Manatt Digital - September 2016

Manatt, Phelps & Phillips, LLP

[co-author: Jordan Pritchett]
In This Issue:
  • Digital Health Continues to Grow
  • What's Up With WhatsApp? Implications for Healthcare Organizations
  • The FTC and Patient Privacy: Challenges of the Digital Age
  • AI in Digital Health

Digital Health Continues to Grow

By Eunice Shin, Managing Director, Manatt Digital

Investment into the digital health market topped $4.5 billion in 2015, and we are seeing an acceleration of investment in 2016. According to StartUp Health, investment into the digital health market for the first half of 2016 reached $3.9 billion. Early-stage innovation made up more than 65% of deals, with the majority of investment capital it going into Series A rounds. As of July, patient and consumer products, which include wearables, are leading with over $960 million invested in this sector, followed by wellness at $854 million, personalized health at $524 million, big data/analytics at $406 million and workflow at $328 million. Digital health research and population health are at the bottom of the start-up health company's list, with $65 million and $55 million, respectively.

It's no surprise that we are seeing digital health M&A activity coming from tech giants such as Google, Apple and IBM. Pharma corporations and health insurance companies are also investing; and so are major brands such as Under Armour and ASICS. Much like any other industry innovating toward digital transformation, the new global ecosystem in digital health is being built out by strategic relationships involving a broad cross-section of technology companies and digital start-ups, along with pharma, health insurance, and consumer brands. Without a doubt, the big business play is data. The big win for consumers is convenience and access, and improvements in healthcare and wellness.

Manatt Digital is excited to provide services within Digital Health. We work with clients throughout the ecosystem, bringing to market new and exciting advances in digital health. Manatt's strategic thinking spans across health, data and privacy, brands/advertising and launching and accelerating start-ups, as well as M&A. We hope this edition of our newsletter provides some interesting insights related to the current digital health market. We look forward to discussing your opportunities in digital health and to introduce you to our team of digital health advisors.

What's Up With WhatsApp? Implications for Healthcare Organizations

By Jill DeGraff Thorpe, Partner, Manatt Health

Editor's Note: The article below looks at what the soaring popularity of WhatsApp—and the recent changes in its privacy policy—mean for healthcare organizations, as they consider their social media strategies. On October 4, Manatt will host a new webinar examining both the powerful opportunities and the legal risks that social media brings to healthcare. The program will share real-life scenarios for putting social media breakthroughs into practice, while ensuring compliance with the Health Information Portability and Accountability Act (HIPAA) and other consumer protection standards. Click here to register free.

___________________________________

As WhatsApp's reach surges and its penetration deepens—even among hard-to-reach older and poorer populations—it is critical for healthcare organizations to gain insight into the pros and cons of its use, as well as its appropriate position within a larger social media strategy. The combining of WhatsApp and Facebook opens up new opportunities for strengthening and evaluating communications with key audiences—but also poses risks that are important to consider when defining WhatsApp's place in a social media program.

It's hard to overstate the popularity of WhatsApp, the Internet-based text and voice call mobile app acquired in 2014 by Facebook for $19 billion. Seven years after its founding, WhatsApp currently boasts 500 million monthly active users, roughly equivalent to a third of Facebook's 1.49 billion monthly active users. WhatsApp currently supports about 100 million voice calls daily. While this volume is only 3% of the roughly 3 billion or so calls made daily in the United States, the company didn't even offer voice services until February 2015.

The WhatsApp platform has many appealing advantages over other communications channels. WhatsApp eschews third-party banner ads, doesn't mine user-generated content, applies layers of security to keep communications within a person's social network private and provides end-to-end encryption to keep messages, voice calls and uploaded files private. Pairing this relatively noncommercial and private channel with Facebook's reach and social marketing analytics opens up new possibilities for the way healthcare organizations devise their social media and consumer engagement strategies.

WhatsApp does not yet support widespread consumer-to-business direct communications. However, recent changes to the WhatsApp Terms of Service and Privacy Policy suggest that it is moving in that direction. In the not too distant future, it may be possible for healthcare organizations to integrate Facebook social marketing with a private connection so consumers can privately schedule an appointment, submit biometric data, receive health coaching or participate in a private group.

