We recently outlined key provisions of the Environmental Protection Agency’s (EPA’s) Final Rule modifying the standards governing industry management of hazardous waste pharmaceuticals, which become effective August 21, 2019. Client Alert

Impacted industries must immediately comply with the nationwide ban on the sewering of hazardous waste pharmaceuticals as of the August 21st effective date.  The ban applies to a wide range of stakeholders, including, but not limited to reverse distributors, pharmacies, hospitals, and wholesalers.

Additional regulatory changes under the Final Rule involving the management of FDA-approved over-the-counter nicotine replacement therapies (“NRT”) and hazardous waste prescription pharmaceuticals destined for reverse distribution also become effective on August 21st in Alaska and Iowa.  All other states will have the option to adopt the NRT changes at the state level before they become effective.  As for the changes to management of hazardous waste prescription pharmaceuticals, all other states must adopt the EPA’s regulatory changes by July 1, 2022 if enacted through legislation, or by July 1, 2021, if enacted through state regulation.  The other 48 states may also adopt more stringent changes to the handling of hazardous waste prescription pharmaceuticals than envisioned by the EPA—in other words, for these states, the EPA regulation serves a regulatory floor, not a ceiling.

August 21, 2019 marks the start of the battle at the state level for regulatory consistency regarding the management of NRT waste and hazardous waste prescription pharmaceuticals.  Many impacted stakeholders will be subject to multiple states’ hazardous waste regulations, either through multi-state stakeholder business locations or through waste that is transported across multiple state lines.  Without some measure of state law consistency, entities who manage NRT waste or hazardous waste prescription pharmaceuticals may see their compliance costs rise as they struggle to comport with variable and possibly conflicting state requirements.

There is little question that youth e-cigarette use has been on the rise. In 2018, an estimated 3.6 million kids reported “current use” of e-cigarettes (defined as use on at least one day in the past 30 days), up from just 220,000 kids reporting such use in 2011 (See National Youth Tobacco Survey findings). Although youth e-cigarette use raises public health concerns, there’s also a public health upside to e-cigarettes, as they have been shown to be an effective tool in helping current adult cigarette smokers kick the habit and are a safer option for current smokers than combustible tobacco products (e.g., cigarettes).  Therefore, it seems that broad restrictions on everyone’s access to these products is probably not the solution here. So what is the answer? How do we keep e-cigarettes out of the hands of children, but maintain their availability for adult cigarette smokers? Let’s track what’s recently been done on the federal and state/local levels to address the issue.

On the federal level, per FDA’s May 2016 “Deeming Rule,” e-cigarettes became subject to FDA’s tobacco product authorities, including, most notably, the requirement that e-cigarettes obtain FDA premarket authorization. For most products, such authorization requires submission of a Premarket Tobacco Product Application (“PMTA”). In their PMTAs, e-cigarette manufacturers must demonstrate that their proposed e-cigarette product is “appropriate for the protection of the public health.” Although FDA released guidance in June 2019 related to the PMTA process, there is still a considerable lack of clarity with regard to how manufacturers can show this broad review standard is satisfied.

The deadline for PMTA submission was initially set for August 2018, but in 2017, FDA pushed back the deadline to August 2022, prompting a lawsuit against the Agency (AAP et al. v. FDA (S.D. MD)). In a July 2019 ruling, the federal judge in this case ordered FDA to impose a 10-month deadline for the submission of PMTAs. As FDA gears up to accommodate PMTA reviews under this accelerated time frame, the Agency noted that it will also continue utilizing other regulatory tools to combat youth e-cigarette use, including enforcement against retailers selling to minors and youth educational and advertising campaigns.

It remains to be seen how exactly implementation of the PMTA process will impact access to e-cigarettes. However, it’s likely that only large, well-funded manufacturers will be able to jump through the regulatory hurdles needed to obtain authorization for their products, which will in turn limit access, at least to some extent (as many small and mid-size companies who can’t jump through the hurdles will be forced to withdraw their products from the market). Also, we may see FDA use the PMTA process to eliminate access to certain types of e-cigarette products with broad youth appeal (e.g., fruity and candy-like flavors), limit the claims manufacturers can make about these products, require additional warnings, and/or place restrictions on distribution.

There have also been efforts to pass federal legislation aimed at restricting youth access to e-cigarettes.  For example, in May 2019, Senator Mitch McConnell introduced a bill (the Tobacco-Free Youth Act) that would set a minimum tobacco purchasing age of 21 (which would apply to all tobacco products, including e-cigarettes).  This seems to demonstrate the perceived importance of the youth access issue given that McConnell represents Kentucky, a major tobacco-growing state.

