As health care consumers embrace cloud-connected, mobile, and other cutting-edge technologies, the entire health care industry has been challenged to ensure high-quality, secure, and effective digital health products. At Wiley, our team of cross-disciplinary attorneys offers an uncommon depth and breadth of knowledge of quickly developing laws and regulations across the health care and technology sectors. Our Health Care, Food & Drug, and Privacy and Cybersecurity attorneys have extensive experience navigating clients through complex compliance issues and helping to identify and mitigate risks in deploying new health care tech.

We understand that a critical issue in digital health is the collection, use, and protection of sensitive health data. Innovative new technologies can utilize health data to improve outcomes for consumers, but this brings new privacy and cybersecurity concerns. Our attorneys provide strategic counsel on emerging health technology including:

  • Medical devices
  • Mobile health (mHealth) apps
  • Women's health apps (FemTech)
  • AI and machine learning
  • Internet of Medical Things (IoMT)
  • Cloud computing
  • Privacy and cybersecurity

Our regulatory expertise includes:

  • U.S. Food and Drug Administration (FDA) requirements, including medical device regulations
  • Federal Trade Commission (FTC) regulations and enforcement, including privacy of sensitive health data and data governance issues
  • U.S. Consumer Product Safety Commission (CPSC) requirements
  • Federal Communications Commission (FCC) requirements for devices
  • Federal and state cybersecurity requirements and best practices
  • State laws impacting health data
  • U.S. Department of Health and Human Services (HHS) regulations including the HIPAA Privacy, Security, and Breach Notification Rules
  • ONC Cures Act Final Rule, including provisions on information blocking
  • Centers for Medicare & Medicaid Services (CMS) regulations

We assist a broad range of clients, including:

  • Health IT companies
  • Technology companies
  • Telecommunications providers
  • Biotech companies
  • Network device and medical device manufacturers
  • Trade associations
  • Venture capitalists
  • Start-ups

Our expertise extends from pre-market compliance to post-market challenges to regulatory inquiries and investigations. Our representative experience includes:

  • Counseling health care, pharmaceutical, telecommunications, and technology clients on privacy, cybersecurity, and regulatory compliance for digital health technologies.
  • Advising clients involved with connected medical devices and digital health platforms, such as mobile medical apps, software as a medical device (SaMD), telehealth/telemedicine, and wearable devices.
  • Conducting due diligence, reviewing transactions, and helping clients drive innovations through digital health.
  • Advising clients on compliance with federal privacy regulations and addressing emerging state regulations on the handling of personal information.
  • Providing HIPAA, HITECH, and cybersecurity counseling to national and regional health insurance companies in connection with commercial, federal, and state health care programs – including Medicare, Medicaid, the Federal Employees Health Benefits (FEHB) Program, and the U.S. Department of Defense TRICARE program.
  • Counseling clients in negotiating health care transactions involving complex regulatory and compliance issues.
  • Advising on cybersecurity due diligence in M&A health care transactions.
  • Conducting risk assessments for health care clients for HIPAA compliance when managing Security Incidents and Breaches and developing mitigation plans.
  • Counseling clients on data sharing for purposes such as quality assessment and data management.
  • Counseling localized breaches involving only internal misuses of PHI to breaches perpetrated by external actors and involving thousands of members.
  • Advising clients on the FTC Health Breach Notification Rule requiring vendors of unsecured health information, including mobile health apps, to notify users and the FTC if there has been an unauthorized disclosure of health information.
  • Representing clients in federal and state inquiries and investigations in privacy and cybersecurity matters, including at the FTC.
  • Analyzing and helping clients apply technical and risk management standards, including from the National Institute of Standards and Technology (NIST) and third-party standards bodies. 


Duane C. Pozza
202.719.4533 | dpozza@wiley.law

Dorthula H. Powell-Woodson
202.719.7150 | dpowell-woodson@wiley.law

View all practice area professionals >

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.