102 Search Results

May 30, 2018 |
Federal Circuit Update (May 2018)

Click for PDF This May 2018 edition of Gibson Dunn’s Federal Circuit Update discusses the proposed elimination of the broadest reasonable interpretation standard during post-issuance proceedings before the PTAB, provides a summary of the pending WesternGeco case before the Supreme Court regarding extraterritorial damages, and briefly summarizes the differences between precedential and non-precedential opinions. This Update also provides a summary of the pending en banc case involving the PTO’s ability to recover attorneys’ fees.  Also included are summaries of recent decisions regarding the burden in venue disputes, the pleading standard for patent infringement following the abrogation of Form 18, and whether equitable estoppel applies after substantial claim amendments. Federal Circuit News On May 8, 2018, the PTO announced proposed rulemaking that would change its prior policy of using the broadest reasonable interpretation (BRI) standard for construing unexpired and proposed amended patent claims in post-issuance proceedings before the PTAB.  Instead, the PTAB would use the Phillips standard applied in district courts and ITC proceedings.  The Notice of Proposed Rulemaking states:  “The Office’s goal is to implement a fair and balanced approach, providing greater predictability and certainty in the patent system.” Judges Prost, Moore, O’Malley and Reyna, who dissented from the denial of the petition for rehearing en banc in In re Cuozzo Speed Technologies, and Judge Newman, who dissented in the panel opinion and from the denial of the petition for rehearing en banc, have historically supported the use of the Phillips standard in post-issuance proceedings.  The notice of proposed rulemaking is available here. On April 26, 2018, the PTO also released guidance on the impact of SAS Institute Inc. v. Iancu, where the Supreme Court mandated that “the Board [] address every claim the petition has challenged.  138 S. Ct. 1348, 1354, 1358 (2018).  In light of this decision, the PTO announced that the Board will now “institute as to all claims or none” and, in addition, if the Board institutes, it “will institute on all challenges raised in the petition.”  Furthermore, “[t]he final written decision will address, to the extent claims are still pending at the time of decision, all patent claims challenged by the petitioner and all new claims added through the amendment process.”  For pending trials that had only been partially instituted, the panels may “issue an order supplementing the institution decision to institute on all challenges raised in the petition” and “may take further action to manage the trial proceeding, including, for example, permitting additional time, briefing, discovery, and/or oral argument, depending on various circumstances and the stage of the proceeding” and even, in some cases, extend the statutory 12-month deadline.  The PTO’s guidance is available here. Supreme Court.  The Supreme Court has decided two cases from the Federal Circuit this Term (Oil States v. Greene’s Energy and SAS v. Iancu); we are awaiting the Court’s decision on a third case: Case Status Issue WesternGeco LLC (Schlumberger) v. ION Geophysical Corp., No. 16-1011 Argued on Apr. 16, 2018 Recoverability of lost profits for foreign use in cases where patent infringement is proven under 35 U.S.C. § 271(f) Upcoming En Banc Federal Circuit Cases NantKwest, Inc. v. Matal, No. 16-1794 (Fed. Cir.):  Whether the PTO can recover attorneys’ fees in litigation under 35 U.S.C. § 145. After the PTAB affirmed the examiner’s rejection of NantKwest’s patent application, NantKwest appealed to the district court.  The PTO prevailed on the merits of the appeal and moved to recover both attorneys’ fees and expert fees.  Section 145 provides that “[a]ll the expenses of the proceedings shall be paid by the applicant.”  Applying this provision, the district court granted the PTO’s request for expert fees, but rejected the PTO’s request for attorneys’ fees.  A panel of the Federal Circuit reversed the district court’s holding as to attorneys’ fees, holding that the “[a]ll expenses of the proceedings” provision under § 145 authorizes an award of attorneys’ fees.  (Decision available here.) The Federal Circuit sua sponte ordered that the panel decision be vacated and that the case be reheard en banc.  Seven amicus briefs were filed, five in support of NantKwest (the International Trademark Association, the Intellectual Property Owners Association, the Intellectual Property Law Association of Chicago, the Association of Amicus Counsel, and the American Bar Association) and two in support of neither party (Federal Circuit Bar Association and American Intellectual Property Law Association).  Oral argument was held on March 8, 2018.  (Audio recording is available here.) Question presented: Did the panel in NantKwest, Inc. v. Matal, 860 F.3d 1352 (Fed. Cir. 2017) correctly determine that 35 U.S.C. § 145’s “[a]ll the expenses of the proceedings” provision authorizes an award of the United States Patent and Trademark Office’s attorneys’ fees? Federal Circuit Practice Update Precedential vs. Non-Precedential Opinions. Internal Operating Procedure (“IOP”) No. 10 governs the use of precedential opinions vs. non-precedential opinions and Rule 36 affirmances.  IOP No. 10 provides that “the purpose of a precedential disposition is to inform the bar and interested persons other than the parties.”  IOP No. 10 at ¶ 2.  Precedential opinions should not be used merely to explain the reasons for the disposition to the parties; that can be conveyed through the use of a non-precedential opinion.  Id. The IOP identifies fourteen situations in which a precedential opinion is appropriate.  See id. at ¶ 4.  Reasons include:  resolution of an issue of first impression; the criticism, clarification, alteration, or modification of an existing rule of law; an actual or apparent conflict in or with past holdings of the court or other courts that is created, resolved or continued; the correction of procedural errors; or the case has been returned by the Supreme Court for disposition, requiring more than mere ministerial obedience to directions of the Supreme Court.  Id. The decision to make an opinion non-precedential is generally governed by a majority vote of the panel.  But, if the decision includes a dissenting opinion, the judge authoring the dissenting opinion may elect to have the entire opinion issue as precedential, regardless of the preferences of the majority judges.  Id. at ¶ 6.  All three judges must agree to use a Rule 36 judgment in order to do so.  Id. Key Case Summaries (April – May 2018) In re ZTE (USA) Inc., No. 18-113 (Fed. Cir. May 14, 2018) (Motion Panel Order):  Burden of persuasion for venue for foreign defendants. American GNC filed a complaint against ZTE in the Eastern District of Texas, and ZTE moved to dismiss for improper venue under 28 U.S.C. § 1406.  While that motion was pending, ZTE moved to transfer to the Northern District of Texas or the Northern District of California under 28 U.S.C. § 1404(a).  The first magistrate judge denied ZTE’s motion to transfer.  A second magistrate judge denied ZTE’s motion to dismiss for improper venue after finding that ZTE failed to show it did not have a regular and established place of business in the Eastern District of Texas.  The magistrate judge noted the lack of uniformity among courts in who bears the burden of proof with respect to venue but determined that, under Fifth Circuit law, the burden lies with the objecting defendant.  Over ZTE’s objections regarding the burden of proof, the district court denied ZTE’s motion to dismiss. ZTE petitioned for a writ of mandamus, which the Federal Circuit granted.  The Court first determined that Federal Circuit—not regional circuit—law governs the placement of the burden of persuasion on the propriety of venue under § 1400(b).  It then held as a matter of Federal Circuit law that, upon motion by the Defendant challenging venue in a patent case, the Plaintiff bears the burden of establishing proper venue and that this holding  “best aligns with the weight of historical authority among the circuits and best furthers public policy.”  The Court remanded to the district court to consider whether venue was proper in light of its holding that the plaintiff, American GNC, bears the burden. Disc Disease Solutions Inc. v. VGH Solutions, Inc., No. 2017-1483 (Fed. Cir. May 1, 2018):  Pleading standard for patent infringement following the abrogation of Form 18. In December 2015, certain amendments to the Federal Rules of Civil Procedure took effect.  Among them was the abrogation of Rule 84 (stating that the “Forms in the Appendix suffice under these rules”) and Form 18 (a form adequate to plead a direct patent infringement claim).  Absent Form 18, complaints now must meet the Iqbal/Twombly standard for pleading to survive a 12(b)(6) motion. Disc Disease filed its complaint the day before the 2015 amendments became effective.  The district court determined that Iqbal/Twombly—not Form 18—applied to Disc Disease’s complaint and dismissed the complaint for failure to state a claim.  The district court later denied reconsideration because it did not view the 2015 amendments to be an intervening change in the law. The Federal Circuit reversed.  The Federal Circuit did not address whether Form 18 or Iqbal/Twombly governed because, it held, the district court erred in dismissing Disc Disease’s complaint even under Iqbal/Twombly‘s pleading standard.  The Court noted that the case “involves simple technology” with only four independent claims in the asserted patents.  Disc Disease’s complaint “specifically identified the three accused products—by name and by attaching photos of the product packaging as exhibits—and alleged that the accused products meet each and every element of at least one claim” of the asserted patents.  This was sufficient to state a claim for patent infringement in these circumstances. John Bean Technologies Corp. v. Morris & Associates, Inc., No. 17-1502 (Fed. Cir. Apr. 19, 2018):  Equitable estoppel when claims are substantively amended or added following ex parte reexamination. John Bean (and its predecessor) and Morris are competitors in the poultry chiller market.  After the patent-in-suit issued to John Bean, Morris sent John Bean’s counsel a demand letter on June 27, 2002, informing him that John Bean had been contacting Morris’s customers and asserting that Morris’s equipment infringes the recently issued patent.  The letter demanded that John Bean stop telling Morris’s customers that Morris’s products infringe John Bean’s patent and advised John Bean that the patent was invalid over a specific prior art reference.  John Bean did not respond, and Morris continued to develop and sell its product. Eleven years later, on December 18, 2013, John Bean filed a request for ex parte reexamination of the patent-in-suit.  During reexamination, John Bean amended the two original claims and added six additional claims in response to a rejection by the PTO.  Shortly after the reexamination certificate issued, John Bean filed a complaint in the U.S. District Court for the Eastern District of Arkansas against Morris for patent infringement.  The district court granted summary judgment in favor of Morris that John Bean’s infringement action was barred by equitable estoppel given John Bean’s silence after the demand letter. The Federal Circuit (Reyna, J.) reversed, holding that the district court abused its discretion in applying equitable estoppel to bar John Bean’s infringement action without considering how the ex parte reexamination affected the patent claims.  The Court explained that the amendments made during reexamination in this case were both substantial and substantive, including by adding new limitations.  As a result, the asserted claims did not exist at the time of Morris’s demand letter.  But the Court recognized that there may be other cases where the asserted claims may be considered identical for the purposes of infringement and also for applying equitable estoppel.  The Court also acknowledged that Morris may have recourse under the affirmative defenses of absolute and intervening rights. Upcoming Oral Argument Calendar For a list of upcoming arguments at the Federal Circuit, please click here. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Federal Circuit.  Please contact the Gibson Dunn lawyer with whom you usually work or the authors of this alert: Blaine H. Evanson – Orange County (+1 949-451-3805, bevanson@gibsondunn.com) Blair A. Silver – Washington, D.C. (+1 202-955-8690, bsilver@gibsondunn.com) Please also feel free to contact any of the following practice group co-chairs or any member of the firm’s Appellate and Constitutional Law or Intellectual Property practice groups: Appellate and Constitutional Law Group: Mark A. Perry – Washington, D.C. (+1 202-887-3667, mperry@gibsondunn.com) Caitlin J. Halligan – New York (+1 212-351-4000, challigan@gibsondunn.com) Nicole A. Saharsky – Washington, D.C. (+1 202-887-3669, nsaharsky@gibsondunn.com) Intellectual Property Group: Josh Krevitt – New York (+1 212-351-4000, jkrevitt@gibsondunn.com) Wayne Barsky – Los Angeles (+1 310-552-8500, wbarsky@gibsondunn.com)Mark Reiter – Dallas (+1 214-698-3100, mreiter@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

April 17, 2018 |
FDA Releases Draft Guidance Proposing a Significant Expansion of the Abbreviated 510(k) Pathway for Medical Devices

Click for PDF On April 12th, 2018, the Food and Drug Administration (“FDA”) released draft guidance proposing a significant expansion of the abbreviated 510(k) pathway for medical devices that would allow applicants to rely on performance characteristics rather than direct comparisons to predicate devices (“Draft Guidance”).[1]  FDA plans to maintain a list of device types appropriate for the Expanded Abbreviated 510(k) program on the FDA website and to issue additional guidance on specific performance criteria.[2]  Prior comments by FDA Commissioner Scott Gottlieb suggest that the new program could focus on device types with older predicate devices where direct testing has become challenging, and on “well-understood technologies like ultrasound imaging machines, common in vitro diagnostic devices, and blood pressure monitors.”[3] A 510(k) is a premarket submission to demonstrate that a proposed device for marketing is at least as safe and effective, that is, “substantially equivalent,” to a “predicate device,” which is a legally marketed device that is not subject to FDA’s premarket approval (“PMA”) requirements.[4]  Under the Abbreviated 510(k) clearance pathway, applicants could use conformity to FDA-recognized consensus standards or FDA guidance to demonstrate some of the performance characteristics necessary to support a finding of substantial equivalence to a predicate device.[5] The new Expanded Abbreviated 510(k) program would allow a submitter to use FDA guidance, FDA-recognized consensus standards, special controls, and other information to demonstrate all of the performance characteristics necessary to show substantial equivalence.  FDA reasons that “[i]f a legally marketed device performs at certain levels relevant to its safety and effectiveness, and a new device meets or exceeds those levels of performance for the same characteristics, FDA could find that the new device is as safe and effective as the legally marketed device.”[6]  In other words, direct head-to-head comparisons, including testing, against predicate devices would not be required to demonstrate substantial equivalence under the Expanded Abbreviated 510(k) program.[7]  An applicant would be required to submit a declaration of conformity, a summary of the data, and/or the underlying data, depending on the performance criteria specified for the device at issue. The Draft Guidance was foreshadowed by comments from Commissioner Gottlieb in an FDA Voice blog post in December 2017.  In that post, Commissioner Gottlieb explained that, as a result of significant advances in technology, device manufacturers were increasingly encountering challenges when they tested new devices against older predicate devices, many of which had been marketed for decades.  In light of this, the Commissioner announced that FDA would undertake steps to modernize 510(k) review, permitting increased flexibility and facilitating a streamlined process that could potentially accelerate the rate at which new innovations are brought to market.  In addition, the Commissioner noted that FDA’s new guidance would be consistent with requirements under the 21st Century Cures Act to use the “least burdensome” means available to demonstrate substantial equivalence.[8] FDA is accepting comments on the Draft Guidance until July 11, 2018.    [1]   FDA, Draft Guidance for Industry and FDA Staff: Expansion of the Abbreviated 510(k) Program: Demonstrating Substantial Equivalent Through Performance Criteria (Apr. 12, 2018).    [2]   FDA, Draft Guidance for Industry at 7.    [3]   Commissioner Scott Gottlieb, Advancing Policies to Promote Safe, Effective MedTech Innovation (FDA Voice Blog, Dec. 11, 2017), https://blogs.fda.gov/fdavoice/index.php/2017/12/advancing-policies-to-promote-safe-effective-medtech-innovation/.    [4]   21 U.S.C. § 360c(i).    [5]   FDA, Final Guidance: The New 510(k) Paradigm: Alternate Approaches to Demonstrating Substantial Equivalence in Premarket Notifications (Mar. 20, 1998).    [6]   FDA, Draft Guidance for Industry at 6.    [7]   Id. at 7.    [8]   Gottlieb, Advancing Policies to Promote Safe, Effective MedTech Innovation. The following Gibson Dunn lawyers assisted in the preparation of this client update:  Marian Lee, Stephen Payne and Claudia Kraft. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments.  Please contact the Gibson Dunn lawyer with whom you usually work or any of the following members of the FDA and Health Care practice group: Washington, D.C. Stephen C. Payne, Chair, FDA and Health Care Practice (+1 202-887-3693, spayne@gibsondunn.com) Marian J. Lee (+1 202-887-3732, mjlee@gibsondunn.com) F. Joseph Warin (+1 202-887-3609, fwarin@gibsondunn.com) Daniel P. Chung (+1 202-887-3729, dchung@gibsondunn.com) Jonathan M. Phillips (+1 202-887-3546, jphillips@gibsondunn.com) Claudia D. Kraft (+1 202-887-3794, ckraft@gibsondunn.com) Los Angeles Debra Wong Yang (+1 213-229-7472, dwongyang@gibsondunn.com) San Francisco Charles J. Stevens (+1 415-393-8391, cstevens@gibsondunn.com) Winston Y. Chan (+1 415-393-8362, wchan@gibsondunn.com) New York Alexander H. Southwell (+1 212-351-3981, asouthwell@gibsondunn.com) Denver Robert C. Blume (+1 303-298-5758, rblume@gibsondunn.com) John D. W. Partridge (+1 303-298-5931, jpartridge@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP, 333 South Grand Avenue, Los Angeles, CA 90071 Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

March 29, 2018 |
Federal Circuit Update (March 2018)

Click for PDF This March 2018 edition of Gibson Dunn’s Federal Circuit Update discusses the three pending Federal Circuit cases before the Supreme Court that consider issues regarding inter partes review proceedings and extraterritorial damages, and a brief summary of the process for seeking an interlocutory appeal.  This Update also provides a summary of the pending en banc case involving attorneys’ fees for litigation involving the PTO.  Also included are summaries of recent decisions regarding the fair use defense to copyright infringement, factual issues underlying patent eligibility under 35 U.S.C. § 101, and the jurisdiction of the Federal Circuit over Walker Process antitrust claims. Federal Circuit News On Friday, March 16, 2018, the Judicial Conference of the U.S. Court of Appeals for the Federal Circuit was held in Washington, D.C.  At the Conference, Judge Pauline Newman was recognized with the 2018 American Inns of Court Professionalism Award.  Judge Newman has served on the Federal Circuit in active status for the past 34 years. Supreme Court.  The Supreme Court has heard oral argument on two cases from the Federal Circuit this term, and recently granted certiorari on a third case: Case Status Issue WesternGeco LLC (Schlumberger) v. ION Geophysical Corp., No. 16-1011 Certiorari granted Jan. 12, 2018; Argument Apr. 16, 2018 Recoverability of lost profits for foreign use in cases where patent infringement is proven under 35 U.S.C. § 271(f) Oil States Energy Services, LLC v. Greene’s Energy Group, LLC, No. 16-712 Argued on Nov. 27, 2017 Constitutionality of inter partes review under Article III and the Seventh Amendment SAS Institute Inc. v. Matal, No. 16-969 Argued on Nov. 27, 2017 The number of claims that must be addressed by the Patent Trial and Appeal Board in a final written decision during inter partes review Upcoming En Banc Federal Circuit Cases NantKwest, Inc. v. Matal, No. 16-1794 (Fed. Cir.):  Whether the PTO can recover attorneys’ fees in litigation under 35 U.S.C. § 145. After the PTAB affirmed the examiner’s rejection of NantKwest’s patent application, NantKwest appealed to the United States District Court for the Eastern District of Virginia under 35 U.S.C. § 145.  The PTO prevailed on the merits of the appeal and moved to recover both attorneys’ fees and expert fees.  Section 145 provides that “[a]ll the expenses of the proceedings shall be paid by the applicant.”  Applying this provision, the district court granted the PTO’s request for expert fees, but rejected the PTO’s request for attorneys’ fees.  A panel of the Federal Circuit reversed the district court’s holding as to attorneys’ fees, holding that the “[a]ll expenses of the proceedings” provision under § 145 authorizes an award of attorneys’ fees.  (Decision available here.) The Federal Circuit sua sponte ordered that the panel decision be vacated and that the case be reheard en banc.  Seven amicus briefs were filed, five in support of NantKwest (the International Trademark Association, the Intellectual Property Owners Association, the Intellectual Property Law Association of Chicago, the Association of Amicus Counsel, and the American Bar Association) and two in support of neither party (Federal Circuit Bar Association and American Intellectual Property Law Association).  Oral argument was held on March 8, 2018.  (Audio recording is available here.) Question presented: Did the panel in NantKwest, Inc. v. Matal, 860 F.3d 1352 (Fed. Cir. 2017) correctly determine that 35 U.S.C. § 145’s “[a]ll the expenses of the proceedings” provision authorizes an award of the United States Patent and Trademark Office’s attorneys’ fees? Federal Circuit Practice Update How to Appeal from an Interlocutory Decision.  The Federal Circuit has exclusive jurisdiction over interlocutory orders in patent law cases.  See 28 U.S.C. § 1292(c)(1).  Interlocutory orders are appealable as of right if they relate to an injunction, receivers, or certain admiralty cases.  See § 1292(a)(1)–(3).  All other interlocutory appeals are discretionary and require that both the district court and the appeals court agree to hear the issue on appeal. The district court judge must first certify that the issue “involves a controlling question of law as to which there is substantial ground for difference of opinion and that an immediate appeal from the order may materially advance the ultimate termination of the litigation.”  28 U.S.C. § 1292(b).  There is no deadline after the substantive order to move for certification under section 1292(b), but the prospective appellant should move promptly.  If the district court declines to issue such a certification order, that is the end of the road (absent mandamus or other extraordinary relief). If the district court certifies an issue for interlocutory appeal, the appeals court has discretion to permit the appeal.  See § 1292(b); see also Regents of U. of Cal. v. Dako N. Am., Inc., 477 F.3d 1335, 1336 (Fed. Cir. 2007) (“Ultimately, this court must exercise its own discretion in deciding whether it will grant permission to appeal an interlocutory order certified by a trial court.”).  A party has ten days after the district court’s certification order to petition the court of appeals.  See § 1292(b); see also Fed. R. App. P. 5(a)(3).  The petition must contain a summary of relevant facts, the question presented, the relief sought, a statement of the reasons why the appeal should be allowed, and copies of the relevant district court orders.  Fed. R. App. P. 5(b)(1)(A)–(E).  A party then has ten days to file an answer in opposition to the petition.  Fed. R. App. P. 5(b)(2).  The petition is decided without the benefit of oral argument, unless the court of appeals orders otherwise.  Fed. R. App. P. 5(b)(3). Key Case Summaries (February – March 2018) Oracle Am., Inc. v. Google LLC, Nos. 17-1118, 17-1202 (Fed. Cir. Mar. 27, 2018):  Direct copying of a copyrighted work for use in a competing platform using the material for the same purpose and function did not, on the facts of the case, amount to fair use. After a jury had determined that Google’s use of Oracle’s copyright in Java API packages was a fair use, the district court denied Oracle’s post-trial motions for judgment as a matter of law and for a new trial.  Applying the four factors for fair use from 17 U.S.C. § 107, the district court held that a reasonable jury could have concluded that the use was fair because:  (1) the purpose and character of Google’s use was transformational; (2) the nature of the copyrighted work was not “highly creative”; (3) the amount and substantiality of the portion used was only as much of the work as was necessary for its transformative use; and (4) Google’s use of the code did not cause harm to the potential market for the copyrighted work. The Federal Circuit (O’Malley, J.) reversed.  At the outset, the Federal Circuit discussed the standard of review and found that fair use is “primarily a legal exercise” and thus, under the Supreme Court’s recent decision in U.S. Bank Nat’l Ass’n ex rel. CWCapital Asset Mgmt. LLC, No. 15-1509 (U.S. Mar. 5, 2018), the inferences to be drawn from the fair use factors are legal in nature and subject to de novo review. In analyzing the first factor, the court found that Google’s use of the Java APIs to create its Android platform was commercial under Ninth Circuit law even though Google gave a free open source license to Android because direct economic benefit is not required, and Google profited indirectly from the platform.  The court also found that Google’s use was not transformative because Google (1) used the API packages for the same purpose as they were used in the Java platform, (2) made no alterations to the expressive content of the copyrighted material, and (3) did not adapt the material for a “new context” when it provided Android for smartphones.  As to the second factor, the court found that the evidence presented at trial would allow reasonable jurors to conclude that functional considerations were substantial and important.  Addressing the third factor, the court noted that Google directly copied 37 API packages and 11,500 lines of code, even though only 170 lines of code were necessary to write in the Java language.  Although the amount of code was a small percentage of the roughly 2.86 million lines of code in Java libraries, the court found the copying qualitatively substantial because it copied 37 APIs in their entirety—even though Google admitted they could have written their own APIs—in order to make the Android platform familiar and attractive to Java programmers.  