The Prinz Law Office

SaaS Lawyer Kristie Prinz explains why not to use the term “SaaS License” in this video recorded October 2022.

The Prinz Law Office is pleased to announce that we are adopting a number of new options for working with our clients. We received feedback asking for new fixed rate and subscription packages for specific business scenarios, and in response to that feedback we have designed a variety of new packages designed around those requests. Existing clients who are working with us already under another billing arrangement will be able to switch to a new plan at any time upon request.  The firm is confident that these new options will better address the current business needs of the technology and life sciences communities we serve.  For additional information about our various available alternative billing packages, please submit your request to kp****@pr************.com.

If you have other ideas for new billing arrangements, the firm always welcomes the feedback. All feedback should also be submitted to kp****@pr************.com.

The Federal and Trade Commission (“FTC”) announced today a settlement with Twitter, Inc. (“Twitter”) in which Twitter agreed to pay $150 million for its alleged misuse of user account security data, specifically email addresses and phone numbers, for advertising purposes.  The government alleged that the misuse of account data was in violation of a 2011 FTC Order against Twitter, which prohibited the company from misrepresenting the extent to which it maintains and protects the security, privacy, confidentiality, or integrity of any nonpublic consumer information.  The government alleged that the misuse of consumer data also violated the EU-US Privacy Shield, and the Swiss-U.S. Privacy Shield.

The FTC press release is attached here.  The complaint is attached here, and the stipulated order is attached here.

In addition to the paying a $150 million fine, the government announced that Twitter has agreed to the following:

• Twitter will not profit from deceptively collected data;
• Users will have other options to multi-factor authentication such as apps or security keys that do not require the provision of phone numbers;
• Notify all users that Twitter misused the phone numbers and emails collected for targeted advertising and to provide users with information about Twitter’s privacy and security controls;
• Implement and maintain a comprehensive privacy and information security program which requires an assessment of the potential privacy and security requirements of new products;
• Limit employee access to users’ personal data; and
• Notify the FTC if it experiences a data breach.

With this enforcement action against Twitter, the FTC is clearly making a statement to companies in the business of collecting consumer data that they need to truthfully disclose the purposes for which data used for advertising purposes is collected, and that failure to disclose this information will have potential federal regulatory consequences.  SaaS, Tech, and digital health companies should take note of this particular enforcement action, and ensure that they avoid engaging in the same practices that were the subject of this enforcement action.

I was recently asked by a client whether arbitration or litigation in a SaaS contract was better. The issue had been raised by an attorney on the other side of the SaaS contract negotiation, who had not only tried to persuade my client to revise the specific clause in that case, but had also provided my client the unsolicited advice that “he should prefer litigation over arbitration” in all cases.

My client, who had elected to include an arbitration clause in his standard SaaS contract terms, was unsure what to do and how to respond, and so he reached out to me for guidance.

While the debate over whether arbitration or litigation is better for a particular organization is not a dilemma specific to the SaaS industry, it is one that clients often raise with me in frustration, hoping that I can advise them that one option is definitively “better” than the other.   The answer, like many things in the law, is not so black and white, and it should not be decided without considering the pros and cons of each option.

What happens when a SaaS or digital health contract includes an arbitration clause?

First of all, let’s assume you have no arbitration clause in your contract and a dispute arises, then the only contractually available forum to hear the dispute will be a courtroom.  If your company does not have an in-house legal department with litigators on staff, then you will need to hire a litigation support to handle the litigation process, either from the plaintiff side or the defense side.  You will incur costs every time a motion is filed or defended, and you will incur costs for discovery, depositions, mediation, and the trial preparation, all until the case is either settled or a judgment is reached.  This process could take years to go through.

