Bethany Corbin - Hello and welcome to the CLE titled, Paving the Yellow Brick Road for Women's Health: Legal Considerations in FemTech. I'm Bethany Corbin, Senior Counsel at Nixon Gwilt Law. And I'm thrilled to talk with you today about one of my favorite topics, which is female health technology, or as it's more commonly known, femtech. Now I work extensively in the healthcare innovation and startup industries. And as part of my work, I service numerous femtech clients that are looking to revolutionize women's healthcare. And this has led me to research and study the femtech industry for about five years now on both legal and ethical levels. And I'm very excited to share my passion and my insights with you today.
Now the femtech industry as a whole, is rapidly growing, but it's actually not a topic that you hear in everyday conversations yet. So, whether you're a femtech expert or you've never heard the term before today, I really hope that you'll share the insights that you learn here, in order to help promote women's health going forward. To that end, I want to give an overview of the presentation and the outcomes that I hope you'll take away from today's discussion. So this presentation is really focused on examining, not only the background and the evolution of the femtech industry, but also the key legal challenges and considerations that femtech startups face today. And also how attorneys can help clients in the femtech industry really achieve their goals. And this presentation is therefore going to be divided into three main parts to make sure that we're able to cover and tackle all of these topics.
So, first I'm going to provide an overview of the femtech industry, which will include a short discussion of femtech's evolution, the current status of the femtech market and the anticipated growth in the femtech industry. And this portion of the presentation is really intended to paint a high level picture of femtech trends and to provide a foundation for our discussion on legal challenges that exist in the femtech industry. The second part of the presentation will then discuss three key legal considerations for femtech startups. The first of which is corporate formation requirements for femtech companies. Second is device accuracy and Food and Drug Administration or FDA regulation. And then third is data privacy laws. And finally, I'll then conclude the presentation with a few quick strategies for helping to advise femtech companies on these legal considerations.
So let's jump in. I wanna start first by really defining the femtech landscape and helping everyone to understand how the femtech industry has developed and really what makes this unique from other healthcare startup industries. So this begs the question first of, what exactly is femtech? Well, as I mentioned, femtech is short for female health technology, and it's really a subdivision of the medical technology field in which healthcare applications are being designed to address certain healthcare needs or problems. Specifically, the femtech industry uses digital healthcare products and applications, which can include software diagnostics and other types of technological services to really address healthcare issues that are unique to individuals who identify as female. And some common femtech products that are on the market today that you've probably heard of, include applications like Clue, Glow and Flo. It also includes Kindbody, Elvie, Maven Clinic was one of the first unicorns in femtech, Natural Cycles and Thinx are also common names in this industry today.
At the broadest level, femtech really includes any type of health tech solution that's addressing a problem in women's health. Now this can be very broad so that it includes anything from reproductive, menstrual and sexual health, to things like oncology, bone health, mental health, cardiovascular health, and autoimmune diseases. So while femtech is theoretically this very broad industry that's focused on all aspects of women's health, over 50% of the femtech companies that are on the market today have actually taken a very narrow view of women's health. And they're only addressing things like menstruation, maternal health, fertility, and sexual wellness. And there's a study by FemTech Focus, which is a nonprofit organization in the femtech industry, and it found that less than 1% of femtech companies are actually addressing chronic women's health conditions today. Now, by having so much of the femtech industry focused on reproductive health, there's actually been a conflation of women's health with reproductive health. And the problem with that is that it risks ignoring a lot of the broader health issues that women face on a daily basis. And it also excludes women who are not in the childbearing stages of their lives, and it can exclude those who are not menstruating.
So going forward, really one of the main goals for femtech is to expand beyond reproductive health. And this also includes tackling things like menopause, hormonal health, breast, and uterine health, and starting to move into more chronic care conditions for women, such as ovarian cancer and other types of cancer that impact a lot of women. Now, before I talk further about the growth of the femtech industry and the specific social and ethical implications that are involved with this technology, I wanna pause quickly and talk about what actually led to the creation of the femtech industry in the first place. And this is really important because whenever we're talking about the legal considerations for the femtech companies and startups, we'll start to see how we need to be addressing these goals, how these companies are trying to further these goals that led to the creation of this industry in the first place. So the femtech industry largely arose from the need to have tailored solutions for women's health and from a desire to give women autonomy to make decisions about their bodies. There has been an actual increase in the demand for personalized female healthcare treatments and procedures over the past couple of years. And this has really propelled female-centric health technology to evolve and to push the boundaries for women's health and wellness.
Now that said, the roots of femtech actually lie in the fundamental health inequities that exist between men's healthcare and women's healthcare. Historically, medical research was focused exclusively on the male body. And this means that our modern understanding of diseases, which includes their causes, their consequences and their treatments, all of that is based on male physiology. And this understanding is then merely extrapolated to women with the assumption that the only physiological differences have to do with women's reproductive systems. And indeed, it's actually women's reproductive systems that have led them to be historically excluded from modern healthcare research. So in 1977, the FDA issued a guideline that banned most women of childbearing potential from participating in clinical research studies. And this really stemmed from the fact that certain drug trials caused serious birth defects. It was actually only in 1993 that the US National Institutes of Health or the NIH, and that's the largest funder of biomedical research, started to require that women and people of color actually be included in federally funded research through the NIH Revitalization Act. During that same year, the FDA also rescinded its 1977 policy that had banned women from participating in clinical studies.
So it's really tempting with that background to think that women have at least been included in modern healthcare research since 1993. That's actually not the case though, because if we look at several audits that have been conducted by the government and other organizations, what we see is that women are still not being included in clinical research to the same extent as men. So, there were some audits in 2001 conducted by the Government Accountability Office, which is the GAO. And those audits concluded that although the FDA was allowing women to participate in clinical trials, the FDA was still not taking into account how a participant's sex could affect the drug's safety or efficacy. One of the GAO audits even showed that eight out of 10 drugs that had been withdrawn from the market because they had caused adverse effects, actually caused those adverse effects much more often in women than in men. Even though that knowledge and those data points had existed, at least four of those drugs were still prescribed much more often to women than to men. And so women's exclusion from modern healthcare research really starts to help explain the difference between men's and women's reactions to drugs. And it also explains why some studies have shown that women are about 50 to 75% more likely to experience an adverse side effect from a drug than their male counterparts.
There was another report in 2005, and it revealed that only 3% of NIH funded research analyzed sex differences. And by about 2015, Congress was actually still calling on the NIH and other federal agencies to start implementing better oversight so that they could ensure continued inclusion of women in health research. It actually wasn't until about 2016, which was the same year that the term femtech was coined, that the NIH implemented a policy that required grant applicants to account for sex as a biological variable in their research designs. And during that same year, the FDA actually created the Center for Devices and Radiologic Health, CDRH, and it had the Health of Women program to address the importance of sex and gender specific issues in the design and the development of medical tech technology. And most recently, in January of 2022, the FDA released the CDRH Health of Women's Strategic Plan to better inform medical device research and regulation for all women. So if we take a step back, what this really shows us is that throughout medical history, the male body has been perceived as the default standard, with the female body being recognized as both an extension of the male body and simultaneously as a deviation from the male norm when it comes to reproduction. Stated differently, what this means is that women have been considered similar enough to men to apply medical knowledge on a one size fits all basis, yet different enough to fully exclude them from clinical trials for a substantial period of time because of their reproduction and hormone fluctuations.
Now, because of that background, both women and society have really started to push back against the limited healthcare data surrounding women's health. So it's from this background that femtech really started to develop. And the rhetoric around femtech is very much about giving women control over their bodies, helping women to understand their personal health and empowering women to talk about their healthcare publicly. All right, so now that we understand how femtech actually evolved, I want to look at where femtech is headed in the near future. So the femtech market is continuing to grow and venture capitalists are increasingly finding that femtech is a very lucrative investment opportunity. In 2021, femtech funding surpassed $1 billion for the first time. So, when we consider that there are more than 3.8 billion women in the world, and that women have massive purchasing power when it comes to household products and also make about 80% of healthcare decisions, femtech has the potential for some huge capital gains going forward. FemTech Focus actually estimates that the market size for women's health in general, is going to be worth about $1.186 trillion by 2027. And the global femtech market is really predicted to reach anywhere from $4 billion to $75 billion by 2026.
If we start to look at the current statistics and changing population dynamics, we also see that femtech is a hugely untapped market at this time. According to PitchBook, as of November, 2021, there were a total of 781 femtech companies, with about 2,674 investors in femtech. FemTech Focus actually projects that by 2027, 35% of the market size for femtech is going to be devoted to chronic conditions and reproductive health. And that about 15% of the market size is going to be dedicated to breast and uterine health. Further, if we consider that by 2030, women between the ages of 15 and 40, will make up about 37% of the world's population and women who are in menopause or who are requiring senior care, will constitute about 38% of the population. It's actually really easy to understand that the femtech industry has a lot of growth potential to serve these populations. And because of that, we're going to start seeing more and more femtech founders coming into the market and seeking legal advice for how to not only start their companies, but how to grow and scale and exit.
Now that said, if we look at research and funding with respect to women's health, we see that it remains pretty low. So despite the fact that femtech surpassed that $1 billion in funding mark for 2021, femtech actually received a very small percentage of digital health funding. In 2020, femtech actually received only 1.8% of all digital health funding. And if we look at femtech funding as a percentage of all digital health funding, femtech's best year was actually back in 2018, when femtech received roughly about 6.6% of total digital health funding. Further, less than about 4% of all healthcare research and development is currently targeted at women's health issues. So we've got a long way to go, but femtech is certainly on the horizon for both companies and investors.
So with this background, it really leads us into the next question of, why is femtech funding so low when we're talking about an industry that is serving half of the world's population? One of the main barriers that femtech companies actually face is that the investment landscape is still heavily male dominated today. So women hold only about 11% of executive positions at Silicon Valley companies, and only about 5% of executive positions at startup companies. Male investors have also historically been perceived as not being receptive to discussions of female health because they view female biology as either disgusting or irrelevant. And so they have historically refused to fund products that do not also cater to male needs. So it's for this reason that there are very few male investors who are willing to listen to pitches for female products, let alone actually invest in them. Now, those male VCs who do actually invest in female startups, I'm sorry, femtech startups, often view femtech really as a tool for consumerism, rather than as an opportunity to reshape care delivery for women. If however, a venture capital firm has female investors, its actually going to be about three times more likely to invest in companies that have female CEOs, which can include femtech companies. And right now, about 80% of femtech companies that are on the market today are female founded and female led.
So when we consider that gender disparity in VC firms, it's actually actively harming investment in women's health. If we look at 2019, for instance, we see that less than 3% of all venture capital investment actually went to women-led companies. And only about a fifth of all of the US venture capital funding went to startups that had at least one female founder. Further, the average deal size for female led or female co-founded companies, was less than half that of male only startups. So, this gender imbalance at the VC funding level really trickles down and directly impacts femtech funding and the femtech products that are being made available to women. And this is why it's so important that femtech startups be well positioned, especially from a legal perspective, with their products and their company, prior to pitching to VC investors who are then going to be closely scrutinizing the legal and the corporate frameworks of these startup companies. So given that femtech companies already have such an uphill mountain to climb with respect to obtaining funding, we've got to make sure that their legal house is in order before they begin to make that climb. And that's really where lawyers can come into play for femtech companies. So, this is our job as legal counsel, it's our responsibility to help our femtech clients really achieve a threshold standard of compliance so that they can operate in line with the very complex regulatory frameworks that govern healthcare. And also, so they have a solid corporate structure that's designed for investment without violating any corporate practice of medicine laws. So this then brings us to the first legal consideration for femtech startups, which is, corporate formation requirements. When a founder wants to start a new company, it's really important for the founder to establish from the beginning, an appropriate corporate vehicle, that's going to be well suited for investment. Founders are also going to want to ensure that they are minimizing their personal liability and that they have a very tax advantageous structure that's designed to carry them into the future.
So one of the most common questions that femtech founders will ask is, what business structure should they create? Now, businesses can assume various corporate structures, such as a sole proprietorship, a partnership, a limited liability company, a corporation, professional corporation, and a cooperative. Each of these corporate structures is going to have benefits and drawbacks. And so it's our job to effectively communicate those pros and cons to the client for their consideration. In general, most femtech entrepreneurs who are looking for long term capital and business success are really going to want structure their business venture as a corporation or a professional corporation, really depending on the founder's background and the relevant state law. Now that said, the limited liability company is also a viable business vehicle here. And a lot of companies actually do use that framework initially.
So I wanna talk now about some of the key benefits and drawbacks to the corporation and LLC structures that you should keep in mind when advising clients on this topic. So first, a corporation is often perceived as being the preferred vehicle for companies that are really interested in obtaining venture capital funding. So a corporation has the key advantage really, of being a separate legal entity from the individuals who own it. This means that the corporation's owners are not going to be personally liable for the corporation's actions or debts. And given that most startup companies are going to be faced with inherent financial instability, having that shield between the corporation and personal liability, can actually be a huge benefit, particularly in the early stages of company formation. Additionally, venture capital firms often prefer the corporate structure because raising capital is generally going to be easier for a corporation than it's going to be for an LLC. Corporations are permitted to raise money through stock sales, which really means that they can make a profit. Further, if a shareholder decides to leave the corporation, the corporation can actually still function and operate. It's not going to be forced to close. Rather the shareholder can sell their share and the other shareholders can come on board at the company and continue its operations at any point in time. So you'll see shareholders really at some points kind of start cycling on or off of the company. And so this makes it very easy for corporations to deal with the flex of shareholders. Now that said, there are still drawbacks to the corporate structure. In particular, corporations must pay taxes on their profits. And sometimes this can result in double taxation. So double taxation occurs when the corporation is taxed once for turning a profit and then taxed a second time when the dividends are paid to the shareholders on tax returns.
