Earlier this summer, Ethan P. Davis, Principal Deputy Assistant Attorney General for the Civil Division of the U.S. Department of Justice (DOJ) delivered remarks addressing DOJ’s top priorities for enforcement actions related to COVID-19 and indicating that DOJ plans to “vigorously pursue fraud and other illegal activity.”[1] As discussed below, Davis’s remarks not only highlighted principles that will guide enforcement efforts of the Civil Fraud Section under the False Claims Act (FCA) and of the Consumer Protection Branch (CPB) under the Food, Drug, and Cosmetic Act (FDCA) and the Controlled Substances Act (CSA) in response to the COVID-19 public health emergency (PHE), they also provide an indication of how DOJ might approach enforcement over the next few years.

DOJ’S KEY CONSIDERATIONS & ENFORCEMENT STRATEGY FOR COVID-19

Davis highlighted two key principles that would drive DOJ’s COVID-related enforcement efforts: the energetic use of “every enforcement tool available to prevent wrongdoers from exploiting the COVID-19 crisis” and a respect of the private sector’s critical role in ending the pandemic and restarting the economy.[2] Under that framework, DOJ plans to pursue fraud and other illegal activity under the FCA, which Davis characterizes as “one of the most effective weapons in [DOJ’s] arsenal.”[3]

However, as DOJ pursues FCA cases, it will also seek to affirmatively dismiss qui tam claims that  DOJ finds meritless or that interfere with agency policy and programs.[4] DOJ also plans to collect certain information from qui tam relators regarding third-party litigation funders during relator interviews.[5] DOJ’s emphasis on qui tam cases—cases brought under the FCA by relators or whistleblowers—for COVID-related enforcement highlights the impact such matters have on DOJ’s enforcement agenda.[6]

  1. DOJ will consider dismissing cases that involve regulatory overreach and are not otherwise in the interest of the United States.

Although Davis emphasized that the majority of qui tam cases would be allowed to proceed, in order to “weed out” cases that lack merit or that DOJ believes should not proceed, DOJ will consider dismissing cases that “involve regulatory overreach or are otherwise not in the interest of the United States.”[7] This is consistent with the principles reflected in the 2018 Granston Memo that instructed DOJ attorneys to consider “whether the government’s interests are served” when considering whether cases should proceed and listed considerations for seeking alternative grounds for dismissal of FCA cases.[8] Davis gave examples throughout his speech of actions DOJ might consider dismissing:

  • Cases based on immaterial or inadvertent mistakes, such as technical mistakes with paperwork
  • Cases based on honest misunderstandings of rules, terms, and conditions
  • Cases based on alleged deviations from non-binding guidance documents
  • Cases against entities that reasonably attempted to comply with guidance and “in good faith took advantage of the regulatory flexibilities granted by federal agencies in the time of crisis.”[9]

DOJ litigators have been advised to inform relators of the possibility of dismissal.[10] Additionally, qui tam suits based on behaviors temporarily permitted during the COVID-19 pandemic, particularly in circumstances in which agencies exercised discretion to waive or not enforce certain requirements, might
“fail as a matter of law for lack of materiality and knowledge.”[11]

  1. DOJ will now include a series of questions during relator interviews to identify third-party litigation funders.

During each relator interview, DOJ has instructed line attorneys to ask a series of questions to identify whether the relator or their counsel has a third-party litigation funding agreement,[12] which is an agreement in which a third party—such as a commercial lender or a hedge fund—finances the cost of litigation in return for a portion of recoveries.[13] Under the new policy detailed in Davis’s speech, if a third-party funder is disclosed, DOJ will ask for the following:

  • the identity of the third-party litigation funder,
  • information regarding whether information of the allegations has been shared with the third party,
  • whether the relator or their counsel has a written agreement with the third party, and
  • whether the agreement between the relator or their counsel and the third party includes terms that entitles the third-party funder to exercise direct or indirect control over the relator’s litigation or settlement decisions.

Relators must inform DOJ of changes as the case proceeds through the course of litigation.[14] While Davis characterizes these changes as a “purely information-gathering exercise for the purpose of studying the issues,” the questions are in furtherance of DOJ’s ongoing efforts to uncover the potential negative impacts third-party litigation financing may have in qui tam actions. [15] The questions Davis referenced in his remarks reflect DOJ’s concerns with third-party litigation funding as expressed by Deputy Associate Attorney General Stephen Cox in a January 2020 speech.[16] Davis emphasized that DOJ particularly sought to evaluate the extent to which third-party litigation funders were behind qui tam cases DOJ investigates, litigates, and monitors; the extent of information sharing with third-party funders; and the amount of control third-party funders exercised over the litigation and settlement decisions.[17] While the Litigation Funding Transparency Act of 2019 has remained inactive since its introduction in February 2019 by Senator Grassley[18] and the 2018 proposal by the U.S. Court’s Advisory Committee on Civil Rights’ Multidistrict Litigation Subcommittee to require disclosure of third-party litigation funding remains under consideration,[19] DOJ’s plans to include this line of questioning potentially signals DOJ’s intention to take more concrete and significant steps to address third-party litigation funding in the future.