Turning to the fourth factor, the court noted that Android competed directly with Oracle’s Java platform and that the free nature of Android caused significant market harm to Oracle’s efforts to license Java. Based on those findings, the court noted that the second factor favored a finding of fair use, whereas the first and fourth factors weighed “heavily against” a finding of fair use.  The court considered the third factor to be neutral “at best.”  In balancing these factors, the court concluded that the factors weighed against a finding of fair use, and the court explained that “[t]here is nothing fair about taking a copyrighted work verbatim and using it for the same purpose and function as the original in a competing platform.”  The court added the caveat that it was “not conclud[ing] that a fair use defense could never be sustained in an action involving the copying of computer code.” Berkheimer v. HP Inc., No. 2017-1437 (Fed Cir. Feb. 8, 2018):  Patent eligibility under section 101 presents issues of fact and, under the facts of that case, summary judgment was not appropriate. The Federal Circuit held that the second prong of the Alice ineligibility inquiry under 35 U.S.C. § 101—whether the claim elements “transform the nature of the claim” into patent-eligible subject matter if they “involve more than performance of well-understood, routine, [and] conventional activities previously known to the industry”—is “a factual determination” that may not be suitable for summary judgment if facts are disputed. The district court ruled on summary judgment that eight claims from U.S. Patent No. 7,447,713 were directed to abstract ideas and thus ineligible for patenting under section 101.  The ‘713 Patent describes a means of digitally processing and archiving files by “parsing” the files into multiple parts, comparing those parts, and eliminating redundant material to allegedly improve storage efficiency and reduce storage costs. The Federal Circuit (Moore, J.) reversed.  Berkheimer alleged that the claims at issue covered linking data so as to facilitate “one-to-many” editing (i.e., allowing a single edit to populate to multiple points that use the same data).  The patentee asserted that this “inventive feature” operated in an “unconventional manner” versus mere “copy-and-paste” functionality in the prior art.  Although the panel agreed that all the challenged claims were directed to the abstract ideas of parsing and comparing data—the first prong of the Supreme Court’s Alice test—the panel reversed the district court’s ruling on the second Alice prong for four claims on the basis that the second prong “is a question of fact.”  Specifically, the Federal Circuit panel held that whether the “one-to-many” editing feature was “well-understood, routine, and conventional” was a disputed factual question that could not be decided on summary judgment.  In light of this, the Federal Circuit panel held that whether this added feature was “well-understood, routine, and conventional” was a disputed factual question that could not be decided on summary judgment. On March 12, HP petitioned for rehearing en banc, supported by several amici curiae.  On March 15, the Federal Circuit invited a response to HP’s petition. Aatrix Software, Inc. v. Green Shades Software, Inc., No. 2017-1452 (Fed. Cir. Feb. 14, 2018):  Patent eligibility presents issues of fact not amenable to a Rule 12 motion to dismiss. Following Berkheimer, the Federal Circuit (Moore, J.) issued a parallel ruling concerning the appropriateness of deciding patent eligibility at the Rule 12 stage.  Judge Reyna wrote separately in partial dissent. Aatrix Software asserted two patents directed to systems and methods for importing data onto a computer to allow that data to be processed and viewed.  The district court granted defendant’s motion to dismiss, holding that the claims were not directed to patentable subject matter. On appeal, the Federal Circuit reversed, holding that the complaint set forth a question of fact as to patentability because the complaint alleged that “the claimed software uses less memory, and results in faster processing speed” and thus is patent eligible because “the claimed invention is directed to an improvement in the computer technology itself.” Judge Reyna dissented, challenging the practical implications of the ruling and arguing that Federal Circuit precedent “is clear that the § 101 inquiry is a legal question” and a question “that can be appropriately decided on a motion to dismiss.” Xitronix Corp. v. KLA-Tencor Corp., No. 2016-2746 (Fed. Cir. Feb. 9, 2018):  Jurisdiction over Walker Process-antitrust claims is in the regional circuits, not the Federal Circuit. Under 28 U.S.C. § 1295(a)(1), the Federal Circuit has appellate jurisdiction over actions arising under “any Act of Congress relating to patents.”  Walker Process claims involve allegations that enforcing a patent procured by fraud on the PTO constitutes an antitrust violation under the Sherman Act.  The Federal Circuit has historically treated such claims as presenting “a substantial question of patent law” and thus accepted jurisdiction over them. In Gunn v. Minton, the Supreme Court held that a state law claim alleging legal malpractice in handling a patent case—which likewise implicates U.S. Patent law—did not itself “arise under” or depend on a question of patent law sufficient to convey jurisdiction to federal courts.  568 U.S. 251, 258 (2013). In Xitronix, both sides asserted that the Federal Circuit had appellate jurisdiction over the Walker Process claim under appeal in that case.  No other patent-related claim was asserted on which to base Federal Circuit jurisdiction.  The Federal Circuit, however, raised the question of jurisdiction sua sponte, ruling that, given the Supreme Court’s analogous view in Gunn, jurisdiction for Walker Process claims rested with the regional circuits.  Accordingly, the Federal Circuit overruled its prior contrary precedent and transferred the appeal to the Fifth Circuit. Upcoming Oral Argument Calendar For a list of upcoming arguments at the Federal Circuit, please click here. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Federal Circuit.  Please contact the Gibson Dunn lawyer with whom you usually work or the authors of this alert: Blaine H. Evanson – Orange County (+1 949-451-3805, bevanson@gibsondunn.com) Blair A. Silver – Washington, D.C. (+1 202-955-8690, bsilver@gibsondunn.com) Please also feel free to contact any of the following practice group co-chairs or any member of the firm’s Appellate and Constitutional Law or Intellectual Property practice groups: Appellate and Constitutional Law Group: Mark A. Perry – Washington, D.C. (+1 202-887-3667, mperry@gibsondunn.com) Caitlin J. Halligan – New York (+1 212-351-4000, challigan@gibsondunn.com) Nicole A. Saharsky – Washington, D.C. (+1 202-887-3669, nsaharsky@gibsondunn.com) Intellectual Property Group: Josh Krevitt – New York (+1 212-351-4000, jkrevitt@gibsondunn.com) Wayne Barsky – Los Angeles (+1 310-552-8500, wbarsky@gibsondunn.com)Mark Reiter – Dallas (+1 214-698-3100, mreiter@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

January 23, 2018 |
2017 Year-End FDA and Health Care Compliance and Enforcement Update – Drugs and Devices

Click for PDF As 2016 came to a close, pharmaceutical and medical device companies waited expectantly and wondered aloud about what 2017 and the arrival of the Trump Administration would bring.  With 2017 behind us, we now have initial indications—and some answers—about what the arrival of this new Administration means for drug and device companies. On the enforcement front, the Department of Justice (“DOJ”), the Department of Health and Human Services, Office of Inspector General (“HHS OIG”), and the Food and Drug Administration (“FDA”) showed no signs of scaling back their efforts.  Instead, 2017 marked yet another year of massive recoveries from drug and device companies to settle the standard mélange of allegations under the False Claims Act (“FCA”), Anti-Kickback Statute (“AKS”), Federal Food, Drug, and Cosmetic Act (“FDCA”), Foreign Corrupt Practices Act (“FCPA”), and other enforcement statutes.  Although some of these settlements were leftovers from the Obama Administration, we have seen no evidence that the enforcement agencies are pulling punches under President Trump. On the regulatory front, meanwhile, the picture is more complicated.  On the one hand, pharmaceutical and medical device companies have yet to see the type of regulatory roll-back that the Trump Administration has promised—and started to deliver—in certain other industries.  On the other hand, there have been nascent efforts by the new Administration to reign in burdensome regulations.  For example, the Administration has undertaken efforts to streamline review processes for medical devices.  As the new Administration hits its stride, and (perhaps) leaves the oxygen-consuming debate over repeal of the Affordable Care Act in the past, it remains to be seen just how much regulatory relief pharmaceutical and medical device companies can expect. Below, we cover the most important regulatory and enforcement developments affecting drug and device manufacturers.  As in past updates, we begin with an overview of government enforcement efforts against drug and device companies under the FCA, the FDCA, and other laws.  We then address evolving regulatory guidance and action on topics of note to drug and device companies: promotional activities, manufacturing practices, and the AKS.  And we conclude with a discussion of developments of particular note to device manufacturers. As always, we would be happy to discuss these developments—and their implications for your business—with you. I.     DOJ ENFORCEMENT IN THE PHARMACEUTICAL AND MEDICAL DEVICE INDUSTRIES Despite a new Administration, DOJ remains committed to enforcing the FCA and other statutes against entities in the health care industry, and in the drugs and devices sectors in particular.  In sum, DOJ obtained more than $3.7 billion in civil settlements and judgments under the FCA during the 2017 fiscal year.[1]  With nearly 800 new FCA cases filed in 2017 and roughly $1.5 billion in federal recoveries alone from drug and device companies,[2] DOJ (and qui tam relators) have shown no sign of turning their attention elsewhere. FCA resolutions continue to drive the government’s recoveries from drug and device companies.  In 2017, those resolutions included Shire Pharmaceuticals LLC’s settlement for more than $200 million in January and Mylan Inc.’s $465 million settlement in August. Although recent federal FDCA and FCPA enforcement activity against drug and device companies has been relatively quiet, several of DOJ’s FCA resolutions involved FDCA-related allegations, and several high-profile FCPA investigations continue apace.  We address these and other notable developments in the enforcement arena, including the Trump Administration’s efforts to address the opioid crisis, in more detail below.      A.     False Claims Act Surpassing last year’s recoveries of $1.4 billion, approximately $1.5 billion of the FCA recoveries in 2017 stemmed from resolutions with drug and device manufacturers.  The total number of FCA cases settled by DOJ with these manufacturers (16) nearly matched that from last year (15), but the proportion of device-to-pharmaceutical settlements flipped.  In comparison with last year, in which DOJ settled twice as many cases against device manufacturers as against pharmaceutical manufacturers, DOJ settled 9 cases with pharmaceutical companies and only 6 cases with device manufacturers in 2017.  In addition, the vast majority of DOJ’s settlement recoveries this year—over 95%—resulted from cases against pharmaceutical companies.[3] As illustrated below,[4] DOJ continues to pursue FCA actions under multiple theories, including improper billing resulting from alleged violations of various federal health care program rules, illegal kickbacks under the AKS, and, to a much lesser extent, off-label promotion.  Of note, there were no off-label promotion recoveries this year against device manufacturers.     1.     Settlements in FCA Matters Relating to Federal Health Program Rules The largest recovery of the past six months came from DOJ’s settlement in August with Mylan Inc. and Mylan Specialty L.P. (collectively “Mylan”).[5]  Mylan, which markets numerous drugs and devices including EpiPen, agreed to pay $465 million to resolve allegations that it knowingly misclassified EpiPen as a generic drug to avoid paying rebates under the Medicaid Drug Rebate Program (and also secured large increases in the price of the drug on the private market).[6]  As part of the settlement, Mylan agreed to enter into a five-year corporate integrity agreement requiring independent annual review of its Medicaid drug rebate program practices.[7]  The case originated with a complaint by another pharmaceutical manufacturer, Sanofi-Aventis US LLC, which will receive approximately $38.7 million from the federal recovery.[8] In September, drug maker Aegerion also agreed to pay more than $35 million to settle allegations that it violated the FCA, FDCA, and the Health Insurance Portability and Accountability Act (“HIPAA”) through activities associated with its drug, Juxtapid.[9]  As described in further detail below, the government alleged that the drug was misbranded due to the company’s failure to comply with a Risk Evaluation and Mitigation Strategy (“REMS”).  According to the government, the company caused the submission of false claims through its alleged promotion of the drug for patients for whom the drug was not indicated, purportedly false and misleading statements to doctors regarding the appropriateness of using the drug for certain patients, and alleged falsification of medical necessity statements and prior authorizations submitted to federal health care programs.[10]  The settlement also resolved allegations that the company paid patients’ copay obligations with funds channeled through a purported non-profit patient assistance organization.  Of the total settlement, $28.8 million will go toward the resolution of federal and state FCA charges.  Further, Aegerion entered into a separate deferred prosecution agreement to resolve criminal allegations that it conspired to obtain patient health information for commercial gain without patient authorization in violation of HIPAA.[11] 2.     Settlements in AKS-Related FCA Matters As reported in our Mid-Year Update, 2017 began with the largest-ever FCA recovery in a kickback case involving a medical device.  Significant AKS-related enforcement actions in the latter half of 2017 included United Therapeutics’ $210 million settlement.  From 2010 to 2014, a tax-exempt non-profit foundation purportedly used donations made by the Maryland-based pharmaceutical company to pay Medicare patient copays for the company’s pulmonary arterial hypertension drugs; according to the government, this amounted to inducing patients to purchase the company’s drugs.[12]  The government claimed that, when deciding on donations, United Therapeutics obtained data from the foundation detailing the amounts spent by the foundation on patients who were using each of the company’s drugs.  The settlement is just one of a number of recent developments reflecting increased scrutiny of patient assistance programs by DOJ and HHS OIG, discussed further in Section V below. In addition to the settlement with Aegerion discussed above, DOJ reached two other notable AKS-related settlements with pharmaceutical and medical device companies in the last six months of 2017: In August, the government agreed to a $12 million settlement with Sightpath Medical, Inc., TLC Vision Corporation, and their former CEO, James Tiffany.[13]  According to the complaint, Sightpath and Cameron-Ehlen Group (the subject of an underlying lawsuit that the government likewise joined) allegedly provided kickbacks to ophthalmologists in the form of luxury ski vacations and other high-end fishing, golfing, and hunting trips to persuade the physicians to use the companies’ intraocular lenses and ophthalmic surgical equipment.[14] In September, Galena Biopharma agreed to pay more than $7.55 million to resolve allegations that it induced doctors to prescribe its fentanyl-based drug Abstral through free meals, speaker fees, and an advisory board planned and attended by Galena’s sales team, as well as through payments to a physician-owned pharmacy under a performance-based rebate agreement.[15]  The government also contended that Galena compensated doctors for referring patients to Galena’s RELIEF patient registry study—purportedly a sham program designed to obtain data on patients’ experiences with the company’s drug.[16]  Two of the doctors who allegedly received the kickbacks have been tried and convicted in the Southern District of Alabama for offenses related to their subsequent prescribing of the drug.[17] 3.     Resolution of Off-Label Promotion Investigations As reported in last year’s Year-End Update, developing case law has imposed potentially significant First Amendment obstacles to the enforcement of off-label promotion claims under the FCA.  In spite of this trend, however, DOJ has continued to recover settlements based on off-label theories. In July, for example, New Jersey-based pharmaceutical manufacturer Celgene Corp. agreed to a $280 million settlement to resolve allegations that the company promoted two of its cancer drugs for uses that were not approved by FDA or covered by federal and state health care programs.[18]  The settlement also resolved allegations that Celgene paid kickbacks to physicians and made false and misleading statements about the drugs. The government also reached a settlement with pharmaceutical manufacturer Novo Nordisk, Inc. in early September.  In addition to alleged FDCA violations discussed in further detail below, the settlement resolved allegations that the company promoted its Type II diabetes drug Victoza for use by adult patients who do not suffer from Type II diabetes—a use that FDA had not approved as safe and effective.[19]  Roughly $47 million of the $58 million total settlement will go towards resolving FCA allegations under theories of off-label promotion and other purported conduct.[20] 4.     Developments in the Implied Certification Theory’s Materiality Requirement Our 2016 Year-End and 2017 Mid-Year Updates discussed at length recent efforts to interpret the materiality requirement set forth by the Supreme Court in Universal Health Services, Inc. v. United States ex rel. Escobar, 136 S. Ct. 1989 (2016).  In particular, courts have continued to grapple with what, if any, impact continued government payments may have on the materiality analysis.  As recent case law developments have shown, how lower courts interpret Escobar will have particular relevance to drug and device companies, who are subject to a wide range of regulatory requirements that are steps removed from government payment but potentially could be subject to FCA actions under an implied certification theory. In September, the Fifth Circuit issued a per curiam opinion in United States ex rel. King v. Solvay Pharmaceuticals, Inc. hinting at potential new materiality obstacles that courts might erect in the way of the government or relators attempting to prove materiality in off-label cases under the FCA.  Among other purported violations, the relator in King alleged that the defendant caused false claims to be submitted under the FCA by promoting three of its drugs for off-label uses.[21]  Despite supposed evidence that the company discussed off-label drug uses with physicians and sponsored off-label use studies, the court found there was insufficient evidence to show that the company’s actions caused any false claims.[22] Affirming the district court’s grant of summary judgment as to the off-label claims on those grounds, the court went further, suggesting that it harbored doubts that mere allegations of off-label promotions would satisfy Escobar‘s materiality standard.[23]  Because “Medicaid pays for claims without asking whether the drugs were prescribed for off-label uses or asking for what purpose the drugs were prescribed[,]” and “given that it is not uncommon for physicians to make off-label prescriptions,” the Fifth Circuit reasoned that “it is unlikely that prescribing off-label is material to Medicaid’s payment decisions under the FCA.”[24]  Although dicta, those comments build upon the Supreme Court’s holding in Escobar that certain federal health care program requirements are not material where the government pays the claims despite knowing of violations of these requirements.[25]  Further, the Fifth Circuit’s observation may suggest it is receptive to arguments that failure of the government to take affirmative steps in assessing reimbursement requirements could undermine its materiality arguments.  In any event, King may prove a strong foothold for drug and device makers battling FCA claims predicated upon alleged off-label promotion in Medicaid and similar cases. The Supreme Court soon may have occasion to elaborate on the materiality requirements outlined in Escobar and on the implications of government action—or inaction—in particular.  In a recent petition for certiorari, Gilead Sciences asked the Supreme Court to review the Ninth Circuit’s decision in United States ex rel. Campie v. Gilead Sciences, Inc. As discussed in our 2017 Mid-Year Update, the relators in that case alleged that Gilead fraudulently obtained approval for certain of its drugs by making false statements to FDA about the manufacturing source of the drugs’ active ingredient and purported later contamination by that supplier.[26]  After finding that the defendant’s proprietary drug names could constitute actionable “specific representations,” and after concluding that fraud on one agency constitutes fraud on a separate agency as long as the two are “overseen” by the same cabinet secretary,[27] the court concluded that the relators adequately pled materiality.  Reasoning that “FDA approval is ‘the sine qua non‘ of federal funding here” and noting that the company had stopped using the manufacturing site in question, the Ninth Circuit rejected Gilead’s arguments focusing on the government’s continued drug reimbursements even after relators brought suit.  The Ninth Circuit also determined it was premature to decide whether the government paid despite knowing of the defendant’s noncompliance.[28]  Gilead’s petition for certiorari focuses narrowly on whether the government’s decision to continue reimbursement even “after learning of alleged regulatory infractions” would suffice to undermine the relators’ materiality arguments.[29]  Gilead takes issue with the potential impact on defendants’ ability to dismiss a complaint on materiality grounds at the motion to dismiss stage, as contemplated by Escobar.[30]  Given the brewing disagreement among federal circuit and district courts as to how to apply Escobar‘s materiality standard, the Supreme Court may well seize this opportunity to provide clarity on the subject of materiality and government knowledge. 5.     Rule 9(b) Particularity As detailed in our 2017 Mid-Year Update, federal circuit and district courts also have continued to take differing approaches as to how Federal Rule of Civil Procedure 9(b)’s heightened pleading requirements should be applied to FCA claims at the motion to dismiss stage.  Rule 9(b) requires FCA plaintiffs to plead allegations with particularity.  But questions about the extent of detail required to meet this standard have remained open to debate, especially in cases against drug and device manufacturers where there are allegations about the manufacturers’ conduct but scant details about the claims submitted by third-party physicians or pharmacies. The Sixth Circuit recently addressed this issue in United States ex rel. Ibanez v. Bristol-Myers Squibb Co., in affirming the lower court’s dismissal and denying leave to amend where relators failed to plead a specific, representative false claim submitted to the government for payment.[31]  Brought by former employees, the case involved allegations that Bristol-Myers Squibb and Otsuka America Pharmaceuticals Inc. engaged in an illegal nationwide scheme to promote the antipsychotic drug Abilify for off-label uses.[32]  Although the relators alleged some details regarding the purported promotional scheme, the lower court nonetheless dismissed the relators’ suit after finding that they failed to allege at least one representative claim submitted to the government that stemmed directly from the defendants’ allegedly illegal practices.[33] The Sixth Circuit agreed with the district court and refused to apply the “personal knowledge” exception to the Circuit’s otherwise strict application of Rule 9(b)’s particularity requirements.  Because the relators’ allegations only involved personal knowledge of an allegedly fraudulent scheme rather than of the defendant’s billing practices, the Sixth Circuit refused to allow the complaint to proceed based solely on other “reliable indicia” that claims actually were submitted.[34]  In so holding, the Sixth Circuit explained that the complaint must “adequately allege the entire chain—from start to finish—to fairly show defendants cause[d] false claims to be filed,” including any “specific intervening conduct” along the chain.[35]  For example, the complaint must allege that a physician targeted by the allegedly improper promotion “prescribed the medication for an off-label use or because of an improper inducement,” a patient filled the prescription, and the filling pharmacy submitted a claim “for reimbursement on the prescription.”[36]  The court also held that the relator’s proposed third amended complaint similarly failed to provide sufficient allegations to meet either the relaxed or strict particularity requirements.[37] Another FCA case from the First Circuit charted a different course in evaluating Rule 9(b)’s particularity standard.  In United States ex rel. Nargol v. DePuy Orthopaedics, Inc., the relators alleged that Depuy Orthapaedics, Inc., and related entities caused third parties to submit fraudulent claims after purportedly distributing implants with latent defects.[38]  Although the First Circuit typically has applied a “strict” Rule 9(b) pleading standard, the court accepted that a complaint can meet Rule 9(b) requirements where it “essentially alleges facts showing that it is statistically certain that [the defendant] cause[d] third parties to submit many false claims to the government.”[39]  Although the complaint did not allege specific information regarding submitted claims, the court reasoned that the doctors would not have been on notice not to subsequently bill federal health care programs since there was no reason to believe that anyone other than the defendants knew of the purported defects or that they could have been readily discovered during surgery.[40]  According to the First Circuit, because doctors presumably sought reimbursement for the defective devices, every sale of the devices likely “was accompanied by an express or plainly implicit representation” that the product was FDA-approved and not a “materially deviant version,” and because it was “highly likely” that uninsured patients did not bear the expense in most cases, it was “virtually certain that the insurance provider in many cases was Medicare, Medicaid, or another government program.”[41]  As such, the court distinguished the alleged scheme from other off-label promotion allegations and agreed that a different, “more flexible” Rule 9(b) standard of particularity was appropriate.[42]  Because the complaint alleged “the details of the scheme with reliable indicia that le[]d to a strong inference that claims were actually submitted,” the court overturned the district court’s dismissal of the relators’ claim.