For this reason, it's also really important to counsel femtech founders on the difference between an S corporation and a C corporation. C corporations are going to be taxed under subchapter C of the internal revenue code. Whereas S corporations are going to be taxed under subchapter S of the internal revenue code. The C corporation is really the default corporation under the internal revenue services rules. So if a founder wants to be an S corporation, they actually have to elect that status during formation and file the applicable documents in order to actually form an S corporation. In general, though, an S corporation will be more favorable for the avoidance of double taxation. So S corporations really work by allowing the corporation to pass corporate income, losses, deductions and credits, through to their shareholders for federal tax purposes. The shareholders then report the flow through of income and losses on their personal tax returns. And this means that the taxes are being assessed at the individual income tax rates, but that double taxation is being avoided. There are also certain restrictions though, around what companies can become S corporations. So specifically, an S corporation has to be a domestic entity. It must only have allowable shareholders and only up to about a hundred of those shareholders. It can only have one class of stock and it's not otherwise going to be deemed an ineligible corporation. So something like, you know, an insurance company or certain financial institutions. Now a C corporation on the other hand is going to be a separately taxable entity. The C corporation will file a corporate tax return document and will then pay taxes at that corporate level. Then if corporate income is later distributed to shareholders as dividends, that income can be considered personal taxable income. So the C corporation is often going to result in income being paid first at that corporate level. And then again, I'm sorry, income tax being paid first at that corporate level. And then being paid again at the individual level, as part of the dividends.
An alternative to the traditional corporation is actually to form a professional corporation. A professional corporation is sometimes going to be available if an entrepreneur intends to perform certain professional services as part of a business. So for example, the corporation wants to perform medical services. Some states will not permit traditional corporations to provide these professional services. Rather they may require the formation of a professional corporation that's then owned by a shareholder who is licensed to practice in that profession. So for example, a state may require that the provision of medical services be done through a professional corporation that is owned by a licensed physician. As with general corporations, professional corporations typically shield shareholders from general business liabilities. Now that said, each owner of the professional corporation is still going to be liable for their own malpractice insurance. Further, there are often restrictions against professional corporations having shareholders that are not to practice in any given industry. So this means that while the founder herself may be able to provide services for a professional corporation, if she's licensed, she would not be able to accept venture capital money and bring on shareholders through the professional corporation.
So, when determining between the corporation structure and the professional corporation structure, there's a couple of key questions you need to ask. The first is whether or not the femtech company is intending to provide medical services that would traditionally be licensed by the state agencies, things like being a, you know, are you providing medical services as a physician? Those types of things, because that's going to potentially change which structure you use. If you find out that the femtech company is providing medical services, rather than for example, providing just a wearable device that's monitoring basal body temperature, or something to that effect, what can happen is you might have to use that professional corporation structure instead. And so you'll need to look at state law to see whether or not a corporation can be formed for the practice of medicine, or whether the professional corporation is required in those instances. If you have a femtech client who is trying to provide medical services, and the state requires the formation of a professional corporation to provide medical services, in this case, let's say that the femtech founder is a licensed physician, then we have a problem from the pure perspective of, this company wants to grow and scale and take on venture capital investment. But it can't do that with the professional corporation structure.
So that is where we get into the need to create, what's known as an MSO friendly PC structure, so that the founder can receive capital and investments. So, in case you come across a client with this type of a need, I wanna talk briefly about what this structure is, because it's a very unique structure and one that we are seeing increasingly in the healthcare industry. So the MSO PC acronym stands for Management Services Organization and Professional Corporation. In this arrangement, there are three primary actors. The first is the owner of the professional corporation, which in this femtech context, we're in healthcare, so this would typically be a physician. Second, this is the management services organization. And then third, is the friendly professional corporation. So the MSO will be a standard corporation that is able to accept investment and take on shareholders. The MSO is really designed to provide administrative, managerial, operational and technical services to the professional corporation. In the healthcare context, the MSO will generally provide any type of nonclinical services to that professional corporation through a management services agreement. And this agreement generally provides that the MSO will supply any type of nonclinical infrastructure, such as for example, a telehealth platform, electronic medical record systems, those types of things, to the professional corporation in exchange for a fair market value management fee. Because of this structure though, the MSO's revenue fee is going to be highly dependent on the revenue that the professional corporation makes. So, if the professional corporation doesn't make any money, the MSO cannot recoup its management fees. The friendly professional corporation is the entity through which any type of patient care and clinical services are provided. So all billing of the clinical services is going to occur through this professional corporation. The professional corporation is called friendly because the MSO's income and profitability are highly reliant on the professional corporation's success.