Continue Reading False Claims Act Enforcement During the COVID-19 Pandemic and Beyond

The regulations for the California Consumer Protection Act (“CCPA”) were approved by the California Office of Administrative Law on August 14, 2020 and went into effect immediately.   Earlier this year, the California Department of Justice proposed these regulations to govern the California Attorney General’s enforcement of CCPA. CCPA was signed into law on June 28, 2018 and went into effect on January 1, 2020.

Please see Epstein Becker Green’s earlier posts discussing CCPA for more information.

As consumerism in healthcare increases, companies and the individuals they serve are increasingly sharing data with third-party application developers that provide innovative ways to manage health and wellness, among numerous other products that leverage individuals’ identifiable health data.  As the third-party application space continues to expand and data sharing becomes more prevalent, it is critical that such data sharing is done in a responsible manner and in accordance with applicable privacy and security standards. Yet, complying with applicable standards requires striking the right balance between rules promoting interoperability vis-à-vis prohibiting information blocking vs. ensuring patient privacy is protected. This is especially difficult when data is sent to third party applications that remain largely unregulated from a privacy and security perspective.  Navigating this policy ‘tug of war’ will be critical for organizations to comply with the rules, but also maintain consumer confidence. Continue Reading Be Aware Before You Share: Vetting Third Party Apps Prior to Data Transfer

FDA took two important steps last week to clarify the regulatory landscape for cannabis products, including CBD products.  First, FDA issued a draft guidance on Quality Considerations for Clinical Research Involving Cannabis and Cannabis Derived Compounds.  This guidance builds off of earlier guidance FDA has issued about the quality and regulatory considerations that govern the development and FDA approval of cannabis and/or cannabinoid drug products.  See e.g., here and here.  The draft guidance iterates a federal standard for calculating delta-9 THC content in cannabis finished products, which addresses a significant gap in federal policy regarding those products.  While the testing standard is neither final nor binding on FDA or DEA, when finalized it would iterate what FDA considers to be a scientifically valid method for making the determination of whether a cannabis product is a Schedule I controlled substance.  Therefore, it may be useful in many contexts, including federal and state cannabis enforcement actions.  We encourage affected parties to file comments on FDA’s Guidance, which they may do until September 21, 2020.

Second, FDA sent to the Office of Management and Budget for review a proposal on how FDA intends to exercise enforcement discretion over CBD consumer products.  See here.  While the contents of this guidance have not yet been made public, we forecast that it likely will align with FDA’s past enforcement actions and memorialize the agency’s intent to pursue enforcement actions against CBD consumer product companies that make egregious claims about their products treating or preventing serious diseases or conditions.

Guidance on Considerations for Cannabis Clinical Research

FDA’s guidance recognizes that Congress’s enactment of the Agricultural Improvement Act of 2018 (“2018 Farm Bill”) improved domestic access to pre-clinical and clinical cannabis research material that may be used in the research and development of novel therapies.   However, currently marijuana only may be obtained domestically from the University of Mississippi under contract with the National Institute on Drug Abuse.  While DEA issued a policy in 2016 to allow for the additional registration of marijuana cultivators for legitimate research and licit commercial purposes, the Office of Legal Counsel in June 2018 issued an opinion finding that such policy violates the United States’ obligations under applicable treaties.  However, in March of this year, DEA issued a proposed rule to allow for the registration of additional cultivators of cannabis for these licit purposes.  See here.

There is an alternative pathway to the procurement of Schedule I research material which FDA’s guidance does not mention: importation.  Researchers may obtain certain Schedule I material pursuant to a federal DEA Schedule I importer registration, and DEA has in the past issued such registrations.  See 21 CFR 1301.13(e)(1)(viii).