Of concern to privacy watchdogs is that WhatsApp will begin integrating its service with Facebook to "improve its services" and unify efforts across all Facebook platforms to fight spam, make product suggestions and show relevant offers and ads on Facebook. None of the changes, which took effect on August 25, 2016 for new WhatsApp users, will result in data mining or sharing of user-generated content from WhatsApp messages, photos or account information. Even so, the Federal Trade Commission (FTC) has apparently signaled its intention to carefully review the revised Terms of Service and Privacy Policy, to determine whether any changes are deceptive or violate a 2011 settlement agreement that Facebook made with the FTC in connection with earlier misuses of personal data.

10 Key Considerations for Healthcare Organizations

While the FTC undertakes this review, healthcare organizations could benefit from developing a better understanding of how WhatsApp operates, and its anticipated role in Facebook's revenue growth.

To determine the role WhatsApp could play in their own social media strategies, here are the top 10 things that forward-thinking healthcare organizations should know about WhatsApp:

1. Scale and Code Stability. A service as big and complex as WhatsApp does not become successful without immense IT, talent and financial resources. Like Amazon, which built the profitable Amazon Web Services as a white-label version of its underlying service platform, Facebook is positioning WhatsApp as an infrastructure-as-a-service business solution for Internet-based direct-to-consumer communications.

2. Security. WhatsApp rankled government officials last spring when it introduced end-to-end encryption to its app, but even before that, WhatsApp platform was built for privacy. Messages are stored on the device associated with an individual's cell phone number, not on multiple devices. WhatsApp servers delete messages after they are delivered, or if a message has not been delivered within 30 days. Undelivered messages are encrypted with an irreversible one-way hash that makes it nearly impossible to decrypt a message without the recipient's phone. On its face, WhatsApp's focus on privacy may seem counterintuitive to Facebook's core business, except that businesses want to keep their conversations with customers private and, at the same time, use Facebook to prompt consumers to initiate private conversations. For an infrastructure-as-a-service business solution to be successful, Facebook has to keep these communications secure from the prying eyes of its natural language processing algorithms.

3. Identity Authentication. Facebook's growth depends on its continuous vigilance to root out and proactively guard against identity theft. Healthcare organizations are subject to Meaningful Use and the Health Information Portability and Accountability Act (HIPAA) Security Rule to implement identity authentication controls on their patient- or member-facing portals. A disinterested observer might reasonably conclude that Facebook's systems for authenticating a user's identity are sufficiently strong for at least some types of personal health information.

4. Reach. Anyone with a smartphone, cell phone number and Internet connection can use WhatsApp. Some WhatsApp users might even forego cellular data service entirely if they can make phone calls wherever they have Wi-Fi-based access to broadband. Widely available, free broadband access and Wi-Fi may be expected over time. For example, New York City has awarded a 12-year contract for CityBridge to build a free, city-wide Wi-Fi network. For its part, Facebook intends to launch satellites to support free, next-generation (5G) broadband, worldwide. To the extent widespread free broadband becomes a reality, more consumers could switch to WhatsApp as their only voice call and data service carrier. Healthcare organizations should consider a scenario in their social media and digital outreach strategies that has WhatsApp becoming a major telecommunications platform in the future.

5. Insurgent Pricing. WhatsApp is free to end users, adding another significant inducement for consumers to use its platform. WhatsApp's insurgent pricing strategy is the cost of building a two-sided market, paid for by businesses seeking direct-to-consumer access.

6. Access to Traditionally Underserved Demographics. According to Pew Research Center, smartphone adoption by older adults and low-income people continues to rise. Indeed, Pew's surveys suggest that smartphones are often the only (or primary) means for them to gain access to the Internet. Since the cost of broadband and data plans are contributing factors to low adoption by these populations, WhatsApp's free-to-end-user model makes it more enticing for these harder-to-reach populations to adopt the mobile app. Facebook's social marketing tools may be off-limits inside the WhatsApp platform, but they can still be used by healthcare organizations to reach these underserved populations.

7. One Platform, Many Channels. Given its ability to secure text message, voice call, voicemail recordings and file uploads, WhatsApp may be able to offer businesses a single unifying platform for engaging consumers across modalities. This would allow healthcare organizations to streamline the number of digital health tools they need to engage consumers.

8. Banner and Spam-Free. While Facebook's revenue model depends on targeted placement of advertising content in its users' newsfeeds, WhatsApp has always been, and under its new Terms and Privacy Policy remains, free of third-party banners and spam. This policy, not shared by Facebook, may alleviate some concerns of healthcare organizations that they have limited control over the commercial content posted alongside their private digital interactions with consumers.