So, the success of the PC is really of primary importance to all of the parties in this arrangement, so it's a very friendly arrangement. And this means that the MSO and the PC, including the PC's owner, are going to actually very closely together to help the PC provide high quality services and to also help the PC operate in a manner that's going to actually generate a profit. The great thing about the MSO friendly PC model is that it will allow investors to invest in the MSO, because remember that MSO is a traditional corporation, and then it will allow the MSO to work closely with the PC to provide those profitable services and have the revenue flow back to the MSO through a management fee. And this structure can be very helpful and is really going to be something you'll want to consider if you have a femtech client or company that's looking to provide actual clinical healthcare services. So for example, a femtech founder may want to provide telehealth services to women with respect to fibroids or uterine care, in multiple jurisdictions. So this model is very scalable and there are actually some MSO PC frameworks in existence today that are operating in all 50 states.
Now, the reason that we have to have the MSO PC model sometimes whenever we want to have a professional corporation providing clinical services, but also one that can attract investment, is because of what's known as the corporate practice of medicine laws in the United States. So these laws prohibit corporations from interfering with the physicians independent clinical judgment regarding the care or the treatment of a patient. Stated differently, the goal is really to ensure that profit motives are not driving patient care outcomes. And as a result, non-clinicians are generally not allowed to own or manage or invest in companies that are holding themselves out as providing medical care. And this is why if you have a femtech client, who's providing actual medical services as a clinician, this MSO friendly PC model could be a very viable corporate structure for investment and scalability.
Now, as I mentioned before, femtech companies that are not providing direct clinical services, but instead are, creating and selling products, like a period tracker, the standard corporation would probably be the best route to go and be sufficient in those cases. So this goes back to what I said earlier, it's very crucial to know and understand your client's business model before you actually propose a corporate framework. Now, the last corporate framework that I'm going to discuss here for femtech clients is the limited liability company or the LLC. So, because most femtech companies are really looking to obtain investment in capital in the future, the corporation structure really works best in most situations. That said, an LLC can still be a good option for founders that might be seeking lower tax rates than what's currently available for corporations. An LLC will permit profits and losses to actually pass through to the founder without incurring any type of corporate tax. And like the corporation, an LLC generally will protect an entrepreneur from personal liability for the LLCs debts. Now, one drawback to the LLC is really that any change in membership can result in the LLC needing to dissolve and reform, which actually makes it more difficult to then transfer ownership than it would otherwise be with a corporation.
All right, so once your client has decided on a corporate business structure, the next step is to determine where to file for incorporation. You should really be encouraging your client to think carefully about their target audience and jurisdiction here. Statistically speaking, a significant number of businesses do elect to incorporate their companies in Delaware. Delaware has the advance of being a tax haven, which means it does not collect any income tax if the corporation is simply registered in Delaware, but is not doing business in Delaware. Similarly, Delaware does not require shareholders to pay taxes on their shares if they don't actually reside in Delaware. Another benefit of the Delaware is that it has a Court of Chancery, that's actually dedicated to resolving cases against corporations, and it has a comprehensive body of corporate law. So, this can mean that the outcome for lawsuits and litigation can actually be a bit more predictable in Delaware. And indeed, most angel investors and venture capitalists actually prefer for their founders to incorporate their companies in Delaware. Now, the drawback to incorporating in Delaware is that founders may be required to pay a franchise tax that's based on the value of the shares in the company. And Delaware also require the filing of annual reports regarding the business. Additionally, filing in Delaware is also often more expensive than filing in a lot of the other jurisdictions.
Another option to Delaware that's also seen as corporation friendly at this time, is Nevada. So like Delaware, Nevada has no corporate income tax. It does not tax corporate shares. And it has an established business court that can handle corporate litigation. Nevada also does not have a franchise tax. And finally, after your client has decided where they wanna incorporate and you've helped them submit the incorporation paperwork and that paperwork has then been approved by that state's Secretary of State, you'll want to ensure that your client drafts any necessary bylaws and board approvals, and also that your company obtains a federal employer identification number, or an EIN. An EIN is a nine digit number that is issued by the Internal Revenue Service. And it's used for identifying businesses. A founder is really going to need an EIN from a practical perspective, to be able to open any bank accounts, hire employees and obtain financing. And the IRS actually has an online EIN application that is very fast, easy to use and user friendly.
All right, so that concludes the first legal consideration for femtech companies. The next legal consideration that I want to talk about for femtech startups really has to do with data accuracy and FDA regulation. So this is particularly important for any femtech clients that are creating or selling products such as applications, wearables, and devices. If your client is creating an application wearable or device, or other type of technology, you're really going to want to ensure that they're compliant with all of the rules and regulations from the FDA. That said, what you're often going to find is that the types of femtech products on the market today, and those that are being developed by founders on a regular basis, are oftentimes not going to be subject to FDA scrutiny, and they're oftentimes not going to require clinical trials or other types of proof that the device or product is accurate before going to market. So, this means that femtech companies and their products can oftentimes fall into a regulatory gray space that can create data accuracy headaches.
