London Tech Week 2024 offers a forum for innovators, investors, tech enterprise leaders and visionary entrepreneurs to meet, showcase cutting-edge technologies and collaborate in developing solutions to the world’s challenges. As technology plays an increasingly important role in improving health outcomes, it is unsurprising that healthtech is one of the key themes of this year’s conference. It is exhilarating to see innovative solutions aiding preventative healthcare, redefining treatments, optimising healthcare systems and improving access to medicine being developed at pace. As the legal landscape evolves to match this technological progress, there are a number of key considerations for businesses operating in the healthtech sector.
Data protection
Any businesses with operations in the UK that involve the collection and processing of personal data must ensure that it complies with the UK data protection legislation, namely the UK GDPR (being the retained EU law version of the General Data Protection Regulation ((EU) 2016/679)) and the Data Protection Act 2018. The regime imposes a range of obligations on businesses dealing with personal data, including, among others:
• requirements to provide certain information to individuals;
• requirements relating to export of personal data outside the UK;
• ensuring compliance by third-party data processors;
• IT and physical information security;
• security breach notifications;
• carrying out assessments before using personal data;
• record keeping obligations;
• complying with the rights of individuals to require information to be deleted or transferred; and
• requirements for the appointment of certain officers and/or representatives if specific criteria are met.
Failure to comply with the UK data protection legislation may result in far-reaching implications, including administrative fines of up to £17,500,000, or up to 4% of the total worldwide annual turnover of the business. A breach of data protection legislation may also cause significant reputational damage and detrimental impact to the value of the business.
Many businesses in the healthcare and healthtech sectors rely on analysing datasets, recording and monitoring health metrics or operating within data-rich systems. It is therefore crucial that businesses operating in these sectors carefully assess their data protection obligations and have in place robust policies and procedures to ensure adequate compliance.
Healthcare regulatory regime
Businesses must assess the regulatory regime applicable to them in the relevant jurisdiction(s) and adhere to relevant legislation.
Intellectual property
Protection of intellectual property (IP) is key for any innovative or knowledge-rich business. In addition to the protection of ‘registered’ IP rights (e.g. through the registration of trademarks and patents), businesses should consider whether their “unregistered” IP rights are also adequately protected. Those protections could be achieved through carefully considered licencing arrangements and clear provisions regarding IP ownership where IP is developed by or in collaboration with others. Well-structured and carefully drafted commercial agreements with partners, suppliers, customers, employees and consultants are therefore key in protecting “unregistered” IP rights.
Corporate structure
There are several ways to structure a business in the UK, including by forming a private limited company or a public limited company (plc); by establishing a branch of an overseas entity; or by forming a partnership (whether limited partnership, limited liability partnership or general partnership). The decision as to which structure to use depends on a range of taxation, company law and other legal considerations. Whichever corporate structure is established, it is important that key constitutional documents and principal agreements between the founders are put in place at the outset and carefully considered at key milestones throughout the business cycle.
Liability and risk management
Any business operating in the healthcare or healthtech sectors should understand its liability exposure in providing its services. Adequate risk management strategies including, among other things, taking out appropriate insurance, should be implemented to mitigate potential risks.
Conclusion
The healthtech sector is dynamic and evolving at pace. Both relevant legislation and market practice are also evolving to address the issues emerging with technological progress. It is therefore essential for a successful healthtech business set up or operating in the UK to stay up-to-date with legal developments and ensure compliance.
If you would like to discuss this article in more detail, please get in touch with Orit Rioumine Gold.
