Roman Fayerberg, David J. Dykeman, Todd Basile, Registered Patent Attorneys, Greenberg Traurig LLP07.22.21
Intellectual property due diligence is a critical step of any acquisition or investment process. In our previous MPO column, we provided tips for preparing for and passing patent due diligence. In addition to patents, medtech companies utilize other types of intellectual property, such as software, data protection, and trade secrets to distinguish themselves from the competition. This column provides tips on how to ensure a medtech company’s other valuable intellectual property is ready for due diligence.
Software
As medical diagnoses and treatments evolve, software is moving to the forefront of the medtech industry. The use of augmented reality to assist in surgery, the use of artificial intelligence in diagnostics, and robotic surgeries are becoming more commonplace. For companies in this space, software is an important asset, and the investors will want to make sure proprietary software is adequately protected.
One of the most scrutinized issues in software due diligence is ownership. Companies increasingly outsource development to contractors and adopt customer suggestions for new features and functionality. It may seem natural that the company would own the resulting code and intellectual property, but disputes often arise if ownership rights are not clearly documented. Accordingly, agreements with employees, developers, customers, and end users should each include assignment provisions conveying any ownership rights these parties may have to the company.
Investors also frequently explore how open source software (OSS) and third-party software and libraries (collectively “third-party components”) are used in a company’s proprietary software. It is important for companies to ensure such use complies with the licensing terms and conditions associated with each third-party component, otherwise significant issues could arise. For example, some OSS is subject to copyleft licensing terms that may force software companies to publish their source code and/or provide their software to the public for free. Removing OSS often involves costly redesigns to avoid potential copyright infringement going forward. Companies should track their use of OSS and third-party software and ensure its agreements require developers to adhere to the company’s policies and identify all such software components included in their deliverables.
Another issue is the protection of the proprietary software. In light of the U.S. Supreme Court’s decision in Alice Corp. vs. CLS Bank, it has become more difficult to obtain patent protection for software.
Nevertheless, working with a knowledgeable patent counsel can assist companies to secure patents for its software innovations. To supplement patents, companies should also consider relying on copyrights to protect software code and proprietary libraries or databases.
Data
Medtech companies often derive valuable insights about their products using data collected by connected medical devices. As such, a company’s data can be one of its most valuable intellectual property assets and investors will want to confirm the data is adequately protected.
As with software, one of the most important considerations with respect to proprietary data is ownership. Companies should update their terms and conditions to ensure the company owns all such data, or at least has patients’ permission to use information collected for the purposes envisioned by the company. Because data is often collected from medical devices and may include personal identifiable information of patients, medtech companies should also ensure their software meets data security and privacy guidelines. Non-compliance with privacy regulations such as HIPAA and European General Data Protection Regulation (GDPR) may result in civil or even criminal liabilities, and could become an issue in due diligence.
Trade Secrets
Trade secrets are another valuable asset reviewed during diligence by medtech investors. A medtech company’s success is often attributable to its confidential information and know-how. Accordingly, investors want to see companies implementing strong safeguards and policies to keep valuable information proprietary to the company.
At a minimum, companies should ensure that all employees, contractors, visitors, and potential partners sign written non-disclosure agreements (NDA). A well-drafted NDA will not only require the recipient of confidential information to avoid disclosure to third parties, but also will constrain the recipient’s use of the confidential information to a limited purpose (e.g., evaluating the compatibility of the company’s technology with the recipient’s product). This tends to make recipients more mindful of protecting the company’s information.
Even with such safeguards in place, companies should also implement procedures to restrict access to its trade secrets on a “need-to-know” basis. For example, companies may configure their IT systems so certain technical information is accessible only to engineers or scientists that need such information to perform their job and is not accessible to other departments. Likewise, software-related trade secrets can be protected by providing customers and authorized third parties with access only to application programming interfaces and executable files, and no access to the underlying source code, libraries, and databases where a company’s “secret sauce” typically resides. Finally, if a situation arises when the trade secrets need to be disclosed, for example, as part of a joint venture, the companies should have procedures ensuring that trade secrets are disclosed only to the extent absolutely necessary and only after executing a strong NDA.
