Many health care providers rely on a worked relative value unit (“wRVU”) based compensation model when structuring financial relationships with physicians. While wRVUs are considered an objective and fair method to compensate physicians, payments made on a wRVU basis do not always offer a blanket protection from liability under the Federal Stark Law.  As recent settlements demonstrate, wRVU based compensation arrangements that are poorly structured or improperly implemented can result in significant liability.

The wRVU physician compensation model is particularly favored for its low level of risk under the Stark Law, which prohibits physicians from making certain financially motivated referrals. While the Stark Law prohibits physician compensation based on referrals, it does permit physicians to earn certain productivity bonuses for personally performed services.  wRVUs are an accepted method in calculating performance or productivity bonuses for services personally performed by the physician.[1]

How wRVU based compensation can become problematic is illustrated by a recent $34 million settlement between the Department of Justice (“DOJ”) and defendants Mercy Hospital Springfield (the “Hospital”) and Mercy Clinic Springfield (the “Clinic”), an oncology infusion center. After the infusion center was transferred from the Clinic to the Hospital in order to take advantage of inpatient hospital reimbursement and 340B drug pricing, the physicians allegedly wanted to be “made whole” for the compensation they previously earned at the Clinic. The resulting contractual arrangements with the physicians contemplated the provision of a productivity bonus tied to the physicians’ drug administration wRVUs.

However, according to the complaint, “the new work RVU for drug administration in the hospital department” was not calculated based on physician work, clinical expense, or malpractice overhead, but rather was “solved for” by working backwards from a desired level of overall compensation.” Moreover, according to the complaint, the compensation amount for the physician supervision work at the infusion center was approximately 500 percent of the wRVU for in-clinic work where the physician was actively involved in patient care. The DOJ contended that this was a violation of the Stark Law, as the compensation was not fair market value, nor was it commercially reasonable. Additionally, the complaint included allegations of both Stark and Anti-kickback Statute violations for the funds transferred as “management fees” from the Hospital to the Clinic to fund the higher physician compensation amounts, as the fees also allegedly were not fair market value nor commercially reasonable.

The Mercy settlement is only the most recent example of a health system incurring liability for improper wRVU-based compensation arrangements. In an analogous settlement made in 2015, Broward Health in Florida agreed to pay $70 million to resolve a whistleblower lawsuit that alleged Stark Law violations.  In part, it was alleged that Broward Hospital permitted high-volume referring physicians to artificially inflate their wRVUs and, in turn, their compensation.[2]  Allegedly, this was accomplished through unbundling procedures, not considering modifiers that would reduce the compensation for multiple procedures performed, and giving wRVU credits for unsupervised PAs and NPs.  These tactics allegedly resulted in so-called “implausible” wRVU numbers for certain physicians.

These settlements are not an expression of the government’s disapproval of wRVU based compensation arrangements. Rather, these are examples of alleged arrangements that artificially increased a physician’s compensation for referrals, in a manner that is not consistent with fair market value and commercial reasonableness.  Thus, it is important to ensure that wRVU based compensation arrangements are properly structured as well as properly implemented.

Endnotes:

[1] See 42 C.F.R. § 411.352(i)(3)(i) (permitting group practice productivity bonuses based on a per-wRVU basis).

[2] See Relator’s Compl., United States ex rel. Reilly v. N. Broward Hosp. et al., No. 10-60590, ¶ 11 (S.D. Fla. Sept. 16, 2015), ECF No. 75.

The Federal Trade Commission’s (“FTC”) recently submitted Congressional Budget Justification and Annual Performance Plan and Report contains helpful insight into the FTC’s focus and expectations for the coming fiscal year.  Of particular note, is a slight shift of funds from activities designed to “protect consumers” to activities intended to “promote competition.”  High on the FTC’s list of actions designed to promote competition is continued scrutiny of the health care industry.  And to that end, the FTC reiterated its intention to, among other things:

Take action against anticompetitive agreements among health care providers and to challenge anticompetitive mergers of hospitals, medical device manufacturers, pharmaceutical companies, and other health care providers that contribute to the rising cost of health care. The FTC will also continue to advance its health care enforcement program by challenging anticompetitive conduct in the pharmaceutical industry that delays the introduction of generic drugs and costs consumers and governments enormous sums of money each year. The agency also will continue its vigorous advocacy for health care competition by advising local, state, and federal entities, upon request, on the competitive implications of pending government actions.