On the other hand, let’s assume you have an arbitration clause in your contract and a dispute arises, then the contractually available forum to hear the dispute will be a courtroom.  However, your opponent may not want to arbitrate the case, and so your opponent may file in court first, in which case you will have to file to compel the case to arbitration.  Alternatively, your opponent may be unwilling to participate in the arbitration, so you may have to file a motion to compel your opponent participate in the arbitration.  Once you win any motion in court, you will then have to initiate the arbitration with the private organization that will handle the arbitration, which will generally be AAA or JAMS in the US, but there are other organizations that handle commercial arbitration internationally.  This will require you to pay the filing fees, which are often far higher than is required to initiate a case in a court.  Once the case is initiated an arbitrator will be appointed to hear the case, and the parties will decide on the format for the case, and the case will proceed outside of court within the private dispute resolution process of the organization selected.

What are the advantages of arbitration in a SaaS or digital health contract?

What are the advantages?  Well, arbitration is intended to be a commercial process rather than a legal process, so it is much less formal.  It also can be faster, as there is no judicial backlog to slow down the process.  There are fewer rules governing the process, so it often viewed as less predictable.  But fewer rules also means that the process is more easily managed by business-people who are not litigators.  The goal of arbitration is generally to get to a rendered decision as quickly as possible, which may be advantageous.

How is arbitration different than the standard court path to dispute resolution?

In contrast, the court option is very formal.  It can be slow, which may be a negative in some situations and a positive in other situations.  And it is governed by rules and precedent, which will require knowledge and familiarity with both to proceed through.  Most litigated cases settled, so the goal of litigation may not be to get to a judgment.  Instead, the goal may actually be to get to a settlement.

Is arbitration cheaper than going to court to resolve the dispute?

Is one option necessarily cheaper than the other?  Arbitration is generally perceived in the business world to be cheaper, due to the faster process and the relaxed rules, but because the process is a private commercial process, the fees for the administration of the case can be higher in some situations and it is still possible to incur legal fees during the process.  In contrast, discovery, depositions, and motion hearings can drive up the cost of a litigation process, both in terms of legal hours billed but also in terms of other costs.

Is an arbitration award a faster path to enforcement?

It is important to recognize that getting an arbitration award may not actually be better than a mediated settlement to the party owed an award, since a voluntary settlement may be easier to enforce than a decision.  On the other hand, the process is private and stays completely confidential and outside of court records, which may be preferred by both parties, and the informality may be less stressful on both sides of the dispute.

How to Decide between Dispute Resolution via Arbitration or Litigation When Drafting?

In the end, the choice between arbitration vs. litigation is one of personal or commercial preference.  You have to expect that a commercial litigator who spends his career in the courtroom is going to prefer to stay as far away from arbitration as possible.  In contrast, transactional lawyers are generally going to prefer to stay as far away from litigation as possible.

I generally recommend to clients that they should contemplate the type of dispute that would arise from a particular set of contract terms before deciding how they prefer to resolve that dispute.  For example, if a dispute arises, would an informal private solution to resolving the dispute be better than the formality of litigation?  Will the other side have significantly more resources to apply towards the dispute?  Would the other side benefit from delaying the resolution of the dispute and causing you to invest significant resources in the process?  What will be the anticipated filing fees for each side in the dispute?

All in all, arbitration vs. litigation is not a decision that should be made without some careful consideration of the underlying issues and the consequences of each decision.  There are valid reasons why parties gravitate to one option or the other.  It is up to your business to decide what should be your organization’s preferred standard with respect to a particular type of contract, and whether or not you will be willing to concede your position upon request by a particular client.  You may realize that your preferred position is going to be the same in every case, or alternatively, that your position may require review on a scenario-by-scenario basis.

If you have questions regarding whether to accept or reject arbitration in a dispute resolution clause in a contract, please schedule a consultation today to discuss at https://calendly.com/prinzlawoffice.

If you work in the software industry, you may be surprised to discover that digital health software products may be subject to regulation by the Food and Drug Administration (“FDA”).  Some software is considered a software as a medical device (“SaMD”) product or software in a medical device (“SiMD”) product.

So, how do you know whether or not a digital health product you are building is going to be considered a SaMD or SiMD product?