On the state and local levels, there have been a wide range of efforts aimed at restricting access to e-cigarettes, from increasing the minimum purchase age for e-cigarettes to 21, to taxes, to outright bans on these products.  Below are some examples of these efforts:

  • San Francisco: In June 2019, an ordinance was passed (and later signed by the mayor) that will prohibit businesses in the city from selling e-cigarettes that have not received FDA marketing authorization (which none have yet). The ordinance will also ban all e-cigarettes that have not received FDA marketing authorization from being sold and distributed to consumers in the city (ordinance scheduled to take effect in early 2020).
  • Vermont: As of July 2019, state law prohibits anyone from causing e-cigarettes or substances containing nicotine (or intended for use with e-cigarettes) that are ordered or bought by mail, phone, or over the Internet to be shipped to anyone in Vermont other than a licensed wholesale dealer or retailer; a 92% tax on e-cigarettes will also go into effect.
  • Minnesota: As of August 2019, use of e-cigarettes in most indoor spaces is banned.
  • Beverly Hills: As of January 2021, an ordinance will take effect that prohibits gas stations, pharmacies, and convenience stores from selling tobacco products, including e-cigarettes.

Preventing youth use of e-cigarettes while maintaining availability of these products for current adult cigarette smokers is a complicated charge for legislators and regulators. While it will take some time to evaluate the impact of recent (and soon-to-be implemented) federal and state efforts, as next steps are considered, the need for balance should be kept at the forefront.

On July 11, 2019, a Federal judge for the U.S. District Court for Maryland ruled that manufacturers and importers of products such as e-cigarettes and other electronic nicotine delivery systems (“ENDS”) have ten months to submit applications for marketing to the U.S. Food and Drug Administration (“FDA”). The ten-month deadline is applicable to new tobacco products on the market as of the August 8, 2016 deeming rule that extended FDA’s regulatory jurisdiction to include all tobacco products. Accordingly, manufacturers of e-cigarettes now have until May 2020 to submit applications for market approval in order to continue selling their products.

E-cigarette manufacturers have thus far been able to sell products without FDA approval. In 2016, FDA announced its deeming rule that extended its regulatory jurisdiction over these products. Initially, FDA established a 2022 deadline for existing companies to submit applications for FDA approval. FDA requested in the application information about why the applicant companies should be permitted to keep selling these products. FDA decreased the deadline by one year, to 2021, after numerous studies found a sharp increase in the number of teenagers vaping. Unsatisfied with the one year difference, anti-tobacco groups filed a lawsuit[1] against FDA claiming the agency’s lack of urgency threatened public health. During the course of this lawsuit, FDA proposed the ten-month deadline for application submissions and a one-year deadline for approval. The judge noted that the four-month submission deadline for which the plaintiffs advocated was less reasonable and provided less time for applicants to present sufficient information to FDA. The judge’s ruling removed any agency discretion in regards to these deadlines.

In a response to the court order, Acting Commissioner of FDA Norman E. “Ned” Sharpless stated that “FDA stands ready to accelerate the review of e-cigarettes and other new tobacco products. . . .” and “remain[s] committed to tackling the epidemic of youth vaping using all available regulatory tools at our disposal.” Despite the impending deadline, the judge acknowledged that these companies “have large purses and the resources to complete promptly the applications that they have had before them for years.” However, in a brief filed last month FDA noted that by the end of April 2019 it had received over 400 premarket applications, ninety-nine percent of which did not meet the basic requirements. Clearly, it will require more than simply “large purses” to get these products approved.

Companies can look to FDA’s final guidance published in June 2019 for premarket tobacco product applications (“PMTAs”) for ENDS, which include, e-cigarettes, vape pens, and e-liquids. According to Commissioner Sharpless, the guidance provides companies seeking to market e-cigarette and ENDS products with “recommendations to consider as they prepare a premarket tobacco product application to help the FDA evaluate the public health benefits and harms of a product.” The guidance contains, among other things, the following components: (1) Background regarding FDA’s regulation of ENDS; (2) Products to which the Guidance applies; (3) General procedures for ENDS PMTA review; and (4) Content required in an ENDS PMTA and recommendations for demonstrating appropriateness for the protection of the public health (“APPH”).

ENDS are regulated under the federal Food, Drug, and Cosmetic Act (“FD&C Act” or the “Act”). Under section 910 of this Act, companies and/or persons wanting to market a new[2] tobacco product are required to follow the 905(j) pathway and submit either (1) a report to obtain a substantial equivalence determination or (2) a report notifying FDA of the product’s exemption under the FD&C Act. If the new product is not found to be substantially equivalent to an appropriately identified predicate product, companies must then submit a PMTA and seek a marketing order before marketing the product.

Applicable Products and When a PMTA Is Required

The Guidance applies to three subcategories of ENDS products: e-cigarettes, e-liquids, and “ENDS products that package e-liquids and e-cigarettes together” when they are sold or distributed for consumer use. For example, an e-liquid in a sealed and final package to be sold or distributed for consumer use would fall under FDA’s enforcement scope and be subject to the PMTA requirements.


