Deputy Assistant Attorney General Ethan Davis, who oversees the U.S. Department of Justice Consumer Protection Branch (where this author served for ten years), recently gave a speech at an FDAnews conference on off-label promotion. This speech not only addressed priorities relating to off-label promotion, but perhaps more significantly emphasized aggressive enforcement against companies with severe Good Manufacturing Practices (CGMP) issues that lead to the production and distribution of adulterated and/or misbranded drugs.
In the off-label areas, the DAAG’s speech did not actually plow new ground. The speech, given in the wake of FDA’s continued efforts to address regulatory uncertainty in this area, emphasized that DOJ would devote enforcement resources only in the circumstances of a company making false or misleading off-label statements to prescribers or patients. Frankly, this approach was always the case, beginning with the wave of off-label prosecutions of large companies like Pfizer and GlaxoSmithKline that began in the 2000s. Attaching priority to cases of outright falsehoods or misleading statements makes logical sense – a case based on “technical regulatory violations,” as the DAAG put it, besides creating “inefficiencies,” would not be compelling to a judge or jury. As it is, off-label cases involve significant nuance.
Beyond the off-label area, the speech signaled continued enhanced enforcement by the DOJ Consumer Protection Branch of serious current good manufacturing practices (CGMP) violations, including seeking criminal penalties against companies and indictments of individual executives in the worst cases. CGMPs apply to all pharmaceutical companies, and FDA monitors compliance through inspections of domestic and increasingly foreign producers and distributors. Products manufactured inconsistently with CGMPs are by definition adulterated and violate the Food, Drug and Cosmetic Act. The largely analogous Quality System regulations affect most medical device producers and distributors, and FDA enforces them similarly. Significant violations in these areas often risk patient harm, and FDA in such circumstances, following issuance of a form 483 at the conclusion of an inspection, may issue a warning letter and/or refer the case to DOJ’s Consumer Protection Branch for civil or criminal enforcement activity.
DOJ has enhanced its enforcement efforts in this area over time, and continued emphasis means that companies should take a closer look at their regulatory compliance efforts and the state of CGMP or Quality System adherence in their facilities. This is particularly true currently for compounding companies, which have the attention of Federal and state governments following the New England Compounding Center tragedy and other, smaller scale instances of patient harm. Responding to a DOJ enforcement action, whether civil or criminal is a risky and expensive proposition. The DAAG’s speech means the industry is forewarned.
The Law Office of Mark L. Josephs recently completed representing a party at trial in a shareholder dispute involving a company that distributed pharmaceuticals and medical devices. The heart of the litigation addressed fiduciary duty and employment retaliation claims, but, not surprisingly, GMP issues lurked. An important issue became the assessing the financial consequences of GMP violations purportedly committed by the former president of the company. The jury learned about GMPs and form 483s, but their eyes glazed over when one counsel ineffectively dove into the weeds of particular violations with an FDA expert. In such cases, a key skill is to bring technical GMP violations to life for fact-finders. This task involves stressing the ultimate purposes of the relevant provisions and describing violations in terms that are understandable and meaningful to judges or jurors without FDA expertise. The jury ultimately reached a verdict in favor of Mr. Josephs’ client and his co-plaintiffs, including on the GMP issues.
In a recent year, approximately 30 percent of FDA inspections led to issuance of 483s. FDA-regulated companies must be aware of and prepared for FDA inspectors to find violations, and must be ready to quickly devise plans to address the violations to the government’s satisfaction. This issue is not a concern only with government enforcement. Despite the Fourth Circuit’s recent holding that GMP issues do not alone establish False Claims Act (FCA) liability, U.S. ex rel. Rostholder v. Omnivore, 745 F.3d 694 (4th Cir. 2014), both whistleblower and government attorneys continue to find ways to bring FCA claims relating to GMP issues, such as alleging misrepresentations to FDA and distribution of products that do not conform with approved specifications.
The Law Office of Mark L. Josephs has the expertise and experience to address GMP issues, whether pursued by the government or whistleblowers. Mr. Josephs is one of the very few attorneys to take a pure GMP enforcement case to trial, and he also brought a ground-breaking prosecution of a large pharmaceutical company relating to GMP violations. He can effectively assist drug or medical device companies address GMP issues of varying degrees of severity and at any stage of the enforcement or litigation process.
