As discussed on our sister blog, Life Sciences Legal Update, the FDA has published a notice soliciting comments on a draft guidance document on the use of electronic media and processes to obtain informed consent for FDA-regulated clinical investigations of medical products. The HHS Office for Human Research Protections (OHRP) also is considering whether to adopt the policy for research regulated under HHS protection of human subjects regulations.
On January 27, 2015, the House Energy and Commerce Committee released its “21st Century Cures Act” discussion draft, the product of a year-long, bipartisan effort by the Committee to accelerate the pace of medical cures in the United States. The nearly 400-page bill addresses a wide range of topics, including, among many other things: the drug and device approval processes; clinical trials; Medicare coverage, payment, and coding; drug safety; and other proposals intended to streamline medical technology regulations across government. The Committee invites interested stakeholders to submit specific suggestions about how to improve the legislation; no deadline is specified.
In a related development, on January 29, the Senate Health, Education, Labor and Pensions (HELP) Committee launched its own initiative to examine and reform public policies in order to speed patient access to safe and effective medical products and treatments. To kick off this effort, the HELP Committee released a report entitled “Innovation for Healthier Americans: Identifying Opportunities for Meaningful Reform to Our Nation’s Medical Product Discovery and Development.” The report seeks feedback on a series of questions on ways to decrease the time and costs associated with bringing medical products to patients, including questions related to: more effectively targeting government resources; evaluating public-private partnerships; promoting biomedical research; streamlining clinical trial requirements; modernizing Food and Drug Administration medical product approval processes; and harmonizing US regulations with international standards. Feedback is requested by February 23, 2015. The Committee also intends to hold a series of hearings on issues raised in the report.
Yesterday the FDA issued final guidance entitled “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” which includes recommendations for medical device manufacturers on cybersecurity management and information that should be included in a pre-market submission. The recommendations are intended to supplement previous FDA guidances, “Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices,” and “Guidance to Industry: Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software.”
In a related development, on October 21-22, 2014, the FDA is holding a public workshop on “Collaborative Approaches for Medical Device and Healthcare Cybersecurity.” Through the workshop, FDA seeks to encourage collaboration among stakeholders, identify challenges, and discuss strategies and best practices for promoting medical device cybersecurity.
FDA Will Not Enforce Compliance for Mobile Device Data Systems and Other Low Risk Devices, Agency Reports
This post was written by Jennifer Pike.
In a new draft guidance document, the Food and Drug Administration (FDA) has announced that it does not intend to enforce compliance with general regulatory controls that apply to Medical Device Data Systems (MDDS), medical image storage devices and medical image communications devices.
MDDS refers to hardware and software that transfers, stores, converts format and displays medical device data, but that does not modify the data or control the functions or parameters of any connected medical device. In 2011, MDDS were classified by FDA as Class I medical devices subject to general regulatory controls under the Federal Food, Drug and Cosmetic Act. FDA has since determined that MDDS pose a low risk to the public and play an important role in advancing health. The agency has therefore decided not to enforce compliance with the controls that apply to MDDS, medical image storage devices and medical image communications devices (e.g., registration and listing, premarket review, postmarket reporting and quality system regulation).
The draft guidance also proposes changes to FDA’s draft guidance titled “Mobile Medical Applications” issued on September 25, 2013 to conform with the new draft guidance.
Comments regarding the draft guidance should be submitted to FDA by August 25, 2014.
The FDA released two draft social media guidance documents last week, describing how manufacturers, packers and distributors of prescription drugs and medical devices may: (1) communicate both benefit and risk information on Internet/social media platforms with character space limitations, and (2) correct independent third-party misinformation about a firm’s products. For details, see Reed Smith's Client Alert posted on our Life Sciences Legal Update blog.
