The 117th Congressional health care agenda, including COVID-19 related action, will require 60 votes in the Senate or passage through budget reconciliation. In the Diagnosing Health Care Podcast, attorneys Mark Lutes, Philo Hall, and Timothy Murphy discuss the prospects for additional coronavirus relief and what that would mean for stakeholders, as well
On January 14, 2021, the U.S. Department of Justice (DOJ) reported its False Claims Act (FCA) statistics for fiscal year (FY) 2020. More than $2.2 billion was recovered from both settlements and judgments in 2020, the lowest level since 2008 and almost $1 billion less than was recovered in 2019. The total recoveries in 2020 reflect the first of many anticipated resolutions of fraud enforcement actions in the COVID-19 world, and over 80% of all recoveries—amounting to almost $1.9 billion—came from the health care and life sciences industries.
HIGHEST NUMBER OF NEW FILINGS EVER REPORTED
Significantly, 2020 saw the largest number of new FCA matters initiated in a single year. The government initiated new FCA matters at its highest rate since 1994, with 250 new cases brought in 2020. Strikingly, the number of government-initiated cases against health care entities more than doubled from 2019 to 2020 and was at the highest level ever reported. Likewise, qui tam relators filed 672 new matters in FY 2020, an increase over FY 2019 and the fifth highest number of cases in reported history. Qui tam relators filed, on average, almost 13 new cases a week. Of the 672 qui tam cases filed, 68% were related to health care.
QUI TAM FILINGS CONTINUE TO BE THE DRIVER
Total recoveries from qui tam-initiated actions generated almost $1.7 billion. While the largest recoveries continue to come from cases where the government intervenes, cases pursued by relators post-declination generated more than $193 million in FY 2020, the fifth largest annual recovery in non-intervened cases since 1986. These cases continue to be rewarding for relators; over $309 million in relators’ share awards were paid in FY 2020, of which more than $261 million were paid in cases pursued against health care entities.
The Department of Justice (DOJ) announced on January 12, 2021, the first civil settlement to resolve allegations of fraud against the Paycheck Protection Program (PPP) of the Coronavirus Aid, Relief, and Economic Security (CARES) Act. SlideBelts Inc. and its president and CEO, Brigham Taylor, have agreed to pay the United States a combined $100,000 in damages and penalties for alleged violations of the False Claims Act (FCA) and the Financial Institutions Reform, Recovery, and Enforcement Act (FIRREA).
The CARES Act was enacted in March 2020 to provide emergency financial assistance to individuals and businesses affected by the COVID-19 pandemic. The CARES Act established the PPP, which provided $349 billion in forgivable loans to small businesses in order to assist in job retention and business expenses. Since March 2020, Congress has authorized an additional $585 billion in PPP spending to be distributed under the Small Business Administration (SBA).
SlideBelts operates as an online retail company, and filed a petition for relief under Chapter 11 of the Bankruptcy Code in August 2019. Between April and June of 2020, while its petition was pending in the U.S. Bankruptcy Court for the Eastern District of California, SlideBelts and Taylor allegedly made false statements to federally insured financial institutions that the company was not involved in bankruptcy proceedings in order to influence the institutions to grant, and for SBA to guarantee, a PPP loan. SlideBelts received a loan for $350,000 based off of these purported false claims, which SlideBelts repaid in full to the PPP.
The government was able to recover damages and civil penalties from SlideBelts under the FCA for submitting alleged fraudulent claims for payment to the government and under the FIRREA for violations of federal criminal statutes that affect federally insured banks. This settlement is the end result of the first, but not the last, of many civil investigations and, ultimately, litigations relative to the CARES Act in the coming months and years under the FCA. In fact, during a June address to the Chamber of Commerce, Principal Deputy Attorney General Ethan Davis stated, “Going forward, the Civil Division will make it a priority to use the False Claims Act to combat fraud in the Paycheck Protection Program.”
As the SBA prepares to issue a second round of PPP loans, the DOJ is likely to continue to use the FCA and the FIRREA to pursue entities receiving funds on the theory that those entities intend to exploit for their benefit these federal programs.
