The trial of Barry Cadden, former co-owner and head pharmacist at the New England Compound Center (NECC), began last week, with opening statements occurring on January 9. In 2012, steroids manufactured and distributed by NECC allegedly led to 64 deaths and another 750 illnesses. A 2014 indictment charged 14 individuals affiliated with NECC with various crimes relating to the tragedy, the most serious of which were second degree murder charges relating to 25 deaths brought against Cadden and Glenn Chin, the supervisory pharmacist at NECC.
Prosecutors and defense counsel staked out familiar positions in their opening statements. Assistant U.S. Attorney George Varghese said that the evidence would show that Cadden oversaw operations at NECC and that he cut corners and ignored the welfare of patients because of greed. Defense counsel Bruce Singal, on the other hand, explained that Cadden did not work in the contaminated areas that the government claimed caused the deaths and illnesses, and that prosecutors were attempting to blame Cadden for the actions of lower-level employees.
These are familiar arguments that have occurred in other health care-related prosecutions of high-level executives. Prosecutors typically allege that the executives were directly in charge of the illegal activities and acted motivated by greed. Defense counsel counter with the “rogue employee” defense, blaming low-level employees who acted outside of company standards. In recent such trials, the defense has been largely successful, such as in the trial of William Facteau and Patrick Fabian. A jury acquitted Facteau and Fabian of felony charges after they contended, in part, that low-level sales employees acting outside of company guidance were responsible for the off-label marketing at issue in the case.
The ability to blame lower-level company employees acting outside of their directives is one of the primary reasons for the difficulties faced by the government in prosecuting high-ranking executives, in health care and other industries. The Cadden trial is worth watching to see if the extraordinary circumstances of the 2012 deaths causes a jury to reach different conclusions regarding the culpability of corporate executives.
Recent events in the health privacy realm have demonstrated that the consequences of health data breaches are becoming increasingly severe. In late August, the U.S. Department of Health and Human Services (HHS) announced a settlement between the HHS Office of Civil Rights, the agency that enforces the Health Insurance Portability and Accountability Act (HIPAA), and Advocate Health Care Network (Advocate) under which Advocate, an entity that operates 11 hospitals and over 200 other treatment locations in Illinois, agreed to pay $5.5 million to resolve several data breaches. This amount is the most every paid by a single entity relating to HIPAA violations.
The data breaches addressed by the settlement affected the electronic protected information (ePHI) of approximately 4 million patients. Two of the breach incidents involved thefts of unencrypted laptops – the first was a theft of 4 unencrypted laptops containing personal health information from an Advocate administrative office, and the second involved someone stealing an unencrypted laptop containing the personal information of more than 2,200 individuals from an unlocked vehicle. A third component of the breach occurred when an unauthorized third party accessed the network of an Advocate business associate, potentially compromising 2000 patients’ data.
OCR’s investigation found, among other things, that Advocate failed to properly assess data risks and to reasonably safeguard laptops containing health data. Advocate’s transgressions obviously were severe, and it is not surprising that HHS insisted on recovering such a significant amount. HHS likely at the same time was attempting to send a signal that companies without effective safeguards could find themselves with substantial financial exposure even where, as was the case with Advocate, no data misuse has been discovered.
Closer to home, a Massachusetts Superior Court late last year issued a significant decision in denying a motion to dismiss relating to the data breach that occurred at Boston Medical in 2014. That breach involved confidential health data of approximately 15,000 individuals appearing on the insecure website of a medical transcription contractor. Patients whose records were exposed filed a class action lawsuit against Boston Medical and the contractor, seeking, among other things, damages for the unauthorized exposure of their medical information.
Defendants filed a motion to dismiss based upon, among other things, a failure to allege a specific injury, as the plaintiffs had not claimed that their data had been improperly accessed or used. Going against the weight of decisions in similar cases in other jurisdictions, the Court denied the motion and allowed the case to proceed to discovery. Walker and O’Rourke, et al. v. Boston Medical Center Corp., et al. No. 2015-1733-BLS 1 (Mass. Superior Court Nov. 19, 2015). The court explained that it was reasonable to infer, given Boston Medical’s letter informing patients of the breach, that the plaintiffs’ records were actually or likely to be accessed. The court held: “[p]laintiffs general allegation of injury from the data breach, inferring, as I do, that there likely was or will be access to plaintiffs’ confidential medical information by unauthorized persons, is sufficient.” Of course, plaintiffs would likely have to show more after discovery, but the decision is significant in light of its inconsistency with decisions in other jurisdictions, where plaintiffs have typically been required to show more to overcome a motion to dismiss. The prevalence of these types of lawsuits is increasing, and this decision could further encourage such efforts.
These two matters together show that it is more important than ever for health care companies to effectively secure patient data and immediately act when the possibility of a breach occurs.
Last month, following a six-week trial in Boston Federal court, a jury acquitted the former Chief Executive Officer, William Facteau, and the Vice President of Sales, Patrick Fabian, of Acclarent, Inc., a medical device manufacturing and distribution company, of 14 felony counts of fraud relating to the marketing and promotion of medical devices. The jury, however, returned guilty verdicts on 10 misdemeanor counts relating to the same activity. While the strict liability misdemeanor convictions pursuant to United States v. Park, 421 U.S. 658 (1975), have value, the government was unsuccessful in clearing the high hurdle of criminal intent necessary to prove the felony counts.
