Programs– Notice and Cooperation Procedures for Security Incidents – Independent Reviews

Technical Security Commitments– Encryption & Audit Logs– Vulnerability Patching & Anti‐Virus– Disaster Recovery, Contingency & Backup Protocols– Remote Access and Connectivity Standards

Data Use– Performance of Services– Derivative Uses– Commercialization

Contract Team Discussion Questions:Where are the offering and relevant data located? What access does the Vendor need to Provider data and networks? Is this an established healthcare vendor and a proven technology? Has a security assessment been completed?

70

$$$ Fees $$$

Capital versus Operating Expense– License + Annual Support Services– Service Subscription Model

Time & Materials versus Milestones– Development and Consulting– Non‐Standard Support– Implementation and Training

Fee Increases– Schedule and Notice – Rate of Permissible Increase

Refund versus Withholding Pass‐Through Costs

Contract Team Discussion Questions:What does the financial model for this transaction look like? Are costs associated with this offering variable or fixed? How long is the relationship expected to last?

71

37

Risk Allocation: Part 1

Representations and Warranties– Title and Non‐Infringement– Performance of Products and Services– Compliance with Law and Regulation– Security and Open Source– Disclaimers and Exclusions

Indemnification– Infringement and General Indemnities– Defend, Indemnify and Hold Harmless– Indemnified Parties– Scope of Claims – Governmental Actions– Mitigation Rights

Contract Team Discussion Questions:What Vendor representations is the Provider relying on to avoid extraordinary damage? Which third party claims are likely in connection with this technology? What party is most appropriate to respond to those third party claims?

72

Risk Allocation: Part 2

Limitations of Liability– Exclusions from Liability – Read & Understand Every Exclusion– Durational Limitations on Claims– Liability Caps – Rolling versus Flat Calculation

Carve‐Outs from Limits– Indemnity– Confidentiality & Security– Violation of Law / Regulation / Warranty– Gross Negligence, Willful Misconduct & Fraud– Breach of Intellectual Property Rights

Insurance– Maturity and Size of the Party– Named Insured

Contract Team Discussion Questions:How much of the practical risk associated with this technology is in each party’s control? What is each party’s bargaining leverage in this negotiation? What breaches would cause the most damage? Can the other party actually absorb their potential liability?

73

38

Term & Dispute Resolution

Term, Termination & Renewal– License & Services Terms– Initial Term and Renewal Term Lengths– Termination Rights for Convenience and Cause – Transition Assistance and Return of Data– Assignment, Bankruptcy, Sunset– Source Code Escrow

Dispute Resolution– Suspension Rights / Continued Availability – Preliminary Efforts to Resolve & Escalation Procedures– To Arbitrate or Not to Arbitrate– Governing Law & Venue– Costs, Attorneys Fees

Contract Team Discussion Questions:How long would it take for the Provider to orderly transition from this technology? Will effective transition require data extracts or other Vendor transition assistance? Would absence of this technology and a replacement create a catastrophic situation? How do the Parties believe disputes would be most effectively addressed?

74

INTELLECTUAL PROPERTY CONSIDERATIONS

75

39

Development of New Intellectual Property

The structure of the deal will largely depend on the respective contributions of the parties– Discounts, Strategic Investments, Exclusivity or Royalties

• Customer incubation or alpha proof of concepts of nascent Vendor IP• Sophisticated customer shaping of established technologies through

customizations or suggestions/feedback

– Customer ownership• Vendor provides development resources and expertise to complete development

under Customer direction

– Joint Venture, Profit Sharing or Agreed Commercialization Strategy• Co‐development or mutual contribution of existing IP

Data is an Intellectual Property Asset

76

Where can you get the most value?

When presented with IP ownership, most parties knee‐jerk respond with an “own everything” response – but whether you really need or want to own the IP will differ greatly under each set of circumstances.– Be realistic about whether your organization is able to effectively manage IP

assets – is the value of the IP worth the cost of developing that expertise in house? If not, would the immediate benefit of a discount or royalty‐free license serve your organization better?

– Be sensitive to what your request for IP ownership means to the other party. Could a license back meet your needs?

• Asking to own all derivatives created from Customer data could create great tension in a healthcare customer deal

• Could demanding customer ownership of all suggestions and feedback threaten a vendor’s business?

77

40

Take Aways

• 21st Century Healthcare Technology is dynamic

• The public holds healthcare professionals and organizations to a higher standardthan other businesses

• Remember the basics, regardless ofthe medium

78

Questions?

79

May the Force be With You! Live Long and Prosper! Goodbye Folks!

k schneider welch slides

Documents