Investment in artificial intelligence (AI) is rising fast. The International Data Corporation projects global spending on AI R&D will reach $632 billion by 2028, more than twice the expected total for 2024.
Increasing investment in AI has already led to a precipitous rise in the number of AI patents granted worldwide, which rose from about 8,000 in 2018 to more than 60,000 in 2022.
Companies in the medtech space are particularly active. The U.S. Food and Drug Administration has already approved 107 AI-enabled medical devices this year so far. And the Boston Consulting Group estimates that the healthcare sector, including medtech, will invest in generative AI at “a compound annual rate of 85% through 2027.”
But capturing the potential value of AI in medtech requires navigating several challenges related to data privacy and security and intellectual property (IP).
Below we highlight four important steps medtech innovators can take to set themselves up for success in the AI era.
Get Permission to Use Data
Patient data is essential to the creation of innovative medtech devices. Companies must comply with data privacy rules, which vary by jurisdiction. To ensure compliance, companies should develop consent forms and require patients to sign them before they collect their data for use in AI models.
The types of data collected by AI-powered medical devices vary. To ensure proper consent, companies must customize each form’s disclosures and terms to fit the data collected. For example, if biological data is collected, the consent form should require the deidentification of samples (e.g., replacing personally identifiable information with unique codes).
In addition to data-specific terms, the form should ask patients to authorize the company’s use of the data for research and commercial purposes while relinquishing commercial rights.
Manage Open-Source Risk
Many companies use open-source code to accelerate innovation in medtech, and AI models often incorporate open-source code when asked to write code. That can be great, but it is critical for companies to comply with the terms of use for any open-source code they use, particularly if they intend to secure IP rights for products that incorporate the code.
Most open-source licenses fall into one of two categories: permissive or copyleft.
- Permissive licenses grant users free access to, and unrestricted use of, the code covered under the license. That means anyone can add it to their proprietary code with no obligation to disclose or license the combined code.
- Copyleft licenses also grant free access, but they require users to license any modifications they make under the same terms that govern the open-source code. As a result, companies that combine proprietary code with copyleft licensed code are usually obligated to make the combined code free to the public.
Compliance can be challenging for companies that use code generated by AI models, because these models may often incorporate open-source code in their outputs without saying so. Thus, companies that use these outputs run the risk of building AI-generated code into their products only to find out later that some of the code is licensed under copyleft agreements that make it impossible to secure IP protection for their products.
To avoid this, companies should establish good hygiene regarding use of open-source software (such as tagging AI-generated code during development and using scanning tools to vet AI-generated code). If possible, they should use only company-owned AI models that can identify open-source code, enabling them to make a conscious decision about whether to use it and comply with the relevant licenses if they do.
Ensure Full Ownership of IP
Multiple specialists may contribute to the development of a single medical device. These can include hardware engineers, software developers, data scientists, medical professionals, and others — some of whom may not be employees of the company that is seeking to commercialize the device.
To fully claim ownership of a new device, companies should systematically collect IP transfer agreements, ideally with present-tense clauses, from anyone involved in the development process. Failure to do so can lead to significant problems down the line (especially if discovered during due diligence for a corporate transaction or an enforcement proceeding).
This can get more complicated when AI is involved in the invention process. AI models can generate solutions with little human input. While the AI itself cannot hold IP rights, the people responsible for guiding, training, and interpreting the AI model’s outputs may be considered contributors if they:
- Select the data used for training
- Review and validate outputs or results
- Choose machine learning algorithms and fine-tune parameters
- Write source code
When AI is involved, it is crucial to secure IP rights from all human contributors who directed the AI model’s work.
Choose the Right Path for IP Protection
Medtech companies seeking to protect IP can pursue one of two options: trade secrets or patents. (Note that copyrights can prevent competitors from directly copying code but do not protect the ideas underlying the code.) Both options have benefits and drawbacks, and companies should consider several factors to determine which makes most sense in each situation.
Patents Versus Trade Secrets
To secure a patent, a company must submit a patent application describing the invention in enough detail to enable others to use it. Importantly, most patent applications are eventually published, which means the technical details of the invention are made public regardless of whether a patent is granted. If a patent is granted, the details are always published but the patent holder has an exclusive right to prevent others, even entities that independently invent the same thing, from using it for 20 years.
To qualify for trade secret protection, the IP in question must be unknown to the public, including competitors — and have economic value because it is unknown to others. Unlike patent rights, trade secret rights default to the entity that possesses the confidential information. Trade secrets do not require registration with the government, and they can protect ideas and inventions for an unlimited time. But trade secrets do not prevent others from using the invention if they independently invent it themselves or even reverse engineer it. Moreover, to maintain trade secret protection, companies must take reasonable steps to preserve secrecy and confidentiality (such as implementing nondisclosure agreements and restricting access to sensitive information), and this can be difficult and expensive to execute.
Factors to Consider
When deciding between the two legal protections, medtech companies should consider the likelihood of independent invention and the detectability of the invention. If a competitor is likely to independently develop the AI invention, a patent may be the best defense. But, because many software inventions run on nonpublic servers, identifying competitor usage can be difficult. If a patent breach could be difficult to detect, trade secrets may be the better option.
The rapid evolution of AI technology necessitates a third consideration: the speed of innovation. Patenting takes time. Sometimes, two to three years or more may pass before the application is even examined. And, at the current rate of innovation, obsolescence before patent approval is possible. In this case, establishing a trade secret may be a better defense.
Patent Applications for Inventions Involving AI
Our analysis of United States Patent and Trademark Office (USPTO) rejection rates shows that patent applications involving AI are rejected more than four times as often as applications for inventions that don’t involve AI. Below, we highlight two issues that are particularly important to consider when applying for patents for AI-related inventions.
One, in the era of AI, US courts have upheld the principle that only humans are eligible for patents. But humans can use AI as a tool in the invention process. To ensure this does not jeopardize patentability, companies should clearly describe the significant human contributions in their patent applications to establish that the invention is patent eligible.
Two, the USPTO often scrutinizes AI-based inventions because they intersect with “judicial exceptions” — laws of nature, natural phenomena, and abstract ideas. These exceptions aren’t patentable since they are fundamental scientific tools, but an invention can still qualify if it demonstrates “significantly more” than the exception, meaning it offers an inventive concept or practical application beyond merely claiming the exception itself. To meet the bar, patent applications should be scrupulous about proving that the invention demonstrates significantly more than the exception.
One effective strategy for establishing that AI-based inventions are eligible for patents is to clearly describe the AI model’s performance and how it improves on conventional techniques. Including statistical data (such as ROC curves, confusion matrices, and predictive values) can prove the invention is a tangible improvement over prior art. This detailed performance analysis helps position the invention as a novel technical advancement rather than a mere attempt to claim an ineligible judicial exception.
* * *
AI will continue to reshape medtech data privacy and security, intellectual property, regulations, and more. By taking the steps outlined above, companies can safeguard their innovations and position themselves for success as the landscape of AI medtech innovation evolves.
This informational piece, which may be considered advertising under the ethical rules of certain jurisdictions, is provided on the understanding that it does not constitute the rendering of legal advice or other professional advice by Goodwin or its lawyers. Prior results do not guarantee similar outcomes.
Contacts
- /en/people/b/bluni-scott
Scott Bluni
Partner - /en/people/h/havranek-kristin
Kristin Havranek
Partner