9. WhatsApp and Facebook Are Not HIPAA Business Associates, Yet. There are downside risks that healthcare organizations need to address with WhatsApp, as they do with evaluating all digital technologies. Facebook has not signaled whether it would sign business associate agreements in its new business venture. It would be difficult for Facebook to avoid becoming a business associate, because it would have to restrict and monitor information transmitted in WhatsApp between healthcare organizations and consumers. Since WhatsApp's central proposition is built on privacy and security, Facebook would have to seek other avenues for it not to be treated as a business associate.

10. Who Should Be in Charge? Another downside risk is that Facebook can change its Terms of Service or Privacy Policy at any time with few legal constraints (the terms of its 2011 settlement agreement being one such constraint). Healthcare organizations need to carefully consider whether they feel comfortable building a consumer engagement program on top of WhatsApp and other Facebook properties, with the possibility that Facebook could unilaterally change its Terms or Privacy Policy. As with the EU Safe Harbor Privacy Policy Framework (since replaced by Privacy Shield), there is precedent for Facebook to enter into agreements that bind it to specified standards and practices. Depending on the degree of support WhatsApp gains among healthcare organizations, developing such a global business associate agreement with healthcare organizations might not be such a bad idea.

The FTC and Patient Privacy: Challenges of the Digital Age

By Richard P. Lawson, Partner, Consumer Protection | Randi Seigel, Counsel, Manatt Health

Companies operating in the healthcare arena, especially nontraditional ones, must take seriously the privacy concerns of patients—the good, the bad, and the warts (literally). That critical need to keep patient privacy top of mind is the key takeaway from a recent Federal Trade Commission (FTC) action against Practice Fusion, a cloud-based electronic health record (EHR) company, in which the FTC alleged that Practice Fusion collected patient comments about doctors without properly advising the patients that the comments would eventually be posted publicly in the patient review portion of a healthcare provider directory.

As might be expected, some of these comments contained information that a patient likely does not want shared publicly. For instance, one patient thanked the provider for removing a wart (which had been under a callus) and advising that another wart may be growing on the other foot. Additional examples include comments about facelifts, Xanax prescriptions, yeast infections, and the suicidal tendencies of a child.

Companies across many different industries are seeking new and different ways to engage with consumers. While the digital age allows for new methods to be executed at blinding speeds, traditional rules about disclosure and consumer choice remain as prominent now as they were in the last century. Mix these concepts in with the sensitivity of patients' health information, and companies can quickly find themselves foundering on the rocks and shoals of the Health Insurance Portability and Accountability Act of 1995 (HIPAA) and state privacy laws, as well as the traditional consumer protection rules and regulations.

The Importance of Clear and Conspicuous Disclosures

In its action against Practice Fusion, the FTC asserted that the eventual publication of private health information was a material term, and that Practice Fusion should have clearly and conspicuously advised patients that their information would be used this way. Material disclosures should find the consumer, not the other way around. Adhering to this simple maxim can avoid the expense and loss of customers' goodwill that accompany FTC investigations.

Materiality always will be dependent on the circumstances. Costs and fees almost always count as "material," but money is not the only measure of materiality, as demonstrated in the Practice Fusion case. In Practice Fusion, the FTC asserted that the privacy of health information was material, given that the heart of the matter involved accumulating personal data to be used in the comment section of a provider directory. But whatever is at issue, the cardinal rule with material disclosures is that they must be "clear and conspicuous."

The Four Ps That Define "Clear and Conspicuous"

"Clear and conspicuous" is a phrase that has been examined in numerous actions by the FTC and state attorneys general. One helpful phrase used to flesh out the meaning of "clear and conspicuous" is the four Ps—prominence, presentation, placement, and proximity.

The "prominence" of a disclosure is often a function of the message's size and clarity. This can be a particular concern for disclosures made on mobile devices. Enforcement agencies can be very unforgiving of disclosures that can be viewed well on a desktop but are barely readable on a phone. Color contrast can be an issue that undermines a message's prominence, as well. Disclosures in a cream-colored text on a white background probably run afoul of the "prominence" standard.

"Presentation" relates to the ability of the disclosure to be understood by readers. The language used must be understandable to the average reader. Similarly, "placement" means that the disclosure needs to be in a location where the consumer could reasonably be expected to find the terms. Lastly, to meet the "proximity" standard, the disclosure must not only be in a place where the consumer can be expected to find it, but also in a place that is relevant to the subject matter in the disclosure.

The Special Considerations That HIPAA Adds

Beyond the traditional disclosure standards from the FTC, companies need to take into account the special considerations related to the healthcare industry, such as HIPAA. Among other things, HIPAA protects patient health information from unauthorized access, use and disclosure by healthcare providers. For example, if a company receives information from the medical practices with which it contracts, the use of that information is governed by HIPAA.

