Key Contractual Considerations for Health AI and Hospital Collaborations

14 September 2023 Health Care Law Today Blog
Author(s): Shabbi S. Khan Aaron T. Maguregui Nathan A. Beaver David W. Kantaros

SaMD Blog Series: Article 6

If artificial intelligence (AI) is the vehicle that will revolutionize health care, data is the fuel that will propel the revolution. Health AI startups have recognized an unprecedented opportunity to create a transformative network effect, akin to many data companies, by collaborating with health systems and hospitals.

The idea is simple yet powerful: by partnering with the hospitals, health AI startups can access vast amounts of data, which when aggregated and analyzed, can generate more refined products, greater efficiencies and cost savings, and meaningful impacts to problems that have plagued the health care ecosystem for decades. These products can not only optimize patient care and hospital operations but also become invaluable assets to other stakeholders like pharmaceutical and medical device companies.

For hospitals, the proposition is tempting. By sharing their data, they get access to cutting-edge AI solutions that promise to cut costs, enhance patient and provider experiences, and drive revenue. Meanwhile, for AI startups, the continual flow of data means more refined algorithms, more accurate predictions, and an expanding portfolio of insights.

However, the dynamics of these partnerships are not straightforward. When health AI startups and hospitals sit at the negotiation table, both sides must consider several key topics:

Data Use Rights

Many health AI startups are blindsided when learning how the Health Insurance Portability and Accountability Act (HIPAA) and state privacy laws limit data use. Absent certain authorizations from patients or rights appropriately granted to the startup by the hospital, HIPAA and other regulations can create barriers for service providers, like an AI startup, to perform activities outside of an agreement’s defined services that use patient data. Necessary product-development activities, not considered part of the defined services provided to the hospital-client, like machine learning and using patient data to create training data, are limited if not carefully negotiated.

Data Protection

To hospitals, protecting patient data is paramount due to regulatory, ethical, and reputational concerns, as well as an acute and ever-growing understanding of the true value of their patient data. Hospitals tend to prefer non-exclusive rights, ensuring the flexibility to use competing AI tools or share data with other entities as needed. Startups may seek flexibility through the use of de-identified patient data and the ability to license the deidentified data through a fully paid, perpetual and non-revocable license grant, which helps to ensure that they can utilize the data indefinitely, as their algorithms evolve.

Pricing Strategy

Hospitals will want to ensure the AI solution offers a clear and justifiable return on investment. Startups will aim to get a foot in the door. Common pricing strategies, include low or no-cost trial or pilot terms in exchange for valuable data insights and collaboration clauses requiring both parties to routinely meet and share insights gleaned from the data and the AI solution’s performance. For startups seeking to evidence value and predictable revenue, opting for a pricing strategy that includes subscription-based pricing can serve multiple purposes, including steady cash flow, recurring revenue and enhancing attractiveness to potential investors and customers.

Term Length

Hospitals may prefer shorter-term contracts initially to test the efficiency and reliability of the AI solution without a lengthy commitment. They might also negotiate conditions where they can exit the contract should the tool not meet specified performance metrics. From the startup’s perspective, stability and predictability are vital especially for future acquisition or fundraising purposes. They'd want longer-term contracts, offering them revenue consistency. To entice hospitals into these, startups might offer discounted prices for longer commitments.  Discounts (and other pricing strategies and contract terms) should always be considered for potential fraud and abuse implications inasmuch as hospitals are likely participants in the Federal Health Care Programs including Medicare and Medicaid).

Regulatory Requirements

Some AI software may be regulated by the U.S. Food and Drug Administration (FDA) as Software as a Medical Device (SaMD) depending on how the software operates and what claims are made. Hospitals will likely look to the AI Startup to provide representations and warranties that the software is compliant with laws and some may require that the company has performed a regulatory determination of whether the product is subject to FDA requirements as a medical device. This can be challenging for AI products that may undergo regular changes and adaptations. 

Post-Termination Data Handling

Once the contract ends, hospitals should seek assurances that patient data is either returned or destroyed securely. They would seek clear clauses that prohibit any further use of their data, ensuring patient confidentiality and compliance with regulations. On the other hand, AI startups might negotiate terms that allow them to retain derivative data (insights drawn from the raw data) or de-identified datasets, aiding in further refining their algorithms long after the termination of the relationship between the hospital and the AI startup.

Renewal Rights

As the contract term nears completion, Hospitals may prefer manual renewals, giving them an opportunity to reassess the AI system’s performance and renegotiate contractual terms if needed. They would want clear notice periods to avoid automatic renewals without their explicit consent. Conversely, AI startups tend to favor automatic renewals, seeing them as a conduit to sustained revenue. They'd aim for clauses that default to automatic renewal unless the hospital explicitly opts out.

Change of Control Provisions

In the event of a takeover or change in the AI startup's ownership, what happens to the contract? Is there a need for prior notice or approval? In the event that a change in control provision is triggered, the hospital would want assurances about data handling and solution continuity. They might require prior notice or even an option to terminate the contract in such events. That said, startups might resist overly restrictive notice or consent provisions which could deter potential investors or acquirers. As such, they'd negotiate for reasonable notice periods and clauses that are not too prohibitive accommodate flexibility during mergers or takeovers.

AI has the ability to bring immeasurable and seismic change to the health care industry. Health systems, hospitals and startups are well-positioned to drive innovation through thoughtful and meaningful partnerships. As the partnerships deepen, it's imperative for all parties to have clear, forward-looking agreements that safeguard interests, respect data privacy, and continue to push the boundaries of what AI can achieve in health care.

SaMD Series

For additional resources on how software as a medical device will impact the world of health care, click here to read the other articles in our series.

Foley is here to help you address all your questions and concerns relating to the use of Software as a Medical Device (SaMD). Our team of dedicated attorneys have the experience assisting clients from start-ups to publicly traded companies with respect to research, development and commercialization of SaMD products and services. Please reach out to the authors, your Foley relationship partner, our Medical Device Area of Focus or our Health Care Practice Group with any questions.

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.