In order to accomplish its goals, the FTC has proposed a budget for its Fiscal Year 2018 of $306,317,000, which is on par with its current annual budget.  The amount requested would be offset by filing fees submitted pursuant to the Hart-Scott-Rodino Antitrust Improvements Act (“HSR”) by parties to transactions (mergers, joint ventures, etc.) meeting the HSR filing thresholds.  Filing fees are split with the Department of Justice, and the budget justification notably projects a reduction in anticipated filings resulting in a drop of approximately $15 million in expected fees.

The FTC’s budget justification also forecasts a slight drop in staff from 1,161 to 1,140 FTEs.  However, this reduction is not a consequence of diminished enforcement expectations but rather the effect of balancing out staff raises from the prior year with an effort to meet the President’s current budget request.  The reduction in staffing levels is expected to be accomplished through attrition and an adjusted hiring strategy rather than personnel layoffs.  Significantly, staffing levels for activities designed to promote competition are only nominally affected, and the FTC has actually asked for an increase in funding (approximately $1 million) associated with competition promoting activities.

Metrics from the prior year are also worth noting.  In particular, the FTC brought 29 enforcement actions in fiscal year 2016 of which 22 were merger related.  The FTC identifies mergers that raise potential antitrust concerns through the HSR filing process, as well as through “consumer and competitor complaints, referrals from other government agencies, and trade press.”  The FTC estimates that it saved consumers over $2.1 billion dollars in fiscal year 2016 as a result of its merger enforcement activities.

Overall, the FTC returned approximately $50.3 million dollars to consumers, and $7.3 million to the U.S. Treasury as a result of its enforcement actions in fiscal year 2016.  In addition, the FTC made a number of criminal referrals to the Department of Justice, resulting in 56 separate actions brought from FTC related matters.

The U.S. Department of Health and Human Services, Office of Inspector General (“OIG”), has made pursuing fraud in the personal care services (“PCS”) sector a top priority, including making it a focus of their FY2017 workplan.

Last week, OIG released a report, Medicaid Fraud Control Units Fiscal Year 2016 Annual Report,  which set forth the number and type of investigations and prosecutions conducted nationwide by the Medicaid Fraud Control Units (“MFCUs”) during FY 2016.  Overall, the MFCUs reported 1,564 convictions, over one-third of which involved PCS attendants; fraud cases accounted for 74 percent of the 1,564 convictions.[1]

Looking at data released by HHS, PCS was the largest category of convictions reported in FY 2016. Thirty-five percent (552 of 1,564) of the reported convictions were of PCS attendants, representatives of PCS agencies, or other home care aides. Of these 552 reported convictions, 500 involved provider fraud and 52 involved patient abuse or neglect.[2] Of the reported fraud convictions, PCS attendants accounted for the greatest number of fraud convictions (464 of 1,160).[3]

The emphasis on PCS is likely to not only continue, but increase in 2017.  Notably, recent high-profile investigations and prosecutions this year include the following cases:

  • Six Missouri home health and personal care aides and patients were charged on April 4, 2017, with making false statements to Medicaid. The aides and patients allegedly falsified documentation that claimed the aides were providing services to the patients at particular times when, in fact, no such services occurred. According to the indictments in the case, one defendant patient was vacationing in New Orleans and on a cruise during the times she supposedly received services. One aide was found gambling at a casino during the same time period she claimed to be providing services. The investigation was led by the Kansas City, Missouri office of the OIG and the MFCU of the Missouri Attorney General’s Office.
  • On March 30, 2017, Godwin Oriakhi, the owner and operator of five Texas-based home health agencies pleaded guilty to conspiring to defraud Medicare and Texas Medicaid programs. Oriakhi, along with his co-conspirators, pleaded to defrauding the state and federal governments of over $17 million, the largest home services-based (including both home health services and PCS) fraud in Texas history. Oriakhi admitted that he and several co-conspirators, including his daughter, paid illegal kickbacks to physicians and patient recruiters in exchange for patient referrals. The defendants also paid patients to receive services from Oriakhi’s agencies and in exchange for the use of the patients’ Medicare and Medicaid identification numbers to bill for home health and PCS services.

