software

Wearable watches that help consumers obtain a better understanding of their eating patterns; wearable clothes that send signals to treating physicians; smart watches: they are but a few examples of the increasingly available and increasingly sophisticated “wearables” on the EU market. These technologies are an integrated part of many people’s lives, and in some cases allow healthcare professionals to follow-up on the condition or habits of their patients, often in real-time. How do manufacturers determine what wearables qualify as medical devices? How do they assess whether their devices need a CE-mark? Must they differentiate between the actual “wearable” and the hardware or software that accompanies them? In this short contribution, we briefly analyze some of these questions. The article first examines what “wearables” are, and when they qualify as a medical device under current and future EU rules. It then addresses the relevance of the applicability of EU medical devices rules to these products. The application of these rules is often complex and highly fact-specific.
Continue Reading IoT Update: Are Wearables Medical Devices Requiring a CE-Mark in the EU?

Algorithms define online shopping, allowing for individualized product recommendations driven by customer data. To date, this technology has spurred little litigation. Few if any courts have explicitly ruled on responsibilities related to AI-driven product recommendation software.

Still, developers should be aware of potential legal risks from this novel technology. For example: What happens if AI recommends a product to a shopper and the product injures the shopper because of a defect? Can the shopper bring a product liability claim — such as for strict liability or negligence — against the algorithm’s developer? Although there is limited precedent on this issue, the risk appears limited.
Continue Reading Covington AI/IoT Update: Product Liability Risks for AI-Facilitated Shopping

On 9 July 2018, the Economic Affairs Committee of the European Parliament (the “EP”) published a study identifying potential competition law concerns in the financial technology (“FinTech”) sector (the “Study”).
Continue Reading The European Parliament publishes a study on financial technology and competition law

On October 22, Rep. Marsha Blackburn (R-TN) introduced a bill serving to “provide for regulating medical software, and for other purposes” in the House of Representatives.  The bill, entitled the Sensible Oversight for Technology which Advances Regulatory Efficiency (“SOFTWARE”) Act (“the bill”), was co-sponsored by a bi-partisan group of lawmakers.

The bill creates a regulatory scheme based on three newly defined categories of software—“medical software,” “clinical software,” and “health software.”  Although the bill proposes to carve out “medical software” from the definition of “device” in Section 201(h) of the Federal Food, Drug, and Cosmetic Act (21 U.S.C. § 321) (“the Act”), medical software would be subject to the same regulatory requirements as medical devices under the Act.  In contrast, “clinical software” and “health software” would not be subject to regulation under the Act.

The bill defines medical software as software intended for human or animal use that is intended to be marketed (1) “to directly change the structure or any function of the body of man or other animals;” or (2) for “use by consumers and makes recommendations for clinical action that (i) includes the use of a drug, device, or procedure to cure or treat a disease or other condition without requiring the involvement of a health care provider; and (ii) if followed, would change the structure or any function of the body of man or other animals. . . .”  Medical software does not include software “whose primary purpose is integral to the functioning of a drug or device” or software that is a “component of a device;” such software presumably would continue to be regulated as part of the “parent” device or drug product.
Continue Reading House to Consider Bill Excluding Clinical and Health Software from Regulation as Medical Devices

The issue of cybersecurity has been on FDA’s radar in the last year, due in part to a Government Accountability Office report issued last August that urged FDA to consider the risk of intentional threats to device information security.  Although the GAO report noted that FDA was not aware of any actual incident of device hacking, researchers have demonstrated the ability to remotely exploit devices such as implanted defibrillators and insulin pumps.

Addressing such threats, FDA has issued a draft guidance document entitled “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.”  The draft guidance is intended to make “recommendations to consider and document in FDA medical  device premarket submissions to provide effective cybersecurity management and to reduce the risk that device functionality is intentionally or unintentionally compromised.”
Continue Reading FDA Issues Draft Guidance Document on Cybersecurity in Medical Devices

As our colleagues discussed in a previous post on InsideMedicalDevices, FDA took its first publicly announced enforcement action against a mobile app developer on May 22, issuing an “It Has Come to Our Attention Letter” to India-based app developer, Biosense Technologies.  The letter received extensive media coverage, and the mHealth sector was immediately abuzz with interest (and concern) about its implications.

Commentators observed that the letter appeared to be intended, in large part, as an educational tool for industry.  As such, it’s appropriate to ask:  what lessons should industry draw?  Although single enforcement actions do not always serve as reliable predictors of future actions, the letter offers a handful of key takeaways:
Continue Reading Lessons from FDA’s First Public Mobile Medical Apps Enforcement Letter

Earlier this week, Xiang Li pleaded guilty in Delaware federal court to one count of conspiracy to commit criminal copyright infringement and one count of conspiracy to commit wire fraud.  Li, a Chinese national, was charged with selling “cracked” software (i.e., software for which access controls had been circumvented) to customers around the world through