Overview

As health care consumers embrace cloud-connected, mobile, and other cutting-edge technologies, the entire health care industry has been challenged to ensure high-quality, secure, and effective digital health products. At Wiley, our team of cross-disciplinary attorneys offers an uncommon depth and breadth of knowledge of quickly developing laws and regulations across the health care and technology sectors. Our Health Care, Food & Drug, and Privacy and Cybersecurity attorneys have extensive experience navigating clients through complex compliance issues and helping to identify and mitigate risks in deploying new health care tech.

We understand that a critical issue in digital health is the collection, use, and protection of sensitive health data. Innovative new technologies can utilize health data to improve outcomes for consumers, but this brings new privacy and cybersecurity concerns. Our attorneys provide strategic counsel on emerging health technology including:

  • Medical devices
  • Mobile health (mHealth) apps
  • Women's health apps (FemTech)
  • AI and machine learning
  • Internet of Medical Things (IoMT)
  • Cloud computing
  • Privacy and cybersecurity

Our regulatory expertise includes:

  • U.S. Food and Drug Administration (FDA) requirements, including medical device regulations
  • Federal Trade Commission (FTC) regulations and enforcement, including privacy of sensitive health data and data governance issues
  • U.S. Consumer Product Safety Commission (CPSC) requirements
  • Federal Communications Commission (FCC) requirements for devices
  • Federal and state cybersecurity requirements and best practices
  • State laws impacting health data
  • U.S. Department of Health and Human Services (HHS) regulations including the HIPAA Privacy, Security, and Breach Notification Rules
  • ONC Cures Act Final Rule, including provisions on information blocking
  • Centers for Medicare & Medicaid Services (CMS) regulations

We assist a broad range of clients, including:

  • Health IT companies
  • Technology companies
  • Telecommunications providers
  • Biotech companies
  • Network device and medical device manufacturers
  • Trade associations
  • Venture capitalists
  • Start-ups

Our expertise extends from pre-market compliance to post-market challenges to regulatory inquiries and investigations. Our representative experience includes:

  • Counseling health care, pharmaceutical, telecommunications, and technology clients on privacy, cybersecurity, and regulatory compliance for digital health technologies.
  • Advising clients involved with connected medical devices and digital health platforms, such as mobile medical apps, software as a medical device (SaMD), telehealth/telemedicine, and wearable devices.
  • Conducting due diligence, reviewing transactions, and helping clients drive innovations through digital health.
  • Advising clients on compliance with federal privacy regulations and addressing emerging state regulations on the handling of personal information.
  • Providing HIPAA, HITECH, and cybersecurity counseling to national and regional health insurance companies in connection with commercial, federal, and state health care programs – including Medicare, Medicaid, the Federal Employees Health Benefits (FEHB) Program, and the U.S. Department of Defense TRICARE program.
  • Counseling clients in negotiating health care transactions involving complex regulatory and compliance issues.
  • Advising on cybersecurity due diligence in M&A health care transactions.
  • Conducting risk assessments for health care clients for HIPAA compliance when managing Security Incidents and Breaches and developing mitigation plans.
  • Counseling clients on data sharing for purposes such as quality assessment and data management.
  • Counseling localized breaches involving only internal misuses of PHI to breaches perpetrated by external actors and involving thousands of members.
  • Advising clients on the FTC Health Breach Notification Rule requiring vendors of unsecured health information, including mobile health apps, to notify users and the FTC if there has been an unauthorized disclosure of health information.
  • Representing clients in federal and state inquiries and investigations in privacy and cybersecurity matters, including at the FTC.
  • Analyzing and helping clients apply technical and risk management standards, including from the National Institute of Standards and Technology (NIST) and third-party standards bodies. 

Contacts

Duane C. Pozza
202.719.4533 | dpozza@wiley.law

Dorthula H. Powell-Woodson
202.719.7150 | dpowell-woodson@wiley.law

View all practice area professionals >

Wiley Rein LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek