Our handling of, and emergence from, the COVID-19 pandemic has, in no small part, been due to the many significant advances made by big tech and the life sciences sector.
For example, big tech facilitated contract-tracing and the roll-out of electronic vaccine records, the medical device sector significantly scaled-up production of much-needed ventilators and big pharma developed vaccines and treatments for the longer term.
Unsurprisingly, some of the practices that were still in their infancy before the pandemic are now commonplace: the rise of telemedicine being one such example. However, 2023 looks set to be the year that life sciences companies push even further into the domain of big tech.
In the early days of the industry, medical devices elicited their therapeutic effects via physical means. Yet, as technologies and treatments have become more sophisticated, the definition of ‘medical device’ has, almost universally, evolved to include software which performs a medical purpose.
In some jurisdictions, such as the European Union, it also includes products capable of making a prediction or prognosis. Indeed, even where the device’s therapeutic effect remains physical, the use of software – including advanced artificial intelligence (AI) and machine learning technology – has become critical to the delivery of healthcare in ways that were unthinkable even a decade ago, such as in the burgeoning fields of digital therapeutics and robotic surgery. The traffic has not been all one way, as many of the largest technology companies have recognised the opportunities in healthcare.
We have set out below some of the trends we expect in 2023, as well as potential pitfalls for those operating in the sector.
- The rise of “wearables”: Whether it is on phones or smart watches, many people already track their and their family’s vitals. These tend to be more focused on general wellbeing metrics and “healthcare-lite” applications (such as heart rate, temperature and sleep trackers), and yet increasingly healthcare companies are seeking to harness this technology – whether that is in facilitating remote clinical trials (as previously noted) or potential diagnoses, or even as a vehicle for novel treatments.
For example, wearables are increasingly being used by developers of medicinal products to gather real-world evidence (RWE) on how their interventions perform outside of the tightly controlled clinical trial setting. Indeed, the benefits of using RWE to fill the knowledge gaps left by traditional clinical trial designs are increasingly being appreciated by regulators and health technology assessment bodies worldwide.
There are also clear opportunities for smart devices and wearables to be developed beyond their current use cases and healthcare and medtech companies are likely to be able to leverage their own scientific research and institutional know-how in this area in ways that more traditional technology companies cannot. Given the vast quantities of health data collected by these devices, data privacy laws should also be at front of mind for lawyers, product managers and engineers alike – particularly the need to bake in data protection and security considerations from the earliest design stage through to product roll out and beyond.
- Capacity for (non-specialist) investment: One issue for the life sciences sector has been that some investors (particularly private equity) may not be suited to investing in scientific heavy and/or unproven businesses.
Similar to the expected trend in transactions involving contract research organisations (as noted previously), medtech is one area in which non-specialist investors or partners can contribute (and may even be better placed) to deliver this growth.
- Change in business model: Historically, medical device manufacturers have been a B2B product sales business, with concerns being focused on quality control and risks of defects. However, 2023 presents opportunities for the development of both B2B and B2C services and consideration should be given as to how to tackle this commercially.
For example, healthcare companies may decide to focus their efforts on developing software or apps for use with their own devices or products, or alternatively, in conjunction with existing popular devices (such as smart devices or wearables) developed by (the more agile) big tech. As a result, both B2B and B2C licensing models (and revenue stream structures) should be considered, together with potential cooperation with big tech.
Further, as ongoing services are added to complement devices, medtech companies will need greater teams to manage intellectual property and IT issues. Whereas device manufacturing has historically focused on patent protection, the shift to copyright and database right software protections (and related ownership issues) will be critical.
Whether a B2B and/or B2C model is adopted, initial design, development and licensing is only the beginning – on-going support for continual maintenance, fixes, updates and new versions will also be essential. It remains to be seen whether they will do this in-house, or if it is an opportunity for outsourcers – though in either case, it will be necessary to ensure that the correct contractual protections are in place. It’s worth noting that, if the medtech product qualifies as a medical device, whilst the performance of maintenance and delivery of updates etc. can be outsourced, the regulatory obligation to ensure its safety remains with the manufacturer.
- Ensuring patient safety: As the availability of medtech offerings increase, developers will need to ensure that patient safety is not negatively impacted. Indeed, throughout the Independent Medicines and Medical Devices Safety Review (the Safety Review), which sought to forensically examine the high profile failure of selected medicinal products and medical devices, patient safety considerations were second to none.
The medtech sector will need to address this quickly as it is an issue which has already started to materialise. For example, in recent years, patients in the UK have been able to access, via online pharmacies, inappropriate medicinal products with fatal consequences.
With examples like this in mind, it should come as no surprise that as the popularity of medtech and telehealth increases, growing numbers of regulators are expressing concern around their safety. For example, with the increased prevalence of remote ‘direct-to-consumer’ orthodontic businesses, the General Dental Council issued a statement which emphasised the need for remote consultations to be complementary to, and not a replacement for, in-person assessments. If patient safety issues continue to occur, not only will regulators increase their scrutiny, but it will degrade the public’s confidence in such offerings.
- Greater role for patients: As we have discussed previously, one trend we anticipate to continue is patients expecting a greater role in their treatment, and for that treatment to be more bespoke to them. Indeed, the Safety Review made the case of greater patient involvement in order to tackle the burden of avoidable harm.
Wearables and other technology innovations make this much easier and, in several cases, can be delivered in real time. Similarly, the pandemic has made the public more comfortable with self-diagnosis and testing. In certain jurisdictions, like the UK, innovative private sector solutions (including wearables and related software) may gain significant governmental support and popularity among the public, particularly if these have the capacity to reduce the burden on state health systems and help avoid long appointment waiting times.
- Greater risk of data breaches: The use of big data and advanced analytics is likely to be at the centre of developments in this area. Of course, collecting data from more devices on a large scale increases the security surface area, bringing with it a greater risk of potential breaches.
High-profile security incidents occur regularly with internet-connected products, and databases containing large volumes of health data continues to prove an attractive target for bad actors. In addition to the GDPR, medical device makers have two years to comply with new European laws on cybersecurity – and while a significant fine can dominate the news cycle for a short time, the reputational damage resulting from a large breaches of patient data can be much more damaging to a business than the one-time hit to its balance sheet.
- A business model gap between the USA and Europe: A common issue for any US provider looking to expand into the UK / Europe is the relatively more restrictive personal data regime. We have previously noted the challenges faced by healthcare organisations in navigating European privacy laws. But two recent developments can give some comfort to medtech businesses crossing the Atlantic:
- The UK’s reforms to its data regime envision a more friendly regime for life sciences research and development.
- Guidance from the influential French data protection regulator confirms that service providers (as medtech businesses will be classified for some of their product offerings under the GDPR) may reuse customers’ data for their own purposes, such as product improvement.
This will be particularly important for businesses whose software involves AI and machine learning technology.
We expect medtech launches and transactions to continue to rise in 2023. It is an area that suits both life sciences companies and big tech and private equity, which are both used to scaling technology businesses. Although there are potential risks, these can be navigated and mitigated with careful planning.
Stay Up To Date with Ropes & Gray
Ropes & Gray attorneys provide timely analysis on legal developments, court decisions and changes in legislation and regulations.
Stay in the loop with all things Ropes & Gray, and find out more about our people, culture, initiatives and everything that’s happening.
We regularly notify our clients and contacts of significant legal developments, news, webinars and teleconferences that affect their industries.