So let's talk first, a little bit about an overview of the FDA and the types of devices that the FDA is regulating. In 1938, Congress passed the US Federal Food Drug and Cosmetic Act, FDCA, which has been amended since then a couple times. And it's granting authority to the FDA to monitor and oversee the safety of food, drugs, medical devices, and cosmetics. And of the most importance to femtech clients is really whether their device or their product is going to qualify as a medical device under the FDCA, such that it would then be subject to FDA enforcement and review.
So the 1976 amendments to the FDCA required that all medical devices be classified into one of three categories. Class I devices are those devices that do not require any type of pre-market approval or clearance, but they're still subject to general FDA controls. And this often surprises a lot of people, but something as simple as dental floss, that is a Class I device that is subject to general FDA controls. Class II devices are those devices that use the 510 approval process. And so, for example, what might be included here would be something like hearing aids. The 510 approval process is essentially a pre-market submission to the FDA to demonstrate that the device is going to be safe and effective to another device that's already being legally marketed. So in other words, you're showing that there's a substantial equivalence between your client's device and a device that's already on the market today. To do this, the submitter really has to compare their device to one or more similar devices on the market. Class III devices are then those devices that are approved by a pre-market approval or PMA process, which is been very similar to something like a new drug application. And these are your high risk devices that are often implanted into the human body, or that are necessary to sustain human life. The PMA process is really the FDA process of scientific and regulatory review to evaluate a device's safety and efficacy. And for these Class III devices, the FDA has determined that the general and specific controls that it imposes, those controls alone are not going to be sufficient to ensure safety and efficacy for these devices. So the PMA pathway then is required and it's the most stringent type of device marketing application that the FDA has in place today.
So where does this leave femtech products within this scheme of FDA regulation? Well, a lot of the femtech products on the market today are applications or wearable devices. So because of the widespread adoption of software technologies for applications, mobile devices and wearables, and this includes mobile medical apps, the FDA has indicated that it's going to exercise what's called enforcement discretion for those devices that it deems to pose minimal risk to patients and consumers. So for example, femtech devices that help patients or consumers manage their disease, or track their conditions without actually providing specific treatment suggestions, those would most likely fall within the enforcement discretion category. Similarly, femtech apps that are providing educational information, things like appointment reminders, motivation to take medication, those types of functions, again, not offering clinical advice, those will also usually be subject to enforcement discretion. Meaning that the FDA is not going to review the safety and efficacy of those devices very closely. So it's really important kind of at the outset to help your client analyze which classification of device, if any, depending on the femtech client's business model, that their product is going to fall into and the applicable regulatory pathway that's going to be required prior to approval and launch. Today, though, as I mentioned, a majority of these femtech applications and products that are available, are not subject to FDA enforcement, or their products for which the FDA is exercising enforcement discretion. This means then that a substantial number of these devices and these products are essentially kind of unregulated. They haven't had a lot of oversight with them, and oftentimes they don't have a lot of data that supports their accuracy, efficacy, or safety. And indeed some of these products have actually been scientifically proven not to work, yet they're still on the market today.
So for example, there was a 2016 study that was published in the Journal of the American Board of Family Medicine. And it reported that popular period tracking apps failed to accurately predict when women will be the most fertile. This data was then confirmed in a 2018 study by a gynecologist who conducted a review of calendar based and calculable thermal apps reliability in predicting fertile cycle days in ovulation. And this study was published in the Frontiers in Public Health. And it found that this type of retrospective methodology is being viewed as inadequately reliable, given that menstrual cycles and ovulation days vary from month to month, which has actually been a fact that's been scientifically known since about the 1930s. Now, unfortunately, this is the methodology that is still being employed by hundreds of femtech fertility apps are on the market today. None of the apps that were examined as part of that study actually considered the full variation of cycle characteristics. And most of the apps were actually inaccurate by more than a couple of days. Similarly, there was a study in 2000, that found that only 30% of women had a fertile window that even fell within the 10th to the 17th day average, which actually made ovulation prediction based on tracking and algorithms exceptionally unreliable. Further, there was another study in 2018, which was conducted by Current Research and Opinion. And that study reviewed 73 menstrual cycle apps, and it found that none of them could correctly predict ovulation. And in fact, the best app had a score of only 21% accuracy. Researchers at Columbia University Medical Center also arrived at a similar conclusion, after they studied 108 femtech apps. And they found that 95% of the free smartphone menstrual cycle apps were inaccurate. Unsurprisingly, very few of these apps have had any type of involvement or oversight from federal regulatory bodies, or from health professionals. And very few of them also cited medical literature. Now just because the devices had regulatory oversight doesn't mean that it's going to be an accurate device. There's actually been some controversy over FDA approved femtech devices and most well known is Natural Cycles.