IP Licenses
Many medtech companies utilize third-party intellectual property in their everyday business. Typical licensed intellectual property includes patents and software, but all types of intellectual property can be licensed.
One issue that typically arises in connection with IP licenses is the scope of rights granted by the license. For example, a licensee should make sure the licensed field of use and territory cover not only the current, but also contemplated, uses and markets. Other important provisions that typically determine the value of the license are the term of the license, ability of licensee to freely sublicense or assign the license, financial obligations (royalty rates and milestone payments) required by the license, ownership of improvements, and the ability of licensor to terminate the license. A medtech company seeking investment should review its IP licenses and address these issues before they are raised by investors.
Conclusion
To prepare for due diligence, a medtech company should periodically audit its intellectual property assets to ensure that it (1) fully owns its proprietary software, that such software is protected and is in compliance with privacy and cybersecurity laws and practices, (2) has a trade secret policy, and (3) has IP licenses providing the necessary scope of rights that will not be impacted by the investment or acquisition. Finding and fixing potential IP issues ahead of time should help investors gain confidence in the target company and expedite the due diligence process.
Roman Fayerberg is a registered patent attorney with more than 15 years of experience in patent and IP law. He advises clients on procurement and enforcement of IP rights, including domestic and international patents, with the focus on robotics, medtech and life science technologies. He can be reached at fayerbergr@gtlaw.com.
David J. Dykeman is a registered patent attorney with nearly 25 years of experience in patent and IP law and is co-chair of Greenberg Traurig’s global Life Sciences & Medical Technology Group. Dykeman’s practice focuses on securing worldwide intellectual property protection and related business strategy for high-tech clients, with particular experience in medical devices, robotics, wearables, life sciences, and information technology. He can be reached at dykemand@gtlaw.com.
Todd Basile is a registered patent attorney with more than 15 years of combined experience in the tech and legal industries. He helps technology companies protect and commercialize their innovations and brands across various industries including medtech, robotics, and software. He also represents technology investors in M&A deals, negotiates technology transactions, and assists clients in navigating IP disputes. He can be reached at basilet@gtlaw.com.
Software
As medical diagnoses and treatments evolve, software is moving to the forefront of the medtech industry. The use of augmented reality to assist in surgery, the use of artificial intelligence in diagnostics, and robotic surgeries are becoming more commonplace. For companies in this space, software is an important asset, and the investors will want to make sure proprietary software is adequately protected.
One of the most scrutinized issues in software due diligence is ownership. Companies increasingly outsource development to contractors and adopt customer suggestions for new features and functionality. It may seem natural that the company would own the resulting code and intellectual property, but disputes often arise if ownership rights are not clearly documented. Accordingly, agreements with employees, developers, customers, and end users should each include assignment provisions conveying any ownership rights these parties may have to the company.
Investors also frequently explore how open source software (OSS) and third-party software and libraries (collectively “third-party components”) are used in a company’s proprietary software. It is important for companies to ensure such use complies with the licensing terms and conditions associated with each third-party component, otherwise significant issues could arise. For example, some OSS is subject to copyleft licensing terms that may force software companies to publish their source code and/or provide their software to the public for free. Removing OSS often involves costly redesigns to avoid potential copyright infringement going forward. Companies should track their use of OSS and third-party software and ensure its agreements require developers to adhere to the company’s policies and identify all such software components included in their deliverables.
Another issue is the protection of the proprietary software. In light of the U.S. Supreme Court’s decision in Alice Corp. vs. CLS Bank, it has become more difficult to obtain patent protection for software.
Nevertheless, working with a knowledgeable patent counsel can assist companies to secure patents for its software innovations. To supplement patents, companies should also consider relying on copyrights to protect software code and proprietary libraries or databases.
Data
Medtech companies often derive valuable insights about their products using data collected by connected medical devices. As such, a company’s data can be one of its most valuable intellectual property assets and investors will want to confirm the data is adequately protected.