The FDA issued a “Policy for Low Risk Devices” on September 27, 2019, which provides general nonbinding recommendations to clarify its policy on health software that has been deemed not to be a device under Section 201(h) of the FD&C Act.  In this policy, the FDA specifically stated that software intended “for maintaining or encouraging a healthy lifestyle and is unrelated to the diagnosis, cure, mitigation, prevention, or treatment of a disease of condition” does not constitute a “device” under section 201(h) of the FD & C Act.  According to the FDA policy, general wellness products will not be examined to determine if they are devices and comply with the regulatory requirements for devices.  The FDA further defines general wellness products to include products meeting the following requirements: (1) they are intended for only general wellness use as defined in the guidance and (2) they present a low risk to the safety of users and other persons.

In the Policy for Low Risk Devices, the FDA states that a “general wellness product” has the following:

(1) an intended use that relates to maintaining or encouraging a general state of health or healthy activity, or

(2) an intended use that related the role of healthy lifestyle with helping to reduce the risk or impact of certain chronic diseases or conditions and where it is well understood and accepted that healthy lifestyle choices may play an important role in health outcomes for the disease or condition.

The FDA then provides examples of the specific types of uses that would fall under each category.

The FDA also states the test for assessing the degree of risk for general wellness products:

(1) Is the product invasive?

(2) Is the product implanted?

(3) Does the product involve an intervention or technology that may pose a risk to the safety of users and other persons if specific regulatory controls are not applied, such as risks from lasers or radiation exposure?

If all of the above answers are “no,” then the product is deemed to be low risk and not subject to FDA regulation.

The FDA also issued a “Policy for Device Software Functions and Mobile Medical Applications” on September 27, 2019, which provided nonbinding recommendations for regulation software applications intended for use on mobile platforms or on general purposes computing platforms.

In the “Policy for Device Software Functions and Mobile Medical Applications” the FDA clarified that it intended to focus its regulatory oversight to “only those software functions that are medical devices and whose functionality could pose a risk to a patient’s safety if the device were to not function as intended.”  The FDA listed three categories of software functions that would be subject to this regulatory oversight focus:

(1) Software functions that are an extension of one or more medical devices by connecting to such device(s) for purposes of controlling the device(s) or analyzing medical device data.

(2) Software functions (typically, mobile apps) that transform the mobile platform into a regulated medical device by using attachments, display screens, or sensors, or by including functionalities similar to those of currently regulated medical devices.

(3) Software functions that become a regulated medical device by performing patient-specific analysis and providing patient-specific diagnosis, or treatment recommendations.

The FDA also clarified that it intended to exercise enforcement discretion for software functions that “help patients. . . . self-manage their disease or conditions without providing specific treatment or treatment suggestions” or “automate simple tasks for health care providers.”  The FDA listed four categories of software functions that would be subject to this regulatory enforcement discretion:

(1) Software functions that provide or facilitate supplemental clinical care, by coaching or prompting, to help patients manage their health in their daily environment.

(2) Software functions that provide easy access to information related to patient’s health conditions or treatments.

(3) Software functions that are specifically marketed to help patients communicate with healthcare providers by supplementing or augmenting the data or information by capturing an image for patients to convey to their healthcare providers about potential medical conditions.

(4) Software functions that perform simple calculations routinely used in clinical practice.

The FDA also provided a list of categories of software functions that are not medical devices:

(1) Software functions that are intended to provide access to electronic “copies” of medical textbooks or other reference books with generic text search capabilities.

(2) Software functions that are intended for health care providers to use as educational tools for medical training or to reinforce training previously received.

(3) Software functions that are intended for general patient education and facilitate patient access to commonly used reference information.

(4) Software functions that automate general office operations in a health care setting and are not intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease.

(5) Software functions that are generic aids or general-purpose products.

(6) Software functions that are intended for individuals to log, record, track, evaluate, or make decisions or behaviorial suggestions related to developing or maintaining general fitness, health, or wellness.

(7) Software functions that enable individuals to interact with EHR software certified under the ONC Health IT Certification Program.

(8) Software functions that provide patients with simple tools to organize and track their health information.

(9) Software functions that provide easy access to information related to patients’ health conditions or treatments.

