Big Data is transforming the life sciences and healthcare sectors. Analysis of massive data sets is bringing new insight into physiological processes, pharmaceutical research, clinical decision support, patient records, outcomes analysis and healthcare program management, among other areas. But the torrent of data—and limits on how it can be collected, used and shared—present unique challenges for data collectors, data users and data subjects, including ownership of data, privacy, cybersecurity, discrimination, transparency in research and financial accountability.

WilmerHale's transactional, regulatory and intellectual property lawyers develop solutions for Big Data issues facing life sciences clients, including pharmaceutical developers, device manufacturers, biotech companies, software developers, healthcare providers, and health plans and their sponsors. From service agreements to FDA applications and incident response planning, we provide the contractual and compliance infrastructure for leveraging life sciences Big Data. We help Big Data clients optimize patient outcomes, increase efficiency of service delivery, boost marketing and accelerate the pace of research, while respecting privacy, proprietary rights, regulatory limitations and industry norms.

Download our Big Data life sciences and healthcare industry fact sheet.

For more information, visit our Big Data page or contact us at

Industry-Specific Issues

  • Innovators are developing interconnected devices and software linked across the Internet of Things to produce a tsunami of health data that must be responsibly and efficiently stored, transmitted, processed, interpreted and protected. This activity is subject to evolving state, federal and international laws; private contracts; professional obligations; and ethical limitations.
  • Privacy and security have emerged as essential elements of any Big Data initiative. And regulators have made clear that advanced analytics can occur only with ever-increasing attention to the ways that health information can be misappropriated or misused.


Recent matters for clients include:

  • We negotiate data-sharing agreements among collaborators in life sciences research projects.
  • We advise covered entities and business associates on HIPAA privacy, security and breach notification compliance requirements.
  • We guided a large pharmaceutical manufacturer through its implementation of Medicare Secondary Payer reporting.
  • We implemented internal guidelines for a pharmaceutical company to track and report payments to physicians and teaching hospitals under the Open Payments provisions of the Physician Payment Sunshine Act.
  • We advised a provider of a direct-to-consumer personal health record solution on the regulatory considerations affecting such entities that operate outside of the HIPAA regulatory regime.
  • We advised a state-sponsored operator of a health information exchange on its federal Department of Health and Human Services grant funding agreement and related compliance requirements.
  • We advise biotech clients on licensing of data and technology from federal agencies such as the Centers for Medicare and Medicaid Services and the National Institutes of Health.
  • We advise software developers operating as business associates on the contractual, intellectual property and regulatory considerations involved in conducting data aggregation and de-identifying and using health information for secondary purposes.
  • We have advised on the patent eligibility of algorithms, software and methods of analysis relating to genetic data.
  • For software startups in the healthcare sector, we developed standards for ensuring that HIPAA-covered information is secured, while ensuring that information is de-identified in accordance with HIPAA standards.
  • For a clinical research sponsor, we negotiated a clinical trial agreement that protects the sponsors' rights to receive and use clinical data within the scope of the IRB-approved informed consent.
  • For pharmaceutical companies, we advised on foreign and domestic privacy and data protection issues in the context of document production in patent litigation.
  • For a large account servicing organization, we conducted regulatory due diligence review in the acquisition of a health claims processing company.
  • For a nonprofit healthcare provider, we investigated and coordinated the remediation, individual notification and regulatory reporting stemming from a loss of computer media containing unsecured health data.