As with software, one of the most important considerations with respect to proprietary data is ownership. Companies should update their terms and conditions to ensure the company owns all such data, or at least has patients’ permission to use information collected for the purposes envisioned by the company. Because data is often collected from medical devices and may include personal identifiable information of patients, medtech companies should also ensure their software meets data security and privacy guidelines. Non-compliance with privacy regulations such as HIPAA and European General Data Protection Regulation (GDPR) may result in civil or even criminal liabilities, and could become an issue in due diligence.
Trade Secrets
Trade secrets are another valuable asset reviewed during diligence by medtech investors. A medtech company’s success is often attributable to its confidential information and know-how. Accordingly, investors want to see companies implementing strong safeguards and policies to keep valuable information proprietary to the company.
At a minimum, companies should ensure that all employees, contractors, visitors, and potential partners sign written non-disclosure agreements (NDA). A well-drafted NDA will not only require the recipient of confidential information to avoid disclosure to third parties, but also will constrain the recipient’s use of the confidential information to a limited purpose (e.g., evaluating the compatibility of the company’s technology with the recipient’s product). This tends to make recipients more mindful of protecting the company’s information.
Even with such safeguards in place, companies should also implement procedures to restrict access to its trade secrets on a “need-to-know” basis. For example, companies may configure their IT systems so certain technical information is accessible only to engineers or scientists that need such information to perform their job and is not accessible to other departments. Likewise, software-related trade secrets can be protected by providing customers and authorized third parties with access only to application programming interfaces and executable files, and no access to the underlying source code, libraries, and databases where a company’s “secret sauce” typically resides. Finally, if a situation arises when the trade secrets need to be disclosed, for example, as part of a joint venture, the companies should have procedures ensuring that trade secrets are disclosed only to the extent absolutely necessary and only after executing a strong NDA.
IP Licenses
Many medtech companies utilize third-party intellectual property in their everyday business. Typical licensed intellectual property includes patents and software, but all types of intellectual property can be licensed.
One issue that typically arises in connection with IP licenses is the scope of rights granted by the license. For example, a licensee should make sure the licensed field of use and territory cover not only the current, but also contemplated, uses and markets. Other important provisions that typically determine the value of the license are the term of the license, ability of licensee to freely sublicense or assign the license, financial obligations (royalty rates and milestone payments) required by the license, ownership of improvements, and the ability of licensor to terminate the license. A medtech company seeking investment should review its IP licenses and address these issues before they are raised by investors.
Conclusion
To prepare for due diligence, a medtech company should periodically audit its intellectual property assets to ensure that it (1) fully owns its proprietary software, that such software is protected and is in compliance with privacy and cybersecurity laws and practices, (2) has a trade secret policy, and (3) has IP licenses providing the necessary scope of rights that will not be impacted by the investment or acquisition. Finding and fixing potential IP issues ahead of time should help investors gain confidence in the target company and expedite the due diligence process.
Roman Fayerberg is a registered patent attorney with more than 15 years of experience in patent and IP law. He advises clients on procurement and enforcement of IP rights, including domestic and international patents, with the focus on robotics, medtech and life science technologies. He can be reached at fayerbergr@gtlaw.com.
David J. Dykeman is a registered patent attorney with nearly 25 years of experience in patent and IP law and is co-chair of Greenberg Traurig’s global Life Sciences & Medical Technology Group. Dykeman’s practice focuses on securing worldwide intellectual property protection and related business strategy for high-tech clients, with particular experience in medical devices, robotics, wearables, life sciences, and information technology. He can be reached at dykemand@gtlaw.com.
Todd Basile is a registered patent attorney with more than 15 years of combined experience in the tech and legal industries. He helps technology companies protect and commercialize their innovations and brands across various industries including medtech, robotics, and software. He also represents technology investors in M&A deals, negotiates technology transactions, and assists clients in navigating IP disputes. He can be reached at basilet@gtlaw.com.