Given that HHS is securing large monetary recoveries in this space, there is clearly an incentive for HHS to focus on the PCS sector. Indeed, the recent HHS report notes that MFCUs recovered an average of over $7 for every dollar spent towards investigation and prosecution of healthcare fraud cases, including PCS cases, in FY2016.

EBG has been watching this trend and will update this blog with the status of OIG’s and DOJ’s continued focus on home health and PCS prosecutions. For more information on OIG’s investigations into PCS aides, please see our Law360 article “HHS Has Its Eye on Medicaid Personal Care Service.”

Endnotes:

[1] https://oig.hhs.gov/oei/reports/oei-09-17-00210.asp (hereinafter “Report”)

[2] Report at 6.

[3] Report at 7.

On April 14, 2017, CMS issued the FY 2018 Medicare Hospital IPPS Proposed Rule that includes numerous proposed changes.   However, there is a very small provision in this proposed rule that organizations may not be aware of …. especially those that are not hospitals and who normally would not look at the Hospital IPPS rule.

Within the rule, there is a section proposing to revise the application and re-application process for Accrediting Organizations so as to require them to post provider/supplier survey reports and plans of corrections on their website.   Although the survey results are currently available through a number of other methods, CMS states that they are proposing AOs be required to post this information on their websites “in order to advance the Department’s and Agency’s commitment to transparency in terms of patient access to quality and safety information. Access to survey reports and PoCs will enable health care consumers, in addition to Medicare beneficiaries, to make a more informed decision regarding where to receive health care thus encouraging health care providers to improve the quality of care and services they provide.”

In my communications and discussions with several AOs and health care providers, many are concerned that a requirement that AOs post this information on their websites will not achieve the desired result of providing consumers with more transparency, but instead will merely provide what otherwise might be considered confusing information.   Specifically, it has been advanced that requiring AOs to post these reports on their websites will not support the intent to help the public but instead will:

  • Jeopardize the necessary confidentiality of quality improvement work that takes place between organizations and accrediting bodies through the private accreditation survey to ensure quality outcomes that are already public through accreditation decisions;  and
  • Not produce meaningful information for patients or the public beyond extensive data already available through CMS, departments of health, and many other entities that report information to the public appropriate to their scopes and roles, but instead create confusion for the public and patients seeking valid quality data on a healthcare organization.

Comments are due to CMS no later than 5:00 pm EST on June 13, 2017.

The Federal Trade Commission (“FTC”) and the Antitrust Division of the Department of Justice (“Antitrust Division”) released their respective year-end reviews highlighted by aggressive enforcement in the health care industry. The FTC, in particular, indicated that 47% of its enforcement actions during calendar year 2016 took place in the health care industry (including pharmaceuticals and medical devices). Of note were successful challenges to hospital mergers in Pennsylvania (Penn State Hershey Medical Center and Pinnacle Health System), and Illinois (Advocate Health Care Network and North Shore University Health System). In both actions, the FTC was able to convince the court that the merger would likely substantially lessen competition for the provision of general acute-care hospital services in relevant areas in violation of section 7 of the Clayton Act. See FTC v. Penn State Hershey Med. Center, 838 F. 3d 327 (3d Cir. 2016); and FTC v. Advocate Health Care Network et al No. 1:15-cv-11473, 2017 U. S. Dist. LEXIS 37707 (N.D. Ill.Mar. 16, 2017)

The Antitrust Division, in similar fashion, touted its actions to block the mergers of Aetna and Humana, and Anthem and Cigna. Complaints against both mergers were filed simultaneously in July of 2016, and tried before different judges in the Federal District Court for the District of Columbia. After extensive trials, Judge Bates blocked the Aetna/Humana deal, and Judge Amy Berman Jackson blocked the Anthem/Cigna transaction. United States v. Aetna Inc., No. 1:16-cv-1494, 2017 U.S. Dist. LEXIS 8490 (D.D.C. Jan 23, 2017) and United States v. Anthem Inc., No. 1:16-cv-01493, 2017 U.S. Dist. LEXIS 23614 (D.D.C. Feb8, 2017).