After the company submits its ENDS PMTA, FDA will conduct a preliminary review to determine whether the application appears to be complete on its face.[3] If initially accepted, FDA will then process a filing review, where it determines whether the ENDS PMTA is sufficiently complete to be filed and warrant a substantive review. Under the FD&C Act, once the FDA receives a complete ENDS PMTA and is filed, FDA has a 180-day period to conduct its substantive review and approve or deny the ENDS PMTA. During this substantive review, FDA may request clarification of deficiencies or additional information to supplement the ENDS PMTA.[4] FDA may also inspect manufacturing, clinical research, and/or nonclinical research sites to assess the accuracy and validity of information provided in the ENDS PMTA and confirm that the product and manufacturing process meets applicable standards. In the Guidance, FDA stated that it intends to issue regulations that will contain requirements for tobacco product manufacturing practices.

Contents of an ENDS PMTA

A complete ENDS PMTA must contain the required information under section 910(b)(1) of the Act. In the Guidance, FDA provides a recommended organization of this information, which should have, at a minimum: (1) general information with a cover letter that details any prior FDA submissions for the new product; (2) a table of contents; (3) “Descriptive Information” that describes major aspects of the new product, including an overview of its formulation and design, the nicotine strength, instructions for its use, any restrictions on sale and distribution that would support a showing that its marketing would be APPH, and specific e-cigarette and e-liquid recommendations like battery capacity/wattage and package quantity/type; (4) product samples; (5) proposed labeling that would minimize risk associated with product use (e.g., an e-cigarette’s battery failure warning based on storage conditions); (6) an environmental assessment[5]; and (7) detailed scientific studies and analyses of research findings.

FDA recommended that companies make sure to provide information on how to minimize risks associated with ENDS batteries and to address the likelihood of use and misuse leading to overheating, fire, and explosion. FDA also appeared especially concerned with these ENDS products’ appeal to youth and young adults (e.g., certain e-liquid flavors being more desirable to young adults). In fact, in FDA’s press release for the Guidance, FDA assured it would “explore clear and meaningful measures to make tobacco products less toxic, appealing and addictive with an intense focus on youth.” Recently, FDA appears to be adhering to this pledge with its first launch of youth e-cigarette advertisements.

Commissioner Sharpless encouraged companies to “use this valuable document now as a guide to submit applications,” especially since there are no authorized e-cigarettes on the market.

[1] American Academy of Pediatrics v. Food & Drug Admin., No. 8:18-cv-00883 (D.C. Md. 2019).

[2] FDA defines a “new” tobacco product as one that “was not commercially marketed in the United States as of (i.e., on) February 15, 2007, or any modified tobacco product that was commercially marketed after February 15, 2007.”

[3] FDA’s criteria for acceptance of a premarket submission for tobacco can be found in 21 C.F.R. 1105.10.

[4] As a note, FDA stated that “ENDS product[s] with a differing flavoring variant and/or nicotine strength” are considered different products and therefore must clearly indicate which information pertains to which product when submitting the PMTA for the group of products.

[5] More information on environmental assessments for PMTAs can be found in 21 C.F.R. Part 25.

On July 8, 2019, Anthony Camillo, owner of Allegiance Medical Laboratory and AMS Medical Laboratory, was sentenced to 30 months in prison by a federal judge in the Eastern District of Missouri. He was ordered to pay $3.4 million in restitution for violations of the anti-kickback statute, associated conspiracy charges, and illegal kickbacks related to various health care fraud schemes to defraud federal health care benefit programs. Those operating in the clinical laboratory testing space or referring specimens to such laboratories should know that what happened in this case is likely a bellwether of continued enforcement action by the federal government with respect to marketing arrangements involving laboratory testing of human tissue.

In July of 2017, Camillo, as well as eight of his co-conspirators, were charged in a 31- count indictment with conspiracy, false statements to a federal agency, engaging in a healthcare fraud scheme, and illegal kickbacks for referrals. According to the indictment, the defendants conducted an elaborate scheme wherein they paid illegal kickbacks to marketers for sending biological samples to their laboratories. Camillo’s labs would then bill Medicare and Medicaid for lab testing services, and Camillo would split the profits between himself and his marketers. Some specimens were reimbursed at over $600 per sample, amounting to millions of dollars in illegal profits. Because both Medicaid and Medicare only reimburse for tests ordered by an appropriate medical provider, the defendants utilized doctors who were willing to put their names on the test orders without ever actually seeing the patient. In fact, some doctors claimed that they did not know their names were being put on the testing orders at all. Many of these samples were obtained at churches and public fairs.

The anti-kickback statute prohibits exchanging anything of value for referrals of services which are payable by federal programs, including Medicaid and Medicare. There are safe-harbors that permit limited defined business relationships; however, in 2018, Congress passed the Eliminating Kickbacks in Recovery Act of 2018 (“EKRA”). This statute prohibits the exchange of anything of value for many types of referrals to laboratories, as well as other enumerated healthcare entities. EKRA does not limit its scope to government payors—instead, EKRA applies to all healthcare benefit programs, which includes private as well as public Medicaid and Medicare plans.