A recent Bloomberg article discussed the reduction in FDA’s issuance of Warning Letters to regulated entities. FDA issues Warning Letters in cases of significant, and often repeated, regulatory violations. Warning Letters describe the relevant violation(s) and ask for a response addressing how the targeted entity will fix the issue. Failing to heed or address issues included in Warning Letters can lead to Department of Justice enforcement action.
The reduction in Warning Letters is especially pronounced relating to medical devices, with only one such letter issued so far this year. This is the face of a medical device industry that continues to expand. The rate of FDA issuance of Warning Letters to pharmaceutical companies has also slowed.
The question is whether this is a reflection of the current administration backing off of regulatory enforcement, as has occurred in other agencies, or merely reflective of typical ebb and flow in regulatory activity. Warning letters are a key arrow in the FDA’s regulatory quiver, and any overall reduction that continues unabated has the potential to affect public safety. Time will tell in terms of whether this trend continues or the rate of Warning Letter issuance increases again.
The Law Office of Mark L. Josephs has the expertise, capacity, and key FDA contacts to assist a regulated company address Warning Letters and other FDA regulatory activities, such as Form 483s issued following FDA inspections.
On August 11, 2017, a Judge in the Southern District of Texas sentenced the co-owner of a Houston home health agency to 75 years’ imprisonment for Medicare fraud and illegal kickbacks. A jury had convicted Marie Neba following a two-week trial of health care fraud, payment and receipt of health care kickbacks, making false statements, conspiracy to commit money laundering, and conspiracies relating to the health care crimes. The evidence at trial showed that Ms. Neba and her co-conspirators defrauded Medicare of over $13 million through kickbacks to physicians for authorization of medically unnecessary services, to patient recruiters for referrals, and to Medicare beneficiaries for fraudulent use of their Medicare information. Ms. Reba and her co-conspirators also falsified medical records in order to submit fraudulent Medicare claims.
The 75-year sentence was almost certainly a function of the Fraud provisions of the Sentencing Guidelines, with its severe penalties for high gain or loss amounts coupled with health care-related enhancements. This sentence is excessive – there was no evidence of Ms. Neba’s company causing physical harm to anyone, and while millions of dollars in fraud is a high amount, the debarment accompanying a felony conviction alone would effectively ban Ms. Neba and the other individuals involved in the company from the health care industry. This debarment, combined with a much more modest term of imprisonment, would seemingly serve the interests of the government contained in the sentencing factors of 18 U.S.C. § 3553. It is worth nothing that the sentence for Barry Cadden, whose Massachusetts compounding company caused the deaths of scores of individuals, was only nine years’ imprisonment.
The monetary amounts in the gain/loss provisions of the Fraud section of the Guidelines were revised a few years ago to adjust for inflation, but more needs to be done to trigger reasonable sentences. Now that the Guidelines are not mandatory, the long imprisonment terms created by the gain/loss enhancements increasingly result in the kind of disparity existing between the Neba and Cadden sentences. Further, the 75-year term of imprisonment after trial further dissuades defense counsel from testing the government’s proof at trial, as the results of a loss can be a catastrophic term of imprisonment like Neba’s. These circumstances could help to further reduce the already unacceptably low percentage of criminal cases that go to trial.
The Law Office of Mark L. Josephs has the expertise and experience necessary to assist companies or individuals facing health-care related investigations or prosecutions.
The jury returned a verdict several days ago in the trial of Barry Cadden, the former head pharmacist and president of New England Compounding Center (NECC) in Framingham, Massachusetts. In 2012, contaminated steroids released from NECC caused 64 deaths and several hundred injuries, some severe and ongoing. The disease caused by the steroids, fungal meningitis, was so rare that the Centers of Disease Control required new testing procedures because the agency never previously had reason to test for such a rare disease.
In December 2014, the Department of Justice charged 14 defendants with a wide range of crimes relating to NECC. The indictment included Racketeering charges against six defendants, and these charges included among the predicate acts 24 counts of second degree murder. The murder charges applied only to Barry Cadden and Glenn Chin, a supervisory pharmacist at NECC. As far as this former health care fraud prosecutor is aware, this was the first time that Racketeering and murder charges resulted from a company’s release of contaminated drug products.