According to the Food and Drug Administration (FDA), additive manufacturing, also known as 3-D printing, is entering mainstream use in medical devices, both as an alternative device production method for traditional components and as a method to create patient-matched devices. FDA has begun to receive submissions using additive manufacturing for medical devices, and the agency sees “many more on the horizon.” As the use of additive manufacturing becomes more widespread, the FDA wants additional information on scientific and technical challenges associated with the use of such technology for medical devices, particularly with regard to process verification and validation to ensure patient safety. To that end, the FDA is hosting a public workshop on October 8 and 9, 2014 entitled “Additive Manufacturing of Medical Devices: An Interactive Discussion on the Technical Considerations of 3-D Printing.'' The meeting is intended to provide a forum for FDA, medical device manufactures, additive manufacturing companies, and academia to explore this issue in detail, including ways to provide a transparent evaluation process for future submissions. The workshop discussion may facilitate development of new draft guidances and/or standards for additive manufacturing of medical devices. Comments on the workshop topic will be accepted until November 10, 2014.
CMS is inviting comments on the Physician Payment Sunshine Act “Open Payments Program” dispute resolution and corrections process. As previously reported, the Physician Payment Sunshine Act requires pharmaceutical and medical device manufacturers and group purchasing organizations (GPOs) to register with and submit to CMS data on their financial relationships with physicians and teaching hospitals. This financial data will be made publicly available on the CMS Open Payments website. On May 5, 2014, CMS published a notice soliciting additional feedback on the dispute resolution and corrections process, under which covered recipients and physician owners or investors have an opportunity to dispute certain information regarding a payment or other transfer of value. Comments will be accepted until June 2, 2014.
This post was written by Jillian W. Riley
Earlier this week, FDA’s Center for Devices and Radiological Health (CDRH) published two separate draft guidance documents to advance the dual goals of FDA and industry to provide pathways for medical devices to reach the market quickly while ensuring the safety and efficacy of the product.
The first guidance, entitled Balancing Premarket and Postmarket Data Collection for Devices Subject to Premarket Approval, clarifies FDA’s current thinking on creating an effective means to achieve “the right balance of premarket and postmarket data collection facilitates timely access to important new technology without undermining patient safety.” Greater reliance on postmarket data collection can help a new product reach the market – and patients – sooner. One key factor FDA considers when determining whether postmarket data collection is appropriate is the device’s potential impact on public health. For example, and as discussed more thoroughly in the separate guidance discussed below, FDA may accept greater pre-approval uncertainty regarding specific benefits and risks of devices where there is demonstrated potential to address unmet medical needs.
The second guidance, Expedited Access for Premarket Approval Medical Devices Intended for Unmet Medical Need for Life Threatening or Irreversibly Debilitating Diseases or Conditions, proposes a new expedited review program for medical devices that address unmet medical needs and are subject to premarket approval (PMA) applications. The program laid out in the draft guidance establishes opportunities for earlier and more active engagement between sponsors and FDA staff, including earlier involvement of senior management to ensure more consistency in messaging to industry. The early interactions aim to establish better plans for efficient collection of the scientific and clinical data necessary to support FDA’s approval determinations. The guidance also describes the criteria an applicant must meet in order to obtain an expedited access PMA designation.
FDA will be accepting comments regarding the draft guidances until July 23, 2014.
While attention has been focused on Medicare physician payment data released by CMS yesterday, upcoming Sunshine Act data will shine a new spotlight on financial relationships between physicians and pharmaceutical and medical device companies – with potential FCA implications.
Last week marked the deadline for pharmaceutical and medical device manufacturers and group purchasing organizations (GPOs) to register with and submit aggregate 2013 payment and investment interest data to the Centers for Medicare & Medicaid Services (CMS) on certain financial relationships between themselves and physicians and teaching hospitals, as required by the Physician Payment Sunshine Act.1 In May, manufacturers and GPOs will be required to submit to CMS detailed 2013 payment data. With some exceptions, CMS will be making these data public by September 1, 2014. While the publicly available data are intended to provide more transparency for patients – to allow them to have a better understanding of the financial relationships between physicians and pharmaceutical and medical device companies – patients will certainly not be the only group interested in this public information. The Department of Health and Human Services (HHS) Office of the Inspector General (OIG), Department of Justice (DOJ), and relators’ attorneys will likely utilize these data to initiate investigations and support complaints under the federal False Claims Act (FCA). As with the recent release of the 2012 Medicare Part B Physician Fee Schedule data, members of the media will likely make inferences about certain financial relationships.