As employers continue their efforts to safely bring employees back to the workplace, many have moved beyond initial pre-entry wellness checks or questionnaires and are considering technology solutions that monitor social distancing and conduct contact tracing in real-time. Along with introducing these enhanced capabilities, the question of the privacy and security of employee personally identifiable…
Recently, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), the agency enforcing the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, obtained two large breach-related settlements: one from a HIPAA Covered Entity and one from a HIPAA Business Associate. These enforcement actions signal that despite COVID-19 related challenges, organizations continue to face rampant data breaches and ensuing HIPAA enforcement.
On September 25, 2020, OCR settled an investigation into a breach suffered by a large health insurer by obtaining the second-largest resolution payment in HIPAA enforcement history ($6.85 million). This enforcement action resolved an investigation concerning potential violations of HIPAA Privacy and Security Rules related to a breach affecting the electronic protected health information (ePHI) of more than 10.4 million people. The breach resulted from a phishing attack that introduced malware into the insurer’s IT systems and allowed unauthorized actors to gain access and remain undetected for nearly nine months. Similarly on September 23, 2020, a business associate providing IT and health information management services to hospitals and physicians clinics entered a settlement ($2.3 million) with OCR for potential violations of HIPAA Privacy and Security Rules related to a breach affecting over 6 million people. Essentially, these cyberattacks were advanced persistent threats that compromised the privacy and security of ePHI and PHI and revealed longstanding gaps in the companies’ cybersecurity controls. …
Continue Reading Data Breaches and HIPAA Enforcement Remain Endemic Amidst the COVID-19 Pandemic
On Tuesday, September 1, 2020, the Drug Enforcement Agency (“DEA”) proposed 2021 aggregate production quotas (APQs) for controlled substances in schedules I and II of the Controlled Substances Act (“CSA”) and an Assessment of Annual Needs (“AAN”) for the List I Chemicals pseudoephedrine, ephedrine, and phenylpropanolamine. This marks the second year that DEA has issued APQs pursuant to Congress’s changes to the CSA via the SUPPORT Act. After assessing the diversion rates for the five covered controlled substances, DEA reduced the quotas for four: oxycodone, hydrocodone, hydromorphone and fentanyl.
DEA recently increased the APQ to allow for the additional manufacture of certain controlled substances in response to the COVID-19 pandemic and the need to provide greater access to these medications for patients on ventilator treatment. According to DEA, that increased demand has been factored into the proposed APQs for 2021.
Comments are due by October 1, 2020. Because DEA’s APQs determine the amount of quota DEA can allocate to individual manufacturers in 2021, adversely impacted parties should file comments soon.
Background on APQs
The CSA requires the establishment of aggregate production quotas for schedule I and II controlled substances, and an assessment of annual needs for the list I chemicals ephedrine, pseudoephedrine, and phenylpropanolamine. These aggregate quotas limit the quantities of these substances to be manufactured – and with respect to the listed chemicals, imported – in the United States in a calendar year, to provide for the estimated medical, scientific, research, and industrial needs of the United States, for lawful export requirements, and for the establishment and maintenance of reserve stocks.
Changes in Setting APQs Under The SUPPORT Act
The Substance Use-Disorder Prevention that Promotes Opioid Recovery and Treatment for Patients and Communities Act (“SUPPORT Act”) signed into law October 24, 2018, provided significant changes to the process for setting APQs. First, under the CSA, aggregate production quotas are established in terms of quantities of each basic class of controlled substance, and not in terms of individual pharmaceutical dosage forms prepared from or containing such a controlled substance. However, the SUPPORT Act provides an exception to that general rule by giving the DEA the authority to establish quotas in terms of pharmaceutical dosage forms if the agency determines that doing so will assist in avoiding the overproduction, shortages, or diversion of a controlled substance.
Additionally, the SUPPORT Act changed the way the DEA establishes APQs with respect to five “covered controlled substances”: fentanyl, oxycodone, hydrocodone, oxymorphone, and hydromorphone. Under the SUPPORT Act, when setting the APQ for any of the “covered controlled substances,” DEA must estimate the amount of diversion. The SUPPORT Act requires DEA to make appropriate quota reductions “as determined by the [DEA] from the quota the [DEA] would have otherwise established had such diversion not been considered.” Furthermore, when estimating the amount of diversion, the DEA must consider reliable “rates of overdose deaths and abuse and overall public health impact related to the covered controlled substance in the United States,” and may take into consideration other sources of information the DEA determines reliable.