[43]             B.     Developments in Enforcement Actions Against Opioid Manufacturers and Distributors The nation’s opioid crisis and promises by the Trump Administration to take a more aggressive approach triggered a new DOJ initiative in 2017.  Attorney General Jeff Sessions announced the formation of the Opioid Fraud and Abuse Detection Unit—a DOJ pilot program aimed at “ulitiz[ing] data to help combat the devastating opioid crisis that is ravaging families and communities across America.”[44]  To aid this mission, DOJ announced that it has selected twelve districts across the country to participate in the program and has assigned a dozen prosecutors to focus entirely on investigating and prosecuting opioid-related health care fraud cases.[45]  Attorney General Sessions also announced increased funding for state and local law enforcement agencies,[46] as well as plans to designate “opioid coordinators” in each U.S. Attorney’s Office to advance DOJ’s “anti-opioid mission[.]”[47] The widespread DOJ scrutiny of opioid manufacturers and distributors already has led to several public enforcement actions.  In October, DOJ announced its first ever indictments against Chinese manufacturers of Fentanyl and other opioid substances.[48]  The indictments charge two Chinese nationals and their North American-based distributor counterparts with conspiracies to distribute large quantities of Fentanyl, Fentanyl analogues, and other opiate substances throughout the United States.[49]  Both Chinese nationals face potentially significant jail time and millions of dollars in fines.[50] Soon after, DOJ announced the arrest of John N. Kapoor—the founder and majority owner of Insys Therapeutics—for allegedly heading a nationwide conspiracy to illegally distribute a Fentanyl spray originally intended for cancer patients.[51]  The charges against Mr. Kapoor include conspiracy under the Racketeer Influenced and Corrupt Organizations Act (“RICO”), as well as conspiracy to violate the AKS and to defraud health insurance providers who initially were hesitant about approving the spray for non-cancer patients.[52]  Superseding indictments also leveled charges against numerous other executives of the company, which itself faced DOJ enforcement actions for allegedly deceptive marketing practices earlier this year.[53]  Although the final details of the company’s earlier settlement are not yet available, Insys has announced that it expects to face a nearly $150 million liability and pay out any settlement over the course of five years.[54]             C.     Notable Developments in FDCA Enforcement Several resolutions discussed above also involved FDCA-focused theories.  Novo Nordisk, for example, resolved alleged FDCA violations from 2010 to 2012 regarding its purported failure to comply with its required REMS.[55]  Specifically, the government alleged that the company obscured the REMS-required message about a risk of taking Novo Nordisk’s Type II diabetes drug Victoza for patients with a rare form of cancer known as Medullary Thyroid Carcinoma, thus rendering the drug “misbranded” under the FDCA.[56]  According to the complaint, Novo Nordisk instructed its sales force to provide statements to doctors that downplayed the potential risk rather than increasing awareness about it.  As part of the agreement, Novo Nordisk agreed to disgorge roughly $12.2 million for the alleged FDCA violations.[57] DOJ likewise resolved several misbranding allegations against Aegerion Pharmaceuticals Inc.[58]  Roughly one-fifth of the company’s overall $35 million settlement stemmed from allegations that Aegerion failed to provide complete and accurate information to health care providers regarding how Juxtapid—a drug approved to treat patients with a rare cholesterol-related condition—also may cause liver toxicity.[59]  The complaint further alleged that Aegerion violated the FDCA by distributing Juxtapid as a treatment for high cholesterol generally without providing adequate instructions for such use.[60] Apart from the FDCA settlements discussed above, DOJ also obtained several injunctions in the last six months against pharmaceutical manufacturers and distributors to prevent the distribution of allegedly unapproved and misbranded drugs.  In September, for example, DOJ announced that the U.S. District Court for the District of New Jersey entered a consent decree and permanent injunction against Flawless Beauty LLC, RDG Imports LLC, and two related individuals.[61]  DOJ alleged that the products distributed by the defendants were misbranded because they had been marketed with false and misleading claims, including that the products “contribute to good liver function” and “clinically treat degenerative brain and liver diseases[.]”[62] DOJ also secured permanent injunctions in October against Philips North America LLC and two executives of the company preventing Philips from distributing certain of its external defibrillators until the company takes remedial steps to comply with deficiencies discovered by FDA inspectors at one of its facilities in 2015, including the company’s purported failure to establish procedures for implementing corrective and preventive actions following customer complaints.[63]            D.     FCPA Investigations As we discussed in our 2016 Year-End Update, last year ended with the largest-ever FCPA payment by a pharmaceutical company (specifically, the U.S. government’s $519 million resolution with Teva Pharmaceuticals Industries Ltd.).  By comparison, the last six months of FCPA enforcement have not seen any resolutions involving drug and device makers.  Although DOJ and SEC investigations into the foreign sales practices of many drug and device companies (e.g., Alexion Pharmaceuticals Inc.) remain ongoing,[64] DOJ and SEC did not announce any major FCPA settlements with pharmaceutical and medical device manufacturers in the latter half of the year. Despite the recent dearth of settlements in this space, companies would do well to remain cautious.  As suggested in a July 25, 2017 speech by Sandra Moser, Principal Deputy Chief of DOJ’s Fraud Section, DOJ plans to ramp up its enforcement of the FCPA in the health care arena,[65] and FCPA prosecutors will partner with prosecutors from the Healthcare Fraud Unit’s Corporate Strike Force to scrutinize health care company practices abroad.[66] II.     PROMOTIONAL ISSUES Continuing the trend noted in our Mid-Year Update, 2017 was relatively quiet regarding the regulation of promotion of drugs and devices as compared to prior years.  And, once again, the year came and went with minimal progress in FDA’s long-awaited overhaul of its regulatory policies regarding truthful and non-misleading promotional speech.  Indeed, in January 2018, FDA announced yet again that it is delaying its controversial proposed rule that would allow the agency to consider the “totality of the evidence” when evaluating intended use under the FDCA.  But a number of other regulatory and enforcement developments in the latter half of 2017 show that promotional issues continue to receive a lot of government attention, even if they may not be as top-of-mind as they were in earlier years.  Below, we discuss the regulatory enforcement and guidance, jurisprudence, and legislative action concerning promotion of drugs and devices during the last six months of 2017. As discussed below, FDA’s enforcement and regulatory activity over the past six months focused largely on addressing misleading or deceptive advertisements, which FDA Commissioner Scott Gottlieb identified as a priority for the agency in remarks in December in connection with the issuance of the promotional guidance discussed below.  Commissioner Gottlieb’s remarks recognized that “[p]romotional material that drug makers share with patients and providers can be a helpful tool for encouraging patients to seek medical care and raising awareness about new and different treatment options.”[67]  At the same time, he cautioned that a key aspect of FDA’s oversight lies in combatting “claims in prescription drug promotion that have the potential to deceive or mislead consumers and healthcare professionals.”  Calling FDA’s efforts “part of an ongoing policymaking process aimed at making sure our practices protect consumers[,]” Commissioner Gottlieb recognized the need for “clear rules for how sponsors can present certain information, even elements as straightforward as the product name, and do so without introducing features that could mislead patients.”[68]  How the agency sharpens its focus on misleading or deceptive promotional practices, particularly against the backdrop of the new Administration’s general deregulatory posture, surely will be a key issue to watch in 2018.            A.     FDA Enforcement Activity—Advertising and Promotion The latter half of the year saw a slight uptick in FDA’s enforcement activity in this area, with the Office of Prescription Drug Promotion (“OPDP”) issuing three Warning Letters, up from the one letter issued during the first half of the year.[69]  The year’s grand total of just four letters represents a notable decrease in enforcement activity as compared to the eleven letters issued in 2016 and the nine letters issued in 2015.  As FDA’s agenda and priorities under the new Administration continue to take shape into 2018, they will continue to shed light on whether this decline in enforcement activity is a temporary artifact of the agency’s leadership transition, or represents the new normal. Each of the three Warning Letters issued during the past six months concerned the misleading omission of risk information in a drug’s promotional materials, which has been the focus of a majority of letters issued by OPDP in the past few years, as well as failure to include information concerning limitations on use contained in the FDA-approved indication for the product.  In contrast to OPDP’s prior focus on electronic advertising, the letters issued in the past six months pertained largely to product information contained in print materials directed at medical professionals, such as professional detail aids and exhibits at annual medical conferences. In an August 24, 2017 Warning Letter to Cipher Pharmaceuticals Inc., OPDP asserted that the company’s professional detail aid for a prescription opioid medication made false or misleading representations because it advertised the drug’s efficacy for pain relief without referencing any of the risks associated with the product, including the heightened risk of addiction, abuse, and misuse.[70]  OPDP further contended that the detail aid omitted material facts by failing to include the portion of the FDA-approved indication limiting the drug’s intended use solely to instances where alternative treatment options are inadequate.[71] In a November 14, 2017 Warning Letter addressed to both Amherst Pharmaceuticals, LLC and Magna Pharmaceuticals, Inc., OPDP raised similar objections with respect to the presentation of a prescription sleep aid on Amherst’s company website and on Magna’s exhibit panels at an annual conference on sleep medicine.[72]  According to OPDP, the materials contained false or misleading representations because they made claims about the drug’s efficacy while omitting any risk information.[73]  Additionally, OPDP concluded that the materials were false or misleading because they failed to cite references or data to support claims of efficacy and omitted material information regarding the FDA-approved indication for use.[74] Finally, in a December 19, 2017 Warning Letter to Avanthi, Inc., OPDP asserted that the company presented false or misleading information in an exhibit for a weight loss medication displayed at two annual medical conferences.[75]  As with the two letters issued earlier in the year, OPDP asserted that the promotional materials were misleading by making claims about the benefits of the product without communicating any information about the drug’s risks and omitting the limitations on use in the FDA-approved product indication.[76]            B.     FDA’s Promotional Guidance FDA did not deliver in 2017 on its promise to provide new promotional guidance for the industry regarding off-label promotion of drugs and devices, which FDA first pledged to issue more than three years ago as part of a comprehensive review of its policies in the face of rising First Amendment concerns.  Apart from the January 2017 memorandum in which FDA identified and rejected 12 alternative approaches to off-label promotion under the First Amendment, and the related commentary period discussed in our Mid-Year Update, the year saw no further public progress towards FDA’s announced goal.  We will continue to monitor FDA’s progress in the upcoming year. As 2017 came to a close, FDA issued one final guidance document on promotional issues—part of what Commissioner Gottlieb described at the time as FDA’s “ongoing” efforts to protect consumers against deceptive or misleading prescription drug advertising claims by setting “clear rules for how sponsors can present” such information in a non-misleading manner, as noted above.[77] Issued on December 11, 2017, FDA’s guidance clarifies the requirements for product name placement, size, prominence, and frequency in promotional labeling and advertising for prescription drugs, including biological drug products.[78]  The new guidance focuses specifically on the juxtaposition of the proprietary and established names of a drug and the frequency with which to use the established name on promotional materials.  The guidance applies to promotional labeling and advertisements across a range of media, including print, audiovisual, broadcasting, and electronic and computer-based materials.[79] With respect to drugs containing one active ingredient, the guidance provides specific recommendations for complying with the various requirements set forth in regulations 21 C.F.R. §§ 201.10(g)(1) and (2), and 202.1(b)(1) and (2), concerning the appropriate juxtaposition of proprietary and established names, the size of proprietary and established names on labeling and advertisements, the prominence of the established name in relation to the proprietary name, and frequency of disclosure of the proprietary and established names using various media.  With respect the last category, the guidance identifies examples in which FDA “does not intend to object” to fewer references to the established name, so long as certain criteria are met.[80] With respect to drugs containing two or more active ingredients, the guidance provides recommendations of how to appropriately reference proprietary and established names as set forth in regulations 21 C.F.R. §§ 201.10(h)(1) and 202.1(c) and (d)(1), in situations where a product “might not have a single established name corresponding to the proprietary name” or in which “a proprietary name might refer to a combination of active ingredients present in more than one preparation (e.g., individual preparations differing from each other as to quantities of active ingredients and/or the form of the finished preparation), and there might not be an established name corresponding to the proprietary name.”[81] As we noted in our 2017 Mid-Year Update, in January 2017, as part of the Obama Administration’s last-minute efforts to shape FDA promotional policies, FDA issued two draft guidance documents relating to promotional practices, the first being a “Questions and Answers” guidance entitled “Medical Product Communications That Are Consistent with the FDA-Required Labeling,”[82] and the second draft guidance document addressing communication of health care economic information to payors about both approved and investigational drugs and devices.[83]  As of the end of 2017, FDA has not taken further action with respect to these guidance documents, both of which remain in draft form. Finally, on January 12, 2018, FDA announced that it was yet again delaying—this time, “until further notice”—the effective date of a controversial final rule that would amend the agency’s definition of “intended use” for drugs and devices to allow the agency “additional time” for further consideration of the rule.[84]  The final rule, issued in January 2017, shortly prior to the change of administration, would adopt a “totality of the evidence” standard for assessing how a manufacturer intended for its product to be used by doctors and patients, carrying significant implications for drug and device manufacturers regarding promotional activities and related enforcement of the FDCA and its implementing regulations.  The proposed rule has been met with heavy criticism from the industry, including that it imposes an unworkably vague standard—a concern Commissioner Gottlieb expressly recognized in a statement issued in connection with the delay, in which he conceded that the regulation “wasn’t clear” and pledged that the agency would “ensure the clarity of our rules on the subject.”[85]  In the meantime, he noted, FDA was “reverting to the agency’s existing and longstanding regulations and interpretations on determining intended use for medical products.”[86]  FDA has opened a comment period through February 5, 2018, to solicit input on the decision to indefinitely delay the rule.[87] We will report on further developments in the coming year in regards to whether FDA modifies the final rule or permanently abandons its efforts to redefine the intended use standard.             C.     Notable Litigation Pertaining to Promotional Issues Although 2017 saw little in the way of jurisprudence concerning the intersection of promotional issues and the First Amendment, it produced several other notable cases. Opinions dismissing FCA actions predicated on off-label promotion from the Fifth Circuit in United States ex rel King v. Solvay Pharm., Inc.,[88] and Sixth Circuit in United States ex rel. Ibanez v. Bristol-Myers Squibb Co.,[89] discussed in detail above, underscored the importance of and difficultly involved in pleading and proving the causal chain in such cases.  The complex series of events involved create significant hurdles to pleading and proving that it was the defendant’s alleged off-label promotion that actually caused the submission of any false claims—i.e., that a physician to whom a product was allegedly improperly promoted prescribed the medication to a patient for an off-label use because of that promotion, resulting in the patient filling the prescription at a pharmacy, and the filling pharmacy then submitting a claim to the government for reimbursement.  Although these judicial opinions do not entirely foreclose any theory of FCA liability predicated on off-label promotion, they provide a useful tool for drug and device manufacturer defendants to assert lack of causation arguments. Based on similar causation principles, the Seventh Circuit held, in Sidney Hillman Health Ctr. of Rochester v. Abbott Labs., that as a matter of law third-party payors may not recover treble damages under RICO’s civil liability provision based on a manufacturer’s allegedly unlawful off-label representations made to physicians.[90]  There, two welfare benefit plans that paid for some off-label drug uses brought a suit seeking civil RICO recovery against the manufacturer following its 2012 guilty plea and payments to settle a criminal investigation and qui tam actions.  Joining the majority of circuit courts to have addressed the issue, the Seventh Circuit held that the causal chain involved in such a claim was “too long” and too rife with “independent decisions” to pass muster under Supreme Court precedent,[91] because it would require showing that physicians who received the off-label communications changed the medication they would have otherwise prescribed to certain patients as a result of the communications, that some of those patients were worse off as opposed to better, that payors bore some of the cost, and that those payors were made worse off to the extent the drug at issue was more expensive than the alternative drug.[92]            D.     Legislative Developments On the whole, 2017 saw relatively little legislative activity relating to off-label promotion at the state or federal levels. For its part, Congress took no further action on two draft bills on which we reported in our 2017 Mid-Year Update: (1) the Pharmaceutical Information Exchange Act, which would give drug and device manufacturers’ greater freedom to share economic information about expected cost-effectiveness with insurers prior to FDA approval of a product;[93] and (2) the Medical Product Communications Act of 2017, which would enable manufacturers to proactively discuss certain off-label information with health care provider, so long as the information is supported by competent and reliable scientific evidence and accompanied by various disclaimers.[94] The House Energy & Commerce Committee held hearings on both bills in July, at which time some lawmakers and industry groups expressed support for the proposed clarification concerning off-label communications and for providing for more information to payers and health-care decision makers aimed at improving patient access to new treatments.[95]  Other lawmakers and industry groups, however, expressed concern that the bills, and the Medical Product Communications Act in particular, would undermine efforts to prevent marketing of unsafe or ineffective medical products and could ultimately put patient health and safety at risk.[96]  To date, neither bill has advanced out of committee. At the state level, as we reported in our Mid-Year Update, Arizona became the first state to allow drug and device manufacturers to communicate directly with physicians and insurers about off-label uses of FDA-approved prescription drugs.  Although Arizona remains alone for the time being, that may change in the coming year as industry advocates continue to pursue the introduction of similar measures in other state legislatures.[97]            E.     Settlements One notable recent settlement this year also demonstrated the states’ interest and capacity for enforcement actions targeting off-label promotion as misleading or deceptive advertising under state law.  On December 20, 2017, Boehringer Ingelheim Pharmaceuticals, Inc. agreed to pay $13.5 million to all 50 states and the District of Columbia to resolve claims asserted under various state consumer protection laws predicated on its alleged off-label marketing and certain allegedly misleading representations it made in promoting the drugs at issue.[98]  Several years earlier BIPI resolved claims under the federal FCA based on the same alleged off-label marketing and alleged misrepresentations in a $93 million settlement with the federal government.[99] III.     DEVELOPMENTS IN CGMP REGULATIONS AND OTHER MANUFACTURING ISSUES In 2017, FDA continued the robust scrutiny of drug companies’ current good manufacturing practice (“cGMP”) compliance that we have come to expect in recent years.  These developments, which include relevant enforcement actions and new draft guidance, are discussed below.         A.     Notable cGMP Compliance and Enforcement Activity 1.     Executive of Pharmaceutical Company Pleads Guilty In June 2017, the owner/president, Paul Elmer, and compliance director, Caprice Bearden, of Indiana pharmacy Pharmakon Pharmaceuticals, Inc., were indicted for allegedly introducing adulterated drugs into interstate commerce by manufacturing and selling drugs whose potency differed than what was reflected on the label.[100]  According to DOJ, the officers’ actions resulted in several infants being given morphine sulfate that was nearly 25 times more potent than indicated, leading to severe health problems for at least one of the infants.  Although both initially pled not guilty, in November 2017, Bearden pled guilty to introducing adulterated drugs into interstate commerce and conspiracy to defraud the United States by obstructing FDA’s lawful functions.[101]  Commissioner Gottlieb called the case “an egregious example of how harmful conduct can result in risk to patients” and added that FDA “will not tolerate substandard practices, like failing to meet federal manufacturing standards like those found at Pharmakon” relating to out-of-specification drug potency test results, “that put patients at risk and will aggressively pursue individuals that put profit ahead of patient safety.”[102] 2.     Consent Decrees Involving Two Drug Manufacturers, One Device Manufacturer During the last six months, DOJ announced three notable consent decrees of permanent injunction entered by federal district courts against manufacturers to stop the distribution of unapproved, misbranded, and adulterated drugs and devices.  On July 5, 2017, the U.S. District Court for the Southern District of Alabama enjoined Medistat RX LLC, its owners, production manager, and quality manager from manufacturing, holding or distributing drugs until they comply with the FDCA and its regulations.[103]  The government alleged that the defendants failed to comply with cGMP because, after identifying a microbial contamination, they failed to adequately investigate or take sufficient corrective action, resulting in the contamination of certain sterile areas within the facility. On August 3, the U.S. District Court for the District of Utah entered a consent decree including a permanent injunction against Isomeric Pharmacy Solutions, LLC and three affiliated individuals, including the Chief Operating Officer.[104]  FDA accused the defendants of distributing drugs that had visible “black particles” in them, despite passing visual inspections conducted by the defendants’ employees.  The complaint alleged that the defendants’ manufacturing methods did not conform to cGMP because they failed to verify the drug products’ safety, identity, strength, and quality and purity characteristics, as required by the FDCA.  FDA also alleged that the company had a history of manufacturing drug products under suboptimal conditions and demonstrated an unwillingness or inability to take corrective actions to ensure the sterility of its products.  Consequently, the consent decree prohibits Isomeric from distributing drug products until they hire a consultant who makes a determination that the company is in compliance with cGMP requirements. Lastly, on October 31, the U.S. District Court for the District of Massachusetts enjoined Philips North America LLC and two of its executives from distributing certain medical devices until remedial steps are taken to bring the company in compliance with cGMP.[105]  FDA alleged that the company failed to establish and maintain adequate procedures for implementing corrective and preventative action in response to complaints about the performance of a certain defibrillator and cardiopulmonary resuscitation device.  The consent decree requires Philips to institute a number of remedial measures, including hiring an expert consultant to inspect its units and ensure that the devices are complying with cGMP regulations. 3.     cGMP-Based Warning Letters FDA’s Office of Manufacturing Quality in the Center for Drug Evaluation and Research (“CDER”) issued 22 warning letters in the second half of 2017 for a total of 48 letters for the year, exceeding the 44 letters it issued in 2016.[106]  In the latter half of this year, FDA focused primarily on companies’ failure to maintain adequate quality control units, incomplete testing procedures, subpar sterilization and sanitation techniques, and inadequate testing procedures. Consistent with prior years, FDA has continued its foreign-inspection activity, issuing warning letters to companies in Korea, Canada, China, India, Philippines, and Italy.  Notably, only one of the letters FDA issued in 2017 was to a U.S.