Bird & Bird’s Ewan Grist, Chris de Mauny and Toby Bond spoke at the Med-Tech Innovation Expo held at the NEC, Birmingham on 15 & 16 May 2019 on navigating the legal challenges for med-tech present and future.
Ewan explored the legal issues which arise at various stages of the lifecycle of a medical device; from product concept, though prototyping, testing, refinement, manufacture, marketing and placing on the market. In addition to addressing regulatory compliance Ewan emphasised the importance of having an IP strategy to ensure the IP generated by the product’s development is captured and protected, by filing patents covering any innovative technical features and registering design rights covering any aesthetic elements. Considering third party IP at an early stage can also de-risk the potential for challenges further down the line while developing a strategy for IP infringement monitoring and enforcement which will reduce the risk of losing market share to copycat products.
Chris expanded on the product lifecycle of a traditional medical device by considering challenges and opportunities caused by newer, smarter Med-Tech. In particular, those caused by the utilisation of sophisticated software, connection to cloud-based services and evolution of device function through software updates or through machine learning. Chris discussed the consequences flowing from this for IP, regulation, liability and security.
Toby focused on the legal issues which arise in the context of data driven innovation, where datasets obtained from connected devices are analyzed to generate insight which can form the basis of Med-Tech innovation. With data at the heart of this process Toby explained that data ownership issues are increasingly important in many Med-Tech projects, especially where they involve collaborations with third parties. Toby also discussed the role of legal advisors in helping Med-Tech projects navigate the regulatory environment relating to personal data and the increase in eHealth and mHealth specific regulation covering healthcare data.
There were multiple concurrent sessions throughout the two days and this note only picks up on some of the themes which emerged from the sessions Ewan, Chris and Toby were able to attend.
Med-Tech is becoming smarter and it is coming to the UK
There were many companies showcasing the latest, smartest Med-Tech offerings both exhibiting at and attending the Expo. These offerings ranged from precision engineering in plastics, metals and electronics to hardware and software products. The huge range of products and services on offer reflects the trend in innovation in Med-Tech reported by the European Patent Office in its 2018 annual report noting Med-Tech as the single largest industry sector for patent filings during 2018. The EPO’s report reveals a 5% growth in filings in Med-Tech during 2018, matching closely Deloitte’s prediction for 2017-2024 growth in this industry internationally.
What was also evident at the Expo is the strength of the UK Med-Tech industry. A number of exhibitors discussed the increase in or even commencement of manufacturing of sophisticated, high quality products here in the UK. This suggests that current political uncertainty is not hampering the recent growth seen in the UK’s advanced manufacturing sector.
Connectivity brings new opportunity but new cybersecurity challenges
A number of sessions focused on the addition of connectivity to medical devices and steps to address the potential cybersecurity risks. With Capgemini recently predicting that 47% of a typical manufacturer’s product portfolio will be comprised of smart, connected products by 2020, many regulators are implementing frameworks for managing and mitigating the risks associated with cyber-attacks on devices and the associated connectivity and data infrastructure. This includes the FDA’s draft Cybersecurity Premarket Guidance published in October 2018 and a number of sections in Annex 1 to the EU’s Medical Devices Regulation. Other regulators have also started consultations regarding cybersecurity requirements for medical devices including Health Canada and the TGA in Australia.
The overriding message coming out of the sessions was that a cybersecurity risk management requires a holistic approach, which takes into account both the organisational controls on cyber risk and specific product based assessments. A key challenge is managing the software vulnerabilities discovered after a device has been launched, with the potential solution to deliver software patches over-the-air serving as both an opportunity to mitigate risk, and as its own potential attack surface.