Key Contract Considerations and Trends: Buying, Selling, and Integrating with Digital Health Solutions

March 11, 2024

These are exciting times for the advancement of healthcare, whether you’re a hospital, health system, or healthcare technology company or a consumer that benefits from the proliferation of products and services provided. In particular, the rapid growth we’re witnessing in the development of increasingly sophisticated and connected digital devices, platforms, and applications is creating more opportunities for their availability and adoption among interested parties, including through innovative new licensing and contracting opportunities.

When seeking to explore and leverage these technologies through contracts and licensing, however, organizations must be mindful of several key considerations, from procurement, integration, and emerging regulatory challenges to important intellectual property (IP) questions and the evolving impact of technology such as artificial intelligence (AI).

The Contracting Environment

When assessing a contracting or licensing opportunity, initial considerations should include an understanding and appreciation of the players, including their market position, and the myriad transaction structures available. The digital health market is a transformative marketplace, consistently attracting new players in a convergence of industries, products, and services.

Culturally these players differ, with tech companies and startups more open to moving quickly, while more traditional health companies are used to operating at a more careful pace in a regulatory environment where they need to be able to predict an outcome. Additionally, research-driven organizations differ in that some are heavily profit-driven while others may be more research- or outcome-focused.

The types of agreements available vary, from joint venture and license agreements to data sharing and grant agreements.

Regulatory Considerations

When contracting in the digital health space, it is important to be mindful of certain US Food and Drug Administration (FDA) regulatory considerations. These include determining if any of the digital health solutions being contracted are regulated by the FDA, which has long-regulated digital health technologies and solutions that fall within its medical device authority. A digital health product may be subject to FDA regulation if it meets the FDA’s definition of a medical device or a component of or accessory to a medical device.

Other notable considerations include how the contracting parties allocate responsibility or control for the regulatory strategy decided upon and how costs for regulatory obligations will be allocated among contracting or licensing entities.

IP Questions

When contracting for the development or operation of a digital health solution, while the parties must have a thorough understanding of the IP ownership and license rates just as they would in any development project, it is particularly critical with these types of platforms.

Important questions include what the IP rights and owner responsibilities will be going forward, who’s bringing what to the table, and who will have rights to use the platform going forward. Additional questions include whether the platform is leveraging off-the-shelf or existing software or is going to be built specifically for one customer. Another question to take into account is whether there is one party that will be more involved and responsible for the development effort or it will be a joint effort.

AI and Privacy Concerns

Developing AI requires access to vast amounts of health information that contribute to the technology understanding the vocabulary and grammar of medicine and the structure and meaning of electronic health record and claim data.

There are two methods of de-identifying protected health information: the safe harbor method and the expert determination method. The safe harbor method involves removing 18 specific identifiers. With the expert determination method, an expert is retained to render an opinion that the risk of identifying individuals is very small. If the data has been de-identified, it will not be subject to HIPAA restrictions, including the minimum necessary standard and prohibitions on the sale of protected health information (PHI).

However, de-identification won’t necessarily solve all the regulatory and practical issues because once data has been properly de-identified it may not be entirely useful for AI training. For unstructured healthcare data it may be difficult to ensure that all 18 identifiers have been redacted. Some covered entities will develop their own AI tools, but most will likely rely on vendors that are upgrading their existing products and services for AI or introducing new AI tools and that could include services related to financial reporting, compliance checks, and fraud prevention.

In a covered entity/business associate relationship, the covered entity is ultimately responsible for how PHI is used and disclosed by its business associates, at least to the extent that they have actual knowledge of what the business associate is up to. Essentially, AI raises a lot of new privacy issues and necessitates a new layer of due diligence by covered entities of their business associates that are utilizing AI.

If you are a vendor, it is important to know if you or any of your subcontractors use AI tools with respect to services proposed to be provided to the company. If you use AI tools you should be able to determine factors such as how you oversee, monitor, and evaluate the tools’ performance, if they perform algorithmic decision-making, and how you prevent them from illegally discriminating, among other key questions.

Data and Digital Health Contracting

When it comes to the data at issue in contracting and licensing agreements, a careful analysis must be applied to ensure not only its protection but also proper management and optimal utilization for your respective purposes. At a minimum, that analysis should ask (1) what data each party is sharing, (2) how the data will be collected or generated, (3) how the data will be transferred; (4) and how the data will or won’t be utilized. It’s also valuable to consider how the data will impact the model and who will have access to it.

In terms of warranties, they will align with the risks, priorities, and concerns for how you plan to use the data at issue. It will be necessary to know that the other party has the right to give you the data, that you have the right to use it, that the data is accurate, and that in using the data you are complying with the law. It is crucial to remember that even if the data is imparted for free, it may not be free of risk.

Contract Suspension and Termination

Suspension rights are important for a vendor or provider in various instances, including nonpayment, security issues, disruptive or unauthorized use of services, or violation of law or third-party rights through use of the services.

When considering suspension, a vendor or provider should be able to identify its trigger; at whose discretion the suspension is occurring; if and how much notice may need to be provided of the suspension; its scope; when access or services will be restored; and, when applicable, if the customer has the right to request that the vendor suspend its services.

It is advised that vendors/providers determine in advance what type of termination assistance services may be needed upon termination or expiration of the contract. Relevant considerations should include everything from data retrieval to surviving rights to ongoing patient care.


If you have any questions or would like more information on the issues discussed in this Insight, please contact any of the following:

Michele L. Buenafe (Washington, DC)
W. Reece Hirsch (San Francisco)
Vito Petretti (Houston / New York)
A. Benjamin Klaber (Pittsburgh)