Emerging Issues in Healthcare Robo5cs and Ar5ficial Intelligence Kathryn R. Coburn Cooke Kobrick & Wu LLP Santa Monica, CA 90404 Agenda Inc. •  Silvestrini v. Intui5ve Surgical, No. 11-­‐270 (E.D. La.) •  Taylor v. Intui5ve Surgical, Inc. No. 09-­‐2-­‐03136-­‐5 (S.Ct. Kitsap County, State of Washington) Ÿ  When HIPAA Applies to Medical Robots Ÿ  Medical Devices Under the HITECH Act-­‐ MU Stage 3 Ÿ Due Diligence Re Medical Robots and Other Medical Devices-­‐ FDA DraW Guidance for Cybersecurity of Devices Silvestrini v. Intui5ve Surgical Inc. E.D. La No. 11-­‐27 The case involved the da Vinci surgical robot, manufactured by Intui5ve Surgical. The robot malfunc5oned during a thyroidectomy. Plain5ff alleged that Intui5ve assembled, distributed serviced and/or maintained the surgical robot. Further, that Intui5ve was responsible for training the hospital’s staff to use the surgical robot and that such training was “totally lacking or woefully inept or inadequate.” The case was sebled in March, 2013 for an undisclosed amount. In her case against the hospital, Silvestrini asserted breaches of the standard of care, Including lack of informed consent; -­‐Misrepresenta5on as to the possible failure, breakdown of the robo5c equipment; -­‐Beginning and performing the robo5c surgery without present or available hospital or equipment technicians/representa5ves capable of determining the cause of the malfunc5on/breakdown and correc5ng same; -­‐A lack of or devia5on from guidelines, protocols and/or rules which should/would have required appropriate technical assistance present and/or immediately available before, during and aWer the procedure; -­‐Lack of and/or inadequate training by the hospital of its surgeon and other hospital Employees/staff with respect to the robot, so as to enable the physician or others to promptly determine and correct the problem/breakdown. Estate of Taylor v. Intui5ve Surgical, Inc. March 25, 2013 This case is a claim for wrongful death and product liability against Intui5ve, for failure to “warn and instruct” on the use of the da Vinci surgical robot. The case was tried under the Washington State Defec5ve Products law. Plain5ff won. Plain5ff alleged that Intui5ve “created an inappropriate training program in California”. Plain5ff also asked for puni5ve damages under California law, based on a “conscious disregard of safety” by Intui5ve. A separate, bifurcated trial in California was granted on the issue of puni5ve damages. Medical Robots and HIPAA When does HIPAA apply to Medical Robots? Ask: Is Protected Health Informa5on Involved? Is a Covered En5ty Involved? Is a Business Associate involved?-­‐ In each of these situa5ons, HIPAA applies. HIPAA and the New Proposed Meaningful Use Stage 3 Requirements HIT Policy Commibee DraW February 2014 -­‐The EHR system is able to help with follow-­‐up orders, and results of specialty consult requests are returned to the ordering provider; -­‐Providers will record the FDA unique device iden5fier when pa5ents have device implanted; -­‐The EHR system is able to access medica5on informa5on from pharmacy benefit managers, as well as prescrip5on drug monitoring program data; -­‐Providers offer pa5ents an easy way to request adjustments to their records online; -­‐Eligible professionals and hospitals can receive provider-­‐requested pa5ent-­‐ generated informa5on that is electronically submibed; -­‐Eligible hospitals and cri5cal access hospitals can send electronic no5fica5ons to members of a pa5ent's care team; and -­‐The EHR system is able to use external knowledge to prompt end users when criteria are met for case repor5ng (Durben Hirsch, FierceEMR, 2/18). Due Diligence For Covered EnFFes and Business Associates Using or Acquiring Medical Robots and Devices Cybersecurity for Medical Devices On June 13, 2013 the FDA released a draW guidance on measures to help ensure the cybersecurity of medical devices-­‐ “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.” Manufacturers should ensure confiden5ality, integrity and availability of data. (No men5on of HIPAA.) Discusses authen5ca5on for system access and encryp5on of data. The FDA also issued a Safety Communica5on to Medical Device manufacturers, healthcare IT and procurement and biomedical engineers working on cybersecurity for medical Devices. QuesFons? Kathryn R. Coburn Cooke Kobrick & Wu LLP 1 (424) 238.4501 [email protected] Kathryn Coburn manages the health care division of Cooke Kobrick & Wu LLP in the Santa Monica, CA office. She represents clients in health IT licensing, informa5on security and technology transac5ons. She is on the Board of Editors of the California Health Law News and is past Chair of the Informa5on Security Commibee of the American Bar Associa5on.