2017 is setting records for the funding of digital health emerging companies according to two recent reports. Two leading digital health stakeholders StartUp Health and Rock Health published separate reports in the last two weeks highlighting the record number of digital health deals, total investments, and number of deals over $100 million—all great news for the thousands of digital health emerging companies making their way in the health ecosystem. StartUp Health is New York-based organization that brings together a community of innovators, investors, and advisors to help health care-focused companies through various stages of development. Rock Health is a full-service fund based in the Bay Area that supports a wide diversity of digital health emerging companies. Interestingly, while the organizations track funding differently, their reports essentially come to the same conclusion—the funding outlook for digital health emerging companies is as robust as it has ever been.

StartUp Health tracks companies that enable health, wellness and the delivery of care through data/analytics, sensors, mobile, internet-of-things, genomics and personalized medicine. It looks at various levels of funding from accelerator to private equity funding. StartUp Health’s Insights 2017 Mid-Year Report shows that 2017 has surpassed previous years in overall funding and number of new and unique investors focused on digital health. Among the highlights of the report:

• Q2 2017 had a total $3.8 billion invested—larger than the total annual funding for 2010 and
• 2011 combined;
• Mid-year funding stands at a little over $6 billion—setting a record for the most funding by the halfway point of any year;
• 10 deals over $100 million in the first half of 2017 (tied for most deals in any full year);
• Approximately 60 percent of deals are considered early-stage (seed and Series A);
• Mega deals are a trend with 4 deals from 2017 making the top 11 of all deals since StartUp Health began tracking funding in 2010;
• As expected, funding is most significant in the Bay Area with the Northeast (Boston and New York City) and Chicago also the focus of major deals and funding. Growing digital health hubs include Austin, Minneapolis-St. Paul, Denver, and Seattle;
• Close to 600 unique investors so far in 2017—almost as many as all of 2015; and
• No IPOs in the digital health space so far in 2017.

Continue reading…

The Department of Health and Human Services (HHS) Office of Civil Rights (OCR) finally announced on March 21 that it is ready to begin Phase Two of its HIPAA audit program, which will include business associates. These audits, mandated by HITECH, will primarily be comprised of desk audits, scheduled for completion by the end of December 2016, followed by onsite audits.

OCR explained it will immediately commence Phase Two by verifying, via email, cover entities’ and business associates’ contact information. The OCR is requesting timely responses, so that it can send pre-audit questionnaires out in order to gather data from covered entities and business associates for the creation of potential audit subject pools. The data will relate to the entities’ size, type and operations. Should covered entities and business associates fail to respond to OCR’s requests, they may still be part of OCR’s potential subject pools because OCR plans to compile publicly available information about covered entities and business associates that do not respond to its requests.

The first round of desk audits will focus on covered entities, and the second round will focus on business associates. The third round will be onsite audits, with a greater focus on the HIPAA requirements. OCR explains that some covered entities and business associates who are subject to desk audits may also be subject to onsite audits. According to OCR, all covered entities and business associates are eligible to be audited. The audits will focus on identifying compliance with specific privacy and security requirements under HIPAA/HITECH, and OCR will notify auditees by letter, regarding the subject(s) of their specific audits. On the HHS website, OCR provides a sample letter for review. Subsequent to the audits, OCR will review and analyze information from audit final reports.

Importantly, if an audit report uncovers significant noncompliance with HIPAA, it could prompt an investigation by OCR. The areas of interest for OCR in Phase Two will become clearer as the Phase Two audit program gets underway, but for now, we know OCR will focus on assessing covered entities’ and business associates’ HIPAA compliance, identifying best practices and discovering risks and vulnerabilities.

More information about the Phase Two audits is available here, and you can also contact Greg Fliszar, Ryan Blaney, J. Nicole Martin or another member of Cozen O’Connor’s Health Law team.