(10) Software functions that provide patients with simple tools to organize and record their health information.

(11) Software functions that are specifically marketed to help patients document, show, or communicate to providers regarding potential medical conditions.

(12) Software functions that enable, during an encounter, a health care provider to access their patient’s personal health record (health information) that is hosted on a web-based or other platform.

(13) Software functions for health care providers certified under the ONC Health IT Certification Program, such as those that help track or manage patient immunizations by documenting the need for immunization, consent form, and immunization lot number;

(14) Software functions that help asthmatics record (i.e. collect and log) inhaler usage, asthma episodes experienced, location of user at the time of an attack, or environmental triggers of asthma attacks;

(15) Software functions certified under the ONC Health IT Certification Program that prompt the health care provider to manually enter symptomatic, behavioral, or environmental information, the specifics of which are pre-defined by a health care provider, and store the information for later review;

(16) Software functions that record the clinical conversation a clinician has with a patient and sends it (or a link) to the patient to access after the visit;

(17) Software functions that allow a user to record (i.e. collect and log) data, such as blood glucose, blood pressure, heart rate, weight, or other data from a device to eventually share with a health care provider, or upload it into an online (cloud) database, or personal or electronic health record (PHR or EHR, respectively) that is certified under the ONC Health IT Certification Program;

(18) Software functions that enable patients or health care providers to interact with PHR systems or EHR systems that are certified under the ONC Health IT Certification Program;

(19) Software functions that meed the definition of Non-Device-MDDS, which are functions solely intended to transfer, store, convert formats, and display medical device data or results, without controlling or altering the functions or parameters of any connected medical device.

(20) Software functions that display patient-specific medical device data.

(21) Software functions that are intended for transferring, storing, converting formats, or displaying clinical laboratory test or other device data and results, findings by a health care professional with respect to such data and results, general information about such findings, and general background information about such laboratory test or other device, unless such function is intended to interpret that data, results, and findings.

The policies provide much more detail about the scope of the regulatory authority to be exercised over software than what can be captured in a blogpost, but this overview at least summarizes the key points of the guidance.

If you are developing a digital health software product, you will want to carefully consider how the FDA will classify your product, and you will likely want to consult with an attorney who focuses in this niche.  FDA legal practice is a narrow practice niche which includes a small circle of attorney practitioners, so it may be challenging to find a lawyer who practices in this specialty area outside of Washington, D.C.  It is possible that a medical device patent attorney in your area may have this expertise or may be able to make a good referral for you, so that is a possibility you may want to explore.

What is the concept of “Digital Health”?  If you work in the field and are still unsure of how exactly to define the term, then you are in good company: while there seems to be some consensus regarding what is included in the concept of “Digital Health,” there is still some confusion on the scope of everything that is included under the “Digital Health” umbrella.

The Food and Drug Administration (“FDA”) has attempted to answer this question by defining “Digital Health” to broadly include mobile health, health information technology, wearable tech, telehealth, telemedicine, and personalized medicine.

In contrast, the World Health Organization (“WHO”) provides a slightly different definition of “Digital Health” defining it to constitute “e-health” and emphasizing instead of the areas of technology encompassed in the term the themes or goals of the “Digital Health” movement:  strengthening health systems and public health, increasing equity in access to health services, and working towards universal health coverage.

A quick search of the Internet will quickly generate many other slightly different definitions of what actually encompasses the term “Digital Health.”

So, the truth of the matter is, if you are unclear what the parameters of “Digital Health” really are, you are not alone.  In all honesty, I am not completely clear as to what the current industry thinking is on how the concept of “Digital Health” and the concepts of “Health Technology” and “Medical Technology” overlap with one another.    The best answer is probably that the term “Digital Health” is evolving as the technology itself continues to develop.

For the purposes of the Silicon Valley Digital Health Blog, when we talk about “Digital Health,” we will be talking about the apps, software, SaaS products, and digital devices employing and connecting with this software for wellness, medical, and health care purposes.

Digital Health Lawyer Kristie Prinz explains the definition of digital health in this video recorded on February 16, 2022.