So Natural Cycles was the first hormone-free FDA approved digital contraceptive. And it actually created inaccurate predictions that led to 37 Swedish women reporting unwanted pregnancies. So, when we take a step back and look at this, these aren't great statistics for an industry that's trying to revolutionize women's healthcare. It's really hard to control the quality of femtech devices that are on the market and consumers, frankly, don't have the tools or the knowledge to compare femtech devices based on accuracy and reliability. So it's really important to stress to femtech clients at the outset, the importance of data accuracy, even if the regulatory bodies are not overseeing these devices. And part of this reason is that, if we fail to prioritize accuracy and fail to encourage our clients to prioritize accuracy, a large number of femtech devices are going to fail women because they're not accurate. And so they're not promoting the necessary developments in women's health, and they're gonna cause women to lose trust in the very technology that could one day save their lives. Further, the fact that we have in accurate devices on the market also has an unintended impact on providers. So more and more physicians are saying that they're being inundated with data. Their patients are tracking health and wellness data across numerous platforms. And then they're sending that data to their physicians. And physicians aren't really sure what data they legally have to look at and consider at this stage. They're not sure if the data's accurate, they don't have any way to prove that it's accurate. And the consensus really is that it's data overload for providers. So in that sense, if we have femtech products that are inaccurate on the market, femtech is exacerbating that problem by providing potentially inaccurate data to patients, that the patients may then choose to share with their physicians, in which the physicians may then elect to incorporate into their care plan for that patient.
So, we've got some issues here that we've really gotta be stressing to our femtech clients, that not only should they be complying with all of the relevant regulations, but they should also be ensuring that their devices are safe and effective, even if the FDA isn't exercising a very high level of oversight over those products at this time. And that concludes the second legal consideration that I wanted to discuss. And so I wanna move to the final legal consideration now for femtech companies, which is data privacy. So oftentimes as a new startup, femtech companies really fail to prioritize data privacy because they don't believe that they're at a high risk of a data breach. And what that means is that, our femtech clients are looking at privacy as a risk mitigation tool, instead of as a tool that can actually help them achieve greater results and enhance industry partnerships by having a strong privacy framework.
So the first conversation that I typically have with femtech clients, is to sit down and explain the importance of data privacy to them. Specifically when I'm asking my clients why data privacy is important, I'm often receiving some version of this answer. It's legally required and I wanna do the minimum to comply with the law while avoiding a data breach, but I don't have a lot of money. So in other words, I am commonly seeing privacy compliance, being used as a tool for risk mitigation. And while it absolutely has this effect, it can absolutely be used to mitigate risk, that's not the only function of data privacy for femtech companies. And so I explain to my clients that privacy compliance can be really beneficial to an innovation company, because if you have this strong privacy compliance framework in place at an early stage, you've got a twofold benefit. First you're promoting consumer trust in your product, and you're telling consumers exactly how you're using their data and what restrictions and limitations you're abiding by. And second, you are much better positioned to close deals with industry partners and payers faster and secure these high level industry partnerships much more quickly. Because if you don't have a strong privacy framework in place, and these industry partners come and ask you about your privacy framework, you've gotta build it. And building that privacy framework during due diligence, takes time. Some clients, it can take three to four months. And so you've delayed your industry partnership because you haven't built that privacy framework. And so this is also one of the reasons that when femtech companies are pitching to venture capitalists and investors, those companies are really also going to be looking to make sure that the femtech client is safeguarding data to the fullest extent of the law. Because that venture capitalist, investor, industry partner, they don't wanna take on the legal risk with respect to data. So if that femtech client has a data breach or does something impermissible with the data that violates law, venture capitalist, industry partner, does not wanna have that risk come back to them. And so that's why a lot of these deals are getting held up at the due diligence stage because the company hasn't invested in a proper privacy infrastructure to be able to take that partnership and contract to the next level.