In March of 2018, Camillo pled guilty to 30 charges pursuant to a plea agreement with the government. In that plea agreement, Camillo admitted that his presumptive sentencing guidelines range under the U.S. sentencing guidelines was at least 70 months. However, court filings revealed that Camillo agreed to testify at the trials of his co-conspirators, which is, ostensibly, why he received a sentence less than half of his pre-cooperation sentencing guidelines range. All of Camillo’s co-conspirators were convicted of felonies and received sentences ranging from imprisonment to house arrest, along with hefty monetary penalties.

Camillo’s status as the lead-named defendant in this case is evidence that the government considered him to be the ringleader of this conspiracy. However, that he was used by the government to testify against presumably less culpable co-conspirators is telling of the government’s significant interest in prosecuting participants in illegal laboratory marketing agreements to the fullest extent of the law—regardless of the optics of using those most culpable to make cases against those who are less culpable.  Expect DOJ’s increased commitment to clinical laboratory fraud prosecution to result in more robust federal investigations to come, especially with the expanded jurisdiction it has over clinical laboratories, emanating from EKRA.

Epstein Becker & Green has a tremendous depth of knowledge advising clinical laboratories and practitioners with respect to the healthcare regulatory and statutory rules unique to clinical laboratory testing. Our team of seasoned former federal prosecutors can assess, assist, and advise in developing compliant marketing strategies to operate within this changing landscape.

Devon Minnick, a 2019 Summer Associate (not admitted to the practice of law) in the firm’s Washington, DC office, contributed significantly to the preparation of this post.

The market for direct-to-consumer (“DTC”) genetic testing has increased dramatically over recent years as more people are using at-home DNA tests.  The global market for this industry is projected to hit $2.5 billion by 2024.  Many consumers subscribe to DTC genetic testing because they can provide insights into genetic backgrounds and ancestry.  However, as more consumers’ genetic data becomes available and is shared, legal experts are growing concerned that safeguards implemented by U.S. companies are not enough to protect consumers from privacy risks.

Some states vary in the manner by which they regulate genetic testing.  According to the National Conference of State Legislatures, the majority of states have “taken steps to safeguard [genetic] information beyond the protections provided for other types of health information.”  Most states generally have restrictions on how certain parties can carry out particular actions without consent.  Rhode Island and Washington require that companies receive written authorization to disclose genetic information.  Alaska, Colorado, Florida, Georgia, and Louisiana have each defined genetic information as “personal property.”  Despite these safeguards, some of these laws still do not adequately address critical privacy and security issues relative to genomic data.

Many testing companies also share and sell genetic data to third parties – albeit in accordance with “take-it-or-leave-it” privacy policies.  This genetic data often contains highly sensitive information about a consumer’s identity and health, such as ancestry, personal traits, and disease propensity.

Further, despite promises made in privacy policies, companies cannot guarantee privacy or data protection.  While a large number of companies only share genetic data when given explicit consent from consumers, there are other companies that have less strict safeguards. In some cases, companies share genetic data on a “de-identified” basis.  However, concerns remain relative to the ability to effectively de-identify genetic data.  Therefore, even when a company agrees to only share de-identified data, privacy concerns may persist because an emerging consensus is that genetic data cannot truly be de-identified. For instance, some report that the existence of powerful computing algorithms accessible to Big Data analysts makes it very challenging to prevent data from being de-identified.

To complicate matters, patients have historically come to expect their health information will be protected because the Health Insurance Portability and Accountability Act (“HIPAA”) governs most patient information. Given patients’ expectations of privacy under HIPAA, many consumers assume that this information is maintained and stored securely.  Yet, HIPAA does not typically govern the activities of DTC genetic testing companies – leaving consumers to agree to privacy and security protections buried in click-through privacy policies.  To protect patient genetic privacy, the Federal Trade Commission (“FTC”) has recommended that consumers withhold purchasing a kit until they have scrutinized the company’s website and privacy practices regarding how genomic data is used, stored and disclosed.

Although the regulation of DTC genetic testing companies remains uncertain, it is increasingly evident that consumers expect robust privacy and security controls.  As such, even in the absence of clear privacy or security regulations, DTC genetic testing companies should consider implementing robust privacy and security programs to manage these risks.  Companies should also approach data sharing with caution.  For further guidance, companies in this space may want to review Privacy-Best-Practices-for-Consumer-Genetic-Testing-Services-FINAL issued by the Future of Privacy Forum in July 2018.  Further, the legal and regulatory privacy landscape is rapidly expanding and evolving such that DTC genetic testing companies and the consumers they serve should be watchful of changes to how genetic information may be collected, used and shared over time.