In addition to their enforcement activities, the agencies promoted jointly issued policy guidelines, including their “Antitrust Guidance for Human Resources Professionals.” Although not specific to any industry, this guidance has particular relevance to the health care industry. Among other things, this guidance makes clear that naked wage-fixing (such as the wave of wage fixing claims relating to nurses) and no-poaching agreements (that would include agreements not to hire competing physicians) are not only per se illegal, but also subject to criminal prosecution.

While a marginal enforcement shift may be in store as a result of the change in administration, most signs point to a continued focus on the health care industry. Maureen K. Ohlhausen, appointed by President Trump as acting Chair of the FTC, reiterated in a speech recently delivered at the spring meeting of the American Bar Association’s antitrust section, that “[i]t’s extremely important we continue our enforcement in the health care space.” Likewise the Acting Director of the FTC’s Bureau of Competition – Abbott (Tad) Lipsky, appointed by Chairman Ohlhausen, applauded the FTC’s success in challenging the Advocate/Northshore Hospital merger noting, in a related FTC press release, that the “merger would likely have reduced the quality, and increased the cost, of health care for residents of the North Shore area of Chicago.”

Makan Delrahim, President Trump’s selection (awaiting confirmation) to head the Antitrust Division, recently lobbied on behalf of Anthem and its efforts to acquire Cigna, and has openly stated with respect to certain announced mergers, that size alone does not create an antitrust problem. Nevertheless, given the political climate and overall impact the health care industry has on the U.S. economy, the Antitrust Division’s efforts to open markets in the health care sector, particularly to generics and new medical technologies by challenging pay for delay deals and scrutinizing unnecessarily restrictive agreements among medical device manufacturers is likely to continue.

A wild card affecting future antitrust enforcement is increasing possibility of passage of the Standard Merger and Acquisitions Review Through Equal Rights Act of 2017 (H.R. 659 a/k/a the “SMARTER ACT”). This bill, recently approved by the House Judiciary Committee, would eliminate the FTC’s administrative adjudication process as it relates to merger enforcement, forcing the FTC to bring all such actions in court. In addition, it would align current preliminary injunction standards such that both the FTC and DOJ would face the same thresholds required of the Clayton Act rather than the more lenient standard under the FTC Act. A similar bill passed the House in 2016, but was not taken up by the Senate.

Last week’s “WannaCry” worldwide Ransomware attack was particularly targeted against international health organizations. Though the attack was thwarted not without a little good luck and less financial loss that might have been predicted, it unsurprisingly triggered responses from U.S. government agencies including the Department of Homeland Security (DHS) and, with specific reference to health care providers, the Office of Civil Rights (OCR) of the Department of Health & Human Services (HHS). It also is no surprise that these government agencies took a carrot and stick approach – speaking about cooperation on one hand and enforcement (by OCR) on the other.

On the cooperative side, DHS and HHS have sought to work with the tech sector to employ cybersecurity best practices to address the ransomware threat, now the most common problem faced across the cyber universe but especially in health care. DHS has opined that “Individual users are often the first line of defense against this and other threats, and we encourage all Americans to update your operating systems and implement vigorous cybersecurity practices including installation of the latest patches and avoiding phishing efforts that can implant ransomware to lock down a system. Among the recommended best practices include employee training to avoid clicking on unfamiliar links and files in emails, and to backing up data to prevent possible loss. Beyond those somewhat simplistic suggestions, one detects a decided trend towards to adoption of the voluntary framework of cybersecurity standards issued by the National Institute of Standards and Technology (NIST), which was issued in 2014 and is in the process of being updated per public comments and meetings.  This also is consistent with the recently issued Executive Order that mandates federal department compliance to the same standards suggested for the private sector, particularly the NIST framework.