Continue Reading FDA Issues Draft Guidance on Cannabis Clinical Research and Sends CBD Enforcement Discretion Guidance to OMB for Review

On July 7, the Court of Justice of the European Union (ECJ) invalidated the EU-US Privacy Shield framework in its ruling in Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems (Case C-311/18). More than 5,000 organizations in the United States have certified their adherence to this framework, and have relied on it to receive personal data from organizations in the EU in compliance with the General Data Protection Regulation (GDPR) since 2016. The framework was a joint effort between the US Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. The Department of Commerce released the following statement:

The United States shares the values of rule of law and protection of our democracies with our partners in the European Union (EU).  Therefore, we are deeply disappointed that the Court of Justice of the European Union (“ECJ”) has invalidated the EU-U.S. Privacy Shield framework.  The United States is reviewing this outcome and the consequences and implications for more than 5,300 European and U.S. companies, representing millions of transatlantic jobs and over $7.1 trillion in commercial transactions.

The United States and the EU have a shared interest in protecting individual privacy and ensuring the continuity of commercial data transfers.  Uninterrupted data flows are essential to economic growth and innovation, for companies of all sizes and in every sector, which is particularly crucial now as both our economies recover from the effects of the COVID-19 pandemic.  This decision directly impacts both European companies doing business in the United States as well as American companies, of which over 70 percent are small and medium enterprises.  The United States will continue to work closely with the EU to find a mechanism to enable the essential unimpeded commercial transfer of data from the EU to the United States.

Continue Reading ECJ Invalidated the EU-US Privacy Shield Framework

On July 20, 2020, the United States Food and Drug Administration (FDA) announced a six-month extension of its enforcement discretion policy for certain regenerative medicine products requiring pre-market review due to the COVID-19 pandemic. Included in a final guidance document entitled, “Regulatory Considerations for Human Cells, Tissues, and Cellular and Tissue-Based Products: Minimal Manipulation and Homologous Use,” this extension will give manufacturers additional time to determine whether they need to submit an investigational new drug (IND) or marketing application and to prepare and submit to FDA any required IND or marketing application before the enforcement discretion period expires on May 31, 2021. This extension should come as a welcome reprieve to manufacturers of affected products, many of which delayed seeking FDA approval of their products following release of the enforcement discretion policy guidance in November 2017.

Originally announced in November 2017 as part of a suite of guidance documents outlining FDA’s regenerative medicine policy framework, FDA’s enforcement discretion policy was intended to provide manufacturers and health care providers a period of three years to come into compliance with the pre-market review requirements for those Human Cells, Tissues, and Cellular and Tissue-Based Products (HCT/Ps) that do not meet the criteria for regulation solely under section 361 of the Public Health Service (PHS) Act and 21 CFR Part 1271.  The enforcement discretion period was originally set to expire on November 30, 2020.

The substance of FDA’s enforcement discretion policy has not changed in the final guidance. FDA still intends to exercise enforcement discretion with respect to the IND and the premarket approval requirements for HCT/Ps that do not meet one or more of the criteria for regulation solely as an HCT/P including those relating to minimal manipulation and homologous use, provided that use of the HCT/P does not raise significant safety concerns, such as those based on the route and site of administration and the intended use.

The guidance reiterated that FDA has increased its oversight of cellular and tissue products that do not comply with current standards and that patients should ensure that any regenerative medicine products they are using are FDA-approved or covered by an IND.

Spreeha Choudhury, a 2020 Summer Associate (not admitted to the practice of law) in the firm’s Washington, DC, office, contributed significantly to the preparation of this post.

In an important win for healthcare providers, on July 17, 2020, the Third Circuit determined in a published opinion that an out-of-network provider’s direct claims against an insurer for breach of contract and promissory estoppel are not pre-empted by ERISA.  In Surgery Ctr., P.A. v. Aetna Life Ins. Co.[1] In an issue of first impression, the Third Circuit addressed the question of what remedies are available to an out-of-network provider when an insurer initially agrees to pay for the provision of out-of-network services, and then breaches that agreement.

This case arose because two patients—identified as J.L. and D.W.—required medical procedures that were not available in-network through Aetna. J.L. needed bilateral breast reconstruction surgery following a double mastectomy and D.W. required “facial reanimation surgery,” which the Third Circuit describes as “a niche procedure performed by only a handful of surgeons in the United States.” Neither J.L. nor DW had out-of-network coverage for these procedures. D.W.’s plan also contained an “anti-assignment” clause, which would have prevented D.W. from assigning his or her rights under the plan to the Plastic Surgery Center, P.A. Continue Reading Third Circuit: Provider’s Out-of-Network Claims not Pre-empted by ERISA

On March 18, 2020, the United States Food and Drug Administration (FDA) announced the suspension of all domestic routine surveillance facility inspections until further notice. FDA took this measure to protect the health and well-being of its staff and those who conduct the inspections for the agency under contract at the state level, and due to industry concerns regarding visitors. During this interim period, the FDA conducted only a limited number of mission critical inspections using a risk-based approach. On July 10, 2020, FDA announced its plans to resume on-site inspections during the week of July 20th with the assistance of a newly developed COVID-19 Advisory Rating System for assessing the risk of carrying out an inspection in a particular location.