Brian Hedgeman

Alaap B. Shah

On February 27, 2019, Tennessee-based holding company Vanguard Healthcare, LLC (“Vanguard”), agreed to pay over $18 million to settle a False Claims Act (“FCA”) action brought by the United States and the state of Tennessee for “grossly substandard nursing home services.” The settlement stems from allegations that five Vanguard-operated facilities failed to do the following: (1) administer medications as prescribed, (2) provide standard infection control resulting in urinary tract and wound infections, (3) attend to the basic nutrition and hygiene requirements of residents, (4) take prophylactic measures to prevent pressure ulcers, and (5) use physical restraints only when necessary. The FCA makes it illegal for anyone to submit claims (or cause claims to be submitted) for reimbursement to Medicare or Medicaid that are known to be false or based on false information. This settlement also resolves allegations that the Director of Operations, CEO, and several Vanguard companies caused false and/or fraudulent claims to be submitted.  Both the CEO and Director of Operations agreed to pay $250,000, and Vanguard will enter into a chain-wide corporate integrity agreement. The $18 million settlement is the largest “worthless services” settlement to date in Tennessee.

“Worthless services” is not a defined term in the FCA, but it is a newer theory that has, in some cases, extended FCA applicability to issues related to quality of care. The theory has been increasingly employed in qui tam lawsuits alleging that a facility’s services are so deficient that it is tantamount to no services being provided. The rationale of the theory is that because providers are knowingly submitting claims for reimbursement for services with no medical value, the claims are considered false, thereby violating the FCA.

The Vanguard settlement comes at an interesting time. The National Health Care Fraud Takedowns of 2017 and 2018, the largest health care fraud enforcement actions in history, demonstrate the government’s continued commitment to combatting fraud in the health care industry. As part of these efforts, protecting elderly Americans, in particular, from fraudulent activity is a focus of the Trump administration. The focus on prosecuting those who capitalize on the vulnerability of this population was first made evident by the Elder Abuse Prevention and Prosecution Act of 2017. The two largest elder fraud enforcement actions in history followed in February 2018 and March 2019. Attorney General William Barr again reiterated the commitment to protecting aging Americans in the March 2019 remarks announcing the latest elder fraud sweep. In addition, addressing sub-standard care in skilled nursing facilities has remained an active item on the Department of Health and Human Services (HHS) Office of the Inspector General (OIG) Work Plan in recent years.

While enforcement actions in this space are on the rise, circuits remain split on the definition of the term “worthless.” The U.S. Court of Appeals for the Second Circuit was the first to find “worthless services” as a separate and distinct claim under the FCA, defining the term as the performance of services so deficient that, for all practical purposes, it is the equivalent to no service at all.[1] Although the Second Circuit defined this term in the context of a worthless product case,[2] the Third, Sixth, Eighth, and Ninth Circuits have generally accepted the Second Circuit’s definition of the term and apply it to quality of care in health care matters.[3] These circuits now generally look for qualitatively deficient care.

In 2014, the Seventh Circuit demanded a higher evidentiary burden for proving worthless services. The Seventh Circuit concluded that it is not sufficient to prove that services provided were worth less than what was expected; rather, it must be shown that the services were of absolutely no value. The court noted that because the facility in question was able to continue its operation after regular visits from government surveyors, the services provided could not have been so deficient to be considered worth no value.[4] Accordingly, the circuits are split as to whether diminished value or no value is the proper standard. However, it is unlikely that the current split is deep enough to warrant Supreme Court review.

In addition to the circuit split, district courts have struggled with two issues relating to the worthless services theory: (1) the scienter element of the FCA and (2) defining the point at which bundled services are considered worthless.[5]

  • Scienter: The overwhelming majority of facilities surveyed through the normal survey process are cited for deficiencies. Most cited facilities receive at least one quality of care deficiency. Despite how common such deficiencies are, it is difficult for those in the facility responsible for submitting claims—individuals typically not at all involved in patient care—to know when a service provided could be considered worthless. However, knowledge is more easily established when it involves a patient death or serious injury.[6]
  • The defining point of worthless bundled services: The aforementioned circuit split is largely due to the difficulty of applying a definition originally used in a worthless product case to quality of care cases. Federal payors reimburse nursing homes on a fixed per diem rate as opposed to reimbursing for each individual service provided to a patient. The frequency of quality of care deficiencies and this bundling of services make it difficult for courts to determine how many services must be deficient or of no value for a claim to be false. Employing a strict standard, a federal judge in California dismissed a worthless services claim because the plaintiff failed to allege that the defendant’s neglect of its patients was so severe that “for all practical purposes, the patients were receiving no room and board services or routine care at all.”[7] However, in denying a motion to dismiss, a federal judge in Kentucky decided that it is sufficient to show that “patients were not provided the quality of care which meets the statutory standard.”[8] A Mississippi district court found the following evidence to be sufficient to move forward under a worthless theory claim: inadequate staffing, failure to maintain hygiene standards, reuse of medical tubing, pervasive mold and pest issues, forcing patients to shower in groups, widespread neglect, failure to monitor patients at a heightened risk for wandering, and failure to safeguard medications.[9]

It is the provider’s responsibility to ensure that services provided meet the minimum statutory standard before filing a claim for federal reimbursement. Providers should be cognizant of internal compliance issues to ensure that services are not being underprovided. Providers should seek to remedy any issues internally, if possible, and follow HHS OIG self-disclosure protocol. Monitoring the quality of services provided through an effective and well-documented quality assurance program is critical to remaining compliant and defending against allegations of worthless services. Finally, providers should monitor for updates as this theory continues to evolve in the courts.

