- If the former, how does the company engage investigators and study sites, and how do important CTA terms get passed on to them? How much of the site payments does the company retain, and what contractual risks does the company assume for these studies? - If the latter, the company is a true CRO and will be regulated by the Food and Drug Administration (FDA) as if it is the study sponsor. More extensive FDA-related due diligence should be performed if an investment in a CRO is considered. • Federally-Funded Studies. Does the company agree to conduct federally-funded studies? Many companies in this space began conducting federally-funded studies during the COVID-19 pandemic without realizing the extent of the compliance obligations that accompany federal funding. • Investigator-Initiated Research. Does the company support any investigator-initiated research? This research carries more prestige and the possibility of developing important intellectual property, and supporting it is often necessary to attract star investigators, but this also involves more regulatory and contracting challenges. • Third-Party Payors. Does the company bill any third-party payors for study-related services, or does it advise study sites about what study costs can be billed to third-party payors? SMOs will often perform payor coverage analyses for clinical trials because the financial viability of some trials depends on permissible claims submission. Doing this incorrectly, however, creates risk under the False Claims Act. • Quality Study Concerns. Does the company have a history of study quality concerns? These might have been raised by the FDA through an FDA Form 483 or by a study sponsor audit. 6. Mitigating Privacy Risks in Data- and AI-Driven Healthcare Companies BY EMILY BURROWS & ROY WYMAN Investment in innovative healthcare technology companies is sure to continue in 2024. Investors are increasingly attracted to the potential of artificial intelligence (AI) and other data-driven technologies as a way to transform and enhance existing service offerings and offer new diagnostic and treatment solutions. As attractive as these new technologies (and investments in them) may be, PE investors should proceed with astute awareness, given the persistent risk of loss or misuse of sensitive personal health information. In fact, the integration of AI and large data processing amplifies the already existing concerns around data security, patient confidentiality, and regulatory compliance in healthcare technology. Any company subject to the Federal Trade Commission (FTC) Act, global privacy or AI-related regulations, or the growing number of state privacy statutes, and those interested in investing in such companies should be aware of the ever- evolving regulatory landscape. Further, many legal requirements are currently being drafted or are already signed but not yet effective, which will continue to inform the enforcement environment. Companies subject to these regulations should be nimble and resilient to protect value and avoid regulatory penalties, mass litigation, and other risks. To mitigate risk when investing in healthcare technology companies, particularly those with an AI/data integration focus, PE firms should consider the following: • Existing Data Laws. Diligence each target’s compliance with data protection laws such as HIPAA, the FTC Act and state privacy laws in the United States, GDPR in Europe and the UK and various other international regulations. • New and Proposed Data Laws. Work to understand targets’ actions taken in preparation for new and proposed laws relating to these technologies, including reviewing any data impact assessments and otherwise determining the relative risk of use cases and products involving sensitive data or the use of new technologies. This risk review should consider security risks and, just as importantly, any material impact their technologies may have on individuals.
5 HEALTHCARE PRIVATE EQUITY: 2024 OUTLOOK & TRENDS IN M&A |
Powered by FlippingBook