The U.S. government recovered $3.8 billion in settlements and judgments from civil cases involving fraud against the government in the fiscal year ending Sept. 30, 2013.2 Fiscal 2014 looks to be a record-breaking year, with ever-increasing civil settlements by major pharmaceutical companies.3
As the reporting deadlines approach, it is worth considering an interesting, and largely unknown, potential implication of the public availability of these data: How will it affect future FCA litigation? The publically available Sunshine Act data could become relevant to FCA litigation in a variety of ways; two in particular are discussed below.
Anti-Kickback Statute Violations
The data could give rise to suspicions of violations of the federal Anti-kickback Statute (AKS). The AKS makes it a criminal offense to knowingly and willfully offer or pay remuneration to induce the referral of, or arrange for the provisions of, federal health care program business.4 In other words, the law prohibits any person or entity from giving, receiving – or offering to give or receive – anything of value in return for or to induce referrals for businesses covered by Medicare, Medicaid, or any other federally funded health care program. Violators of the AKS face imprisonment, criminal, and civil fines, as well as exclusion from federal health care programs.5
It is easy to see how publishing information regarding payments from pharmaceutical and medical device manufacturers to physicians and teaching hospitals could implicate the AKS, and by extension, the FCA. The Patient Protection and Affordable Care Act (ACA) made explicit that violations of the AKS are also violations of the FCA.6 Any payment from a pharmaceutical or medical device manufacturer to a physician who prescribes a product manufactured by the company providing the payment could be viewed as potentially inappropriate remuneration intended to influence prescribing behavior.
Publically available information reported as a result of the Sunshine Act may also have off-label promotion implications. Notably, reports to CMS must include the name of the drug or the type of device that forms the basis of the payment.7 Tying the payment to a particular drug or type of device could raise suspicions of off-label promotion. A pharmaceutical or medical device manufacturer that promotes its products for uses for which the product has not yet been approved by the United States Food and Drug Administration (FDA), i.e., off-label uses, is at risk of FCA liability. A false claim can arise when a manufacturer promotes a product for off-label, non-covered uses (that is, for a use that both has not been approved by FDA and is not covered by the federal health care programs). Payments going to physicians who specialize in an area that is outside the scope of a pharmaceutical or medical device’s approved indication could necessarily raise suspicions that the manufacturer is promoting the product for unapproved uses.
Besides the risk of government identifying potential issues for further investigation and prosecution as a result of reported Sunshine Act data, private parties may also mine the publically available data. One substantial impediment to relators’ attorneys using Physician Sunshine Payment data in FCA litigation is the limitation that publicly available data cannot form the basis of a whistleblower claim.8 This is known as the public disclosure bar, although the effectiveness of this defense has been diminished with recent FCA amendments.
That said, the Sunshine Act data, even if not the basis of a claim, could nonetheless impact the litigation in many ways. For example, it could provide additional evidence for the government to review in reaching its decision whether to intervene in a qui tam action. Both OIG and DOJ could review the data before it is publicly available to assist in the determination that a given matter warrants intervention. Additionally, the publicly available data – beyond providing flavor in support of an FCA claim and assisting with meeting the heightened pleading standard associated with fraud allegations9 – could be a potential mine for plaintiff attorneys to locate areas of focus. Relators’ attorneys will no doubt track the data to ascertain potential problem drugs or companies about which they can then dedicate efforts to uncovering fraud and abuse in the federal health care system.
It remains to be seen how all of these risks will play out going forward. Courts will have to decide how these new data will fit into FCA litigation. OIG and DOJ will have to determine how much to rely on the new information. And relators’ attorneys will need to make decisions about how many resources to dedicate to mining the Sunshine Act data.
One potential consequence that we are already starting to see occur is that pharmaceutical and medical device manufacturers may halt or limit payments to physicians, and/or that physicians themselves will be reluctant to accept such payments, e.g., for research, for expenses associated with training on a device, and the like. Companies may decide to do so for a variety of reasons, including avoiding the administrative burdens associated with tracking and reporting such payments for purposes of the Sunshine Act, fear of FCA litigation, or for public relations reasons. Many physicians simply do not want their names publicized. It remains to be seen how these trends will evolve.
1 42 C.F.R. § 403.908(a).
2 DOJ Press Release, available at: http://www.justice.gov/opa/pr/2013/December/13-civ-1352.html. 3 See, e.g., DOJ Press Release, available at: http://www.justice.gov/opa/pr/2013/November/13-ag-1170.html.