[1] United States ex rel. Mikes v. Straus, 274 F.3d 687 (2d Cir. 2001).

[2] Id.

[3] See also George Breen & Daniel Fundakowski, Quality of Care, Medical Necessity, and Worthless Services under the False Claims Act: Where Are We Headed Now?, Am. Health Lawyers Assoc. (2013), available at https://www.healthlawyers.org/Events/Programs/Materials/Documents/PHY13/L_breen_article.pdf (explaining how courts view the theory of worthless services).

[4] United States ex rel. Absher v. Momence Meadows Nursing Ctr., Inc., 764 F.3d 699 (7th Cir. 2014).

[5] Richard Hughes IV, With a Worthless Services Hammer, Everything Looks Like a Nail: Litigating Quality of Care Under the False Claims Act, 37 J. Legal Med. 65 (2017).

[6] Id.

[7] United States ex rel. Swan v. Covenant Care, Inc., 279 F. Supp. 2d 1212, 1221 (E.D. Cal. 2002).

[8] United States v. Villaspring Health Care Ctr., Inc. 2011 U.S. Dist. LEXIS 145534, *16 (E.D. Ky.).

[9] United States ex rel. Acad. Health Ctr., Inc. v. Hyperion Found., Inc., 2014 U.S. Dist. LEXIS 93185 (S.D. Miss.).

When we think about the top players in the medical device development space, we often see device company sponsors, clinicians, scientists, and FDA regulators as the ones driving the process. But what about the patient perspective? Does that get factored in?

On May 3, 2019, FDA established a docket to collect public input on a proposed list of patient preference-sensitive areas for medical device review, and posed certain related questions (comments are due July 2, 2019). By identifying these key areas (which it committed to as part of the reauthorization of the Medical Device User Fee Amendments of 2017 (MDUFA IV)), FDA hopes to advance patient input, which can help inform and improve regulatory decision-making. FDA has grouped these proposed patient-preference sensitive areas (full list available here) into the following four umbrella categories:

  1. Patient values in diagnosis and treatment
  2. Relevant clinical endpoints for specific patient populations
  3. Patient benefit-risk tradeoffs for treatment options or diagnostic approaches
  4. Impact of uncertainty in benefit-risk tradeoffs

Stepping back for a moment, though, it’s important to understand what exactly patient preference information is and how FDA has addressed patient preference information to date.

What is Patient Preference Information (PPI)?

FDA defines PPI as “qualitative or quantitative assessments of the relative desirability or acceptability to patients of specified alternatives or choices among outcomes or other attributes that differ among alternative health interventions.” Put simply, PPI can help inform what’s important to patients and can be useful in evaluating a device’s benefit-risk profile, particularly when treatment options are “preference sensitive” (i.e., multiple treatments exist and no option is clearly superior or the evidence supporting one option over the others is uncertain).

What Efforts has FDA Previously Undertaken to Advance the Patient Perspective?

Since 2013, FDA has taken several actionable steps to recognize the voice of patients, including the following:

  • 2013 – FDA launched the Patient Preference Initiative, and hosted a public workshop to discuss ways to incorporate patient preferences on device benefit-risk trade-offs into Center for Devices and Radiological Health (“CDRH”) decision-making, and advance the science of measuring patient and provider treatment preferences.
  • 2015 – FDA announced the first Patient Engagement Advisory Committee (PEAC), supported by CDRH, which provides advice to the FDA Commissioner on complex issues relating to devices and their use by patients, with the goal of increasing integration of patient perspectives into the regulatory process.
  • 2016 – FDA released final guidance entitled “Patient Preference Information – Voluntary Submission, Review in Premarket Approval Applications, Humanitarian Device Exemption Applications, and De Novo Requests, and Inclusion in Decision Summaries and Device Labeling”
  • 2017 – FDA co-hosted a workshop presenting current progress on incorporating PPI into medical product reviews and how PPI can be collected and presented (among other topics).

As patients become increasingly interested and engaged in their health care decisions, it makes a lot of sense for their perspectives to be considered by regulators who are evaluating the benefits and risks of proposed products.  Of course, however, it is important that patient preference information is accurately measured and appropriately weighted in the decision-making process. To that end, FDA advises sponsors that are considering patient preference studies to consult with the Agency early on in the process.

