JETLaw 2025 Symposium Explores the Future of Healthcare Technology Law – Vanderbilt Law SchoolVanderbilt Law School

By: Rachel Davis ‘25 and Christian Chase ‘26 

On Friday, February 7, the Vanderbilt Journal of Entertainment and Technology Law (JETLaw) hosted its 2025 Symposium, “Evolving Healthcare Technologies: Legal Challenges in AI, Regulation, and Data Privacy.” The event, sponsored by the Houston office of Reed Smith LLP, featured conversations between scholars, industry professionals, and the chief legal & administrative officer of a healthcare corporation on several key facets of the legal landscape of healthcare and healthcare technology.

Following opening remarks by Milton R. Underwood Chair in Law and JETLaw faculty advisor Professor Daniel Gervais, Editor in Chief Madeleine Strasser introduced speakers for presentations on AI/ML in Healthcare.

Alisa Chestler, shareholder and chair of the Data Protection, Privacy and Cybersecurity Team at Baker Donelson, emphasized the importance of AI governance in healthcare, noting that AI use extends beyond treatment into administrative and business processes. She highlighted key legal considerations such as data rights, de-identification, fraud, and regulatory compliance, stressing the need for proactive governance structures.

Barbara Evans, Ph.D., JD, LLM, Professor of Law and Stephen O’Connel Chair the University of Florida, as well as Professor of Engineering and Glenn and Deborah Renwick Faculty Fellow in AI and Ethics at UF’s Herbert Wertheim College of Engineering, presented on key misconceptions associated with AI in healthcare, focusing on the risks of mistake that users fear. Evans posited that AI itself is not the main risk — rather, the complexity of modern systems creates inevitable accidents. Evans further argued for a system-wide approach to risk mitigation by utilizing regulatory frameworks and techniques.

Sara Gerke, an Associate Professor of Law and Richard W. & Marie L. Corman Scholar at the University of Illinois College of Law, presented her forthcoming paper that proposed AI/ML-based medical devices need structured labeling akin to food labeling to ensure transparency. She highlighted distinct challenges these devices pose—such as bias and opacity—and emphasized the FDA’s evolving approach to AI regulation and how it intersects with her findings.

To conclude the presentations, Carmel Shachar, JD, MPH, Assistant Clinical Professor of Law and the Faculty Director of the Health Law and Policy Clinic at the Center for Health Law and Policy Innovation (CHLPI) at Harvard Law School, discussed how Section 1557 of the Affordable Care Act applies anti-discrimination principles to AI in healthcare emphasizing the importance of ensuring that AI algorithms do not reinforce biases. She noted the regulatory uncertainty surrounding AI ethics and emphasized the importance of trust in AI-driven healthcare decisions.

Attendees took a short break for lunch before moving back inside Flynn Auditorium for the Keynote. Chancellor Emeritus and University Distinguished Professor Nicholas S. Zeppos interviewed Keynote Speaker Michael McAlevey, Executive Vice President, Chief Legal and Administrative Officer of HCA Healthcare. Mr. McAlevey addressed major healthcare trends, including demographic shifts, technological disruption, and climate change. He highlighted HCA’s focus on using AI to reduce administrative costs, enhance data utilization, and improve patient care while balancing ethical and compliance challenges.

During the first of two afternoon panels, A.J. Bahou of Bradley spoke with Robert Webster, Ph.D., Associate Provost for Graduate Education and Professor of Engineering, Surgery, and Medicine at Vanderbilt University Medical Center (VUMC), Sarah Thompson Schick, FDA Regulatory Counsel at Reed Smith, and David Simon, an Associate Professor of Law at Northeastern University. Dr. Webster outlined the shifting regulatory landscape for AI in medical devices, noting the FDA’s preferential transition from the 510(k) approval process to de novo applications. He stressed that regulatory ambiguity makes compliance challenging for emerging technology companies.

Schick noted that during the application process, it was often necessary to educate the FDA on AI applications and integrating continuous quality improvements in AI-powered medical devices. She highlighted that, although not a requirement for initial approval, it is important for new tech companies to shore up their quality systems and integrate continuous improvement into the product. Simon pointed out the challenges of regulating new consumer-facing AI technologies with medical functions, like Apple’s ECG app and AirPods’ hearing aid functions. He questioned whether the 510(k) process is appropriate for AI-based devices and noted the marketability advantages of de novo approvals.

Dr. Ellen Wright Clayton, JD, MD, Craig-Weaver Chair in Pediatrics at VUMC, Rosalind E. Franklin Professor of Genetics and Health Policy, and Professor of Law, moderated the final event of the day on “Protecting Health Data.” Peter Swire, Professor of Law and Ethics at the Georgia Institute of Technology’s College of Business, and the J. Z. Liang Chair in the School of Cybersecurity & Privacy, noted the baseline usefulness of the HIPAA privacy rule while critiquing its ability to apply beyond “covered entities” as defined by the Act. He noted that, although the U.S. operates on a fragmented data privacy framework, there are flaws and compliance challenges for businesses in comprehensive regimes like Europe’s GDPR. Roy Wyman, Member at the Nashville office of Bass Berry Sims, who focuses his practice on data privacy and security matters, particularly in the healthcare industry, addressed how companies navigate state-level data privacy laws, often choosing between strict compliance and business practicality. He highlighted how AI’s growing role in healthcare demands new approaches to data protection, including the potential use of synthetic data for privacy. Deborah Farringer, Associate Dean for Academic Affairs, Professor of Law, and Director of Health Law Studies at Belmont College of Law, focused on cybersecurity risks in healthcare, noting that medical records are uniquely valuable targets for hackers due to their breadth of personal data. She stressed that many breaches result from human error and called for stronger training and security protocols. Bradley Malin, Ph.D., Accenture Professor of Biomedical Informatics, Biostatistics, and Computer Science, as well as Vice Chair for Research Affairs in the Department of Biomedical Informatics at VUMC, criticized HIPAA’s broad de-identification loophole, which allows companies to sidestep stringent privacy protections. He discussed the challenges of balancing data protection with research needs and noted concerns over the impact of the new administration’s anti-DEI policies on health data research funding.

Rachel Davis is JETLaw’s 2024–2025 Senior Symposium Editor.

Christian Chase is JETLaw’s 2025–2026 Senior Symposium Editor.