At the conclusion of a nine-week trial, the jury returned guilty verdicts against Cadden on the primary Racketeering charge, most of the mail fraud predicate acts that were part of the Racketeering charge, individual mail fraud counts, and certain of the misbranding charges under the Food, Drug and Cosmetic Act (FDCA). The jury returned not guilty verdicts on all of the murder charges, a charge of conspiracy to defraud the federal government, and adulteration charges and certain of the misbranding charges under the FDCA. Sentencing is scheduled for June 21.
After the indictment was returned, the local defense bar was critical of the prosecution, contending, among other things, that the case was overcharged. I agreed. The murder charges were virtually unprecedented in a case like this one, and Racketeering charges had rarely, if ever, been brought in a health care case similar to this one. Of course, unusual facts lead to unusual prosecutorial decisions, and the circumstances of the NECC matter were terribly tragic. A tainted drug product causing one death is very rare – one type of product causing 64 deaths thankfully is unprecedented in recent years.
Without the Racketeering and murder charges, the government could have focused more than they did on the FDCA charges, which are the ones most directly applicable to this situation. Convictions on those charges and mail fraud would have led to just as significant a sentence as Cadden is likely to receive in June.
Even in the tragically unusual circumstances of this case, in which contamination could be seen by the naked eye in test tubes containing the steroid product, proving the extreme wanton disregard for human life to sustain 2nd degree murder charges against the putative head of the company was always going to be extremely difficult. On the Racketeering charges, however, the jury having to convict on only two of the tens of predicate acts that were charged made a conviction perhaps inevitable, and the Racketeering statute provides broad forfeiture authority.
The First Circuit is sure to address this case, as I understand the defense believes there are strong appellate issues on, at the very least, the mail fraud convictions. Glenn Chin is scheduled to be tried next, and Judge Stearns has already begun determining ways to shorten that trial based on the Cadden trial. I suspect that a jury is likely to return similar verdicts as to Chin.
It will be interesting to see whether any health care fraud prosecutors will attempt to at least partially copy the charging pattern here in future cases. More likely, this is a case of unusually tragic circumstances leading to broad and aggressive charges unprecedented in health care fraud.
The trial of Barry Cadden, former co-owner and head pharmacist at the New England Compound Center (NECC), began last week, with opening statements occurring on January 9. In 2012, steroids manufactured and distributed by NECC allegedly led to 64 deaths and another 750 illnesses. A 2014 indictment charged 14 individuals affiliated with NECC with various crimes relating to the tragedy, the most serious of which were second degree murder charges relating to 25 deaths brought against Cadden and Glenn Chin, the supervisory pharmacist at NECC.
Prosecutors and defense counsel staked out familiar positions in their opening statements. Assistant U.S. Attorney George Varghese said that the evidence would show that Cadden oversaw operations at NECC and that he cut corners and ignored the welfare of patients because of greed. Defense counsel Bruce Singal, on the other hand, explained that Cadden did not work in the contaminated areas that the government claimed caused the deaths and illnesses, and that prosecutors were attempting to blame Cadden for the actions of lower-level employees.
These are familiar arguments that have occurred in other health care-related prosecutions of high-level executives. Prosecutors typically allege that the executives were directly in charge of the illegal activities and acted motivated by greed. Defense counsel counter with the “rogue employee” defense, blaming low-level employees who acted outside of company standards. In recent such trials, the defense has been largely successful, such as in the trial of William Facteau and Patrick Fabian. A jury acquitted Facteau and Fabian of felony charges after they contended, in part, that low-level sales employees acting outside of company guidance were responsible for the off-label marketing at issue in the case.
The ability to blame lower-level company employees acting outside of their directives is one of the primary reasons for the difficulties faced by the government in prosecuting high-ranking executives, in health care and other industries. The Cadden trial is worth watching to see if the extraordinary circumstances of the 2012 deaths causes a jury to reach different conclusions regarding the culpability of corporate executives.
