Digital Millennium Copyright Act (DMCA) – What it Means for ISOs and HTMs
During the last 45 days three separate lawsuits have been filed in Federal courts by Philips Healthcare. These lawsuits are against; 626 Holdings Inc. (Case 9:19-cv-81263-RS), Summit Imaging Inc. (Case 2:19-cv-01745-MLP), and KPI Healthcare Inc. (Case 8:19-cv-01765-JVS-JDE). One of the main claims in each of the above lawsuits is the alleged violation of certain provisions of the DMCA. I have keen interest in DMCA cases because Congress also passed the Computer Maintenance Competition Assurance Act (CMCAA, see below) that allows certain ISO maintenance activities under specific circumstances. The line between violation of DMCA and compliance with CMCAA has a similar metaphorical feel to it as with the FDA’s line between servicing and remanufacturing.
Just a bit of background on the DMCA; In 1998 Congress passed the DMCA to provide adequate legal protection and remedies against the circumvention of technological measures employed by copyright owners to protect unauthorized use of their works and their rights in such works. The DMCA implements the World Intellectual Property Organization Copyright Treaty. The following description was from my Corporate attorney: “Specifically, the DMCA prohibits three types of activity: (1) circumvention of technological measures; (2) trafficking in technology that circumvents technological measures that effectively control access to a work protected by copyright law; and (3) trafficking in technology that circumvents technological measures that protect a right of a copyright owner. 17 U.S.C. §§ 1201(a)(1), 1201(a)(2) and 1201(b)(1). The difference between the two anti-trafficking prohibitions is that the first covers trafficking of a product that circumvents a measure to prevent access to a work and the second covers trafficking of a product that circumvents a measure to prevent copying (or another right granted by copyright law) of a work. Circumvention is defined to include reverse engineering, descrambling, decrypting, and other such actions taken without the authorization of the copyright owner. A technological measure effectively controls access if the measure generally requires the application of information or a process or a treatment with the authority of the copyright owner to gain access. Note that “effectively” does not mean that the protection must be strong or difficult to bypass.”
Congress subsequently passed the Computer Maintenance Competition Assurance Act (“CMCAA”), Title III of the DMCA, as codified in section 117(c), to address the concern that case law and statutory interpretation could destroy the computer maintenance industry. Section 117(c) exempts an ISO from copyright infringement when it copies a computer program while satisfying the following four requirements
(1) the copy is made “solely by virtue of the activation of a machine” that contains an authorized copy of the program,
(2) if the copy is made “for the purposes only of maintenance or repair of the machine,”
(3) if the new copy is not used in any other manner and is destroyed immediately after the maintenance or repair is completed, and
(4) with respect to any computer program or part of the program that is not “necessary for [the] machine to be activated,” the program “is not accessed or used other than to make a new copy by virtue of the activation of the machine.”
So, for what it is worth (spoiler alert: I am not an attorney and the following is not legal advice just my brilliant layman’s opinion), my reading of the DMCA indicates that provided that an ISO or an HTM satisfies the four requirements set forth above and is acting as an agent of the customer, a potential claim under the DCMA for circumvention of software to obtain keys for a password-protection system should be precluded. I do note that this applies only to programs needed to boot up the ultrasound system and make the determination that it works in accordance with original specifications; accessing other software programs is not exempt from copyright infringement under the DCMA.
I don’t envy anyone being sued but these legal actions should prove to be interesting to follow given the amount of attention in the medical device space over the last 3+ years of the FDA Service Docket and the potential these cases may have on future FDA involvement with 3rd Party, and other non-OEM service providers. Stay tuned for updates as I will be tracking these cases. If you want to follow these cases as well, please see the bolded Case #’s above.
Until Next Month,
About the Author, G. Wayne Moore:
A 30-year veteran of the diagnostic ultrasound market Wayne has held senior level positions with several major medical equipment manufacturers, including Honeywell Medical Systems and Siemens Medical Solutions. Wayne has been directly involved in the development and commercialization of more than 15 technologically intensive ultrasound systems. He is widely published in diagnostic ultrasound literature, a sought after speaker at medical imaging conferences, has served as an expert witness in multiple ultrasound litigations, and holds more than 16 United States ultrasound related patents. Wayne obtained his MBA from the University of Denver – Daniels College of Business.
He was elected as a Fellow of the American Society of Echocardiography (FASE) in 2009.
Correspondence: Dave Dallaire
1950 Lefthand Creek Lane , Longmont, CO 80501, USA