4 42 U.S.C. § 1320a-7.
6 42 U.S.C. § 1320a-7b(g). Note that manufacturers may submit “assumptions documents” as part of Sunshine reporting. Although CMS stated in the preamble to the Sunshine regulations its belief that the contents of such documents “should not be made public,” it acknowledged that it could provide access to the documents during an audit or investigation by other HHS divisions, the Office of Inspector General, or the Department of Justice.
7 42 C.F.R. 403.94(c)(8).
8 31 U.S.C. § 3730(e)(4).
9 Fed. R. Civ. P. Rule 9(b).
This post was written by Jennifer Pike.
On March 25, 2014, the Food and Drug Administration (FDA) published a proposal to amend its regulations governing the classification and reclassification of medical devices. In addition to conforming the regulations to recent changes made by the 2012 Food and Drug Administration Safety and Innovation Act (FDASIA), the proposed rule makes changes unrelated to FDASIA. Among other changes to 21 CFR Part 860, FDA proposes to:
- Amend several definitions at 21 CFR § 860.3, including the definitions of Class I, Class II and Class III to reflect the key principle underlying device classification that a reasonable assurance of safety and effectiveness is necessary for all three classes, but that the level of regulation necessary to provide such assurance is specific to the level of risk.
- Amend the definition of Class III to clarify which devices fall in this category.
- Establish special controls for Class II devices by replacing the term “performance standards” in 21 CFR § 860.7.
- Amend 21 CFR § 860.84 to remove from the classification process the requirement to answer the classification questionnaire and provide information using the supplemental data sheet.
- Revise the procedure at 21 CFR § 860.130 to reflect the FDASIA requirement that devices reclassified under 513(e) of the Food, Drug and Cosmetic Act be reclassified using an administrative order procedure.
- Revise the process under 21 CFR § 860.133 for the filing of a premarket approval for Class III preamendment devices to conform to FDASIA.
Comments to the proposed rule may be submitted in writing, or at www.regulations.gov, on or before June 23, 2014.
The Access Board's Medical Diagnostic Equipment Accessibility Standards Advisory Committee has issued its final report on “Advancing Equal Access to Diagnostic Services: Recommendations on Standards for the Design of Medical Diagnostic Equipment for Adults with Disabilities.” The report includes detailed recommendations on standards for access to equipment such as examination tables and chairs, weight scales, and diagnostic equipment. Among other things, the report address transfer access, armrests, lift compatibility, and other features for accessibility. The standards, which are being developed as directed under the ACA, still must be approved by the full Access Board.
In October 2011, CMS and the FDA formally launched a voluntary parallel review pilot program for sponsors of medical devices. At the time, the agencies stated that they intended to run the pilot program for two years, with the possibility of an extension. In a December 18, 2013 notice, the FDA and CMS announced that they were extending the program for another two years in light of the significant interest in the pilot. The agencies are working through the process with the approved pilot program participants, and they will formally evaluate the program after a “representative group of participants have completed the pilot process.”
CMS has issued updated survey guidance clarifying requirements for hospital maintenance of facilities, supplies, and equipment. Most notably, under certain circumstances, CMS is allowing a hospital to adjust its maintenance, inspection, and testing frequency and activities for facility and medical equipment from what is recommended by the manufacturer, based on a risk-based assessment performed by qualified personnel. Hospitals that choose to employ such “alternate equipment maintenance” activities and/or schedules must implement a documented program to minimize risks to patients and others in the hospital associated with the use of facility or medical equipment.
The Department of Justice (DOJ) recently announced that it recovered $3.8 billion in settlements and judgments in civil False Claims Act cases in fiscal year (FY) 2013, including health care fraud recoveries totaling approximately $2.6 billion. The DOJ notes that about $1.8 billion in recoveries involved alleged false claims for drugs and medical devices under federally insured health programs (with an additional $443 million recovered for state Medicaid programs). The Department also reports that in FY 2013, a record 752 qui tam/whistleblower suits were filed and $2.9 billion was recovered in such suits (with whistleblowers recovering $345 million).
The deadline for interested parties to submit an application for FY 2015 new technology add-on payments under the Medicare inpatient prospective payment system (IPPS) is November 25, 2013.