The OCR enforcement component is more problematic.  On May 17, 2017, Iliana Peters, a HIPAA compliance and enforcement official at OCR, announced at a Georgetown University Law Center cybersecurity conference that OCR will “presume a breach has occurred” when an HIPAA covered entity or associate has experienced a ransomware attack, due to the nature of how ransomware attacks work. This is somewhat at odds with the way that ransomware actually works. Ransomware generally is a form of blackmail where a Trojan will deprive a data owner of access to its own data unless a ransom is paid (often by Bitcoin or another block chain currency). OCR’s presumption can be overcome especially if health care data were encrypted prior to the incident (and presumably that would include data at rest). HHS’s ransomware guide provides that:

“Unless the covered entity or business associate can demonstrate that there is a ‘low probability that the PHI has been compromised,’ based on the factors set forth in the Breach Notification Rule, a breach of PHI is presumed to have occurred. … The entity must then comply with the applicable breach notification provisions, including notification to affected individuals without unreasonable delay, to the Secretary of HHS, and to the media (for breaches affecting over 500 individuals) in accordance with HIPAA breach notification requirements.”

Thus, if there is anything to take away from this, it is to encrypt PHI – period.

OCR offers to work with the private sector to provide technical assistance.  This might be useful to very small, unsophisticated  organizations.  Larger private sector entities arguably have resources and technical skills that surpass those of the government.  Indeed, the President’s Executive Order recognizes this.

We at Epstein Becker Green will have more to say about the ransomware threat and other cyber security vectors affecting the health care space. Expect a webinar and other publications like this one in the near future.

Recently, Judge Robert T. Conrad, Jr. of the United States District Court for the Western District of North Carolina (Charlotte Division), rejected efforts by The Charlotte- Mecklenberg Hospital Authority, doing business as the Carolinas Health Care System (“CHS”), to dismiss, at the pleadings stage, a complaint filed by the United States’ Antitrust Division of the Department of Justice, and the State of North Carolina, asserting that CHS’s anti-steering provisions in its payer contracts unreasonably restrain trade in violation of section 1 of the Sherman Act. Recognizing the Court’s limited review of preliminary motions, Judge Conrad, in the matter styled as United States of America et al v. The Charlotte-Mecklenberg Hospital Authority d/b/a Carolinas Health Care System, Civil Action No.3:16-cv-00311-RJC-DCK (W.D. N.C., Mar. 30,2017), ultimately concluded that the allegations of the Complaint, taken as true for purposes of ruling on the motion, asserted a claim that was “plausible,” meeting the pleading standards established by the Supreme Court in Bell Atlantic Corp. v. Twombly, 550 U.S. 544,570 (2007).

The complaint alleges that CHS is the largest hospital system in the Charlotte, North Carolina area, operating ten acute-care hospitals and garnering a market share of fifty percent (50%). CHS’s next closest competitor is alleged to have only half the number of acute-care hospitals, and less than half of CHS’s annual revenue. The complaint also alleges that “[a]n insurer selling health insurance plans to individuals and employees in the Charlotte area must have CHS as a participant in at least some of its provider networks, in order to have a viable health insurance business in the Charlotte area.” Based on these purported facts, the Complaint alleges that CHS maintains “market power” for the sale of acute care hospital services in the Charlotte area.

The complaint goes on to assert that CHS maintains anti-steering provisions in many of its payer contracts including those that collectively insure up to eighty-five percent of the insured residents in the Charlotte area. Furthermore, it is alleged that CHS is able to demand these provisions as a result of its market power.

Finally, the Complaint alleges that these anti-steering provisions impose an unreasonable restraint on competition. Among other things, these provisions have the effect of preventing payers from directing patients to lower cost, higher quality providers, and even prohibit payers from providing its enrollees with information about their health care options. The ultimate effect of these provisions is to allow CHS to maintain its dominant position in the market, and maintain supra competitive prices.