The other major concern with data privacy that I see with femtech clients has to do with, the Health Insurance Portability and Accountability Act, which is HIPAA. And so, most of the clients that come through the doors are really wanting to know whether or not they have to comply with HIPAA. And specifically, they're looking at the HIPAA privacy and security rules. And sometimes these clients just assume that they have to comply with HIPAA. They see HIPAA as this overarching federal privacy law, and they assume it applies to them. And that's a misconception because the HIPAA privacy and security rules actually have very limited applicability. And depending on the femtech company's product and business model, a lot of times HIPAA's not gonna apply. And so Congress passed HIPAA in 1966 to really reduce the administrative costs and burdens that were associated with healthcare delivery. And neither of these primary goals were actually directed at privacy. Instead, the privacy rule that resulted from HIPAA was not substantively discussed in the HIPAA statute. Instead, when Congress failed to create a privacy law, the department of health and human services created federal regulatory protections for the privacy of certain health information in certain settings, when held by and entities. And that's what's known as the HIPAA Privacy Rule. And the HIPAA Privacy Rule really sets forth required limitations on the use and disclosure of protected health information, which is called PHI. So while the scope of the HIPAA Privacy Rule might appear to be really broad, it's actually limited to healthcare organizations that qualify as covered entities. A covered entity is any health plan, healthcare provider processing standard transactions, or healthcare clearinghouse, as those terms are statutorily defined. In 2009, the Health Information Technology for Economic and Clinical Health Act, which is the HITECH Act, expanded HIPAA's provisions to business associates, which include persons or organizations that perform certain functions on behalf of a covered entity involving the use or disclosure of PHI. And the foundational principle of the HIPAA privacy rule is that a covered entity or business associate cannot use or disclose PHI, except as either expressly permitted in the privacy rule, or as authorized by the patient in writing. And this also means that the HIPAA privacy rule is only governing protected health information, not all health information.
So it's really necessary to determine if HIPAA even applies to your client at the outset, because that's going to drive some of the privacy frameworks and advice that you give. The answer as I mentioned before, for a lot of femtech companies is no, but there's three questions that you should ask to make that determination. The first question is, is your client a covered entity? So in other words, is your client a health plan, a healthcare provider processing standard transactions, or a healthcare clearing house? Most of the time a femtech company is not gonna fall under any of these categories because they aren't providing health insurance, and they're not a physician or other healthcare provider that's processing standard transactions. And they aren't a third party system interpreting claim data between provider systems and insurance payers. And so, for example, if your client has created a femtech app that uses an algorithm to predict ovulation, a clients probably not gonna be covered under HIPAA because it's not a covered entity. Now where I generally see femtech companies qualifying as a covered entity, is in the following circumstance. The femtech company builds an app or a device that's then used to send data to a healthcare provider for interpretation or analysis, as part of that apps or devices primary function. So because of that integral connection with that healthcare provider and the femtech product and the giving of medical advice, that can oftentimes trigger HIPAA. The second question is, whether your client qualifies as a business associate. A business associate is any person or entity that performs activities involving the use of protected health information on behalf of, or provide services to, a covered entity. So in other words, a business associate is really a contractor of a covered entity that is somehow touching PHI.
So you should ask whether your client is contracted with a covered entity. And if so, is your client processing PHI or accessing or creating PHI on behalf of that covered entity? And do they have a business associate agreement with that entity? Again, most femtech clients are not gonna qualify as a business associate during their early stages of development. They may qualify later when they start doing some of those industry partnerships and contracting with covered entities. And then finally, the third question is if, and only if your client qualifies as a covered entity or a BAA, I'm sorry, the associate with a BAA, is your client collecting protected health information? Because HIPAA only protects and regulates PHI. And PHI refers to individually identifiable health information, which can include demographic data that relates to a person's physical or mental health, the provision of healthcare services to that individual, or payment for healthcare services. And that identifies the individual or provides a reasonable basis for identification. Now data that has been de-identified in accordance with HIPAA's requirements does not qualify as PHI. So if your client collects health data that does not satisfy the definition of PHI, then your client can collect, use and disclose that data without running a foul of HIPAA, because HIPAA does not apply. So, as I mentioned, given these above considerations, most of the time, especially at the startup stage, HIPAA's not going to apply to femtech innovators. Which means that we have a gap in federal regulation for health data privacy for femtech companies.
So I wanna conclude this presentation with just a few concluding thoughts on kind of what we should be looking out for as attorneys to help advise our clients through these three legal challenges. As I mentioned recently, with respect to the corporate structure, it's important to understand your client's business structure, what they are trying to achieve, their business model, what types of products they're trying to create, and whether or not they are providing any type of actual clinical service. That's going to really inform the business model that you choose. Second is with respect to data privacy. Understanding where your client is in the HIPAA determination. Are they an early stage startup that hasn't contracted with covered entities yet? Or are they kind of in a scaling phase? Where they are contracting with covered entities and it's necessary to start building that infrastructure for HIPAA compliance. Also with data privacy, any kind of contracts that your client is doing with vendors, you should be looking at them to ensure that they are not imposing privacy obligations on your client, that the client is not otherwise subject to. So HIPAA obligations can be assumed contractually, even though your client may not be a covered entity or business associate. And so it's really important that you minimize the type of contractual requirements with respect to data, privacy and security. So thank you so much for listening to this presentation.
It has been wonderful talking with you about femtech, and I really hope that we can help to revolutionize the next wave of healthcare for women by providing sound legal advice for these companies. Thank you so much.