A recent OIG report links the growing presence of physician-owned distributorships, or PODs, to increased spinal surgery volumes and potentially increased Medicare costs. The OIG notes a “substantial presence” of PODs in the spinal device market, with PODs supplying spinal devices for 19% of the spinal fusion surgeries billed to Medicare in FY 2011. According to the OIG, hospitals that purchased devices from PODs performed more spinal surgeries in 2012 than hospitals that did not purchase from PODs, and hospitals increased the rate of growth in the number of spinal surgeries after they began purchasing from PODs. Hospitals identified surgeon preference as the strongest influence on their decisions to purchase spinal devices from PODs. The OIG also disagrees with PODs’ claims that their devices cost less than those from other suppliers; rather, in the categories examined by the OIG, the devices cost the same as or more than devices from companies not owned by physicians. This fact, coupled with increased volumes, according to the OIG, could increase overall Medicare costs over time. In addition, the OIG raises concerns about inconsistencies in hospital policies regarding physician disclosure of ownership to either hospitals or their patients of interests in PODs (although the OIG suggests that the new “Sunshine Act” disclosure rules may improve the ability of hospitals and patients to identify physicians’ investment in device companies). For a case urging an alternative perspective on PODs, see the report on our sister blog, http://www.lifescienceslegalupdate.com/, about a recent complaint filed in the U.S. District Court for the Central District of California that seeks a declaration that the OIG’s Special Fraud Alert on PODs unfairly and unconstitutionally burdens First Amendment rights of free speech and due process. The complaint defends the lawfulness of the physician-owned model, and characterizes the Fraud Alert as the result of a multi-year lobbying campaign by “Big Corporations” forced to compete with small physician-owned entities. For more details, see our full report.
As reported on Reed Smith's Life Sciences Legal Update blog, the local Beijing office of the Ministry of Health (MOH) of the People's Republic of China recently announced that it has started a three-month review of the use of high-value medical consumables and large-scale medical equipment in Beijing. Noting that prior inspections of hospitals had found continuing problems with the misuse and overuse of medical devices to increase profits, the investigation is intended to strengthen hospitals’ management of the use of medical devices and to regulate the use of high value medical consumables. The Beijing MOH will also develop a database that will track the price and model of devices implanted in each patient, require hospitals to improve their purchasing management systems, and conduct periodic inspections of hospitals’ purchasing and management of medical consumables. For more information about this recent investigation and increased life sciences regulatory enforcement in China, see the full post.
CMS Revises Medicare National Coverage Determination Process, Eases Path to Discontinue Outdated Coverage Policies
CMS has announced updates to the process for making Medicare national coverage determinations (NCDs) to provide clarity and transparency with regard to modifications made to the coverage process since the Medicare Modernization Act. Among other things, the notice addresses: the procedures for requesting an NCD or reconsideration of an existing NCD; public participation in the NCD process; informal contacts prior to requesting an NCD; what constitutes a complete, formal request for an NCD or formal request for reconsideration of an existing NCD; external requests for NCDs; CMS internally-generated review of NCDs; and time frames. CMS had previously addressed these topics in a 2003 Federal Register notice and in subsequent subregulatory guidance documents.
Most notably, the notice outlines a new, expedited administrative process to remove certain NCDs that CMS determines to be no longer needed, thereby enabling local Medicare contractors to determine Medicare coverage. In explaining the impetus for its proposal, CMS notes that “[w]e are aware that clinical science and technology evolve and that items and services that were once considered state-of the-art or cutting edge may be replaced by more beneficial technologies or clinical paradigms.” CMS therefore intends to periodically review the inventory of NCDs that have not been reviewed for more than 10 years to evaluate whether there is a continued need for national policies. CMS believes that local contractor discretion is more appropriate in these cases because “the future utilization for items and services within these policies will be limited.” Under the new, streamlined process, rather than use the formal NCD reconsideration process (which generally takes 9 to 12 months), CMS will periodically publish on its website a list of NCDs proposed for removal along with the agency’s rationale. CMS will solicit public comment for 30 calendar days, and then either: (1) follow the proposal to remove the NCD; (2) retain the policy as an NCD; or (3) formally reconsider the NCD and post a tracking sheet to that effect on the CMS coverage website. The final list will be effective upon posting it to the website.
