Generative AI and Health Care: Key Takeaways

1 minute read | September.20.2024

Generative AI is converging with every sector – and health care is no exception. With it, companies should keep up with the array of laws and regulations – existing and envisioned – that govern its use. Read on for highlights from a conversation Orrick hosted recently with the Women’s General Counsel Network. Speakers included:

Jennee DeVore, General Counsel at Simple HealthKit
Thora Johnson, Partner at Orrick
Jasmine Singh, General Counsel at Binti

Here are five key takeaways from their conversation:

1. The 1,000 mark is coming: The FDA has approved 950 AI/machine-learning enabled medical devices as of August 2024.

Three main types of applications: Generative AI promises to drive research, reduce administrative tasks and advance precision medicine.
This builds on a legacy of researchers and providers using AI for years to do things such as analyze X-rays, MRIs and CT scans.

2. Compliance check: Special considerations apply to AI in health care.

Generative AI leverages large and highly sensitive data sets, making data security critical.
Companies must use health data in compliance with laws and regulations such as the HIPAA Privacy Rule, FTC Act and state laws.
Health care providers who accept federal funds will need to follow nondiscrimination standards to comply with Section 1557 of the Affordable Care Act.

3. Take it from the regulators and legislators: Transparency is key.

The FTC has reminded companies it may be unfair or deceptive to train AI on consumer data without proper disclosure.
Utah requires providers to inform their patients when their care includes generative AI.

4. Proactive planning: Most health care companies are developing risk assessment processes before deploying AI.

5. What’s next? We expect continued fairness, transparency, safety, accountability and human oversight in laws and best practices governing AI in health care.

Authors

Thora Johnson Partner, Life Sciences & HealthTech, Cyber, Privacy & Data Innovation

Washington, D.C.

See my bio

Practice:

Technology & Innovation Sector
Life Sciences & HealthTech
Cyber, Privacy & Data Innovation
Strategic Advisory & Government Enforcement (SAGE)

vCard

See full bio

Thora Johnson Partner

Washington, D.C.

Thora works with medical device, pharmaceutical, biotech and digital health companies, helping them navigate the increasingly complex patchwork of state and federal health privacy laws. One client described her to the Legal 500 as a “very practical” advisor providing “exceptional guidance” on health information privacy and HIPAA compliance matters.

Her breadth and depth of experience enable Thora to assist clients in harnessing the power of artificial intelligence and executing data-sharing arrangements, all while protecting health data. As a result, Thora spends much of her time counseling pioneering startups and high-growth companies on responsible innovation in healthcare and life sciences.

Thora brings extensive experience counseling clients, including Fortune 500 companies and brick and mortar providers, on the Health Insurance Portability and Accountability Act (HIPAA) and other state and federal health privacy and regulatory compliance regimes including:

Office of the National Coordinator for Health Information Technology’s interoperability and information blocking regulations
Centers for Medicare & Medicaid Service’s (CMS’s) interoperability and patient access regulations
Part 2 confidentiality requirements applicable to substance abuse records
State health information privacy laws
State consumer privacy laws with special controls for health data
Medicare/Medicaid compliance
Mental Health Parity and Addiction Equity Act (MHPAEA)
Genetic Information Nondiscrimination Act (GINA)
Affordable Care Act (ACA) compliance
Regulatory requirements of the Employer Retirement Income Security Act (ERISA), the Internal Revenue Code, HIPAA, and the ACA as they apply to employer health and wellness plans

Thora routinely helps companies and large employers prepare for and respond to privacy and security incidents involving health information. She also defends clients in government investigations initiated by the OCR, OIG, DOJ, FTC and State AGs, among others.

Amy M. Joseph Partner, FDA & Healthcare Regulatory, Life Sciences & HealthTech

Boston

See my bio

D:+1 617 880 2230
E: [email protected]

Practice:

FDA & Healthcare Regulatory
Life Sciences & HealthTech
Strategic Advisory & Government Enforcement (SAGE)
Technology Companies Group
Technology & Innovation

vCard

See full bio

Amy M. Joseph Partner

Boston

Amy works with digital health companies, health systems and other public and private companies—from new entrants to seasoned organizations—to address regulatory compliance and transactional needs. She also advises investors and collaborates with clients to understand their business goals and tailor practical solutions to help them achieve those objectives. Amy is well-versed in the corporate governance, data privacy, and security and scope-of-practice considerations facing the healthcare industry as it incorporates artificial intelligence (AI) and machine-learning (ML) solutions into clinical workflows. Her practice includes structuring and scaling national telehealth practices across a range of clinical disciplines, including complex collaborative arrangements involving labs, medical device manufacturers, remote patient monitoring solutions and pharmacies.

Amy spends much of her time working with clients on vetting and developing strategic affiliations, joint venture transactions and other novel business arrangements, including developing value-based enterprises and otherwise identifying means to achieve further alignment among stakeholders. She advises on reimbursement issues with respect to federal healthcare programs, private payors and self-pay business models. She also helps develop compliance programs and advises on related protocols and best practices.

In particular, Amy advises on physician self-referral, anti-kickback and other fraud and abuse law matters as well as on patient privacy matters, including HIPAA, 42 CFR Part 2 and corresponding state-level compliance. Amy also assists with internal investigations and assessing and responding to the results, including developing corrective action recommendations and self-disclosures.

A sought-after speaker and prolific writer on some of the most complex and critical issues in healthcare law, Amy shares her insights in publications and presentations across the country. She co-authored chapters in numerous publications, including the telemedicine chapter of the American Bar Association’s Physician Law: Evolving Trends & Hot Topics and a chapter addressing telehealth in the MCLE Massachusetts Health and Hospital Law Manual.

Chambers USA notes that Amy has “deep expertise in matters that impact healthcare providers and healthcare transactions,” “is a terrific resource on a range of regulatory issues” and “an expert in the Stark Law.”

Amy graduated first in her class at UCLA Law and was elected to the Order of the Coif. Prior to law school, Amy served in the U.S. Air Force.

Georgia C. Ravitz Partner, FDA & Healthcare Regulatory, Life Sciences & HealthTech

Washington, D.C.

See my bio

D:+1 202 339 8651
E: [email protected]

Practice:

FDA & Healthcare Regulatory
Life Sciences & HealthTech
Strategic Advisory & Government Enforcement (SAGE)
Technology Companies Group
Technology & Innovation

vCard

See full bio

Georgia C. Ravitz Partner

Washington, D.C.

Georgia also has extensive experience in assisting clients with product recalls, crisis management and government enforcement. Her practice in this sector includes assisting manufacturers, distributors, retailers and importers on all types of FDA regulated products including pharmaceuticals, medical devices and software, wearables, health and wellness products, cosmetics, cell and plant based foods, conventional foods, ag tech, compounded drugs, and dietary supplements.

Georgia’s deep experience and ability to provide practical guidance in FDA and FDA-adjacent regulatory matters allows her to work closely with innovative companies looking to minimize regulatory burdens and maximize U.S. marketing opportunities in the life science and health tech industry verticals. She also conducts regulatory due diligence for private equity and public company transactions involving life science, medtech and innovative companies.

Georgia is a frequent speaker at conferences and events who contributes regularly to leading trade and consumer media outlets.