HIPAA permits healthcare providers and health plans (known as covered entities) to share health information with third-party vendors—known as business associates—such as electronic medical records companies. Business associates are required to comply with HIPAA regulations.

Using the patient information obtained from healthcare providers (such as names and email addresses) in a manner unrelated to the services rendered by the business associate to the provider would be a breach of HIPAA and the business associate agreement (BAA). Further, using this information in a manner that resulted in public disclosure of patient health information without the consumer's consent likely would trigger an investigation by the Office of Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS), the agency responsible for overseeing and enforcing HIPAA. Business associates are subject to civil and, in some cases, criminal penalties for making uses and disclosures of patient health information in violation of HIPAA and their BAAs.

Practice Fusion: An Important Reminder

As alleged by the FTC, Practice Fusion, while trying to develop a new service to help consumers find a healthcare provider, found itself in the vortex of both healthcare and traditional consumer protection concerns. The case serves as a critical reminder that in this data-driven communication age, personal health data can be as important as financial data. Collecting sensitive health information requires careful consideration; publishing it requires the clear and knowing consent of the patient, whether covered by HIPAA or not.

There are fantastic opportunities for consumers, providers and patients to engage with businesses and each other in this digital age. As Practice Fusion demonstrates, however, the FTC expects companies to remember and apply time-tested laws and rules about privacy and disclosures.

back to top

AI in Digital Health

By Jordan Pritchett, Analyst, Manatt Digital

AI is arguably the most fascinating development within the digital world and is an important aspect of what many have termed our "fourth industrial revolution." It is a burgeoning industry with nearly unfathomable potential. A recent report by Transparency Market Research in 2015 forecast the global market for AI to reach $3 trillion by 2024—that's trillion with a "t," which equates to nearly a quarter of the current U.S. GDP! However, at this early stage it is important to remember that these market forecasts are largely guesswork. The truth is, we don't really know what the AI marketplace will look like in five years, let alone eight. Still, the sheer magnitude of the projection is telling in that it underscores just how revolutionary this technology is expected to become.

"Real AI" has yet to be achieved. This may or may never happen, and that is more of a philosophical argument that we need not delve into at this time. However, where many companies are making exciting progress is within the field of narrow AI or "augmented intelligence," which utilizes practical applications of machine learning, cognitive computing, data storage, and information processing to inform organizational decision making and problem solving at a scale and rate that are fundamentally superior to the human brain.

These tools are currently being utilized across a multitude of domains, which include education, financial services, and even environmental management. However, one focus area that is particularly intriguing is the work being done within the healthcare space, an industry where digitization is already enacting disruptive change and where the use of digital media is playing an increasingly vital role as a medium for interacting with patients and enhancing overall data capture.

iDAvatars

Manatt Digital is currently tracking the progress of iDAvatars, a leader in the effort to enhance the world of digital health via the implementation of AI systems.

iDAvatars was founded in 2013 and merged with CodeBaby (a Colorado virtual assistant technology) in 2016. The combined entity builds intelligent, conversational avatars that engage with users and aid in front-end data collection for healthcare providers and caregivers. The company is currently a partner with IBM Watson and is a core part of its AI roadshow that is effectively leading the conversations around the use of AI within healthcare and its overall possibilities.

The company's current focus is on aggregating verbal and nonverbal communication through the use of emotionally intelligent avatars that combine human-like characteristic with advanced technologies such as emotion and facial recognition (meet "Sophie" below). Its existing solutions have the ability to collect data about the user via talk, text or touch and can in turn share data points with participant healthcare providers and its associated caregivers.

Why is this important? In short, because the merging of objective and subjective data in healthcare is an ongoing challenge. Your blood pressure is measureable, whereas "how you are feeling" is far more difficult to quantify. Still, both data points are relevant to your doctor in diagnosis and treatment evaluations. As such, the ability for AI and intelligent bots to provide the rapid data aggregation and distribution is a compelling value proposition that can both alleviate existing pain points and greatly improve efficiency. Industry leaders expect that this combination of objective and subjective data into a single diagnostic step through AI systems will not only provide more comprehensive patient data, but will also provide better patient outcomes and cost savings.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Manatt, Phelps & Phillips, LLP | Attorney Advertising

Written by:

more+
less-

Manatt, Phelps & Phillips, LLP on:

JD Supra Readers' Choice 2016 Awards
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×
Loading...
×
×