-based company.[107]  Several of the more notable warning letters from the second half of the year are summarized below. One of the more common complaints by FDA in the latter half of this year was companies’ failure to maintain adequate quality control units: In October, Chinese drugmaker Guangdong Zhanjiang Jimin Pharmaceutical Co., Ltd., received a warning letter stating that it had failed to establish an adequate quality control unit and consequently used the wrong active pharmaceutical ingredient (API) in one of its products.[108]  Although the company recalled all of the product distributed in the U.S., it failed to document its investigation into the mistake or a plan to prevent its recurrence, nor did it have a program in place to monitor process controls.  As such, FDA strongly recommended that the company engage a consultant to assist with cGMP requirements. In December, FDA issued a warning letter to South Korean drug-maker Seindni Co. Ltd. for failing to establish a quality control unit that could oversee packaging, labeling, and other elements of drug production.[109]  Notably, FDA stressed the particular importance of such a unit in light of the company’s use of contract manufacturers to manufacture its over-the-counter (OTC) drug products.  FDA ordered Seindni to provide written procedures establishing an adequate quality control unit with the authority to carry out various responsibilities, including batch review and release processes and supplier and contractor qualification, selection, and oversight. Many of FDA’s warning letters this year focused on companies’ failure to adequately test and verify the identity of each component of their drug products. In August, FDA issued a warning letter to Canadian homeopathic manufacturer Homeolab USA Inc. in connection with toddler teething tablets that contained belladonna, a toxic substance also known as deadly nightshade.[110]  The letter alleged numerous cGMP violations, including the company’s failure to perform adequate testing for the purity, strength, and quality of components used in its manufacturing process.  It also stated that, during FDA’s inspection of the company’s facilities, a Homeolab employee “impeded the inspection by preventing [the] investigator from photographing” a piece of equipment.  FDA recommended that Homeolab hire a cGMP consultant to assist the company in meeting cGMP regulations. South Korean drug-maker Dasan E&T Co. Ltd. received a warning letter in September for failing to analyze glycerin raw material from a supplier prior to approving the material for use in its drug products.[111]  Specifically, it alleged that Dasan failed to screen for the presence of diethylene glycol (DEG), a chemical found in antifreeze that “has resulted in various lethal poisoning incidents in humans worldwide.”  FDA directed Dasan to develop a detailed risk assessment regarding glycerin-containing products. More recently, in November, Dae Young Foods Company, a Korean manufacturer of homeopathic smoking cessation gum and lozenges, received a warning letter alleging that the company failed to test drug components for identity, purity, strength, and quality.[112]  It also alleged that the suppliers Dae Young used were not properly vetted.  FDA ordered the company to provide a scientific justification for how it will ensure that all of its components will meet appropriate specifications before use in manufacturing, as well as a risk assessment for any drug product batches that were not already adequately tested. FDA also issued numerous letters identifying issues relating to the sanitization and/or sterilization of equipment and utensils involved in the manufacturing of drug products: In July 2017, FDA asserted that India-based Vista Pharmaceuticals violated cGMP by, among other things, failing to maintain several pieces of manufacturing equipment, which were observed to have “holes and corrosion.”[113]  The letter noted that FDA had received a claim that metal was found in one of its isoxsuprine hydrochloride tablets and, during a subsequent inspection, FDA was told that the company’s employee who investigated the claim “failed to consider whether the poor condition of [the] equipment may have contributed to the problem.”  Consequently, FDA directed the company to submit an evaluation of all production equipment to ensure that it is in appropriate condition for manufacturing. Similarly, on December 18, FDA sent a warning letter to Deserving Health International, a Canadian homeopathic drug manufacturer, stating that the company failed to implement an appropriate manufacturing process that could ensure the sterility of its Symbio Muc Eye Drops 5X, an ophthalmic product.[114]  Specifically, the letter claimed that the method used “to attempt sterilization” was not suitable for its intended use, and that the product was manufactured using “unsuitable water.”  The letter noted that FDA placed Deserving Health International on Import Alert on November 2 of this year and recommended that the company employ a cGMP consultant to assist in undertaking a “comprehensive assessment” of the company’s manufacturing operations to ensure compliance with cGMP regulations.              B.     cGMP Rulemaking and Guidance Activity 1.     FDA Draft Guidance While FDA has continued to be quite active in enforcement of manufacturing standards, since June, it has issued just one final guidance document pertaining to manufacturing and quality issues. Expiration Dating.  On August 8, 2017, FDA issued revised draft guidance addressing the repackaging of prescription and OTC solid oral dosage form drugs into individual unit-dose containers by commercial pharmaceutical repackaging firms.[115]  Under current FDA cGMP regulations, each drug product must have an expiration date determined by appropriate stability testing relating to storage conditions on the label, as determined by stability studies.  As the guidance observes, the increase in unit-dose repackaging over the last few decades has raised questions about the stability and expiration dates for such repackaged products.  Consequently, the latest draft guidance amends an earlier draft guidance published in 2005 to accomplish a number of objectives:  “shorten[ing] the expiration date to be used under certain conditions for solid oral dosage forms repackaged in unit-dose containers”; “provid[ing] an expiration date exceeding 6 months if supportive data from appropriate studies are available and other conditions are met”; “exclud[ing] from the scope of the guidance products repackaged by State-licensed pharmacies, Federal facilities, and outsourcing facilities”; “exclud[ing] from the scope of the guidance all dosage forms other than solid oral dosage forms”; and “provid[ing] for the use of containers meeting USP [] Class B standards if certain conditions are met.”[116] IV.     ANTI-KICKBACK STATUTE As the enforcement statistics discussed above make clear, compliance with the AKS remains one of the highest risk areas for pharmaceutical and medical device companies, with notable large settlements in AKS being announced virtually every year, including in 2017.  There were several notable developments in AKS enforcement during the second-half of 2017—from the courts and regulatory agencies—that affect and define the stakes.         A.     AKS-Related Case Law First, federal courts issued several noteworthy decisions interpreting the AKS during the second half of 2017 on the topics of causation and scienter. In September, the Fifth Circuit affirmed summary judgment for Solvay Pharmaceuticals, dismissing allegations that the company violated the FCA through off-label marketing efforts (as discussed above) and kickbacks to physicians.[117]  In addition to the Fifth Circuit’s rulings regarding off-label promotion theories, the Fifth Circuit also summarily dismissed the relator’s AKS allegations after finding no credible evidence on summary judgment that payments to physician-consultants caused those physicians to write prescriptions that were reimbursed by Medicaid.[118]  Evidence submitted to the court showed that physicians participated in Solvay speaker programs in which they were compensated for consultations or presentations.[119]  The court explained that “[t]here was nothing illegal about paying physicians for their participation in these types of [marketing] programs and there is no evidence that participation was conditioned upon prescribing Solvay’s drugs to Medicaid patients.”[120]  Although the court acknowledged that Solvay likely “intended these programs to boost prescriptions”―as is true with most marketing practices, of course―the court nonetheless held that “it would be speculation to infer that compensation for professional services legally rendered actually caused the physicians to prescribe Solvay’s drugs to Medicaid patients.”[121]  This is clearly at odds with DOJ’s persistent position that the payment of a kickback “taints” physician decision-making and that allegations of improper payments do not need to show that prescriptions or referrals were “caused” by the kickback.  For example, in 2015, DOJ reached a settlement with Novartis based on allegations that the company made payments to influence specialty pharmacies to provide patients one-sided advice about their product, without disclosing potentially serious side effects.  Then U.S. Attorney for Manhattan stated that that the AKS “was enacted to ensure that the medical treatment and advice patients receive, and federal programs pay for, are free from the taint of corporate kickbacks.”[122]  We will continue monitoring this development to see if courts continue to require a showing of cause, not mere “taint,” and DOJ’s response. In United States v. Nerey, meanwhile, the Eleventh Circuit reached a less favorable conclusion for the defendant in an alleged kickback scheme, holding that the government had sufficiently proved willful conduct in connection with a federal health care program because of the defendant’s attempts to hide illegal kickbacks.[123]  In so holding, the court reaffirmed that proving “willful conduct” under the AKS requires strong evidence of scienter, requiring that the act was “committed voluntarily and purposely, with the specific intent to do something the law forbids, that is with a bad purpose, either to disobey or disregard the law.”[124]  But the court had no problem finding willful conduct in light of the “overwhelming” evidence that the defendant explicitly sought cash payments to avoid a paper trail, attempted to funnel kickbacks by masking them as therapy services, referred to kickbacks by code names because of their illegal nature, pre-arranged a fallback story in the event of a Medicare audit, and was caught saying that it would be nice to “break [a suspected confidential informant’s] head.”[125]            B.     Guidance and Regulations 1.     HHS OIG Increases Scrutiny of Patient Assistance Programs For years, pharmaceutical and device manufacturers have supported, directly and indirectly, various patient assistance programs that help needy patients access their products.  And for years, OIG has approved of these arrangements, subject to certain recommended contours, through formal and informal guidance reflecting that these programs meet important access-to-care goals. Recently, however, OIG has issued updated guidance to refine its views on patient assistance programs and strongly suggest that it is taking a closer look at how these programs are organized and operated.  While the OIG formerly viewed these programs as important safety nets for patients who face chronic illnesses and high drug costs, newer guidance suggests that OIG is concerned that patient assistance programs that are limited to specific diseases or products—often with the support of pharmaceutical and medical device companies—pose a high risk of abuse.  That trend continued in 2017 amidst a broader landscape of DOJ enforcement actions, as discussed in Section I above. First, in March, HHS OIG revised previous guidance to address aspects of patient assistance programs that it has newly determined are “problematic.”[126]  Specifically, HHS OIG modified a prior advisory opinion to require that a non-profit operator of patient assistance programs make three new certifications to remain in compliance with the AKS:  (1) that the charity “will not define its disease funds by reference to specific symptoms, severity of symptoms, method of administration of drugs, stages of a particular disease, type of drug treatment, or any other way of narrowing the definition of widely recognized disease states”; (2) that the charity will “not maintain any disease fund that provides copayment assistance for only one drug or therapeutic device, or only the drugs or therapeutic devices made or marketed by one manufacturer or its affiliates”; and (3) that the charity will not limit its assistance to high-cost or specialty drugs.[127] Next, in November, HHS OIG took the unprecedented step of rescinding guidance it had previously issued related to a patient assistance program operated by the industry-funded charity Caring Voice Coalition (CVC).[128]  HHS OIG explained that the charity had allegedly breached two commitments related to independence from donors, which opened the door to steering Medicare beneficiaries toward specific prescription drugs.[129]  In one alleged breach, the charity gave patient-specific data to one or more donors, enabling them to “correlate the amount and frequency of their donations with the number of subsidized prescriptions or orders for their products.”[130]  In a second alleged breach, the charity “allowed donors to directly or indirectly influence the identification or delineation of [r]equestor’s disease categories.”[131]  According to HHS OIG, these violations “materially increased the risk that [r]equestor served as a conduit for financial assistance from a pharmaceutical manufacturer donor to a patient, and thus increased the risk that the patients who sought assistance from [r]equestor would be steered to federally reimbursable drugs that the manufacturer donor sold.”[132]  HHS OIG expressed concern that this steering can provide manufacturers with a greater ability to raise the prices of their drugs while protecting patients from the effects of the price increases, leaving federal programs and taxpayers to bear the cost.[133] HHS OIG and DOJ are clearly taking a hard look at these types of issues industry-wide, and the results of this scrutiny are beginning to show in more than just HHS OIG advisory opinions.  For example, as noted above, United Therapeutics Corp. paid $210 million to resolve allegations that it used a nonprofit organization as a conduit to give improper benefits to thousands of patients who used its medications from 2010 to 2014.[134]  Specifically, the government alleged that United Therapeutics donated money to CVC, which in turn paid the copay obligations of thousands of Medicare patients taking drugs manufactured by the company.[135]  Several other companies have reported being subject to similar probes in the past year, all launched by the U.S. Attorney’s Office for the District of Massachusetts.[136] Yet, even as DOJ and HHS OIG seek to reign in alleged abuses in patient assistance programs, HHS OIG, at least, has nevertheless continued to encourage manufacturers to provide access to free drugs for needy patients.  After its unprecedented action against CVC, which led CVC to announce it would not offer any financial assistance in 2018, HHS OIG wrote immediately to Pharmaceutical Research and Manufacturers of America (“PhRMA”) to urge pharmaceutical companies to offer free drugs to former CVC beneficiaries.[137]  To incentivize companies to participate in this stop-gap measure, HHS OIG promised that it “will not pursue administrative sanctions against any Drug Company for providing free drugs during 2018 to federal health care program beneficiaries who were receiving cost sharing support for those drugs from CVC as of November 28, 2017,” provided certain conditions are met, including that: (1) the “drugs are provided in a uniform and consistent manner to Federal health program beneficiaries” who were receiving drugs from CVC at the time of CVC’s decision; (2) “[t]he free drugs are awarded without regard to the beneficiary’s choice of provider, practitioner, supplier or health plan[;]” (3) “[t]he free drugs are not billed to any Federal health care program” or a third party payor; (4) “[t]he provision of free drugs is not contingent on future purchases” of drugs; and (5) the Drug Company maintains complete and accurate records of the free drugs provided to Federal health care program beneficiaries.[138]  Even with this significant policy statement early in the year, there may well be additional fallout for manufacturers’ charitable programs in 2018, given the government’s clear enforcement focus on this area. 2.     HHS OIG clarifies scope of warranty safe harbor The AKS makes it a criminal offense to knowingly and willfully exchange anything of value in an effort to induce the referral of services which are payable by a federal program, but the statute and its implementing regulations also create certain safe-harbors against liability.[139]  For example, the “warranty safe harbor” shields from penalty certain written warranties offered by drug and device companies, including (1) a written affirmation that relates to the nature of the material or workmanship of a product and that affirms or promises that the material or workmanship is defect-free or will meet a specified level of performance over a specified period of time; or (2) any undertaking in writing by a supplier to take remedial action if a product fails to meet the promises set forth by the supplier of a consumer product.[140]  Previous HHS OIG guidance had limited the scope of the warranty safe harbor to product failure.[141] In a new advisory opinion issued in August, however, HHS OIG seemingly expanded the scope of the warranty safe harbor.  Specifically, HHS OIG considered a “pharmaceutical manufacturer’s proposal to replace products that require specialized handling that could not be administered to patients for certain reasons, at no additional charge to the purchaser[.]”[142]  According to the opinion, the requestor sells a variety of products, some of which “are sensitive to temperature changes, direct sunlight, or movement[.]”[143]  Under the arrangement, the pharmaceutical manufacturer would replace products that had spoiled or otherwise become unusable after purchase so long as the customer had not administered the product or billed for it.[144] HHS OIG analyzed the proposal under the safe harbor for warranties, which it explained “protects remedial actions by suppliers to address products that fail to meet bargained-for requirements.”[145]  Although HHS OIG concluded that the proposal did not fall squarely within either of the safe harbor’s definitions, it nonetheless concluded that the proposed arrangement posed a “low risk of fraud and abuse under the [AKS].”[146]  HHS OIG reached this conclusion for a number of reasons.  First, the replacement would be restricted to unintentional circumstances.  Second, there was low risk that this arrangement would lead to increased cost or overutilization because, if the customer administered the product or billed for the product, then a replacement product would not be available.  Third, even though the proposed arrangement could affect competition, there was an acceptably low risk that a customer would choose products based on this arrangement.  Last, the proposed arrangement bears some similarity to an insurance policy and the cost of this can be built into the cost of the product.[147]  HHS OIG also noted that the proposal could increase patient safety and care.[148] This guidance expands the number of warranty types for which the OIG has recognized the availability of the warranty safe harbor, thereby affording manufacturers greater flexibility to tie product pricing to performance, further incentivizing providers to deal with product sellers and manufacturers who are willing to stand behind the performance of their products by sharing the risk on outcomes. 3.     HHS OIG permits pilot program to provide Medicare Advantage pharmacists with real-time access to patient discharge information In December, HHS OIG approved a proposal to allow a vendor to develop and make available an interface that would allow pharmacists to view relevant clinical data in real-time during discharge for Medicare Advantage plan beneficiaries who were admitted with one of five eligible diagnoses.[149]  The pilot program aims to “gain insight into the degree to which technology that provides . . . pharmacists with real-time access to discharge information can help improve transitions of care and decrease re-hospitalizations.”[150] HHS expressed concern that the interface would have an independent value, and therefore be an improper remuneration, because it would remove an administrative burden and that pharmacists would be in a position to influence which medications a patient is prescribed.[151]  Ultimately, HHS OIG concluded that it would not impose sanctions under the AKS.  Importantly, the manufacturer protected against the risk that the pharmacist would recommend the manufacturer’s product by including language in the agreements and operative documents that the collaboration would have no bearing on formulary recommendations or referrals of business, and ensuring that nothing in the interface would guide the pharmacist to choose one product over another.[152]  HHS OIG also focused on patient care and patient outcomes.  OIG concluded that the proposed arrangement would be unlikely to lead to increased costs or overutilization of federally reimbursable services because the Medicare Advantage plan, “as the payor, has a strong incentive for its members to receive the most appropriate and cost-effective treatment to promote their recovery and good health.”[153]  Further, the proposal would be unlikely to have a negative outcome on patient quality of care.[154]  And lastly, HHS OIG concluded that the small scale of the program—limited to approximately 200 patients and five diagnoses—reduces the risk that the remuneration involved would influence referrals to or recommendations for the manufacturer’s products.[155] V.     MEDICAL DEVICES After a relatively quiet start to the year, the second half of 2017 brought a number of guidance documents and enforcement actions concerning medical device manufacturers.  We begin this section with an overview of notable guidance issued by FDA before walking through recent device-related enforcement activity.            A.     FDA Guidance In the past six months, FDA issued guidance on several noteworthy subjects, including digital health, pre-market approval standards, and expedited approval processes.  As continued technological advances continue to pave the way for new clinical opportunities, FDA has emphasized its focus on streamlining the review process and providing access to newly vetted medical devices. In addition to the topics discussed in detail below, President Trump in August 2017 signed into law the FDA Reauthorization Act (“FDARA”), which, among other things, reauthorizes the Medical Device User Fee Amendments through fiscal year 2022.[156]  With the return of the Affordable Care Act’s medical device tax on the horizon in 2018, a new user fee will be assessed under FDARA for de novo classification requests, and user fees will be adjusted annually for inflation.[157]  FDARA also sets forth a risk-based inspection schedule for establishments engaged in the manufacture, propagation, compounding, or processing of devices and requires FDA to establish uniform inspection processes and standards.[158]  Be on the lookout in the coming year for possible inspection-related draft guidance.[159] 1.     Digital Health On July 27, 2017, FDA took a step into a new digital-health era with the announcement of its Digital Health Innovation Action Plan and the launch of its “Pre-Cert for Software Pilot Program.”[160]  Framed as FDA’s response to the “revolution in health care,” driven by technology such as mobile medical apps, fitness trackers, and decision-supporting software, the Action Plan outlines the Center for Devices and Radiological Health’s (“CDRH”) “vision for fostering digital health innovation while continuing to protect and promote the public health.”[161]  The plan contemplates providing guidance on the 21st Century Cures legislation’s medical software provisions, as well as launching a pilot pre-certification program that focuses on the developer instead of the product in the hopes of “replac[ing] the need for a premarket submission for certain products,” decreasing the required submission content, and speeding up the review of marketing submissions.[162]  FDA plans to share updates about the program at a public workshop in January 2018.[163] As anticipated by the Action Plan, on December 7, 2017, FDA announced three draft and final guidance documents that further clarify its approach to digital devices: Clinical and Patient Decision Support Software.  The revised definition of “medical device” in the 21st Century Cures Act excluded certain types of software intended to provide clinical decision support.  The first draft guidance describes FDA’s interpretation of this revised definition and generally extends this interpretation to patient decision support software.[164]  The guidance states that FDA will continue to regulate clinical decision support (“CDS”) software “intended to acquire, process, or analyze a medical image, a signal from an in vitro diagnostic device, or a pattern or signal from a signal acquisition system,” but it will not regulate software that provides health care professionals with recommendations or treatment decisions that are consistent with the FDA-required labeling or clinical guidelines and that the professionals could have made independently.[165]  The critical factor, in FDA’s interpretation, is that the user should be able to reach independently the clinical recommendation provided by the software.  Furthermore, the sources for the software recommendation should be publicly available, such as in the published scientific literature.  Likewise, with respect to software intended to support patient decision-making, FDA does not intend to focus its regulatory oversight on “low-risk” software that offers patients recommendations they could have reached independently without the software.[166] Changes to Medical Software Policies After the Cures Act.  In this draft guidance, FDA addressed the software functions that were excluded from the definition of “medical device” by the 21st Century Cures Act:  hospital administrative functions, software intended for maintaining or encouraging a healthy lifestyle, electronic health records, and software for transferring, storing, or displaying data [167]  As a result of the statutory amendments, certain types of software that were previously under FDA enforcement discretion are no longer classified as “medical devices” under the Federal Food, Drug, and Cosmetic Act.  The guidance clarifies that Laboratory Information Management Systems are not devices and reiterates that FDA does not intend to examine or regulate “low-risk general wellness products,” such as a mobile application that plays music to relieve stress.[168]  In describing its approach to such products, FDA references the General Wellness Guidance detailed in our 2016 Year-End Update[169] and offers examples illustrating when electronic patient record software and Medical Device Data Systems do not qualify as devices.