'When it comes to most forms of IP, you don't actually need to disclose patient data to get protection'
The increasing integration of AI into healthcare has brought significant challenges, particularly in intellectual property. According to Aaraf Dewan, senior legal counsel at Volaris Group, one of the primary issues companies face is determining the correct type of IP strategy to protect their AI-based innovations.
"You’ve got patents protecting the functional aspects, trademarks for the logos, and trade secrets safeguarding confidential information," Dewan explains. However, these protections can come at a steep cost, especially for AI startups trying to remain capital-efficient. He points out that startups need to balance IP protection expenditure and other business scaling costs because a poor IP strategy at an early stage can be costly to correct in the future and potentially block a business’s freedom to operate if intangible assets are not appropriately protected.
“Patents are the most expensive form of IP but provide protection for the actual functional aspects of an invention, while copyright, which is much cheaper, only protects the source code.”
Dewan highlights a significant challenge facing AI healthcare companies: patents may provide more robust protection, but they are costlier and complex to obtain, especially when trying to patent software inventions. The complexity increases when patent examiners reject claims because the software mimics human reasoning.
"The most common specific issue with AI inventions is subject matter rejections, where the software is seen as a business method or something people can do in their heads or with pen and paper,” adds Dewan.
This problem is compounded with AI healthcare applications, where algorithms are often used for diagnostics or medical imaging. For companies trying to patent such innovations, it’s critical to demonstrate how the technology impacts real-world outcomes – such as improving patient diagnostic processes.
The challenge extends beyond securing IP. Data privacy is a crucial concern for AI-driven healthcare technologies, as AI algorithms often require large datasets for training. Ensuring patient confidentiality while complying with IP and regulatory requirements presents a complex dilemma.
However, Dewan emphasizes that "when it comes to most forms of IP, you don’t actually need to disclose patient data to get protection." While data privacy is critical, it does not necessarily prevent companies from filing patents or protecting their innovations. The data can often be aggregated, and the AI models disclose without specific patient information.
Dewan says the regulatory landscape is evolving to keep pace with AI developments. In healthcare, regulations have long governed machine learning algorithms, but the rise of generative AI is presenting new challenges. He anticipates increased scrutiny from regulatory bodies like the FDA and Health Canada, especially as generative AI models can "hallucinate" or produce inaccurate results. This makes it vital for companies to ensure that their AI systems, classified as software as a medical device (SaMD), are reliable and capable of meeting the stringent validation requirements set by health agencies.
"You have to really make sure that the outputs are reproducible," Dewan advises, pointing out that reproducibility is crucial for AI technologies that claim to assist in medical decision-making.
Dewan says companies are also navigating the emerging regulatory frameworks that will impact AI healthcare solutions. He notes that a challenge medical technology companies face is balancing AI's capacity to make decisions with traditional medical models, where healthcare professionals remain the decision-makers. While there is a push toward allowing AI systems to take on more decision-making roles, doing so invites more regulatory and legal challenges.
"It’s easier to get regulatory approval when the medical professional is making the decisions," Dewan explains, adding that as AI’s role grows, it may bring heightened liability concerns, especially if the AI makes incorrect decisions.
This regulatory uncertainty complicates the development of AI applications for healthcare companies. According to Dewan, companies must be prepared to clearly define what generative AI in SaMDs can and cannot do.
"You need to ensure that the software is only making decisions it's actually approved to make," he says. This means labelling and documentation must be exhaustive, especially in a field where AI’s capabilities constantly expand, and it’s easy for systems to go beyond their intended uses.
Dewan’s insights reflect broader concerns across the healthcare industry as companies race to integrate AI into their services. Patent protections are becoming increasingly complex to secure, the regulatory environment is growing more restrictive, and data privacy remains a persistent challenge. However, despite these hurdles, Dewan emphasizes that companies with the foresight to invest in robust IP strategies and navigate the evolving regulatory landscape will be well-positioned to capitalize on AI’s potential to transform healthcare.
His advice to startups is clear: prioritize the long-term commercial relevance of their innovations.
“You have to really look at what the industry is like now and what it might be like in 10 to 15 years," Dewan says. He encourages companies to take a gradual approach to IP strategy by focusing on protection that fits the company's size and competitive landscape. Start-ups may be better off concentrating patent registration efforts on mission-critical inventions while leveraging cheaper forms of IP protection like copyright and trade secrets to protect other intangible assets. In contrast, larger companies may wish to build a defensive patent portfolio to improve the company’s freedom to operate and prevent competitors from taking market share. This approach allows companies to remain capital efficient by gradually investing in more costly protections like patents as they scale.
For Dewan, the future of AI in healthcare is bright. Still, it will require legal and technical agility to navigate the complex terrain of IP, data privacy, and regulatory compliance.