CHS filed an Answer to the Complaint, and a motion on the pleadings which is governed by the same standards as a motion to dismiss filed under Federal Rule of Civil Procedure 12 (b) (6). The essence of CHS’s motion is that the Plaintiff’s allegations were conclusory, and, in particular, the Complaint lacked factual allegations that show “actual competitive harm” resulting from the anti-steering provisions. In addition, CHS argued that: the steering restrictions were beneficial and procompetitive; CHS’s prices were higher due to superior product and consumer loyalty; payers were still able to steer and no payer had ever asked to remove the steering provisions. CHS also relied upon the recently issued Second Circuit decision in United States v. American Express Co., 838 F. 3d 179 (2d. Cir 2016), which ultimately rejected a lower Court’s finding, after a bench trial, that similar steering provisions were unlawful.

Judge Conrad ultimately concluded that while many of the allegations in the Complaint were conclusory, and not factual, the Plaintiff had sufficiently alleged anticompetitive harm. In particular, the Complaint contains plausible allegations that CHS maintains market power, and that as a result of this market power CHS is able to force the anti-steering provisions on payers resulting in CHS’s ability to charge supra-competitive prices. Judge Conrad rejected CHS’s additional factual arguments concluding that these were not appropriate arguments to address on a preliminary motion.

Finally, Judge Conrad rejected the invitation to compare the case before him with that of United States v. American Express. In doing so, Judge Conrad noted: 1) he was not bound by a decision of the Second Circuit; 2) the health care industry is different from the credit card industry; and 3) the case before him was still in the preliminary stages while United States v. American Express was decided after discovery and a full trial on the merits.

On April 18, 2017, the U.S. District Court for the Middle District of Florida adopted a magistrate judge’s recommendation to grant summary judgment in favor of defendant BayCare Health System (“BayCare”) in a False Claims Act whistleblower suit that focused on physician lease agreements in a hospital-owned medical office building, thereby dismissing the whistleblower’s suit.

The whistleblower, a local real-estate appraiser, alleged that BayCare improperly induced Medicare referrals in violation of the federal Anti-Kickback Statute and the Stark Law because the lease agreements with its physician tenants included free use of the hospital parking garage and free valet parking for the physician tenants and their patients, as well as certain benefits related to the tax-exempt classification of the building. The brief ruling affirms the magistrate judge’s determination that the whistleblower failed to present sufficient evidence to establish either the existence of an improper financial relationship under the Stark Law or the requisite remuneration intended to induce referrals under the Anti-Kickback Statute.

The alleged violation under both the Anti-Kickback Statute and the Stark Law centered on the whistleblower’s argument that the lease agreements conferred a financial benefit on physician tenants – primarily, because they were not required to reimburse BayCare for garage or valet parking that was available to the tenants, their staff and their patients.  However, the whistleblower presented no evidence to show that the parking was provided for free or based on the physician tenants’ referrals.  To the contrary, BayCare presented evidence stating that the garage parking benefits (and their related costs) were factored into the leases and corresponding rental payments for each tenant.  Further, BayCare presented evidence to support that the valet services were not provided to, or used by, the physician tenants or their staff, but were offered only to patients and visitors to “protect their health and safety.”

In light of the evidence presented by BayCare, and the failure of the whistleblower to present any evidence that contradicted or otherwise undermined BayCare’s position, the magistrate judge found that: (i) no direct or indirect compensation arrangement existed between BayCare and the physician tenants that would implicate the Stark Law, and (ii) BayCare did not intend for the parking benefits to induce the physician tenants’ referrals in violation of the Anti-Kickback Statute.

Continue Reading New Ruling on Hospital-Physician Real Estate/Leasing Compliance

Surprisingly amidst the Federal Bureau of Investigation (FBI) uproar, President Trump today signed an executive order addressing cybersecurity for the federal government and critical infrastructure, along with international coordination and cyber deterrence. The substance of the order, which is about to be made public, comes from various press releases and interviews with administration officials. The order is composed of three sections on cybersecurity and IT modernization within the federal government, protecting critical infrastructure, and establishing a cyber deterrence policy and coordinating internationally on cyber issues. In directing cabinet agencies to protect critical infrastructure, the order references the Obama administration’s “section 9” list of most critical entities, which already has prompted questions from industry.  Specifically, the order directs the Commerce Department and the Department of Homeland Security to coordinate an effort to reduce botnet cyber-attacks through a voluntary partnership with industry. This effort mirrors health industry association comments to Commerce’s National Institute of Standards and Technology (NIST), which next week will have an open forum to address the many comments made to its  rulemaking proposals. Interestingly, the Order directs the cabinet agencies to coordinate their own efforts with NIST.  The White House staff has been quoted as saying that “it is about time” the federal government was held to the same standard as private industry in addressing cybersecurity. Consistent with Industry requests, the framework is a voluntary tool actually developed in collaboration with industry, which argues that flexibility is required because policies must be adapted to the needs of different entities.