Following a two-day meeting by a Food and Drug Administration (“FDA”) advisory committee on breast implant safety earlier this year, FDA on May 2, 2019, released a statement announcing that no breast implant models will be banned from the U.S. market at this time. Also described in the statement are a number of measures the agency is undertaking in order to assist women in making more informed decisions regarding breast implants.

The March 26, 2019, meeting of the General and Plastic Surgery Devices Panel was convened to discuss issues and concerns related to the benefit-risk profile of breast implants, including a potential link between textured breast implants and breast-implant associated anaplastic large cell lymphoma (“BIA-ALCL”). The panel heard testimony from nearly 40 member surgeons of the American Society of Plastic Surgeons as well as from a number of women who stated that they suffered adverse health consequences after receiving breast implants. The panel recommended that health care providers implement stronger informed consent practices for breast implant surgeries, including disclosure of information regarding the signs and symptoms of breast implant illness (“BII”) and BIA-ALCL as well as the increased risk of BIA-ALCL with textured implants.

According to the May 2 statement, which was jointly issued by FDA Principal Deputy Commissioner Amy Abernethy and Center for Devices and Radiological Health Director Jeff Shuren, FDA concluded after reviewing available data and information that textured breast implants do not meet the legal standard for imposing a ban under the Food, Drug, and Cosmetic Act. The statement points out that while “the majority of women who develop BIA-ALCL have had textured implants, there are known cases in women with smooth-surface breast implants and many reports do not include the surface texture of the implant at the time of diagnosis.”

The statement also announced a change of policy with respect to adverse event reporting. Manufacturers of breast implants will no longer be permitted to submit summary reports of adverse events and instead will be required to file individual medical device reports (“MDRs”) that will be publicly available in the Manufacturer and User Facility Device Experience (“MAUDE”) database. FDA will also make the previously submitted summary reports public in the coming weeks. Additionally, FDA will work with primary stakeholders on developing the content and format of possible boxed warnings or patient checklists for breast implants in order to communicate significant health concerns and risks associated with breast implants.

According to the statement, FDA also is undertaking new efforts to improve the characterization of, and risk factors for, BII and to increase information available to women to enable more informed decision-making about “whether to obtain breast implants or to remove existing breast implants in an effort to reverse systemic symptoms.” The agency also plans to examine whether device materials may cause immune or inflammatory reactions among certain predisposed individuals, and may require disclosure of breast implant ingredient information to be included in product labeling.

Shortly before the March 26 meeting, FDA sent warning letters to two manufacturers of breast implants for failing to adequately comply with post-market commitments to study the long-term safety of their products. These actions, coupled with FDA’s recent statement, signal that breast implant safety is a high-priority issue for the agency. Manufacturers, providers, payors, and other stakeholders should carefully evaluate the potential impact of FDA’s announced initiatives on their activities.

On April 30, 2019, Assistant Attorney General Brian Benczkowski announced that the Department of Justice (“DOJ”) had published an updated version of the Criminal Division’s 2017 guidance publication “Evaluation of Corporate Compliance Programs.”  In making the announcement, Assistant Attorney General Benczkowski said the update was designed to “better harmonize the prior Fraud Section publication with other Department guidance and legal standards.”  He noted that DOJ also sought “to provide additional transparency in how [it] will analyze a company’s compliance program.”

The updated guidance document focuses on answering three principal questions:

  1. Is the corporation’s compliance program well designed?
  2. Is the program being applied earnestly and in good faith?  In other words, is the program being implemented effectively?
  3. Does the corporation’s compliance program work in practice?

The new guidance addresses the topic areas from the original publication – some of which have been re-phrased – by grouping them under one of these three questions.  It also raises additional questions prosecutors should ask when evaluating compliance programs and adds one new topic, “Investigation of Misconduct.”

  1. Is the corporation’s compliance program well-designed?

Under the updated DOJ guidance, “the starting point for the prosecutor’s evaluation of whether a company has a well-designed compliance program is to understand the company’s business from a commercial perspective, how the company has identified, assessed, and defined its risk profile, and the degree to which the program devotes appropriate scrutiny and resources to the spectrum of risks.”  Notably, specificity is key: the DOJ asks whether the program is “designed to detect the particular types of misconduct most likely to occur in a particular corporation’s line of business and complex regulatory environment.”

Additionally, DOJ will focus on an entity’s programs, policies and procedures to assess such things as comprehensiveness, how the policies and procedures are communicated to employees and third parties, who has ownership responsibility for integrating the policies and procedures and whether there are gatekeepers (i.e., is guidance and training provided by individuals with approval authority or certification responsibilities).

DOJ will also look at the organization’s training and communications efforts and will evaluate how the organization integrates its policies and procedures into its operations.  This includes determining whether there is risk-based training, assessing the form, content and effectiveness of the training, the availability of guidance to employees and communications about potential misconduct. In other words, what senior management has “done to let employees know the company’s position concerning misconduct and whether there are communications when an employee is terminated or otherwise disciplined for failure to comply.”