CMS states that the notice does not alter or amend its regulations that establish rules related to the administrative review of NCDs. CMS also states that it continues to “pursue our efforts to work with various sectors of the scientific and medical community to develop and publish on our website documents that describe our approach when analyzing scientific and clinical evidence to develop an NCD.”
The notice is effective on August 7, 2013.
Data collection under the ACA Physician Payment Sunshine Act begins on August 1, 2013. To assist covered manufacturers of pharmaceuticals or medical devices with reporting obligations, CMS has announced new “OPEN PAYMENTS” mobile applications that could be used to track payments and other financial transfers. While physicians are not required to report any information, CMS notes that they could use this technology to help validate reports submitted by manufacturers about payments the physicians have received. In addition, CMS is compiling answers to frequently-asked-questions on the Sunshine Act. On June 22, 2013, CME released a notice in the Federal Register concerning the collection of information under the Sunshine Act, specifically related to the following subjects: registration; attestation; dispute resolution and corrections; record retention; and submitting an assumptions document. Comments are due to CMS by September 20, 2013. Finally, CMS is hosting an educational call on August 8, 2013 for physicians and teaching hospitals on the Sunshine Act policy, with a focus on third party payments, indirect payments, and the Physician Resource Toolkit.
Draft FDA Guidance Recommends Cybersecurity Risk Assessments and Management Plans for Premarket Medical Device Submissions
The Food and Drug Administration (FDA) has announced the availability of a new draft guidance document entitled "Content of Premarket Submissions for Management of Cybersecurity in Medical Devices." The draft guidance identifies cybersecurity issues that medical device manufacturers should consider in preparing premarket submissions for medical devices – including Premarket Notifications (510(k)), Premarket Approval Applications (PMA), Product Development Protocols (PDP), and Humanitarian Device Exemption (HDE) submissions– in order to provide effective cybersecurity management and to reduce the risk that device functionality is intentionally or unintentionally compromised. The draft guidance highlights the need for effective medical device cybersecurity given "the increasing use of wireless, Internet- and network-connected devices and the frequent electronic exchange of medical device-related health information."
FDA’s draft guidance relates to a recommendation by the Government Accountability Office (GAO) in August 2012 that FDA develop and implement a plan to expand its focus on information security risks, with a particular focus on security risks resulting from intentional threats (e.g., hacking, malware).
Comments on the draft guidance should be submitted in writing, or online at www.regulations.gov, by September 12, 2013.
In a related matter, FDA recently released two Safety Communications (available here and here) concerning cybersecurity for medical devices and hospital networks. The Safety Communications recommend that medical device manufacturers and health care facilities take steps to reduce the risk of failure due to cyberattack, which could be initiated by the introduction of malware into the medical equipment or unauthorized access to configuration settings in medical device and hospital networks. Specifically, the Safety Communications recommend the following:
- Device Manufacturers. Device manufacturers should "remain vigilant" about identifying risk and hazards and take "appropriate steps" to reduce the risk of device failure due to cyberattack. This includes reviewing cybersecurity practices and policies to "assure that appropriate safeguards are in place," such as:
--Taking steps to limit unauthorized device access to trusted users only, particularly for those devices that are life-sustaining or could be directly connected to hospital networks;
-- Protecting individual components from exploitation and developing strategies for active security protection appropriate for the device’s use environment;
-- Using design approaches that maintain a device’s critical functionality, even when security has been compromised ("fail-safe" modes); and
-- Providing methods for retention and recovery after an incident where security has been compromised.
- Hospital Networks/Health Care Facilities. Hospital networks and health care facilities should evaluate their network security and take steps to protect the network. This includes:
-- Restricting unauthorized access to the network and networked medical devices;
-- Making certain appropriate antivirus software and firewalls are up-to-date;
-- Monitoring network activity for unauthorized use;
-- Protecting individual network components through routine and periodic evaluation, including updating security patches and disabling all unnecessary ports and services;
-- Contacting the specific device manufacturer if a cybersecurity problem related to a medical device is suspected; and
-- Developing and evaluating strategies to maintain critical functionality during adverse conditions.
Reed Smith will be issuing additional updates in the near future about these recent cybersecurity developments.