The Advisory Level uses real-time state and national data on the number of COVID-19 cases, and based on the outcome of three metrics, helps to identify those geographic regions in which domestic inspections can restart. The metrics are: Phase of the State (as defined by White House guidelines), statistics measured at the county level to gauge the current trend in infections, and intensity of infection. The agency further stated that its ability to restart on-site inspections also depends on other factors impacted by the pandemic, such as availability of public transportation and downward trends in new cases of COVID-19.

Additional guidance on resuming inspections is anticipated to come soon, but for now entities should be aware that prioritized domestic inspections will resume in the coming weeks, but they are anticipated to be pre-announced for the foreseeable future.

The cannabidiol (“CBD”) consumer product marketplace is booming.  And, while FDA has maintained its position that CBD, even hemp-derived CBD, may not be included as an ingredient in conventional foods or dietary supplements, FDA has signaled its intent to create a lawful marketing pathway for these products.  Also, while FDA has issued Warning Letters to companies who made egregious claims about their products curing serious diseases and conditions like Alzheimer’s disease and cancer, FDA has also signaled a willingness to exercise enforcement discretion over CBD products that pose less serious safety concerns.  What has resulted is CBD manufacturers, retailers, and other businesses living in FDA regulatory purgatory.  Fortunately, several courts have recently held that CBD companies will not face consumer product liability, at least while their FDA regulatory fate is being decided.

A number of federal lawsuits were recently brought by consumers against manufacturers of various types of CBD products, ranging from ingestible foods and beverages, dietary supplements, topical oils and sprays, and vape products. The plaintiffs in these cases all bring similar claims, that the products purchased were misleading as to the amount of CBD in the product and/or that the products were mislabeled and falsely advertised as dietary supplements.  The plaintiffs’ claims are based, at least in part, on assertions that the defendants violated the federal Food, Drug, and Cosmetic Act (“FD&C Act”) by introducing adulterated and misbranded products into the U.S. market.

However, over the course of 2020, at least three judges have found that the outcome of these cases will have to wait until FDA completes its rulemaking on the regulation of CBD products. Citing the primary jurisdiction rule, the judges each issued a stay on their respective cases. The judges found that FDA has primary oversight over claims involving the illegal sale or marketing of CBD products, and that regulatory clarity is needed before a decision may be made on the matters brought by the plaintiffs. Thus, the fate of these cases now depend on when and whether FDA will issue regulations governing CBD products.

Continue Reading Federal Courts Say They Will Decide Cases Against CBD Product Manufacturers When the Smoke Clears

On March 17, 2020, the Office for Civil Rights’ (“OCR”) announced that—for the duration of the COVID-19 emergency—it would exercise enforcement discretion and waive any potential penalties for HIPAA violations relating to health care providers’ use of “everyday communications technologies” in the provision of services via telehealth (the “HIPAA Waiver”). This move has resulted in a drastic increase in the number of telehealth encounters. The HIPAA Waiver has enabled many providers to immediately leverage these technologies to render services via telehealth for the first time, without the need to expend significant resources to quickly ramp up a HIPAA-compliant telehealth platform. A summary of the HIPAA Waiver can be found in a recent blog post. While the HIPAA Waiver applies only temporarily, it is likely that the increased reliance on telehealth evidenced over the past three months is here to stay.

The COVID-19 pandemic’s impact on the regulatory landscape of telehealth was the topic of a June 17, 2020 hearing before the Senate Health, Education, Labor & Pensions Committee.  As Chairman Lamar Alexander acknowledged during his opening statement, the health care sector and government “have been forced to cram 10 years’ worth of telehealth experience into just the past three months.” Indeed, this “cramming” has resulted in thirty-one temporary changes to telehealth policy at the federal level. Of these temporary changes, Chairman Alexander included the OCR enforcement discretion / HIPAA waiver as one of the three changes he considers most important. However, of the three changes the Chairman views as most important, he declined to include the enforcement discretion in the temporary changes he believes should be made permanent, and instead called upon his colleagues to consider whether to extend the HIPAA waiver.[1]

Continue Reading Every HIPAA Waiver Has Its Thorn