Another key element DOJ looks for is a confidential reporting mechanism that employees can use to report concerns. When evaluating the effectiveness of the reporting program, prosecutors take into account whether employees are able to make reports anonymously and whether qualified employees are involved in the investigation of the reported concerns through properly scoped investigations that ensure that the correct issue is examined.  Beyond just evaluating the results of a compliance function, this requires an assessment of how investigations are responded to, whether the corporation allocates appropriate resources to the investigation, and how the company monitors status.

Finally, DOJ wants to know how an entity is managing third party partners, including “agents, consultants, and distributors who are commonly used to conceal misconduct.”  This means an assessment of the third-party management process, whether appropriate controls were in place regarding use of third parties and how the third-party relationship was managed.

Of particular note, the update reminds corporations that DOJ has a continuing interest in mergers and acquisitions, and it expects that a well-designed program conducts “comprehensive due diligence of any acquisition targets.”  Believing that this pre M&A due diligence puts the company in a better position to evaluate potential issues, DOJ will want to see how the compliance function has been integrated into the M&A process, and whether there is a crosswalk in place to connect it to due diligence implementation.  Put plainly, how does the company track and remediate any misconduct identified as part of the due diligence?

  1. Is the Corporation’s Compliance Program Being Implemented Effectively?

DOJ evaluates whether the corporate compliance program is effectively implemented and engrained in the company’s culture so that it affects employee behavior. A corporation must actively foster a culture of ethics and compliance that originates from the top—that is, Boards of Directors, executives, and senior management. Not only must employees be informed about compliance processes, but they should also be convinced the company is committed to compliance based on the words and actions of the corporate leadership.

Prosecutors next look at the structure of the compliance program, specifically, whether the personnel tasked with implementing the program have sufficient seniority, resources, and autonomy from management to be effective. As with many other factors detailed in the update, each corporation’s implementation is dependent upon the size, structure, and risk profile of the particular entity. Regardless of program structure, the guidance stresses empowerment of the compliance personnel: a corporation must ensure that the compliance program has “adequate resources, appropriate authority” and direct access to the governing authority or a subgroup thereof.

Finally, prosecutors evaluate the program’s incentive structure to determine whether it adequately motivates compliance. Again, the methodology chosen should be specific to each company’s culture: whether it comes in the form of publicizing disciplinary actions as a deterrent or providing financial and career advancement as positive incentives is dependent upon the outcomes observed by a company.

  1. Does the Corporation’s Compliance Program Work in Practice?

DOJ acknowledges that the third question—whether a company’s well-designed and implemented corporate compliance program is effective in practice—may be difficult to assess, particularly when misconduct that becomes the focus of an investigation is not immediately detected by the compliance program. The guidance instructs prosecutors that the mere presence of misconduct does not indicate that the compliance program is ineffective. Indeed, if the misconduct was identified through the compliance program’s mechanisms, this factor may weigh in favor of a defendant’s compliance efforts.

Prosecutors may need to address this third question both at the time of the misconduct and at the time of a charging decision or resolution.  Different concerns are evaluated at each stage. At the time of misconduct, prosecutors should evaluate “whether and how the misconduct was detected, what investigation resources were in place to investigate suspected misconduct, and the nature and thoroughness of the company’s remedial efforts.”

Corporate compliance obligations do not end once the misconduct has been identified; effective corporate compliance programs “improve and evolve” over time in response to business changes and new areas of risk. Prosecutors may re-assess the compliance program at the time of charging or resolution, addressing “whether the program evolved over time to address existing and changing compliance risks” and “whether the company undertook an adequate and honest root cause analysis to understand both what contributed to the misconduct and the degree of remediation needed to prevent similar events in the future.”

Second, DOJ asks whether there are effective (and funded) mechanisms for timely and thoroughly investigating allegations or suspicions of misconduct. Ensuring that investigations into misconduct are independent, objective, and documented is essential to an effective compliance program.

Finally, DOJ assesses the corporation’s root-cause analysis and remediation of any misconduct identified. The guidance underscores the importance of the corporation engaging in its own remedial actions, including appropriate disciplinary actions, even after DOJ is involved.


The DOJ has provided a detailed update to its guidance and framed the key questions that it will ask during an investigation when evaluating compliance program effectiveness. This update provides insight into the steps that any health care entity can proactively take to ensure it receives the benefit of a robust and effective compliance program should misconduct occur. DOJ has signaled that being proactive, rather than reactive, is what is expected. In particular, DOJ will look at what a company did in the face of an allegation of misconduct as part of its evaluation of the compliance function when determining an appropriate remedy – or in deciding to forego one. It is also clear that DOJ does not view compliance as a “one size fits all” enterprise, and will be looking at how a company adapts its program to its own specific risk profile. It also expects the compliance function to operate independently and that the organization fosters a “culture of compliance.” Companies should review their corporate compliance programs to ensure that they are current, disseminated on a regular basis to all employees, and a central, visible focus throughout the organization.