[170]  FDA is updating the prior software-specific guidances to reflect the 21st Century Cures Act. Clinical Evaluation of Software as a Medical Device (SaMD).  On December 8, 2017, FDA issued final guidance on its approach to Software as a Medical Device (“SaMD”), which is software intended to be used for one or more medical purposes that perform these purposes without being part of a hardware medical device.[171]  This guidance adopts the principles set forth by the International Medical Device Regulators Forum (“IMDRF”), a group of international medical device regulators focused on harmonization of device regulation.  These principles address risk-based analysis and assessments of SaMD and considerations to use in evaluating the safety and effectiveness of SaMD.[172]  The guidance discusses the assessment of: (1) the clinical association between the SaMD and the targeted clinical condition; (2) the SaMD’s ability to correctly process data to provide accurate, reliable, and precise output data; and (3) the use of the output data to achieve the intended purpose in clinical care.  The guidance explains when independent review of a clinical evaluation of a SaMD may be necessary, offers considerations for continuous learning throughout a SaMD’s lifecycle, and provides a comparison of the SaMD clinical evaluation process to the process for generating clinical evidence for in vitro diagnostic medical devices.[173] 2.      “Least Burdensome Approach” Guidance In keeping with its focus on streamlined review processes, FDA issued new draft guidance on December 15, 2017, detailing updates to the “least burdensome approach” used during premarket review of devices.[174]  Commissioner Gottlieb and CDRH Director Dr. Jeffrey Shuren have touted the benefits of the program, emphasizing the ability to devote resources to the “issues of highest public health concern” and to approve greater numbers of medical devices.[175] The draft guidance defines “least burdensome” to be “the minimum amount of information necessary to adequately address a regulatory question or issue through the most efficient manner at the right time,”[176] and it encourages application of the “least burdensome” principle “widely . . . to all activities in the premarket and postmarket settings” in order to minimize “unnecessary burdens so that patients can have earlier and continued access to high quality, safe, and effective devices.”[177]  The guidance applies to all devices[178] and provides a number of examples and suggestions for the industry, such as using peer-reviewed literature in lieu of or to supplement other data, using real-world evidence or non-clinical data, and accepting alternative approaches to regulatory issues.[179]  In familiar fashion, FDA also emphasizes the use of benefit-risk assessments in regulatory decision-making,[180] and the guidance references a number of tools and practices to reduce administrative burden, including Medical Device Development Tools (i.e., qualified methods to assess the effectiveness of a device), on which FDA also finalized guidance in August.[181] 3.     Program to Expedite the Approval of “Breakthrough” Medical Devices On October 25, 2017, FDA also issued draft guidance on a voluntary “Breakthrough Devices Program,” which provides priority review to designated submissions for devices subject to premarket approval, 501(k) clearance, and de novo classification processes.[182]  Continuing with the emphasis on access to care, the guidance is aimed at expediting patient access to “breakthrough” medical devices that provide for “more effective treatment” or diagnosis of life-threatening or irreversibly debilitating conditions.[183] To be designated as “breakthrough” under the Program, a device must (1) “provide for more effective treatment or diagnosis of life-threatening or irreversibly debilitating human disease or conditions”; and (2) represent breakthrough technologies that offer significant advantages over existing alternatives, for which no approved or cleared alternatives exist, or that are in the best interest of patients.[184]  For sponsors of such devices, FDA details options including “sprint” discussions, coordination to reach early agreement on a Data Development Plan, a mechanism for obtaining written agreement for clinical protocols, and regular status updates.[185] 4.     Additional Guidance In addition to the above categories, FDA announced several other draft and final guidance documents on various topics throughout the latter half of the year. On September 6, 2017, FDA announced a final guidance on the importance of “interoperability,” or the ability of electronic medical devices to safely and effectively interact with each other and exchange and use information.[186]  The guidance directs medical device manufacturers to focus on interoperability when designing systems, and it recommends that premarket submissions include, among other elements, discussions of a device’s externally-facing electronic interfaces, what type of information a device will exchange and how, potential risks, and interface testing results.[187] Later on October 25, 2017, FDA finalized two draft guidance documents regarding when manufacturers should submit a 510(k) for changes made to existing devices or software.[188]  Declining to implement a significant policy shift on 501(k) submissions, FDA clarified that changes significantly affecting the safety or effectiveness of a device—whether intended or not—will require a new 510(k), as will complex changes to software infrastructure and changes to hard device control mechanisms, operating principles, or energy types.[189] Rounding out the year in December 2017, FDA finalized guidance on technical considerations specific to 3-dimensional printing devices, or “additive manufacturing (AM)” devices.[190]  To respond efficiently to frequently asked questions, FDA also issued a final guidance on what it generally considers in determining whether to classify a product as a drug or device,[191] as well as a final guidance on how it intends to approach the regulation of device “accessories” going forward.[192]  The latter guidance clarifies that accessories with a “lower risk profile” than their parent devices may be regulated in a lower class, and it explains pathways for classifying or reclassifying accessories.[193]              B.     Enforcement Letters In a busy second half of the year, FDA issued 23 device-related warning letters, with CDRH issuing 9 of those.[194]  Overall, enforcement activity in the second half of 2017 suggests that FDA will continue to actively enforce regulations governing manufacturing practices, Quality System Regulation issues, and submissions requirements.  The issued letters also indicate that FDA will continue to exercise broad jurisdiction over foreign companies that market products in the United States, a trend we noted in our 2016 Year-End Update and one that FDA shows no signs of ending in the new year. In July, CDRH issued a warning to a manufacturer in Netherlands alleging that the firm did not have an approved application for premarket approval (“PMA”) in effect, or an approved application for an investigational device exemption (“IDE”).[195]  FDA also chastised the manufacturer for allegedly failing to submit a premarket notification before introducing the product into interstate commerce and requested that the manufacturer cease distribution of the unapproved device, noting that FDA already took steps to refuse entry of the devices into the United States.[196] In September, FDA took issue with a manufacturer of an attention task performance recorder for not only allegedly failing to have an approved application for PMA or IDE, but also for promoting the device for uses not cleared under its initial 510(k)—specifically, for promoting therapeutic or rehabilitation effects when the device allegedly was cleared for use as a “measurement of reaction time.”[197]  In addition, CDRH followed up with three foreign companies regarding inadequate responses to alleged Quality System Regulation issues previously discovered at foreign manufacturing facilities located in Germany, Sweden, and France.[198] October brought several additional letters relating to manufacturing and Quality System Regulation issues and warnings regarding alleged failures to have approved applications for PMAs or IDEs,[199] and CDRH issued a lengthy warning letter to Telemed regarding manufacturing practices at a facility in Lithuania.[200]  Also in November, FDA rebuked a California-based manufacturer for its alleged failure to report to FDA that its bone fixation fashioner device may have caused or contributed to a death or serious injury.[201]  The activity slowed in December, with only one warning issuing regarding an alleged lack of an approved PMA.[202] VI.     CONCLUSION We expect the year ahead to provide more answers about what the Trump Administration will mean, long term, for the pharmaceutical and medical device industries.  We will continue to monitor the developments discussed above, and others, and report on them in our 2018 Mid-Year Update. [1] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Justice Department Recovers Over $3.7 Billion From False Claims Act Cases in Fiscal Uear 2017 (Dec. 21, 2017), https://www.justice.gov/opa/pr/justice-department-recovers-over-37-billion-false-claims-act-cases-fiscal-year-2017; see also U.S. Dep’t of Justice, Civil Div., Fraud Statistics – Overview (Dec. 19, 2017), https://www.justice.gov/opa/press-release/file/1020126/download. [2] Id. [3] In 2017, two cases involved both AKS and improper billing claims.  In such cases in which multiple theories are alleged, the case (and the settlement amount) are counted in the totals for each theory.  See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Oxygen Equipment Provider Pays $11.4 Million to resolve False Claims Act Allegations (April 25, 2017), https://www.justice.gov/opa/pr/oxygen-equipment-provider-pays-114-million-resolve-false-claims-act-allegations; Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Drug Maker Aegerion Agrees to Plead Guilty; Will Pay More than $35 million to Resolve Criminal Charges and Civil false Claims Allegations (Sept. 22, 2017), https://www.justice.gov/opa/pr/drug-maker-aegerion-agrees-plead-guilty-will-pay-more-35-million-resolve-criminal-charges-and. [4] The number of cases indicated by this table—18—is two more than the total number of cases for the reasons explained supra note 3. [5] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Mylan Agrees to Pay $465 Million to Resolve False Claims Act Liability for Underpaying EpiPen Rebates (Aug. 17, 2017), https://www.justice.gov/opa/pr/mylan-agrees-pay-465-million-resolve-false-claims-act-liability-underpaying-epipen-rebates. [6] Id. [7] Id. [8] Id. [9] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Drug Maker Aegerion Agrees to Plead Guilty; Will Pay More Than $35 Million to Resolve Criminal Charges and Civil False Claims Allegations (Sept. 22, 2017), https://www.justice.gov/opa/pr/drug-maker-aegerion-agrees-plead-guilty-will-pay-more-35-million-resolve-criminal-charges-and. [10] Id. [11] Id. [12] Press Release, U.S. Dep’t of Justice, Drug Maker United Therapeutics Agrees to Pay $210 Million to Resolve False Claims Act Liability for Paying Kickbacks (Dec. 20, 2017), https://www.justice.gov/opa/pr/drug-maker-united-therapeutics-agrees-pay-210-million-resolve-false-claims-act-liability. [13] Press Release, U.S. Dep’t of Justice, U.S. Attorney’s Office, D. of Minn., United States Recovers More Than $12 Million In False Claims Act Settlements For Alleged Kickback Scheme (Aug. 21, 2017), https://www.justice.gov/usao-mn/pr/united-states-recovers-more-12-million-false-claims-act-settlements-alleged-kickback. [14] Id. [15] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Galena Biopharma Inc. to Pay More Than $7.55 Million to Resolve Alleged False Claims Related to Opioid Drug (Sept. 8, 2017), https://www.justice.gov/opa/pr/galena-biopharma-inc-pay-more-755-million-resolve-alleged-false-claims-related-opioid-drug. [16] Id. [17] Id. [18] Press Release, U.S. Dep’t of Justice, U.S. Attorney’s Office, C.D. of Cal., Celgene Agrees to Pay $280 Million to Resolve Fraud Allegations Related to Promotion of Cancer Drugs For Uses Not Approved by FDA (July 24, 2017), https://www.justice.gov/usao-cdca/pr/celgene-agrees-pay-280-million-resolve-fraud-allegations-related-promotion-cancer-drugs. [19] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Novo Nordisk Agrees to Pay $58 Million for Failure to Comply with FDA-Mandated Risk Program (Sept. 5, 2017), https://www.justice.gov/opa/pr/novo-nordisk-agrees-pay-58-million-failure-comply-fda-mandated-risk-program. [20] Id. [21] United States ex rel King v. Solvay Pharm., Inc., 871 F.3d 318, 323 (5th Cir. 2017). [22] Id. at 330–31. [23] Id. at 329 n.9. [24] Id. [25] Universal Health Servs., Inc. v. United States ex rel. Escobar, 136 S. Ct. 1989, 2003–04 (2016). [26] 862 F.3d 890, 895–96 (9th Cir. 2017). [27] Id. at 902–03. [28] Id. at 905–06 (citation omitted). [29] Pet. for a Writ of Cert., Gilead Sciences, Inc. v. United States ex rel. Campie, at i (filed Dec. 26, 2017). [30] Id. at 19, 22. [31] United States ex rel. Ibanez v. Bristol-Myers Squibb Co., 874 F.3d 905, 917, 921 (6th Cir. 2017). [32] Id. at 912. [33] Id. at 915. [34] Id. at 915–16 (citation omitted).   [35] Id. at 914–15. [36] Id. at 915. [37] Id. at 920–21. [38] United States ex rel. Nargol v. DePuy Orthopaedics, Inc., 865 F.3d 29, 31–32 (1st Cir. 2017). [39] Id. (discussing the standard from United States ex rel. Duxbury v. Ortho Biotech Prods., L.P., 579 F.3d 13 (1st Cir. 2009)). [40] Id. at 40–41. [41] Id. [42] Id. at 41. [43] Id. at 39, 42. [44] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Attorney General Sessions Announces Opioid Fraud and Abuse Detection Unit, https://www.justice.gov/opa/pr/attorney-general-sessions-announces-opioid-fraud-and-abuse-detection-unit. [45] Id. [46] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Attorney General Jeff Sessions Delivers Remarks Announcing New Tools to Combat the Opioid Crisis, https://www.justice.gov/opa/speech/attorney-general-jeff-sessions-delivers-remarks-announcing-new-tools-combat-opioid-crisis. [47] Id. [48] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Justice Department Announces First Ever Indictments Against Designated Chinese Manufacturers of Deadly Fentanyl and Other Opiate Substances, https://www.justice.gov/opa/pr/justice-department-announces-first-ever-indictments-against-designated-chinese-manufacturers. [49] Id. [50] Id. [51] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Founder and Owner of Pharmaceutical Company Insys Arrested and Charged with Racketeering (Oct. 26, 2017), https://www.justice.gov/opa/pr/founder-and-owner-pharmaceutical-company-insys-arrested-and-charged-racketeering. [52] Id. [53] Id. [54] Insys Therapeutics, Inc., Quarterly Report (10-Q), at 14 (Nov. 3, 2017). [55] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Novo Nordisk Agrees to Pay $58 Million for Failure to Comply with FDA-Mandated Risk Program (Sept. 5, 2017), https://www.justice.gov/opa/pr/novo-nordisk-agrees-pay-58-million-failure-comply-fda-mandated-risk-program. [56] Id. [57] Id. [58] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Drug Maker Aegerion Agrees to Plead Guilty; Will Pay More Than $35 Million to Resolve Criminal Charges and Civil False Claims Allegations (Sept. 22, 2017), https://www.justice.gov/opa/pr/drug-maker-aegerion-agrees-plead-guilty-will-pay-more-35-million-resolve-criminal-charges-and. [59] Id. [60] Id. [61] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, District Court Enters Permanent Injunction Against Two New Jersey Companies and Two Individuals to Stop Distribution of Unapproved and Misbranded Drugs (Sept. 26, 2017), https://www.justice.gov/opa/pr/district-court-enters-permanent-injunction-against-two-new-jersey-companies-and-two. [62] Id. [63] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, District Court Enters Permanent Injunction Against Philips North America and Two Executives to Limit Distribution of Adulterated External Defibrillators (Oct. 31, 2017), https://www.justice.gov/opa/pr/district-court-enters-permanent-injunction-against-philips-north-america-and-two-executives. [64] Alexion Pharmaceuticals, Inc., Quarterly Report (Form 10-Q), at 19 (Oct. 26, 2017). [65] Sandra Moser, Remarks at the America Conference Institute’s 8th Global Forum on Anti-Corruption in High Risk Markets (July 25, 2017). [66] Id. [67] U.S. Food & Drug Admin., FDA In Brief: FDA takes new steps to help ensure clear presentation of health information in prescription drug promotion (Dec. 11, 2017), https://www.fda.gov/NewsEvents/Newsroom/FDAInBrief/ucm588419.htm. [68] Id. [69] Warning Letters 2017: Office of Prescription Drug Promotion, U.S. Food & Drug Admin (last updated Dec. 14, 2017). [70] Warning Letter from Andrew Haffer, Dir., Div. of Advert. & Promotion Review, Office of Prescription Drug Promotion, U.S. Food & Drug Admin. to Robert D. Tessarolo, President and Chief Exec. Officer, Cipher Pharmaceuticals Inc. (Aug. 24, 2017). [71] Id. at 3. [72] Warning Letter from Andrew Haffer, Dir., Div. of Advert. & Promotion Review, Office of Prescription Drug Promotion, U.S. Food & Drug Admin. to Ira Weisberg, President and CEO, Amherst Pharmaceuticals, Inc. and Dr. Warren P. Lesser, President and CEO, Magna Pharmaceuticals, Inc. (Nov. 14, 2017). [73] Id. at 2. [74] Id. at 3–4. [75] Warning Letter from Robert Dean, Dir., Div. of Advert. & Promotion Review, Office of Prescription Drug Promotion, U.S. Food & Drug Admin. to Vidya Vepuri, Dir., AVANTHI, INC. (Dec. 19, 2017). [76] Id. at 2. [77] U.S. Food & Drug Admin., FDA In Brief: FDA takes new steps to help ensure clear presentation of health information in prescription drug promotion (Dec. 11, 2017), https://www.fda.gov/NewsEvents/Newsroom/FDAInBrief/ucm588419.htm. [78] U.S. Food & Drug Admin., Guidance for Industry: Product Name, Placement, Size, and Prominence in Promotional Labeling and Advertisements (Dec. 2017),  https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM375784.pdf. [79] Id. at 2. [80] Id. at 5–6. [81] Id. at 6. [82] U.S. Food & Drug Admin., Draft Guidance for Industry: Medical Product Communications That Are Consistent With the FDA-Required Labeling—Questions and Answers (Jan. 2017), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM537130.pdf. [83] U.S. Food & Drug Admin., Draft Guidance for Industry and Review Staff:  Drug and Device Manufacturer Communications With Payors, Formulary Committees, and Similar Entities—Questions and Answers (Jan. 2017), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM537347.pdf. [84] U.S. Food & Drug Admin., Statement from FDA Commissioner Scott Gottlieb, M.D., on FDA decision to seek additional time to reassess rule that would have changed longstanding practices for how the agency determined the ?intended use’ of medical products (Jan. 12, 2018), https://www.fda.gov/NewsEvents/Newsroom/PressAnnouncements/ucm592358.htm. [85] Id. [86] Id. [87] U.S. Food & Drug Admin., Clarification of When Products Made or Derived From Tobacco Are Regulated as Drugs, Devices, or Combination Products; Amendments to Regulations Regarding “Intended Uses”; Proposed Partial Delay of Effective Date (Jan. 16, 2018), https://www.federalregister.gov/documents/2018/01/16/2018-00555/clarification-of-when-products-made-or-derived-from-tobacco-are-regulated-as-drugs-devices-or (83 Fed. Reg. 2092). [88] United States ex rel King v. Solvay Pharm., Inc., 871 F.3d 318, 329 (5th Cir. 2017) (per curiam). [89] United States ex rel. Ibanez, 874 F.3d at 915. [90] Sidney Hillman Health Ctr. of Rochester v. Abbott Labs., 873 F.3d 574, 578 (7th Cir. 2017). [91] Hemi Grp v. City of New York, 559 U.S. 1 (2010). [92] Sidney Hillman Health Ctr. of Rochester, 873 F.3d at 578 (7th Cir. 2017) (citing Sergeants Benevolent Ass’n Health and Welfare Fund v. Sanofi-Aventis U.S. LLP, 806 F.3d 71 (2d Cir. 2015), and UFCW Local 1776 v. Eli Lilly & Co., 620 F.3d 121 (2d Cir. 2010)). [93] Pharmaceutical Information Exchange Act, H.R. 2026, 115th Cong. (2017),  https://www.congress.gov/bill/115th-congress/house-bill/2026. [94] Medical Product Communications Act of 2017, H.R. 1703, 115th Cong. (2017),  https://www.congress.gov/bill/115th-congress/house-bill/1703/text. [95] Press Release, #SubHealth Reviews Legislation Addressing Medical Product Manufacturer Communications, H. Subcomm. on Health of the H. Comm. on Energy & Commerce (Jul. 12, 2017), https://energycommerce.house.gov/news/press-release/subhealth-reviews-legislation-addressing-medical-product-manufacturer-communications/. [96] Jeff Overley, Off-Label Drug Bills Get Little Traction On Capitol Hill, Law360, (Jul. 12, 2017), https://www.law360.com/health/articles/943303/off-label-drug-bills-get-little-traction-on-capitol-hill. [97] Michael Ollove, Pressure mounts to lift FDA restrictions on off-label drugs, Washington Post, (Oct. 8, 2017), https://www.washingtonpost.com/national/health-science/pressure-mounts-to-lift-fda-restrictions-on-off-label-drugs/2017/10/06/568204a0-a2f6-11e7-8cfe-d5b912fabc99_story.html?. [98] News Release, New Jersey Dept. of Justice, New Hampshire Joins $13.5 Million Consumer Settlement with Boehringer Ingelheim Pharmaceuticals, Inc. Concerning Its Off-Label Promotion of Four Prescription Drugs (Dec. 20, 2017), https://www.doj.nh.gov/media-center/press-releases/2017/20171220-boehringer-ingelheim-pharmaceuticals.htm [99] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Boehringer Ingelheim to Pay $95 Million to Resolve False Claims Act Allegations, (Oct. 25, 2012) https://www.justice.gov/opa/pr/boehringer-ingelheim-pay-95-million-resolve-false-claims-act-allegations. [100] United States v.Paul J. Elmer and Caprice R. Bearden, No. 1:17-cr-0113 (S.D. Ind. Jun. 20, 2017). [101] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Former Pharmacy Compliance Director Pleads Guilty to Introducing Adulterated Drugs into Interstate Commerce and Conspiracy to Defraud the United States (Nov. 22, 2017), https://www.justice.gov/opa/pr/former-pharmacy-compliance-director-pleads-guilty-introducing-adulterated-drugs-interstate. [102] Id. [103] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, District Court Enters Permanent Injunction Against Alabama Pharmacy and Individuals to Prevent Distribution of Adulterated and Misbranded Drugs and Unapproved New Drugs (Jul. 5, 2017), https://www.justice.gov/opa/pr/district-court-enters-permanent-injunction-against-alabama-pharmacy-and-individuals-prevent. [104] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, District Court Enters Permanent Injunction Against Utah Pharmacy and its Executives to Prevent Distribution of Adulterated, Misbranded and Unapproved New Drugs (Aug. 7, 2017), https://www.justice.gov/opa/pr/district-court-enters-permanent-injunction-against-utah-pharmacy-and-its-executives-prevent. [105] Press Release, District Court Enters Permanent Injunction Against Philips North America and Two Executives to Limit Distribution of Adulterated External Defibrillators (Oct. 31, 2017), https://www.justice.gov/opa/pr/district-court-enters-permanent-injunction-against-philips-north-america-and-two-executives. [106] See U.S. Food & Drug Admin., Warning Letters 2017 (Dec. 21, 2017), https://www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/default.htm (follow “Enforcement Activities by FDA” hyperlink; then follow “Warning Letters and Notice of Violation Letters to Pharmaceutical Companies” hyperlink; then follow “Warning Letters 2017” hyperlink). [107] See Warning Letter from Thomas J. Cosgrove, Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Mr. Rajiv Malik, President, Mylan Pharmaceuticals, Inc. (Apr. 3, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm550326.htm. [108] Warning Letter from Francis Godwin, Acting Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Mr. Guangjian Feng, Manager of Marketing, Guangdong Zhanjiang Jimin Pharmaceutical Co., Ltd. (Oct. 30, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm583939.htm. [109] Warning Letter from Francis Godwin, Acting Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Mr. Il Chong Chung, President and Owner, Seindni Co., Ltd. (Dec. 5, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm588215.htm. [110] Warning Letter from Thomas J. Cosgrove, Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Ms. Michele Boisvert, CEO, Homeolab USA Inc. (Aug. 2, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm570461.htm. [111] Warning Letter from Thomas J. Cosgrove, Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Ms. Jeong Soo Ahn, CEO, Dasan E&T Co., Ltd. (Sept. 22, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm577650.htm. [112] Warning Letter from Francis Godwin, Acting Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Mr. JongWoo Kim, CEO, Dae Young Foods Company, Ltd. (Nov. 20, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm586501.htm. [113] Warning Letter from Thomas J. Cosgrove, Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Dr. Dhananjaya Alli, Managing Director, Vista Pharmaceuticals Limited (July 5, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm565861.htm. [114] Warning Letter from Thomas J. Cosgrove, Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Mr. Bernard Armani, President, Deserving Health International Corp. (Dec. 18, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm589455.htm. [115] U.S. Food & Drug Admin., Draft Guidance for Industry: Expiration Dating of Unit-Dose Repackaged Solid Oral Dosage Form Drug Products (Aug. 8, 2017), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM070278.pdf. [116] U.S. Food & Drug Admin., Expiration Dating of Unit-Dose Repackaged Solid Oral Dosage Form Drug Products; Revised Draft Guidance for Industry; Availability, 82 Fed. Reg. 37229 (Aug. 9, 2017). [117] U.S. ex rel. King v. Solvay Pharmaceuticals, Inc., 871 F.3d 318, 323 (5th Cir. 2017) (per curiam); 31 U.S.C. § 3729(a)(1)(A)–(B). [118] Id. at 331–32. [119] Id. at 331. [120] Id. at 332. [121] Id. (emphasis added). [122] Press Release, U.S. Dep’t of Justice, U.S. Atty’s Office, S.D.N.Y., Manhattan U.S. Attorney Announces $370 Million Civil Fraud Settlement Against Novartis Pharmaceuticals for Kickback Scheme Involving High-Priced Prescription Drugs, Along With $20 Million Forfeiture of Proceeds From The Scheme (Nov.r 20, 2015), https://www.justice.gov/usao-sdny/pr/manhattan-us-attorney-announces-370-million-civil-fraud-settlement-against-novartis. [123] United States v. Nerey, 877 F.3d 956, 969 (11th Cir. 2017). [124] Id. (quoting United States v. Vernon, 723 F.3d 1234, 1256 (11th Cir. 2013)). [125] Id. [126] U.S. Dep’t of Health and Human Servs., Office of Inspector Gen., Notice of Modification of OIG Advisory Opinion No. 02-01 at 1 (Mar. 3, 2017), https://oig.hhs.gov/fraud/docs/advisoryopinions/2017/AdvOpn02-1-mod.pdf. [127] Id. at 2–3. [128] U.S. Dep’t of Health and Human Servs., Office of Inspector Gen., Redacted Final Notice of Rescission 06-04 at 1 (Nov. 28, 2017), https://oig.hhs.gov/fraud/docs/advisoryopinions/2017/AdvOpnRescission06-04.pdf. [129] Id. [130] Id. [131] Id. [132] Id. at 2. [133] Id. [134] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Drug Maker United Therapeutics Agrees to Pay $210 Million to Resolve False Claims Act Liability for Paying Kickbacks (Dec. 20, 2017), https://www.justice.gov/opa/pr/drug-maker-united-therapeutics-agrees-pay-210-million-resolve-false-claims-act-liability. [135] See id. [136] Allison Noon, United Therapeutics Settles Charity-Kickback Claim for $210 Million, Law360 (Dec. 20, 2017), https://www.law360.com/articles/996916/united-therapeutics-settles-charity-kickback-claim-for-210m; see, e.g., Regeneron Pharmaceuticals, Inc., Form 10-K, at 58 (filed Feb. 9, 2017), http://investor.regeneron.com/secfiling.cfm?filingid=1532176-17-8&cik. [137] Letter from Gregory Demske, Chief Counsel to the Inspector General, U.S. Dep’t of Health and Human Servs., Office of Inspector Gen., to James Stansel, Executive Vice President and General Counsel, Pharmaceutical Research and Manufacturers of America (Jan. 04, 2018), https://dlbjbjzgnk95t.cloudfront.net/0999000/999154/stansel-letter.pdf. [138] Id. [139] 42 U.S.C. § 1320a-7b(b)(2)(A). [140] 15 U.S.C. § 2301(6) (defining written warranty); 42 C.F.R. § 1001.952(g) (setting out the safe harbor for warranties). [141] U.S. Dep’t of Health and Human Servs., Office of Inspector Gen., OIG Advisory Op. 02-06 at 5 (May 14, 2002), https://oig.hhs.gov/fraud/docs/advisoryopinions/2002/ao0206.pdf. [142] U.S. Dep’t of Health and Human Servs., Office of Inspector Gen., OIG Advisory Op. 17-03 at 1 (Aug.18, 2017), https://oig.hhs.gov/fraud/docs/advisoryopinions/2017/AdvOpn17-03.pdf. [143] Id. at 2. [144] Id. at 2–3. [145] Id. at 5. [146] Id. at 5. [147] See id. at 5–6. [148] See id. [149] U.S. Dep’t of Health and Human Servs., Office of Inspector Gen., OIG Advisory Op. 17-07 at 1–2 (Dec. 4, 2017) https://oig.hhs.gov/fraud/docs/advisoryopinions/2017/AdvOpn17-07.pdf.  