Last month, the Department of Health and Human Services Office of Inspector General (OIG) published a Final Rule that added certain safe harbors to Anti-Kickback regulations and modified other safe harbors already in existence. The Anti-Kickback statute, Section 1128B(b) of the Social Security Act, imposes criminal penalties against individuals and entities that knowingly and willfully pay or offer compensation in order to induce or reward the referral of health services reimbursable under Federal health care programs.
Congress and the agency have realized that certain types of financial arrangements that otherwise would create liability under the statute do not present the risk of fraud and abuse and, indeed, may increase efficiencies. Safe harbors were therefore added to the Anti-Kickback statute and regulations. As the scope of the myriad financial arrangements among health entities has only increased, the agency has tried to respond by clarifying and adding the types of activities that should not and will not expose the involved health care providers to liability. In this case, the added safe harbors address certain cost-sharing arrangements and discounted health services.
The still-evolving safe harbor program within the Anti-Kickback statutory and regulatory structure is an excellent example of a government agency attempting to adjust to current business conditions.
The Law Office of Mark L. Josephs LLC has the expertise to advise health care provider entities and individuals regarding whether their existing or proposed business relationships present Anti-Kickback risks. Key to the excellence of these services are the valuable contacts the Office has with OIG senior counsel, whom the Office can contact to assist in the evaluation of a particular client’s circumstances.
A recent criminal and civil settlement between the government and a medical device manufacturer and a recent step taken by the Food and Drug Administration (FDA) together demonstrate the attention medical device companies are increasingly receiving as that industry continues to grow.
Last month, Biocompatibles, Inc., a Pennsylvania-based medical device manufacturer, pleaded guilty to a misbranding violation of the Food, Drug, and Cosmetic Act relating to its marketing of its embolic device called LC Bead. FDA had approved LC Bead as an embolization device designed for placement in blood vessels to block or limit blood flow to tumors and other dangerous growths. The company assured FDA after approval for this sole use that it would not market the product as a drug-delivery device. Nevertheless, Biocompatibles’ distribution company aggressively marketed LC Bead as a drug-delivery device that could increase the level of chemotherapy delivered to liver tumors. Under the terms of the plea agreement, Biocompatibles will pay a criminal fine of $8.75 million and a criminal forfeiture of $2.25 million. The company will also pay $25 million to resolve a False Claims Act case relating to claims that Biocompatibles submitted to government healthcare programs for procedures in which LC Bead was used as a drug-delivery device.
This settlement follows similar cases earlier this year against both medical device companies and executives of such companies, including the recent Massachusetts trial in which the former executives of Acclarent, a medical device company, were acquitted of felony misbranding charges, but convicted of related misdemeanors, in connection with the alleged off-label marketing of a medical device designed to help open sinuses.
Perhaps more important, the FDA recently created a new website for receiving allegations about regulatory misconduct on the part of medical device companies. This website, created after reports that FDA had consistently accepted late adverse event reports from device companies, allows any individual or entity to submit a claim that a medical device manufacturing company or an individual is distributing devices in a manner that violates statutory and/or regulatory requirements. Among the types of violations that FDA listed as examples of reportable allegations are failing to submit required reports or perform mandatory investigations, off-label marketing, failing to list or register devices with the FDA, and importing devices that do not meet U.S. requirements. Establishment of this website potentially will subject device companies to increased allegations of illegal or improper activities, particularly from internal whistleblowers.
The United States medical device industry is large and continues to grow. It is also diffuse, in that small-and medium-sized companies proliferate. In 2015, there were over 7,000 medical device companies in the U.S. alone. Regulating and monitoring such a diffuse industry is challenging, but the events described above show that the attention devoted to device companies is increasing.
The Law Office of Mark L. Josephs possesses the expertise and capability to represent medical device manufacturers and distributors both in addressing government or whistleblower allegations after they occur and in providing compliance services to avoid such allegations in the first place.
Earlier this week, the HHS Office of Inspector General (OIG) issued its largest ever penalty, approximately $3 million, for violations of a Corporate Integrity Agreement (CIA). OIG typically requires a CIA as part of resolution of a False Claims Act case in order for the defendant company to avoid exclusion under government health care programs. In this case, Kindred Health Care, the largest provider of home health and hospice care services in the Nation, assumed a CIA when it acquired Gentiva Healthcare. Gentiva’s subsidiary had resolved a False Claims Act case based upon improper billing of Medicare for hospice-related care in 2012 for a payment of $25 million and agreement to a CIA.