On the health care cyber front, it is interesting to note that James Comey’s last formal speech was given on May 8th to the American Hospital Association in which he raised concerns about the ability of the FBI to combat cyber-attacks and urged cooperation with hospitals and health systems not to get patient records but “fingerprints of digital intrusion.” I note that this is the point of the work of InfraGard, a cooperative effort between industry and the FBI, and is consistent with the public proposals of the Information Sharing and Analysis Organization Standards Organization (ISAO-SO), established by executive order.  Further information regarding those efforts, in which this author is active, can be provided at sgerson@ebglaw.com.

Comey’s abrupt departure suggests that his statements may quickly become passing memories, but the cooperative tone struck is more than a little inconsistent with proposals, for example, from the Department of Health & Human Services’ Office of Civil Rights (OCR), the enforcement agency for Health Insurance Portability and Accountability Act (HIPAA) matters, and from the Federal Trade Commission (FTC), which soon may inherit enhanced powers as the Federa l Communications Commission is attempting to leave the cyber security enforcement field.  Both the Office of Human Rights and the FTC stress enforcement as the optimal mode of gaining cyber compliance.

In the coming days, you may expect further analysis by Epstein Becker Green of OCR’s developing enforcement stance and other emergent government policies in the wake of the new Executive Order.

On May 9, 2017, Scott Gottlieb, M.D. was confirmed by the Senate as the new Commissioner of the Food and Drug Administration (“FDA”).  As Commissioner, he will be immediately responsible for shaping FDA policy on a number of current issues, including addressing and implementing several mandates stemming from the 21st Century Cures Act, (“Cures Act”), which was signed into law on December 13, 2016 with tremendous bipartisan support. The Cures Act contains over 200 sections that create new obligations for FDA; however, most pressing for Commissioner Gottlieb are three requirements that must be fulfilled within 180 days of the Cures Act’s passage (June 11th, 2017).

These requirements are:

  • Submission of a work plan to the Committee on Health, Education, Labor, and Pensions and the Committee on Appropriations of the Senate and the Committee on Energy and Commerce and the Committee on Appropriations of the House of Representatives for any projects, which will use funding from the FDA Innovation Account created under Section 1002 of the Cures Act;
  • Development of “a plan to issue draft and final versions of one or more guidance documents, over a period of 5 years, regarding the collection of patient experience data, and the use of such data and related information in drug development” pursuant to Section 3002 of the Cures Act, which is codified at 21 U.S.C. 360bbb-8c; and
  •  Publication of “a list of reusable device types” pursuant to Section 3059 of the Cures Act, which is codified at 21 U.S.C. 360.

Commissioner Gottlieb has a long professional history in the pharmaceutical industry working in both the public and private sectors. His firsthand experience as a former Deputy Commissioner at the FDA provides him with unique insights into the internal workings of the administration. As a former consultant advising on FDA policies to the pharmaceutical industry, Commissioner Gottlieb is also familiar with recent issues and trends affecting the industry, many of which are addressed within the Cures Act.  Despite having only one month to organize and address the mandates of the three above-referenced sections of the Cures Act, we believe Commissioner Gottlieb will likely meet these deadlines based on his prior knowledge and experience.

We will continue to monitor and provide insight on Commissioner Gottlieb’s activity as FDA Commissioner, and the implementation of key Cures Act provisions as they develop. For insight into how Commissioner Gottlieb has historically viewed key issues impacting the FDA, and mandates under the Cures Act, please view our previously published client alert.