The five diagnoses that would be eligible under the Hospital Readmission Reduction Program are pneumonia, congestive heart failure, acute myocardial infarction, chronic obstructive pulmonary disease, and elective total hip or knee arthoplasty.  Id. at 2. [150] Id. [151] Id. at 7–8. [152] Id. at 8­9.  Also important to HHS OIG’s determination is that the manufacturer does not make many products that apply to the specific diseases at issue. [153] Id. at 8. [154] Id. at 9. [155] Id. [156] See FDA Reauthorization Act of 2017, Pub. L. No. 115–52, § 203, 131 Stat. 1005, 1013–14 (2017). [157] See id. §§ 201–03, 131 Stat. at 1013–15. [158] See id. §§ 701–02, 131 Stat. at 1054–56. [159] See id. § 702(b), 131 Stat. at 1055–56. [160] See Scott Gottlieb, FDA Announces New Steps to Empower Consumers and Advance Digital Healthcare, FDA Voice (July 27, 2017), https://blogs.fda.gov/fdavoice/index.php/2017/07/fda-announces-new-steps-to-empower-consumers-and-advance-digital-healthcare/. [161] U.S. Food & Drug Admin., Digital Health Innovation Action Plan, at 1 (2017), https://www.fda.gov/downloads/MedicalDevices/DigitalHealth/UCM568735.pdf. [162] Id. at 1, 5. [163] Id. at 7. [164] U.S. Food & Drug Admin., Draft Guidance for Industry and Food and Drug Administration Staff: Clinical and Patient Decision Support Software (Dec. 8, 2017), https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM587819.pdf. [165] Id. at 5–9. [166] Id. at 11–13. [167] See U.S. Food & Drug Admin., Draft Guidance for Industry and Food and Drug Administration Staff: Changes to Existing Medical Software Policies Resulting from Section 3060 of the 21st Century Cures Act (Dec. 8, 2017), https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM587820.pdf. [168] See id. at 7–9. [169] See id. at 4, 7–9. [170] See id. at 9–14. [171] U.S. Food & Drug Admin., Guidance for Industry and Food and Drug Administration Staff: Software as a Medical Device (SAMD): Clinical Evaluation (Dec. 8, 2017), https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm524904.pdf. [172] See id. at FDA Preface, 4–5. [173] Id. at 16–21. [174] U.S. Food & Drug Admin., Draft Guidance for Industry and Food and Drug Administration Staff: The Least Burdensome Provisions: Concept and Principles (Dec. 15, 2017), https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM588914.pdf. [175] Scott Gottlieb and Jeffrey Shuren, New Steps to Facilitate Beneficial Medical Device Innovation, FDA Voice (Dec. 14, 2017), https://blogs.fda.gov/fdavoice/index.php/2017/12/new-steps-to-facilitate-beneficial-medical-device-innovation/. [176] U.S. Food & Drug Admin., Draft Guidance for Industry and Food and Drug Administration Staff: The Least Burdensome Provisions: Concept and Principles, at 4–5 (Dec. 15, 2017), https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM588914.pdf. [177] Id. at 7. [178] Id. [179] Id. at 9–14. [180] Id. at 16. [181] Id. at 16–17; see also U.S. Food & Drug Admin., Guidance for Industry, Tool Developers, and Food and Drug Administration Staff: Qualification of Medical Device Development Tools (Aug. 10, 2017), https://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm374432.pdf. [182] U.S. Food & Drug Admin., Draft Guidance for Industry and Food and Drug Administration Staff: Breakthrough Devices Program (Oct. 25, 2017), https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm581664.pdf. [183] Id. at 1. [184] Id. at 11–12; see also id. at 12–17. [185] Id. at 7–11. [186] U.S. Food & Drug Admin., Guidance for Industry and Food and Drug Administration Staff: Design Considerations and Pre-market Submission Recommendations for Interoperable Medical Devices (Sept. 6, 2017), https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm482649.pdf. [187] See id. at 3, 13–16. [188] U.S. Food & Drug Admin., Guidance for Industry and Food and Drug Administration Staff: Deciding When to Submit a 510(k) for a Change to an Existing Device (Oct. 25, 2017), https://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm514771.pdf; U.S. Food & Drug Admin., Guidance for Industry and Food and Drug Administration Staff: Deciding When to Submit a 510(k) for a Software Change to an Existing Device (Oct. 25, 2017), https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm514737.pdf. [189] See Change to an Existing Device, supra note 32, at 8–9, 25–31; Software Change to an Existing Device, supra note 32, at 5–6, 15. [190] U.S. Food & Drug Admin., Guidance for Industry and Food and Drug Administration Staff: Technical Considerations for Additive Manufactured Medical Devices (Dec. 5, 2017), https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm499809.pdf. [191] See U.S. Food & Drug Admin., Guidance for Industry and Food and Drug Administration Staff: Classification of Products as Drugs and Devices and Additional Product Classification Issues (Sept. 25, 2017), https://www.fda.gov/downloads/RegulatoryInformation/Guidances/UCM258957.pdf. [192] U.S. Food & Drug Admin., Guidance for Industry and Food and Drug Administration Staff: Medical Device Accessories – Describing Accessories and Classification Pathways (Dec. 20, 2017), https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm429672.pdf. [193] See id. at 3, 8–12. [194] See U.S. Food & Drug Admin., 2017 Warning Letters: Inspections, Compliance, Enforcement, and Criminal Investigations, https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/default.htm?Page=1. [195] Warning Letter from Alberto Gutierrez, Office Dir., Office of In Vitro Diagnostics and Radiological Health, Ctr. for Devices & Radiological Health, U.S. Food & Drug Admin. to Arjen Winkel, President and CEO, QLRAD Netherlands (July 20, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm574153.htm. [196] Id. [197] Warning Letter from Joseph Matrisciano, Jr., District Dir., Division 1/East, N.E. District, Office of Medical Device and Radiological Health Operations, U.S. Food & Drug Admin. to Mr. James Phillip Jones, Chief Executive Officer, Dynavision International, LLC (Sept. 5, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm574774.htm. [198] Warning Letter from Alberto Gutierrez, Office Dir., Office of In Vitro Diagnostics and Radiological Health, Ctr. for Devices & Radiological Health, U.S. Food & Drug Admin. to Wilhelm Sänger, General Manager, DRG Instruments GmbH (Sept. 19, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm580968.htm; Warning Letter from Alberto Gutierrez, Office Dir., Office of In Vitro Diagnostics and Radiological Health, Ctr. for Devices & Radiological Health, U.S. Food & Drug Admin. to Else Beth Trautner, Chief Executive Officer, Euro Diagnostica AB (Sept. 20, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm578374.htm; Warning Letter from Alberto Gutierrez, Office Dir., Office of In Vitro Diagnostics and Radiological Health, Ctr. for Devices & Radiological Health, U.S. Food & Drug Admin. to Christoph Gauer, CEO, ELITech Group SAS (Sept. 20, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm581033.htm. [199] See U.S. Food & Drug Admin., 2017 Warning Letters: Inspections, Compliance, Enforcement, and Criminal Investigations, https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/default.htm?Page=1. [200] Warning Letter from Donald J. St. Pierre, Acting Dir., Office of In Vitro Diagnostics and Radiological Health, Ctr. for Devices & Radiological Health, U.S. Food & Drug Admin. to Dmitry Novikov, TELEMED (Nov. 14, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm589996.htm. [201] Warning Letter from Kelly Sheppard, Acting Program Div. Dir., Division 3 West, L.A. District, Office of Medical Device and Radiological Health Operations, U.S. Food & Drug Admin. to Dr. John M. Agee, President and Owner, Hand Biomechanics Lab, Inc. (Nov. 16, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm587328.htm. [202] See U.S. Food & Drug Admin., 2017 Warning Letters: Inspections, Compliance, Enforcement, and Criminal Investigations, https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/default.htm?Page=1. The following Gibson Dunn lawyers assisted in the preparation of this client update:  Stephen Payne, Marian Lee, John Partridge, Jonathan Phillips, Sean Twomey, Reid Rector, Allison Chapin, Sarah Erickson-Muschko, Emily Riff, Jasper Hicks, Julie Hamilton, Lucie Duvall, and Stevie Pearl. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments.  Please contact the Gibson Dunn lawyer with whom you usually work or any of the following: Washington, D.C. Stephen C. Payne, Chair, FDA and Health Care Practice Group (+1 202-887-3693, spayne@gibsondunn.com) F. Joseph Warin (+1 202-887-3609, fwarin@gibsondunn.com) Marian J. Lee (+1 202-887-3732, mjlee@gibsondunn.com) Daniel P. Chung (+1 202-887-3729, dchung@gibsondunn.com) Jonathan M. Phillips (+1 202-887-3546, jphillips@gibsondunn.com) Los Angeles Debra Wong Yang (+1 213-229-7472, dwongyang@gibsondunn.com) San Francisco Charles J. Stevens (+1 415-393-8391, cstevens@gibsondunn.com) Winston Y. Chan (+1 415-393-8362, wchan@gibsondunn.com) New York Alexander H. Southwell (+1 212-351-3981, asouthwell@gibsondunn.com) Denver Robert C. Blume (+1 303-298-5758, rblume@gibsondunn.com) John D. W. Partridge (+1 303-298-5931, jpartridge@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

January 5, 2018 |
2017 Year-End False Claims Act Update

Click for PDF How will the Trump Administration alter enforcement of the False Claims Act (“FCA”)?  This is a question we fielded frequently at the end of 2016.  Our answer at the time:  We do not expect there to be significant changes in FCA enforcement, and we expect that the Department of Justice (“DOJ”) and private qui tam plaintiffs will continue to brandish the FCA as a powerful weapon.  Our answer today?  Enforcement of the FCA, although slightly less active during 2017 than 2016, shows little signs of a long-term letup.  To the contrary, the FCA remains a significant source of government-facing and private-plaintiff litigation. 2017 marked the eighth straight year in which the federal government has recovered more than $3 billion in FCA cases and in which more than 700 new FCA cases were filed.  To put that in historical context, each of those marks had been reached only once before this most-recent eight-year stretch.  Although federal recoveries dipped from 2016, this past year also marked the fourth-highest yearly haul ever for the federal government.  And despite hints from isolated elements of the Trump Administration that there may be some interest in reigning in perceived overreach with the FCA, top DOJ officials have reaffirmed their dedication to stringent enforcement of the statute. On the case law front, the U.S. Supreme Court’s 2016 landmark decision in Universal Health Services, Inc. v. United States ex rel. Escobar, 136 S. Ct. 1989 (2016), continued to reverberate through the lower courts.  Some courts have implemented the Escobar Court’s intent, barring FCA cases—at the summary judgment or even the pleading stage—when prior government actions demonstrate that the alleged misconduct at issue was not material to government payment.  But other courts have imposed different standards, parsing Escobar in plaintiff-friendly fashions.  Meanwhile, in Escobar‘s shadow, the lower federal courts have grappled with numerous other complex issues involving the FCA, including pleading standards, the public disclosure bar, the first-to-file bar, and more.  In fact, this last six months saw more than a dozen  significant circuit court decisions on issues relating to the FCA. Finally, on the legislative front, there is little to report.  As recently as mid-2016, legislative reform to reign in the FCA was the subject of Congressional hearings and murmurings by commentators.[1]  But today it seems no legislator—let alone a voting bloc—is eager to scale back a law intended to prevent “waste, fraud, and abuse.”  In the current political climate, it is perhaps hard to find blame in that decision. We address all of these and other developments in greater depth below.  We focus first on enforcement activity at the federal and state levels, turn to important FCA settlements and judgments that were announced in the second half of 2017, discuss the limited activity on the legislative front, and then conclude with an analysis of significant cases from the past six months. As always, Gibson Dunn’s recent publications on the FCA may be found on our website, including in-depth discussions of the FCA’s framework and operation, industry-specific presentations, and practical guidance to help companies avoid or limit liability under the FCA.  And, of course, we would be happy to discuss these developments—and their implications for your business—with you. II.     FCA ENFORCEMENT ACTIVITY A.     Total Recovery Amounts: 2017 Recoveries Exceed $3.7 Billion The federal government recovered more than $3.7 billion in civil settlements and judgments under the FCA during the 2017 fiscal year, the fourth-highest amount on record.[2]  There were also 799 new FCA cases filed in 2017, the fourth-highest number in any single year.  Of the more than $3.7 billion that the government recovered, almost $426 million—the second-highest amount ever—came from suits where the federal government declined to intervene and that were driven by private qui tam “whistleblower” plaintiffs.[3]  All in all, 2017 was the eighth consecutive year in which the government recovered more than $3 billion and where there were at least 700 new FCA matters. B.     Qui Tam Activity Last year, we suggested that the government’s record 2015 recovery in qui tam suits where the government declined to intervene may have been an aberration.[4]  But 2015 looks less like an anomaly, at least after this past year.  In 2017, the government recovered nearly $426 million in cases where it declined to intervene, the second-highest amount on record.  That amount, which quadrupled 2016’s haul in such cases, constituted 11% of all recoveries last year. The proportion of cases in 2017 initiated by a whistleblower (84% (674 of 799)) remained in line with historical averages; that proportion has vacillated between 77% and 88% every year since 2009.  Going back farther in time, however, it is important to recall that the total number, and proportion, of qui tam cases has increased substantially since Congress amended the FCA in 1986: from 1987 through 1991, only about a quarter of FCA cases were qui tam cases, but whistleblowers have now brought just shy of 12,000 qui tam cases since then (71% of the total). The chart below demonstrates both the increase in overall FCA litigation activity since 1986 and the distinct shift from government-driven investigations and enforcement to qui tam-initiated lawsuits.  Although there was a slight decline compared to 2016, the total number of FCA cases remains far higher than in the first decade of the new millennium, when approximately 470 cases (on average) were initiated each year. Number of FCA New Matters, Including Qui Tam Actions  Source: DOJ “Fraud Statistics – Overview” (Dec. 21, 2017)   When a whistleblower brings an FCA action, the government may choose to intervene, which it does about 20% of the time.[5]  Even if the government declines to intervene, at least 70% of any recovery still goes to the government.  In fiscal year 2017, that large majority of cases where the government declined to intervene accounted for 11% of all federal recoveries.  This may not seem like much, but it was just the second time that such recoveries exceeded 9%, as shown below. Settlement or Judgments in Cases Where the Government Declined Intervention as a Percentage of Total FCA Recoveries Source: DOJ “Fraud Statistics – Overview” (Dec. 21, 2017)    C.     The Trump Administration’s Statements on the FCA As we reported in our 2017 Mid-Year update, Trump Administration officials have publicly announced their intent to enforce the FCA vigorously, beginning with a January pledge by U.S. Attorney General Jeff Sessions to “make it a high priority of the [D]epartment [of Justice] to root out and prosecute fraud in federal programs and to recover any monies lost due to fraud or false claim[s].”  He also voiced support for whistleblower-driven FCA suits as a “healthy” and “effective” method of rooting out fraud.  Deputy Attorney General Rod Rosenstein also committed, in connection with his January nomination, to continue robust enforcement of the FCA and to ensure that DOJ attorneys work collaboratively with relators. This messaging from DOJ has continued on.  For example, in his remarks announcing that DOJ’s 2017 Health Care Fraud Takedown operation would be the largest ever in the program’s eight-year history, Attorney General Sessions pledged to “use every tool we have to stop criminals from exploiting vulnerable people and stealing our hard-earned tax dollars” and to “develop even more techniques to identify and prosecute wrongdoers.”[6]  Attorney General Sessions added that the takedown program—a coordinated nationwide effort between DOJ, the U.S. Department of Health and Human Services (“HHS”), and law enforcement—had charged 412 defendants, nearly 300 of which were in the process of being suspended or banned from participation in federal programs, as of July 2017. This is not to say that all statements from the Administration have been aligned.  For instance, while addressing criticism levied during a House Financial Services Committee meeting in October—specifically, that the government’s use of the FCA against Federal Housing Administration (“FHA”) lenders was driving lenders away from the program and increasing costs to borrowers—U.S. Department of Housing and Urban Development Secretary Ben Carson pledged to address the “ridiculous” rise of FCA actions against FHA lenders.[7]  Secretary Carson’s comments, which included a statement that the Administration was “already addressing that problem” with DOJ’s staff, suggests a potential check on FCA actions. Similarly, in October, the Director of the Fraud Section of DOJ’s Civil Division gave a speech that left some industry-watchers wondering if DOJ intended to revisit its practices with respect to seeking dismissal of qui tam FCA suits that it determined to be meritless.  By statute, DOJ has always had the authority to intervene and seek dismissal of qui tam cases.  Historically, however, DOJ has used this authority sparingly.  Acknowledging that “clearly meritless cases can serve only to increase the costs for the government and health care providers alike,” the DOJ official cautioned that “[w]hile qui tam cases will always remain a significant staple of the government’s False Claims Act efforts, we are mindful of the need to maximize the use of the government’s limited resources.”[8]  Initial press reports viewed these remarks as an indication that DOJ had updated its longstanding policy of intervening to seek dismissal of meritless FCA actions only infrequently.  But DOJ later clarified that the remarks had merely been commentary on DOJ’s authority to seek dismissal and did not reflect any actual changes to its enforcement policy.[9] The year also saw staffing changes at DOJ that could impact the government’s FCA enforcement practices.  In July, Attorney General Jeff Sessions downsized the Health Care Corporate Fraud Strike Force, which was created in 2015 to focus on pursuing complex cases involving corporate health care fraud.[10]  The personnel changes—apparently reflecting the Administration’s shift in favor of high-priority issues like the opioid epidemic—were swiftly reported in the media as significantly weakening the Corporate Fraud Strike Force.  But this change should not be seen as an end to corporate health care fraud prosecutions.  DOJ publicly disavowed any such notion, stating that the Health Care Corporate Strike Force is “going strong under steady leadership” and that DOJ is “continuing to vigorously investigate and hold accountable individuals and companies that engage in fraud.”[11]  And DOJ left in place the related Medicare Fraud Strike Force, which has an established expertise in complex health care cases and a long track record of pursuing health care FCA cases.  Thus, it is safe to say that DOJ remains committed to health care fraud cases more broadly, even as it has reorganized how it handles such cases internally. Although we will continue to track these developments in the upcoming year, we do not anticipate any significant slowdown from the Administration.  We certainly have not seen any shortfall of aggression from DOJ since the change in Administration, and efforts to combat “waste, fraud, and abuse” continue to draw bipartisan support. D.     Industry Breakdown The past year’s distribution of recoveries by industry remained consistent with prior years, as health care industry companies continued to pay the majority (67%) of all sums collected by the government.  The financial industry, too, remained a significant target even though more than eight years have passed since the 2008 financial crisis.  Notably, the government recovered more than $543 million stemming from alleged housing and mortgage fraud in 2017.[12] Settlement or Judgments by Industry in 2017   1.     Health Care and Life Sciences Industries The health care industry paid 67% of all federal FCA recoveries this past year, in line with its average annual proportion since 2010.  In 2017, that amounted to almost $2.5 billion, a slight decrease from $2.6 billion the year before.  Since 2010, these figures have been remarkably consistent, as the government has recovered between $2.4 billion and $2.7 billion from health care companies every year but two—in 2012 when it recovered $3.1 billion, and in 2015 when it recovered $2.1 billion. As in years past, a handful of disproportionately large settlements drove the ten-figure sum.  In a case that drew substantial media attention, a branded pharmaceutical maker paid $465 million to resolve government allegations that the company avoided paying Medicare rebates by misclassifying its life-saving emergency medication as a generic drug.[13]  Meanwhile, in a case that garnered relatively less attention, a company that sells electronic health records software settled with the government for $155 million after allegedly misrepresenting its software’s capabilities.[14] DOJ and qui tam actions are not the only area of risk for health care and life sciences companies.  In its Spring 2017 Semiannual Report to Congress, the U.S. Department of Health and Human Services, Office of Inspector General (“HHS OIG”) reported that it also commenced 458 civil actions (including but not limited to FCA actions) in the first half of the 2017 fiscal year,[15] an increase from the 379 it commenced during the first half of the 2016 fiscal year.[16] No description of DOJ’s and HHS OIG’s enforcement activities is complete without discussion of the Anti-Kickback Statute (“AKS”) and the Stark Law.  The AKS prohibits giving or offering—and requesting or receiving—any form of payment in exchange for referring a product or a service that is covered by federally funded health care programs.[17]  Since the Affordable Care Act of 2010, claims resulting from a violation of the AKS are deemed “false” for purposes of the FCA.  The Stark Law prohibits physicians from referring Medicare patients to a provider with which the physician has a financial relationship.[18] One of the largest health care industry FCA settlements of the year, a $350 million agreement, involved a medical device manufacturer that allegedly paid kickbacks to health care providers in exchange for agreeing to use its skin graft product.[19] In recent years, FCA recoveries from hospitals and hospital systems have taken a back seat to recoveries from pharmaceutical companies, medical device companies, and outpatient clinics.  However, in 2017, a large chain of hospitals paid $60 million after the government alleged that it overbilled various federal programs for services provided by claiming that it had actually provided other, more expensive, services.[20]  And two related Missouri hospitals agreed to pay $34 million for allegedly paying improper incentives to doctors who referred oncology patients to a chemotherapy infusion clinic.[21] 2.     Government and Defense Contracting Industry Recoveries from government contracting firms rebounded in 2017, up to $220 million from $122 million in 2016.[22]  Defense contractors, however, made up a smaller-than-usual percentage of government contracting enforcement actions in 2017, while contractors who provide more routine government services were more of a focus of FCA cases over the last year.  For example, a software company paid $45 million after the government alleged that it failed to disclose some of its discounting practices to the General Services Administration, resulting in overpayments.[23]  The government also continued in 2017 its recent trend of pursuing FCA theories based on evasion of import duties, for example, when it secured a settlement from a company and two individuals who allegedly evaded customs duties after they imported wood furniture from China.[24] 3.     Financial Industry Even as the 2008 financial crisis has begun to recede into memory, 2017 was a banner year for FCA recoveries from financial services companies who allegedly defrauded the government in the run-up to the crisis.  Most notably, the government won more than $296 million at trial against a company and its CEO who allegedly falsely certified the quality of thousands of mortgage loans and then recovered tens of millions of FHA insurance dollars when the loans failed.[25]  The government also secured a $74 million settlement from another mortgage lender who allegedly engaged in similar activities dating back to 2006.[26] III.     NOTEWORTHY SETTLEMENTS AND JUDGMENTS ANNOUNCED DURING THE SECOND HALF OF 2017 We summarize below a number of the notable FCA settlements and judgments announced during the past six months (we covered notable settlements and judgments from the first half of the year in our 2017 Mid-Year Update), including those in the health care and life sciences industries, government and defense contracting industry, and the financial industry.  These cases provide specific examples of the industries the government has targeted, as well as the theories of liability that the government and relators have advanced. A.     Settlements 1.     