Set in the often confusing world of “intended use” of medical devices, the trial addressed the marketing of a device approved for maintaining an opening in a patient’s sinus but allegedly promoted as a steroid delivery device. The government argued that the company designed its off-label marketing campaign to drive up its acquisition price. In its case-in-chief, the government offered testimony from: doctors who claimed that the company’s marketing focused exclusively on the device’s off-label use; sales representatives who testified that they were trained to concentrate on the off-label use in marketing; and FDA officials who explained that the company failed to inform FDA of adverse events occurring in the company’s studies.
The jury concluded that this evidence was insufficient to sustain the government’s burden of proof on the conspiracy, securities and wire fraud, and adulteration and misbranding charges that made up the felony counts. This result is not particularly surprising. As a former Federal prosecutor who brought one of the largest off-label cases ever against Pfizer, I know that, in attempting to hold medical device and drug company executives criminally culpable for off-label marketing, it is very difficult to connect the statements and activities of individual sales reps to a particular executive. Among other things, the “rogue sales rep” argument is typically made by the defense and often is very effective.
Of course, coverage of this verdict has partially focused on the Department of Justice “Yates memo,” which directed Federal prosecutors to focus on convicting individuals within culpable corporate defendants and stated that disclosure of responsible individuals would be an enhanced factor in measuring corporate cooperation. As I’ve previously stated, such convictions were consistently the focus before the Yates memo, yet they proved difficult. Even the Yates memo discussed the difficulties inherent in proving the criminal intent of senior officials within large and diffuse organizations.
Nevertheless, the government’s misdemeanor convictions in this case are valuable. These convictions occurred pursuant to the Park doctrine, referring to the case in which the U.S. Supreme Court stated that a responsible corporate officer could be criminally culpable without a showing of intent if that person had the ability to either prevent or rectify the allegedly criminal activity or circumstances. Under the Food, Drug, and Cosmetic Act, misdemeanors are punishable by up to one year imprisonment and a limited fine. In the past, Park prosecutions have sometime led to several month terms of imprisonment for corporate executives and, perhaps more important, substantial terms of exclusion from Federal contract activity.
In holding medical device and pharmaceutical executives strictly liable in this manner, the government can be said to encourage such executives to ensure that their companies have robust compliance programs that effectively avoid situations in which an executive can be held criminally accountable. The question is whether the government going forward, having failed to convict health care executives of felonies in several trials in a row, should focus more on misdemeanors, and, recognizing the difficulties addressed in the Yates memorandum, de-empthasize charging felonies in difficult medical device and pharma areas like off-label promotion.
Perhaps the answer is to concentrate on misdemeanors in doctrinally and factually complicated areas such as off-label, and focus felony charges in cases in which a company or individual releases bad and/or unsafe product to the market. That is already happening to an extent, and occurred on a large scale in the prosecution of GlaxoSmithKline, a case I helped to bring.
Based on Mr. Josephs’s expertise in these areas, the Law Office of Mark L. Josephs is available to rigorously defend individuals or corporations that are the subject of government enforcement in FDA-related areas.
P.S. Kudos to Frank Libby, my good friend who did a typically excellent job defending Mr. Fabian at trial.
A Miami grand jury late last month returned an indictment in a Medicare fraud investigation that involved approximately $1 billion in fraud, the largest such fraud case every brought by the United States. The Miami Medicare “Strike Force” was responsible for bringing this case, which involves elaborate kickback schemes, falsification of documents, submission of false claims to Medicare and Medicaid, and, tragically in some cases, the abuse of elderly Medicare beneficiaries who were cycled through nursing homes and assisted living facilities whether they needed to be there or not.
The Department of Justice created Medicare Strike Forces in two major cities approximately 10 years ago, and the Affordable Care Act provided $350 million to bring Strike Forces to seven more cities. These Strike Forces involve placing criminal fraud attorneys from the main Department of Justice in Washington within U.S. Attorney’s offices to assist Assistant U.S. Attorneys in bringing health care fraud cases or to bring cases themselves.
The indictment in this case (No. 16-20549 (S.D. Fla.)) makes for interesting reading. It describes elaborate kickback, bribery, and other fraudulent schemes involving a network of health care entities owned by the primary defendant, Philip Esformes. Mr. Esformes was reportedly worth over $75 million, and the forfeiture allegations tie him to several large homes and expensive personal property. As is typical in these large fraud cases, some details are salacious – in this one, Mr. Esformes allegedly used fraud proceeds to fly escorts to meet him at a Ritz-Carlton in Orlando.
This indictment shows that DOJ’s Medicare fraud efforts continue unabated, using the increased funding from the Affordable Care Act to continue the work that has led to the convictions of approximately 2000 defendants and the return of billions of dollars to the government. There currently is no Strike Force in Boston, as the historical strength of the health care units in the United States Attorney’s Offie here perhaps have caused officials to feel that a Strike Force commitment is unnecessary. But that of course does not mean that placement of a Strike Force here could occur in the future, particularly given the large health care industry presence in Boston. Nevertheless, prosecutors here are surely on the look-out for opportunities to bring important cases in this area.
Both the Federal and state governments have recently stepped up their efforts to address kickbacks and fraud in home health care. Home health care has become more and more prevalent as hospitals shorten patient stays. The home health area is in some ways the Wild West of health care, in that there are many different types and sizes of providers, and unscrupulous fly-by-night agencies try to take advantage of Medicare, Medicaid, and beneficiaries. The OIG alert discusses payment to physicians for Medicare beneficiary referrals and other kickback violations, as well as fraud issues such as medically unnecessary services. Enforcement efforts in this area may be a whack-a-mole situation, but these efforts are worth monitoring.
Should a home health care provider or physician need representation involving government enforcement in this or other areas, the Law Office of Mark L. Josephs is extensively experienced and ready to provide outstanding services.