June 14, 2024

Pulse Bliss

most important health challenges

AI and IP: Considerations for medtech

Ryan Phelan, partner and registered patent attorney at Marshall, Gerstein & Borun, examines the intellectual property challenges involving artificial intelligence in the medical technology sector.

Increasingly, artificial intelligence (AI) tools like ChatGPT and GitHub Copilot are reshaping corporate operations. They can boost efficiency, particularly in software development and content creation. Yet, integrating these AI tools poses challenges, particularly in intellectual property (IP) rights. The risk of losing IP rights through AI-generated data is significant, especially in the U.S., where patent laws are strict about public disclosures. This concern is critical for companies relying on AI for innovation and content generation, especially those in the medical device or platform space.

FDA’s definitions of software-based medical devices

The Food & Drug Administration (FDA) acknowledges the rising significance of software-based medical devices, especially those incorporating AI. In its Digital Health Innovation Action Plan (DHIAP), the FDA emphasises the role of digital technology in revolutionising healthcare, citing the growing use of mobile medical apps and fitness trackers. The FDA predicts continued market growth for these devices, necessitating clear definitions and regulations.

The FDA categorises software-based medical devices into two main types: Software in a Medical Device (SiMD), which is embedded software within a medical device, and Software as a Medical Device (SaMD), software used for medical purposes without being part of a hardware medical device. This classification helps to regulate the technology by correctly classifying such technology, and ensuring it meets quality standards and performs as intended. Digital health products in the medical device space, e.g., especially those involving software such as AI, underscore the importance of trustworthy and high-quality software-based medical devices, not only for health and safety reasons but also for various risks inherently brought by AI as a technology.

The landscape of AI risks

Navigating AI adoption requires caution and a comprehensive AI policy. This policy should address the risks of AI tool usage while maximising their benefits. AI integration, like ChatGPT and GitHub Copilot, offers growth opportunities but also poses unique challenges in IP protection. Key risks include:

  1. Loss of patent or trade secret rights: The use of AI can inadvertently result in the public disclosure of sensitive ideas or methods, jeopardising patent protections and trade secrets. This is particularly critical in industries where innovation drives competitive advantage.
  2. Unintended data sharing and privacy concerns: AI systems can inadvertently expose confidential data. This raises serious privacy concerns, especially with regulations like GDPR in place, necessitating stringent data control measures.
  3. Copyright authorship and patent inventorship issues: Legal ambiguities around AI-generated content pose challenges in determining copyright authorship and patent inventorship, leading to potential disputes over ownership and rights.
  4. Inaccurate and faulty outputs (AI hallucinations): AI tools, if not properly overseen, can produce erroneous outputs, which may lead to incorrect business decisions, financial losses, or reputational harm.
  5. Bias and discrimination: AI systems can inherit biases from their training data or algorithms, leading to discriminatory outcomes. This risk necessitates ongoing efforts to ensure AI fairness and inclusivity.
  6. Regulatory and compliance risks: As AI technologies evolve, so do the regulatory landscapes. Companies must navigate complex and often unclear regulations, risking non-compliance and associated penalties. For example, the use of personally identifiable information (PII) with AI tools runs the risk of violating privacy laws, such as the European Union (EU)’s General Data Protection Regulation (GDPR). 
  7. Security vulnerabilities: AI systems can be susceptible to cyberattacks, including data breaches and manipulation of AI algorithms. Ensuring robust cybersecurity measures is critical to protect sensitive data and maintaining the integrity of AI systems.
  8. Dependence and overreliance on AI: Overreliance on AI tools can lead to a lack of critical human oversight, potentially resulting in overlooked errors and a decrease in human skill levels.

By understanding and addressing these key risks, companies can more effectively harness the benefits of AI while mitigating potential negative impacts. This requires a multifaceted approach involving technological, legal, ethical, and operational considerations.

Crafting a robust AI policy

To effectively manage the integration of AI tools like ChatGPT and GitHub Copilot, companies need to formulate a robust AI policy that addresses both current and emerging challenges. Such AI Policy considerations could include:

  1. In-depth data management strategies: Establish protocols for data collection, storage, and usage. This involves classifying data based on sensitivity and ensuring secure data handling to prevent unauthorised access and leaks.
  2. Enhanced IP protection measures: Develop clear guidelines for protecting intellectual property in AI-generated content. This includes identifying potential IP risks and implementing strategies to safeguard proprietary information.
  3. Employee training and awareness programs: Regularly educate employees on the responsible use of AI tools. Training should cover the nuances of IP rights, data privacy, and the ethical use of AI.
  4. Legal compliance and ethical standards: Ensure compliance with relevant laws and regulations, especially those related to data privacy and IP rights. Adopt ethical standards for AI usage, considering the broader implications on society and individual rights.
  5. AI tool selection and vendor assessment: Carefully select AI tools and vendors, evaluating their policies on data privacy, security, and IP rights. Establish partnerships with vendors that share similar values and commitments to ethical AI use.
  6. Regular policy review and adaptation: Continuously monitor the evolving AI landscape and update the policy accordingly. This should include adapting to new legal developments, technological advancements, and industry best practices.
  7. Risk assessment and mitigation plans: Conduct regular risk assessments to identify potential vulnerabilities in AI integration. Develop comprehensive mitigation plans to address identified risks, ensuring business continuity and resilience.
  8. Stakeholder engagement and transparency: Engage with various stakeholders, including employees, customers, and industry partners, to build trust and transparency in AI usage. This includes openly discussing AI policies and their implications.
  9. Feedback mechanisms and continuous improvement: Implement feedback mechanisms to gather insights from employees and users on AI tool effectiveness. Use this feedback for continuous improvement of the AI policy and practices.
  10. Documenting AI decision-making processes: Keep detailed records of how AI tools make decisions, particularly in critical areas. This transparency helps in accountability and troubleshooting should any issues arise.

By creating an AI policy to include these additional elements, companies can better navigate the complexities of AI integration, ensuring a balance between innovation and risk management. This comprehensive approach not only protects IP rights but also fosters ethical and responsible AI use.


As AI technologies increasingly influence the medical sector, developing a comprehensive AI policy is essential. This policy should address current AI integration challenges and anticipate future developments. Proactive AI-related risk management enables companies to fully exploit AI’s potential while protecting their IP and ensuring legal compliance.