Health Care and Life Sciences Industries On July 17, 2017, three Ohio-based health care providers and their executives agreed to pay roughly $19.5 million to resolve allegations related to their alleged submission of false claims to Medicare for unnecessary rehabilitation and hospice services.  The government alleged that the companies provided therapy services at excessive levels to increase Medicare reimbursement and provided hospice services to patients who were ineligible for those Medicare benefits.  In addition, the individual executive defendants allegedly solicited and received kickbacks to refer patients from skilled nursing facilities managed by corporations they partially controlled or owned to a particular home health care services provider.  As part of the settlement, two defendants entered into a five-year corporate integrity agreement with HHS OIG.  The whistleblowers, three former employees of the corporate defendants, will receive almost $3.7 million for their share of the government’s recovery.[27] On August 17, 2017, two wholly owned subsidiaries of a pharmaceutical company headquartered in Pennsylvania agreed to pay $465 million to settle allegations that they knowingly misclassified a certain product as a generic drug to avoid rebate expenditures primarily owed to Medicaid.  The company also entered into a five-year corporate integrity agreement with HHS OIG, which requires an independent organization to conduct an annual review of the defendant’s practices regarding the Medicaid drug rebate program.  The whistleblower, a competing pharmaceutical manufacturer, will receive approximately $38.7 million as a relator’s share.[28] On August 21, 2017, two suppliers of ophthalmological goods and services, as well as their former chief executive officer, agreed to pay more than $12 million to resolve allegations that they paid unlawful kickbacks to physicians and thereby violated the AKS and FCA.  The alleged kickbacks included the provision of free travel, entertainment, and improper consulting agreements.  The government contended that by providing these items of value, the defendants knowingly induced physicians to utilize the defendants’ products and services, and subsequently submit false claims to the federal government.  In connection with the FCA settlement, the defendants agreed to a five-year corporate integrity agreement with HHS OIG.  The whistleblower will receive 19.5% of the amount recovered.[29] On August 28, 2017, two California-based companies and their two principal executives agreed to pay approximately $2 million to resolve federal and state allegations that they knowingly overbilled a program designed to serve Californians with developmental disabilities.  Specifically, defendants allegedly submitted claims for payment of services that were never provided, retained overpayments to which they knew they had no claim, and falsified documents to support their claims for services that were never performed.  The whistleblower will receive a 20% share of all proceeds paid to the federal government.[30] On September 1, 2017, a medical center located in New Mexico and its Texas-based partner agreed to pay approximately $12.24 million to settle allegations that they made illegal donations to county governments, which the counties used to fund the state share of Medicaid payments to the hospital.  Under New Mexico’s now discontinued Sole Community Provider program, the state provided supplemental Medicaid funds to hospitals, and the federal government reimbursed 75% of the expenditures.  Federal law mandated that the state or counties had to provide the remaining 25% of the funds; it was allegedly unlawful for private hospitals to do so.  The whistleblower, a former county health care administrator, will receive approximately $2.2 million of the recovery.[31] On September 5, 2017, a pharmaceutical manufacturer agreed to pay $58.65 million to settle allegations that it did not comply with U.S. Food and Drug Administration (“FDA”)-mandated Risk Evaluation and Mitigation Strategy (“REMS”) for its Type II diabetes medication.  The settlement includes disgorgement of $12.15 million for alleged violations of the Federal Food, Drug, and Cosmetic Act (“FDCA”), and $46.5 million for alleged violations of the FCA.  The FCA-related payment resolves specific allegations that the company caused the submission of false claims related to the drug by authorizing sales messages that could create a false or misleading impression with physicians that the REMS-required message was erroneous, irrelevant, or unimportant, and by encouraging use of the drug by adult patients who did not have Type II diabetes.  The federal government will receive approximately $43.1 million, and state Medicaid programs will receive more than $3.3 million; the amount to be recovered by private party whistleblowers is undecided.[32] On September 8, 2017, a California-based biopharmaceutical company agreed to pay more than $7.55 million to settle allegations that it paid kickbacks to doctors to induce them to prescribe a fentanyl-based drug.  The improper payments allegedly included (1) 85 free meals to doctors and staff from a high-prescribing practice; (2) paying doctors $5,000 and speakers $6,000 to attend an “advisory board” partly organized, and attended, by the defendant’s sales team members; (3) paying approximately $82,000 to a physician-owned pharmacy under a performance-based rebate program; and (4) payments to doctors to refer patients to the company’s patient registry study.  The whistleblower will receive more than $1.2 million of the amount recovered.[33] On September 11, 2017, a South Carolina chain of physician-owned family medicine clinics agreed to pay $1.56 million to settle allegations that it submitted false claims to the Medicare and TRICARE programs.  The principal owner and former chief executive officer, as well as the former laboratory director, also agreed to pay $443,000 to resolve the allegations, bringing the total settlement to over $2 million.  The government specifically alleged that the entity’s incentive compensation plan paid its physicians a percentage of the value of laboratory and other diagnostic tests that they ordered, which the entity then billed to Medicare in violation of the Stark Law.  In addition, the defendants allegedly submitted claims for medically unnecessary laboratory services by creating, and using, custom panels comprised of needless diagnostic tests, and programming accounting software to change billing codes for laboratory tests to ensure payment.  The entity and the principal owner also agreed to a corporate integrity agreement with HHS OIG, which ensures that the owner has no management role for five years and obligates the company to implement internal compliance reforms.[34] On September 13, 2017, a New York hospital operator agreed to pay $4 million to resolve allegations that it engaged in improper financial relationships with referring physicians.  The improper relationships included compensation and office lease arrangements that allegedly did not comply with requirements of the Stark Law, which restricts relationships between entities and referring physicians.  The whistleblower will receive $600,000 of the recovery.[35] On September 18, 2017, an Alaska state agency agreed to pay almost $2.5 million to resolve allegations that it submitted inaccurate quality control data and information to the U.S. Department of Agriculture and received unearned performance bonuses for fiscal years 2010 through 2013.  The inaccuracies occurred in connection with the agency’s implementation of the Supplemental Nutrition Assistance Program (formerly the Food Stamp Program).  The agency had contracted with a third-party consultant to provide recommendations to lower its quality control error rate, but the advice, as implemented by the agency, allegedly injected bias into the quality control process, which resulted in the reporting inaccuracies.  This is the third settlement with a state agency arising from the advice given by the consulting company.[36] On September 22, 2017, a Massachusetts-based pharmaceutical company agreed to pay more than $35 million to resolve criminal and civil charges related to the introduction of an alleged misbranded drug into interstate commerce.  The company also agreed to plead guilty to certain criminal charges, entered into a deferred prosecution agreement relating to its criminal liability under the Health Insurance Portability and Accountability Act of 1996, agreed to a civil consent decree and permanent injunction to prevent future violations of the FDCA, and entered into a corporate integrity agreement with HHS OIG.  Of the $35 million, the company will pay $28.8 million over three years to settle federal ($26.1 million) and state ($2.7 million) liability for allegedly (1) submitting claims to government health care programs arising from its improper promotion of the drug; (2) altering or falsifying statements of medical necessity and prior authorizations that were submitted to federal health care programs; and (3) defraying patients’ copayment obligations, in alleged violation of the AKS, by funneling funds through an entity that claimed to be a non-profit patient organization.  Three whistleblowers will receive $3.7 million from the federal proceeds.[37] On September 27, 2017, a hospital based in South Carolina agreed to pay more than $7 million to settle allegations that it submitted false Medicare claims.  The government contended that the defendant knowingly disregarded the statutory requirements for submitting Medicare claims for services, including radiation oncology services, emergency department services, and clinic services.  In particular, the hospital allegedly (1) billed for radiation oncology services when a qualified practitioner was not immediately available to provide direction throughout the radiation procedure; (2) billed for services provided at a minor care clinic as if it was an emergency department; and (3) billed emergency department services rendered by mid-level providers as if they were provided by a physician.  The whistleblower will receive more than $1.2 million of the recovery and will also receive over $850,000 to resolve her wrongful termination claims.[38] On October 19, 2017, a Tennessee-based nursing home operator agreed to pay $5 million to settle allegations that the company billed Medicare and Medicaid for allegedly worthless nursing home services and services that were never provided.  The company also agreed to enter into a corporate integrity agreement with HHS OIG.  The government’s investigation originated with claims by the whistleblower, a former nursing home employee, of patient abuse and neglect, substandard care, and denial of basic services.  The whistleblower will receive $1 million as part of the settlement.[39] On October 27, 2017, a New York-based health care provider agreed to pay $6 million to resolve allegations that a subsidiary submitted false claims to government health care programs for unnecessary rehabilitation therapy services.  The defendant also agreed to enter into a five-year corporate integrity agreement with HHS OIG.  The two whistleblowers will receive $990,000 of the recovery.[40] On October 30, 2017, an Ohio-based hospice care provider, and various wholly owned subsidiaries, agreed to pay $75 million to settle allegations that they submitted false claims for hospice services to Medicare.  The settlement also included a five-year corporate integrity agreement with HHS OIG.  The government alleged that the defendants submitted claims for services to hospice patients who were not terminally ill, and submitted claims for continuous home care services that were unnecessary, not provided, or not performed in line with Medicare requirements.  In addition, the government alleged that the provider rewarded employees with bonuses for the number of patients receiving hospice services, and pressured staff to increase the volume of continuous home care, regardless of need.  The settlement constitutes the largest recovery ever from a provider of hospice services under the FCA.[41] On December 1, 2017, a physician-owned hospital located in Texas agreed to pay $7.5 million to settle allegations that it paid physicians illegal kickbacks in the form of free marketing services in exchange for surgical referrals.  The marketing services included print, radio, and television advertisements, pay-per-click campaigns, billboards, website upgrades, brochures, and business cards.  The defendant also agreed to enter into a five-year corporate integrity agreement with HHS OIG.  The whistleblowers, two former employees in the defendant’s marketing department, will receive $1.1 million of the amount recovered.[42] On December 12, 2017, a Florida-based cancer care provider, and certain of its subsidiaries and affiliates, agreed to pay $26 million to resolve a Medicare compliance issue that the company had voluntarily disclosed regarding the submission of false attestations about the company’s use of electric health records software, as well as separate whistleblower allegations related to the submission of claims for services provided pursuant to referrals from physicians with whom the defendant allegedly had improper financial relationships.  The company also entered into a five-year corporate integrity agreement with HHS OIG.  The whistleblower, the company’s former interim vice president of financial planning, will receive a $2 million share of the government’s recovery.[43] On December 20, 2017, a Maryland-based pharmaceutical company agreed to pay $210 million to resolve allegations that it used a 501(c)(3) organization as a conduit to pay copays for Medicare patients taking the company’s pulmonary arterial hypertension drugs.  The company allegedly made donations to the foundation, which then used the donations to satisfy the copays.  The company also allegedly prohibited needy Medicare patients from participating in its free drug program; instead, the company allegedly referred these patients to the foundation, which allowed for Medicare claims.  In addition to the settlement, the company entered into a five-year corporate integrity agreement with HHS OIG.[45] On December 21, 2017, a Florida-based hospice company agreed to pay over $5 million to settle allegations that it knowingly billed the government for medically unnecessary and undocumented hospice services.  The whistleblower, a former employee, will receive approximately $900,000 of the recovered funds.[46] On December 22, 2017, an Illinois-based retailer agreed to pay $32.3 million to settle allegations that in-store pharmacies failed to report discounted prescription drug prices to Medicare, Medicaid, and TRICARE.  The government alleged that the corporation offered discounted generic drug prices to customers who paid cash through club programs, but knowingly failed to report the discounted prices to federal health care programs when reporting its usual and customary prices, which the government uses to determine reimbursement rates.  The settlement is part of a larger $59 million settlement that also resolves state Medicaid and insurance claims against the company.  The whistleblower will receive $9.3 million of the recovered funds.[47] 2.     Government and Defense Contracting Industry On August 10, 2017, a Virginia-based contractor and its subsidiaries agreed to pay $16 million to settle allegations that they knowingly conspired with, and caused, small businesses to submit false claims for payment related to fraudulently obtained small business contracts.  The defendant and its subsidiaries allegedly induced the government to award certain contracts by misrepresenting eligibility requirements, including the small businesses’ affiliation with the defendant, size, and standing as service-disabled or as qualified socially or economically disadvantaged businesses under federal business development programs.  In addition, the defendant allegedly engaged in bid rigging to distort or inflate prices charged to the government under the contracts.  The settlement is one of the largest involving alleged fraud implicating small business contract eligibility.  The whistleblower will receive a share of the recovery of approximately $2.9 million.[48] On August 15, 2017, a Virginia-based defense contractor agreed to a $9.2 million settlement to resolve allegations that it overbilled the government for labor on Navy and Coast Guard ships located at its shipyards in Mississippi.  The contractor allegedly mischarged labor to certain contracts when it was actually performed under other contracts, and billed the government for dive operations to support ship hull construction that did not actually occur.  The whistleblower will receive more than $1.5 million of the recovery.[49] On September 13, 2017, a Virginia-based contractor agreed to pay $5 million to settle allegations that it failed to properly vet personnel working in Afghanistan under a State Department contract for labor services.  The contract required the contractor to conduct extensive background checks on U.S. personnel in specific positions and to submit the names of non-U.S. personnel to the State Department for additional security clearance.  The government alleged that claims submitted by the contractor for labor services of the improperly vetted personnel, in violation of the background-check requirements, were false claims.  The whistleblower will receive $875,000 as his share of the recovery.[50] On October 3, 2017, three New York-based contractors, as well as two New York-based owners, agreed to pay more than $3 million to resolve allegations that they improperly obtained federal set-aside contracts reserved for service-disabled veteran-owned (“SDVO”) small businesses.  One of the three contractors allegedly recruited a service-disabled veteran to serve as a figurehead, received several SDVO small business contracts, and subcontracted almost all of the work to the other two entities rather than the veteran.  The two individual defendants allegedly executed the scheme by making, or causing to be made, false statements to the Department of Veterans Affairs (“VA”) regarding eligibility to participate in the SDVO small business contracting program and compliance with related requirements.  The whistleblower will receive $450,000 of the recovery.[51] On October 16, 2017, a Virginia-based defense contractor agreed to pay $2.6 million to resolve allegations that the company submitted false claims for payment to the Department of Defense for unqualified security guards stationed in Iraq.  The government alleged that the defendant knowingly billed the United States for security guards who failed to pass contractually required firearms proficiency tests, and concealed the guards’ inability to satisfy the requirements by creating false test scorecards.  The whistleblower, a former employee, will receive approximately $500,000 of the amount recovered.[52] On November 8, 2017, a Kentucky-based trucking company agreed to pay $4.4 million to settle allegations that it submitted claims for payment related to shipping contracts that were obtained by bribing government officials.  The whistleblower will receive $814,000 of the recovery.[53] 3.     Financial Industry On August 8, 2017, two mortgage originators and underwriters based in New Jersey, and a third based in Minnesota, agreed to pay more than $74 million to resolve allegations that they knowingly provided mortgage loans insured by the FHA, guaranteed by the VA, and purchased by Fannie Mae and Freddie Mac that did not meet origination, underwriting, and quality control requirements mandated by those entities.  Of the $74 million, $65 million will satisfy the FHA allegations, and $9.45 million will satisfy the remaining allegations.  The whistleblower who made some of the allegations, a former employee, will receive more than $9 million from the settlement.[54] On December 8, 2017, a banking conglomerate headquartered in Louisiana agreed to pay more than $11.6 million to settle allegations that it falsely certified compliance with federal requirements to obtain insurance on mortgage loans from the FHA.  The defendant, who participated as a direct endorsement lender in the FHA insurance program, admitted the following facts as part of the settlement: (1) it certified insurance mortgage loans that did not meet Department of Housing and Urban Development (“HUD”) requirements and were ineligible for FHA mortgage insurance, and HUD paid FHA insurance claims on some of these mortgages; (2) it advised HUD that it was no longer paying illegal commissions to underwriters and those who provided underwriting activities, but failed to disclose that it was making incentive payments; (3) it failed to timely self-report material violations of HUD requirements, including audit findings regarding substandard quality reviews; and (4) as a result of its conduct and omissions, HUD insured loans approved by the bank that were ineligible for FHA mortgage insurance that HUD would not have otherwise insured, and HUD incurred losses when it paid insurance on those loans.  The whistleblowers, two former employees of the bank, will receive a 20% share of the recovery.[55] 4.     Other On September 22, 2017, a California-based renewable energy company agreed to pay $29.5 million to resolve allegations that it submitted inflated claims on behalf of itself and affiliated investment funds to the Department of Treasury under Section 1603 of the American Recovery and Reinvestment Act of 2009 (“Section 1603”).  The company allegedly overstated the cost bases of its solar energy properties in its certified Section 1603 grant applications and received inflated payments from the Treasury as a result.  As part of the settlement, the defendant, and its affiliates, also agreed to release pending and future claims against the United States for Section 1603 payments.[56] On December 19, 2017, a Texas-based oil and gas corporation and its affiliates agreed to pay $2.25 million to settle allegations that they underpaid royalties owed on natural gas produced from federal lands in Wyoming.  The government alleged that the entities knowingly reduced the royalty amounts by deducting fees paid to other companies, including the cost of placing the gas in marketable condition.[57] B.     Judgments ·         On September 14, 2017, a federal judge in the Southern District of Texas awarded a $296 million judgment against two mortgage entities and a $25.3 million judgment against their president and chief executive officer for alleged fraudulent conduct while participating in the FHA mortgage insurance program.  In November 2016, a unanimous jury found that the defendants violated the FCA and the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (“FIRREA”).  Specifically, the jury determined that the defendants falsely certified that thousands of high-risk, low-quality loans were eligible for FHA insurance, and subsequently submitted claims to FHA when the loans defaulted.  The defendants were also found liable for allegedly originating FHA-insured loans from “shadow” branch offices without HUD approval, and submitting false quality control reports and certifications to HUD.  The court’s judgment trebled the jury’s $92 million FCA verdict and imposed additional statutory penalties under the FCA and FIRREA.[58] IV.     LEGISLATIVE ACTIVITY A.     Federal Legislation The federal legislative front was frankly uneventful during the latter half of 2017, with no new legislation significantly affecting the FCA enacted or introduced in Congress.  Additionally, at least for this year, Congress largely shelved consideration of President Trump’s plan to repeal and replace the Affordable Care Act (“ACA”) (except for the repeal of the individual mandate as part of the recent tax cut legislation), which could have affected the ACA’s amendments to the FCA, as discussed in our 2017 Mid-Year False Claims Act update. Federal regulatory activity implicating the FCA also remained quiet.  An FDA regulation proposed in January 2017—amending the agency’s definition of “intended use” for drugs and devices codified in 21 C.F.R. § 201.128 and 21 C.F.R. § 801.4, respectively—saw little progress during the past six months.[59]  As noted in our Mid-Year update, the rule’s effective date was delayed until March 19, 2018,[60] in response to a petition from industry opponents that argued against an expansion of the definition of “intended use,”[61] which could have spawned a flurry of unwarranted FCA lawsuits.  After expiration of the comment period on the issues raised by the petition, the FDA published an interim response to those concerns on July 28, 2017, noting that a decision is still forthcoming, pending further review and analysis by agency officials.[62] B.     State Legislation As noted in previous updates, HHS OIG is in the process of determining if state FCA laws appropriately mirror the federal FCA’s enforcement abilities so that they are deemed as effective as the federal FCA in facilitating qui tam actions; if HHS OIG finds that they do not, the states lose their ability to increase their share of recoveries in cases that prosecute Medicaid fraud by 10%.  In our Mid-Year update, we reported that HHS OIG notified 15 states that their state FCA laws needed to be amended to mirror the federal law’s increased civil penalties by no later than the end of 2018.  Since then, a few states have progressed toward that goal: On July 24, 2017, a bill that would amend the California False Claims Act to mirror penalties allowed under the federal FCA was signed by the Governor.[63] On August 25, 2017, a bill amending the Illinois False Claims Act to mirror penalties allowed under the federal FCA was approved by the Governor.[64] On November 28, 2017, a bill that would amend the civil penalties in the Michigan Medicaid False Claims Act to mirror penalties allowed under the federal FCA was referred to the Senate Judiciary Committee.[65] Bills that would have similarly amended the New York and North Carolina false claims act statutes remain under consideration and have not progressed since our last update.[66] Additionally, a number of states have either enacted into law, introduced, or failed to progress legislation making other notable changes to their respective state FCA laws.  Those developments include: Alabama passed a law amending its Medicaid fraud statute, which strengthened penalties for violations, but also introduced a requirement that violations be “knowing.”[67]  A related bill that would have established a broader state false claims act, on which we reported in our Mid-Year 2017 Update, failed to emerge from committee.[68] Florida introduced a bill that would remove the Florida False Claims Act from the ambit of the Open Government Sunset Review Act, a 1995 law that mandates periodic review and repeal of all exemptions to Florida’s open records law.  The amendment would exempt the Florida FCA’s under seal requirements from review and potential repeal under the Sunset Review Act.[69] Arkansas enacted a bill that updates and clarifies several definitions in the state’s Medical Fraud Act and Medicaid Fraud False Claims Act, but does not significantly alter the substance of the law.[70] In Michigan, a bill that would create a general Michigan False Claims Act remains in the state Senate’s Committee on the Judiciary.[71]  If enacted, the bill would expand Michigan’s current Medicaid False Claims Act beyond the Medicaid context.[72] A Pennsylvania law that would create the state’s False Claims Act remains in the House Judiciary Committee, where it has resided since March 2017.[73] North Dakota failed to pass House Bill 1174, which would have provided liability and a penalty for false claims for medical assistance made to the state.