In accordance with this mandate under the SUPPORT Act, in setting the proposed APQs for 2021 DEA requested information from various agencies within the Department of Health and Human Services (“HHS”), including the U.S. Food and Drug Administration (“FDA”), Centers for Disease Control and Prevention (“CDC”), and the Centers for Medicare and Medicaid Services (“CMS”), regarding overdose deaths, overprescribing, and the public health impact of covered controlled substances. DEA also solicited information from each state’s Prescription Drug Monitoring Program (“PDMP”), and any additional analysis of prescription data that would assist DEA in estimating diversion of covered controlled substances.
After soliciting input from these sources, DEA extracted data on drug theft and loss from its internal databases and seizure data by law enforcement nationwide. DEA then calculated the estimated amount of diversion by multiplying the strength of the active pharmaceutical ingredient (“API”) listed for each finished dosage form by the total amount of units reported to estimate the metric weight in kilograms of the controlled substance being diverted.
On July 20, 2020, the United States Food and Drug Administration (FDA) announced a six-month extension of its enforcement discretion policy for certain regenerative medicine products requiring pre-market review due to the COVID-19 pandemic. Included in a final guidance document entitled, “Regulatory Considerations for Human Cells, Tissues, and Cellular and Tissue-Based Products: Minimal Manipulation…
On March 18, 2020, the United States Food and Drug Administration (FDA) announced the suspension of all domestic routine surveillance facility inspections until further notice. FDA took this measure to protect the health and well-being of its staff and those who conduct the inspections for the agency under contract at the state level, and due…
On March 17, 2020, the Office for Civil Rights’ (“OCR”) announced that—for the duration of the COVID-19 emergency—it would exercise enforcement discretion and waive any potential penalties for HIPAA violations relating to health care providers’ use of “everyday communications technologies” in the provision of services via telehealth (the “HIPAA Waiver”). This move has resulted in a drastic increase in the number of telehealth encounters. The HIPAA Waiver has enabled many providers to immediately leverage these technologies to render services via telehealth for the first time, without the need to expend significant resources to quickly ramp up a HIPAA-compliant telehealth platform. A summary of the HIPAA Waiver can be found in a recent blog post. While the HIPAA Waiver applies only temporarily, it is likely that the increased reliance on telehealth evidenced over the past three months is here to stay.
The COVID-19 pandemic’s impact on the regulatory landscape of telehealth was the topic of a June 17, 2020 hearing before the Senate Health, Education, Labor & Pensions Committee. As Chairman Lamar Alexander acknowledged during his opening statement, the health care sector and government “have been forced to cram 10 years’ worth of telehealth experience into just the past three months.” Indeed, this “cramming” has resulted in thirty-one temporary changes to telehealth policy at the federal level. Of these temporary changes, Chairman Alexander included the OCR enforcement discretion / HIPAA waiver as one of the three changes he considers most important. However, of the three changes the Chairman views as most important, he declined to include the enforcement discretion in the temporary changes he believes should be made permanent, and instead called upon his colleagues to consider whether to extend the HIPAA waiver.
FDA recently published its “Good Manufacturing Practice Considerations for Responding to COVID-19 Infection in Employees in Drug and Biological Products Manufacturing Guidance for Industry” (“Guidance”) which provides suggestions on managing the potential risk of products being contaminated by SARS-CoV-2, the virus behind COVID-19 infections for drug and biological product manufacturers, 503B outsourcing facilities, and 503A compounding pharmacies.
The Guidance builds on the current Good Manufacturing Practices (cGMPs) regulations for drugs and biological products, which require personnel with an illness that could adversely affect drug safety or quality be excluded from direct contact with drugs and drug components used in manufacturing. As the Guidance states, preliminary research indicating that SARS-CoV-2 “is stable for several hours to days in aerosols and on surfaces,” and that it has an incubation period of 2 to 14 days, which are both factors that increase the risk of spread and introduction into products. The actual health risk is hard to calculate – FDA itself notes that there have not been documented transmissions through pharmaceuticals to date. The regulatory risk, however, is an easier formula – FDA has a clear expectation that drug and biological product manufacturers evaluate the potential for COVID-19 contamination of their products under existing controls, or risk being out of compliance with cGMPs.…
Continue Reading Current Good Manufacturing Practices in the Time of COVID-19: FDA Announces New Expectations on Risk Assessment and Risk Management