Kindred performed required audits through internal auditors, and these audits found, in 2013 through 2015, that not only had Kindred failed to implement policies and procedures required by the CIA, but also that Kindred’s poor claims submission practices had caused overpayments by Medicare. As a result, OIG assessed a penalty of $3,073,961.98. Kindred subsequently closed 18 of its “underperforming” facilities.
Obviously, Kindred should have done a better job of staying on top of its compliance with the CIA, particularly given that its own auditors were raising red flags. The fact that Kindred had inherited the CIA through an acquisition likely complicated compliance efforts. Given the ongoing consolidation of the health care industry, such circumstances are becoming increasingly common, and OIG clearly is not going to give anyone a pass because a company may have become subject to a CIA through corporate transactions involving a prior False Claims Act defendant.
The frequency of health care-related False Claims Act cases have rendered CIAs a common part of the health care compliance landscape. Every entity subject to one of these Agreements must take seriously its compliance obligations throughout the life of the CIA. The Law Office of Mark L. Josephs has the expertise and capacity to assist in meeting these compliance obligations.
Recent events in the health privacy realm have demonstrated that the consequences of health data breaches are becoming increasingly severe. In late August, the U.S. Department of Health and Human Services (HHS) announced a settlement between the HHS Office of Civil Rights, the agency that enforces the Health Insurance Portability and Accountability Act (HIPAA), and Advocate Health Care Network (Advocate) under which Advocate, an entity that operates 11 hospitals and over 200 other treatment locations in Illinois, agreed to pay $5.5 million to resolve several data breaches. This amount is the most every paid by a single entity relating to HIPAA violations.
The data breaches addressed by the settlement affected the electronic protected information (ePHI) of approximately 4 million patients. Two of the breach incidents involved thefts of unencrypted laptops – the first was a theft of 4 unencrypted laptops containing personal health information from an Advocate administrative office, and the second involved someone stealing an unencrypted laptop containing the personal information of more than 2,200 individuals from an unlocked vehicle. A third component of the breach occurred when an unauthorized third party accessed the network of an Advocate business associate, potentially compromising 2000 patients’ data.
OCR’s investigation found, among other things, that Advocate failed to properly assess data risks and to reasonably safeguard laptops containing health data. Advocate’s transgressions obviously were severe, and it is not surprising that HHS insisted on recovering such a significant amount. HHS likely at the same time was attempting to send a signal that companies without effective safeguards could find themselves with substantial financial exposure even where, as was the case with Advocate, no data misuse has been discovered.
Closer to home, a Massachusetts Superior Court late last year issued a significant decision in denying a motion to dismiss relating to the data breach that occurred at Boston Medical in 2014. That breach involved confidential health data of approximately 15,000 individuals appearing on the insecure website of a medical transcription contractor. Patients whose records were exposed filed a class action lawsuit against Boston Medical and the contractor, seeking, among other things, damages for the unauthorized exposure of their medical information.
Defendants filed a motion to dismiss based upon, among other things, a failure to allege a specific injury, as the plaintiffs had not claimed that their data had been improperly accessed or used. Going against the weight of decisions in similar cases in other jurisdictions, the Court denied the motion and allowed the case to proceed to discovery. Walker and O’Rourke, et al. v. Boston Medical Center Corp., et al. No. 2015-1733-BLS 1 (Mass. Superior Court Nov. 19, 2015). The court explained that it was reasonable to infer, given Boston Medical’s letter informing patients of the breach, that the plaintiffs’ records were actually or likely to be accessed. The court held: “[p]laintiffs general allegation of injury from the data breach, inferring, as I do, that there likely was or will be access to plaintiffs’ confidential medical information by unauthorized persons, is sufficient.” Of course, plaintiffs would likely have to show more after discovery, but the decision is significant in light of its inconsistency with decisions in other jurisdictions, where plaintiffs have typically been required to show more to overcome a motion to dismiss. The prevalence of these types of lawsuits is increasing, and this decision could further encourage such efforts.
These two matters together show that it is more important than ever for health care companies to effectively secure patient data and immediately act when the possibility of a breach occurs.