[74] We expect that the upcoming year will bring increased state legislative activity as the December 31, 2018 deadline set by HHS OIG approaches. V.     NOTABLE CASE LAW DEVELOPMENTS While the legislative front was uneventful, the jurisprudential front was just the opposite.  In 2017, courts continued to grapple with the Supreme Court’s seminal decision in Escobar, draw the boundaries of the public disclosure and first-to-file bars, and explore many other nuances of the FCA.  The results were dozens of cases that contribute meaningfully to the corpus of FCA case law.  As always, we summarize the most significant cases below. A.     Continued Development of the Materiality Requirement Post-Escobar Eighteen months after it was decided, the application of the Supreme Court’s landmark decision in Escobar continues to be an issue confronting courts throughout the country.  In particular, courts have been forced to determine how to apply the Escobar Court’s self-described “rigorous” and “demanding” materiality requirement.  136 S. Ct. at 2002–03. 1.     The Third Circuit Extends Escobar to Pre-2009 Claims In United States ex rel. Spay v. CVS Caremark Corp., 875 F.3d 746 (3d Cir. 2017), the Third Circuit addressed a question left unanswered by Escobar—whether the materiality standard also applies to conduct before the adoption of the Fraud Enforcement and Recovery Act of 2009 (“FERA”), which included a “material” standard in the FCA’s text for the first time.  After reviewing the Court’s analysis in Escobar, the Third Circuit reached the “unavoidable conclusion” that:  “(1) Section (a)(1) [of the FCA] has a materiality requirement, even though that requirement has never been expressed in the statute [prior to FERA], and (2) the standard used to measure materiality did not change in 2009 when Congress amended the FCA to include a definition of ‘material.'”  Spay, 875 F.3d at 763.  The Third Circuit further concluded “that the FCA has always included a materiality element . . . and the definition of ‘material,’ which is derived from the common law and was enshrined in the statute itself in 2009, has not changed.”  Id. The Third Circuit’s analysis is relevant to the small number of remaining cases that are premised on pre-2009 conduct.  But it has broader implications as well.  For example, the Third Circuit’s determination that the FCA and common law “both employ the same standard” for materiality suggests that the materiality analysis in Escobar applies to all theories of FCA liability, regardless of the statutory premise or theory of liability pursued by the government or relators. 2.     The Third, Fifth, and Seventh Circuits Address the Importance of the Government Continuing to Make Payments In recent months, three circuits have addressed the extent to which the government’s continued payment of claims establishes a lack of materiality following Escobar.  In Spay, the Third Circuit considered whether the general industry use of dummy prescriber information on authorized claims that “errored out” because of missing or incorrectly formatted prescriber information constituted material misstatements.  875 F.3d at 750.  The record established that government employees responsible for authorizing payments “knew that dummy identifiers were being used” and “the reason for using them,” but the government nevertheless paid for the prescriptions.  Id. at 764.  Because the misstatements at issue actually “allowed patients to get their medication,” the Third Circuit concluded that “they are precisely the type of ‘minor or insubstantial’ misstatements where ‘[m]ateriality . . . cannot be found.'”  Id. (quoting Escobar, 136 S. Ct. at 2003). The Fifth Circuit reached a similar conclusion in United States ex rel. Harman v. Trinity Industries Inc., 872 F.3d 645 (5th Cir. 2017).  In Harman, a contractor “inadvertently omitted” information about a design change to a guardrail system, which subsequently became eligible for federal-aid reimbursement in 2005.  Id. at 665.  In 2012, the Federal Highway Administration (“FHWA”) was advised of the design change, but continued to maintain the system’s eligibility for federal reimbursement, including by issuing a June 2014 memorandum that affirmed that the system remained eligible for reimbursement.  Id. at 649, 665.  Nevertheless, a federal jury found the contractor liable for the submission of false claims and imposed a verdict of more than $663 million—the largest judgment in the history of the FCA.  Id. at 651.  But the Fifth Circuit reversed that judgment, observing that, “though not dispositive,” the payment of claims despite knowledge of alleged fraud “substantially increased the burden . . . in establishing materiality.”  Id. at 663.  Because the evidence in the record was “insufficient to overcome” the “very strong evidence” that FHWA knew about the design changes and still authorized reimbursement, the court reversed and entered judgment as a matter of law for the defendant.  Id. at 668, 670.  In a recent amicus brief, DOJ cited the Harman case as an example of “circumstances in which a court may properly decide [materiality] as a matter of law.”  Brief for the United States as Amicus Curiae Supporting Appellant, United States ex rel. Prather v. Brookdale Senior Living Communities, 2017 WL 4769476, at *13 n.2. A more recent Seventh Circuit decision shows, however, that at least under some circumstances one court has found that continued payment of claims alone may not be dispositive on the question of materiality.  In United States v. Luce, 873 F.3d 999 (7th Cir. 2017), the defendant mortgage company owner allegedly falsely asserted that he had no criminal history in order to participate in a government insurance program.  Id. at 1002–03.  On appeal from the district court’s ruling granting summary judgment to the government, the Seventh Circuit considered whether the fact that the government-insured loans continued to be issued after defendant’s false statements became known was adequate evidence to preclude summary judgment in the government’s favor.  The Seventh Circuit concluded that it was not, stating that “[a]lthough new loans were issued, the Government also began debarment proceedings, culminating in actual debarment.  There was no prolonged period of acquiescence.”  Id. at 1008. 3.     District Courts Address Adequacy of Materiality Allegations at Pleadings Stage Post-Escobar  Before the Supreme Court’s decision in Escobar, the materiality element was often viewed as a fact-intensive issue that was difficult to contest at the summary judgment stage, let alone based on the pleadings.  In Escobar, however, the Supreme Court instructed that materiality is “[not] too fact intensive for courts to dismiss [FCA] cases on a motion to dismiss.”  136 S. Ct. at 2004 n.6. As a result, defendants have increasingly advanced materiality arguments as a basis for dismissal, including at the pleading stage.  While the courts are continuing to evaluate the precise requirements for alleging materiality, certain common themes have been developing.  For instance, district courts have repeatedly made clear that a conclusory allegation that the false statement is material to the government’s payment decision is inadequate to avoid dismissal.  See, e.g., United States ex rel. Payton v Pediatric Servs. of Am., Inc., No. cv416-102, 2017 WL 3910434, at *10 (S.D. Ga. Sept. 6, 2017) (holding that a complaint “must do something more than simply state that compliance is material”); United States v. Scan Health Plan, No. CV 09-5013-JFW, 2017 WL 4564722, at *6 (C.D. Cal. Oct. 5, 2017) (dismissing claim based “only [on] conclusory allegations that the [defendants’] conduct was material”). Thus, a conclusory statement that the government would not have paid if it had been aware of the alleged false statements is “insufficient” because “it does not show how [the] misrepresentations were material.”  United States ex rel. Mateski v. Raytheon Co., No. 2:06-cv-03614, 2017 WL 3326452, at *7 (C.D. Cal. Aug. 3, 2017).  In contrast, some district courts have determined that materiality has been adequately pleaded where complaints included allegations that:  the government had terminated eligibility for similar violations, see United States ex rel. Lacey v. Visiting Nurse Serv. of N.Y., No. 14-cv-5739, 2017 WL 5515860, at *10 (S.D.N.Y. Sept. 26, 2017); the defendant had been informed by the government that compliance was material, see Smith v. Carolina Med. Ctr., No. 11-2756, 2017 WL 3310694, at *11 (E.D. Pa. Aug. 2, 2017); regulatory language established a link between compliance and payment, see United States ex rel. LaPorte v. Premiere Educ. Grp., No. 11-3523, 2016 WL 2747195, at *17 (D.N.J. May 11, 2016), recons. denied, 2017 WL 4167434, at *4 (D.N.J. Sept. 20, 2017); the misrepresentation shifted the risks bargained for by the parties, see United States ex rel. Hussain v. CDM Smith, Inc., No. 14-CV-9107, 2017 WL 4326523, at *8 (S.D.N.Y. Sept. 27, 2017) (addressing allegations that contractor “was improperly shifting billables from fixed-fee to cost-plus-fee contracts”); and defendant’s conduct indicates a belief that fraudulent content “would be important,” see United States ex rel. Gelman v. Donovan, No. 12-cv-5142, 2017 WL 4280543, at *7 (E.D.N.Y. Sept. 25, 2017). Ultimately, while the cases make clear that more than a conclusory allegation is required to comply with Federal Rule of Civil Procedure 9(b), the case law has not definitively decided how much more will suffice.  Given the factual nature of the issue, courts may have a difficult time defining in the abstract what makes a materiality allegation adequate. B.     Updates on Rule 9(b) Pleading Standards As discussed in past updates, circuit courts have taken varying approaches to the application of the heightened pleading standards set forth by Rule 9(b) to FCA claims.  Although the circuits generally agree that Rule 9(b) applies to FCA claims, a circuit split has developed among those circuits that apply the standard strictly, see, e.g., United States ex rel. Clausen v. Lab. Corp. of Am., 290 F.3d 1301, 1311 (11th Cir. 2002) (requiring “some indicia of reliability . . . to support the allegation of an actual false claim for payment being made to the Government”), and those that apply a “relaxed” standard, see, e.g., United States ex rel. Grubbs v. Kanneganti, 565 F.3d 180, 190 (5th Cir. 2009) (requiring the allegation of “particular details of a scheme to submit false claims paired with reliable indicia that lead to a strong inference that claims were actually submitted”).  Thus, the question of how much detail is required to survive a motion to dismiss remains a hotly debated issue. 1.     The Second Circuit Claims the Circuit Split Is “Greatly Exaggerated” In United States ex rel. Chorches v. American Medical Response, 865 F.3d 71 (2d Cir. 2017), the Second Circuit downplayed the circuit split over the Rule 9(b) standard.  The court identified instances in which even those circuits that apply a “stricter” standard “declined to impose an ineluctable bright-line rule that every relator must allege details of actual claims submitted,” but instead took a more nuanced approach that evaluates the pleadings on a case-by-case basis.  Id. at 90–92.  Based on its reading of the requirement, the Second Circuit concluded that a relator must allege “specific and plausible facts from which [a court] may easily infer” that the defendant “systematically falsified its records to support false claims” and “that the false records were actually presented to the government for reimbursement.”  Id. at 84. 2.     The First Circuit Establishes an Exception to Its “Strict” Application of Rule 9(b) The First Circuit has applied the “stricter” standard.  See, e.g., United States ex rel. Karvelas v. Melrose-Wakefile Hosp., 360 F.3d 220, 233 (1st Cir. 2004) (holding that at least “some of th[e] information [e.g., the date or amount of claims or other details regarding the forms submitted] for at least some of the claims must be pleaded”) (internal quotations omitted).  However, in United States ex rel. Nargol v. DePuy Orthopaedics, Inc., 865 F.3d 29 (1st Cir. 2017), the First Circuit recognized an exception to this rule where a complaint “essentially alleges facts showing that it is statistically certain that [the defendant] cause[d] third parties to submit many false claims to the government.”  Id. at 41.  Nargol involved allegations that a manufacturer “palmed off latently defective versions of its FDA-approved [hip-replacement device] on unsuspecting doctors who sought government reimbursement for the defective products.”  Id. at 31. The First Circuit determined that the complaint’s absence of specific information regarding claims was not fatal for several reasons.  First, there was no reason to suggest that the defects “were known to the doctors, the patients, or the government” or that they could have been readily discovered during surgery.  Id. at 40.  Second, there was no reason to suspect that physicians did not seek reimbursement for defective devices.  Id.  Third, it was likely that every sale of the device “was accompanied by an express or plainly implicit representation that the product being supplied was the FDA-approved product, rather than a materially deviant version of that product.”  Id. at 40–41.  Finally, the First Circuit found that it was “highly likely that the expense is not one that is primarily borne by uninsured patients in most instances.”  Id. at 41.  Given these facts, and the allegations that thousands of devices were sold, it was “virtually certain that the insurance provider in many cases was Medicare, Medicaid, or another government program.”  Id.  Under these circumstance, the First Circuit saw “little reason for Rule 9(b) to require Relators to plead false claims with more particularity than they have done” as the complaint “alleges the details of a fraudulent scheme with ‘reliable indicia that lead to a strong inference that claims were actually submitted.'”  Id. (quoting United States ex rel. Duxbury v. Ortho Biotech Prods., L.P., 579 F.3d 13, 29 (1st Cir. 2009)). 3.     The Sixth Circuit Requires the Entire Chain Linking Defendant’s Conduct to the Eventual Submission of Claims to Be Pleaded With Particularity In United States ex rel. Ibanez v. Bristol-Myers Squibb Co., 874 F.3d 905 (6th Cir. 2017), the Sixth Circuit considered the application of Rule 9(b) to allegations involving “a long chain of causal links from defendants’ conduct to the eventual submission of claims.”  Id. at 914.  Ibanez involved allegations of false claims stemming from an off-label promotion scheme of Abilify, “an antipsychotic drug approved for various prescriptive uses by the FDA.”  Id. at 912.  Specifically, the relator alleged that the defendant improperly promoted Abilify to a physician, who then prescribed the medication to a patient for an off-label use.  That patient thereafter filled the prescription at a pharmacy, with the pharmacy subsequently submitting a claim to the government for reimbursement of the prescription.  Id. at 915.  The Sixth Circuit held that the complaint must “adequately allege the entire chain—from start to finish—to fairly show defendants cause[d] false claims to be filed,” including “alleg[ing] specific intervening conduct” along the chain.  Id. at 914–15.  Because relators failed to provide details of “any representative claim that was actually submitted to the government for payment,” the district court’s dismissal of the claim was upheld.  Id. at 915. Additionally, in Ibanez, the Sixth Circuit further clarified the boundaries of the circuit’s “personal knowledge exception” for applying a “relaxed Rule 9(b) pleading standard,” established in United States ex rel. Prather v. Brookdale Senior Living Communities, Inc., 838 F.3d 750 (6th Cir. 2016).  Ibanez, 874 F.3d at 915 (internal quotations omitted).  The Sixth Circuit held that the exception only “applies in limited circumstances . . . where the relator was specifically employed to review [the] documentation allegedly submitted to [the government].”  Id. at 915.  It was this knowledge, paired with specific allegations regarding payment requests, “that satisfied a relaxed 9(b) standard.”  Id. at 915–16.  Based on this decision, along with a decision earlier this year in United States ex rel. Hirt v. Walgreen Co., 846 F.3d 879 (6th Cir. 2017), it appears that outside of the specific circumstance in Prather, the Sixth Circuit will employ a “strict” Rule 9(b) analysis in FCA cases. C.     Developments in the FCA’s Public Disclosure Bar As amended by the Affordable Care Act in 2010, the public disclosure bar states that a court “shall dismiss” an FCA action if “substantially the same allegations or transactions were publicly disclosed” through listed sources, as long as the relator does not qualify as an “original source.”  31 U.S.C. § 3730(e)(4) (2010).  A relator is an “original source” when he or she “has knowledge that is independent of and materially adds to the publicly disclosed allegations or transactions.”  Id. § 3730(e)(4)(B). Courts have grappled with the extent to which their precedent interpreting the prior version of the statute survived the 2010 amendments, including when assessing whether the bar remains jurisdictional (which the prior version of the statute had indicated), how similar allegations must be to previous disclosures before triggering the bar, and how much detail a relator must add to qualify as an original source. 1.     The Seventh Circuit Interprets the Public Disclosure Bar and Original Source Standards The Seventh Circuit assessed the as-amended language in Bellevue v. Universal Health Services of Hartgrove, Inc., 867 F.3d 712, 721 (7th Cir. 2017), in which it dismissed claims that the defendant submitted false certifications to the government.  Analyzing both versions of the statute, the Seventh Circuit noted that it was “unclear” whether the amended public disclosure bar remained jurisdictional (like its predecessor), but ultimately declined to reach the issue, choosing instead to apply the jurisdictional bar under the pre-amendment framework because some of the alleged conduct occurred before 2010.  Id. at 717–18.  Turning to the substantive impact of the amendments, the Seventh Circuit explained that the amended version of the statute “expressly incorporates the ‘substantially similar’ standard” previously used by the Seventh and other circuits when assessing whether the current action was “based upon” previous public disclosures.  Id. at 718.  The court also held that the amendment to the “original source” definition was a “clarification rather than a substantive change,” and thus would apply retroactively to conduct occurring before 2010.  Id.  With regard to the disclosure, the court explained that allegations are publicly disclosed for purposes of the bar “when the critical elements exposing the transaction as fraudulent are placed in the public domain.”  Id. (internal citation omitted).  Rejecting the relator’s argument that the prior public disclosure found in audit reports and letters did not reference any knowing misrepresentation of facts, the court clarified that it is enough to be able to “infer, as a direct and logical consequence of the disclosed information,” that a defendant knowingly submitted false claims to the government.  Id. at 718–19 (internal citation omitted).  The court distinguished other case law involving “qualitative judgments” as to appropriate standards of care, for example, and found that the allegations had been publicly disclosed where the “audit report and letters provided a sufficient basis to infer that [the defendant] was presenting false information to the government.”  Id. at 719. In assessing whether the allegations were “substantially similar,” the court listed several factors to consider, including whether a relator alleged “a different kind of deceit,” presented allegations that “required independent investigation and analysis to reveal any fraudulent behavior,” or alleged information involving “an entirely different time period.”  Id. (internal citation omitted).  Ultimately, the court found that the alleged conduct was “based upon” allegations publicly disclosed through the audit report and letters.  Id. at 720. As to whether the relator qualified as an original source, the court applied the as-amended standard, which requires that the relator have knowledge that “is independent of and materially adds to the publicly disclosed allegations or transactions.”  Id. (quoting 31 U.S.C. § 3730(e)(4)(B) (2010)).  The court concluded that the relator had “not ‘materially added’ to the publicly disclosed allegations,” and therefore did not address the question of whether the relator had independent knowledge, indicating a deficiency in either element undermines a relator’s original source status.  Id.  2.     The Fifth Circuit Assesses Pre-Filing Disclosure Requirements Under the Public Disclosure Bar Before a relator brings an FCA claim in the name of the government, the relator must disclose to the government information on which the allegations are based, in order to qualify as an “original source.”  31 U.S.C. § 3730(e)(4)(A).  This is in addition to another pre-filing disclosure requirement found in the FCA.  Id. § 3730(b)(2).  In United States ex rel. King v. Solvay Pharmaceuticals, Inc., 871 F.3d 318 (5th Cir. 2017), the Fifth Circuit clarified that not just any “disclosure” to the government will satisfy the “original source” pre-filing disclosure requirement.  Instead, the disclosure must “suggest an FCA violation” to qualify.  Id. at 327.  Specifically, in affirming dismissal of the action at issue, the Fifth Circuit found that the relators “failed to present any evidence indicating that their pre-suit disclosure connected the knowledge of [the defendant’s] conduct to false claims made to the government.”  Id. at 326.  The court explained that the disclosure “must—at a minimum—connect direct and independent knowledge of information about [the defendant’s] conduct to false claims submitted to the government.”  Id. at 327.  Because the pre-suit disclosure at issue, although providing details regarding alleged FDCA and AKS violations, was “completely devoid of any indication connecting such information with false claims presented to the government,” the court found the disclosure insufficient to satisfy the FCA’s “original source” pre-filing disclosure requirement. 3.     The Sixth Circuit Analyzes How the Public Disclosure Bar May Apply to Allegations of Later Conduct The Sixth Circuit assessed whether a relator’s claims may move forward despite public disclosures of similar conduct if the allegations in the current action pertain to a different time period.  In Ibanez, the court determined that the “common principle” that a “public disclosure occurs when enough information exists in the public domain to expose the fraudulent transaction” survived the amendments to the statute.  874 F.3d at 918.  But the court disagreed with the defendant’s claim that the government’s previous FCA actions and related corporate integrity agreements with the defendant publicly disclosed the allegedly improper promotion of the product at issue.  Id. at 919.  Rather, the Sixth Circuit found that allegations—like those asserted by the relator—”that [a] scheme either continued despite the agreements or was restarted after the agreements”—would not be precluded by the allegations previously disclosed through corporate integrity agreements, even if the present allegations resembled those of the previously resolved scheme.  Id.  The court clarified that this conclusion “may be true only to the extent that the new allegations are temporally distant from the previously resolved conduct.” Id. at 919 n.4. 4.     The Eighth Circuit Interprets the Original Source Standard Interpreting the original source exception under the pre-amendment version of the public disclosure bar, the Eighth Circuit found in In re Baycol Products Litigation, 870 F.3d 960, 962 (8th Cir. 2017), that in some circumstances a relator need not have direct and independent knowledge of a defendant’s allegedly false communications to the government.  The defendant argued that lawsuits, news articles, public filings, and medical literature publicly disclosed the relator’s allegations that the defendant concealed drug risks through its marketing efforts, and that the relator did not qualify as an original source.  Disagreeing with the defendant’s arguments, the court emphasized that a relator need only “possess direct and independent knowledge of the ‘information’ on which her allegations are based, not of the ‘transaction.'”  Id. As such, the court relied upon precedent to explain that the bar does not require a relator to have direct and independent knowledge of “‘all of the vital ingredients to a fraudulent transaction.'”  Id. (quoting United States ex rel. Springfield Terminal Ry. Co. v. Quinn, 14 F.3d 645, 656–57 (D.C. Cir. 1994)).  In light of the statute’s specific wording and the fact that the government “already knows about communications made to [it] by an alleged defrauder,” the court concluded that a relator’s “‘direct and independent knowledge of any essential element of the underlying fraud transaction'” is enough to afford “original-source status under the [FCA].”  Id. (quoting Springfield, 14 F.3d at 657).  The Eighth Circuit ultimately remanded the matter to the district court to determine whether the relator possessed direct and independent knowledge of the “true state of the facts,” specifically whether the defendant had evidence of the inefficacy and risks of the product at issue.  Id. D.     Developments in Application of the First-to-File Bar The FCA’s so-called “first-to-file bar” limits the ability of qui tam relators to bring an action based on facts already at issue in another pending FCA matter.  Specifically, the statute provides that, when a qui tam action is “pending,” “no person other than the Government may intervene or bring a related action based on the [same] facts.”  31 U.S.C. § 3730(b)(5).  In the past six months, the Fourth and D.C. Circuits weighed in on what, if any, impact the resolution of the original action would have on an ongoing suit that otherwise would run afoul of the first-to-file bar, as well as the ability of relators to avoid the first-to-file bar by amending the later-filed complaint. In United States ex rel. Carter v. Halliburton Co., 866 F.3d 199, 203 (4th Cir. 2017), following a complicated procedural history that culminated in an appeal before the Supreme Court, the Fourth Circuit faced both of these questions.  The Fourth Circuit first found the bar applies, even if the earlier-filed action has since been dismissed.  The Court held that the “appropriate reference point for a first-to-file analysis is the set of facts in existence at the time that the FCA action under review is commenced,” and that “[f]acts that may arise after the commencement of a relator’s action, such as the dismissals of earlier-filed, related actions pending at the time the relator brought his or her action, do not factor into this analysis.”  Id. at 207.  Referencing the Supreme Court, which described the first-to-file rule as “one of ‘a number of [FCA] provisions that do require, in express terms, the dismissal of a relator’s action,'” the Fourth Circuit held that it must dismiss the action without prejudice, even though the statute of limitations could prevent the relator from re-filing.  Id. at 209 (quoting State Farm Fire & Cas. Co. v. United States ex rel. Rigsby, 137 S.Ct. 436, 442–43 (2016)).  Next, the Fourth Circuit rejected the argument that a relator could propose amendments to the complaint (to file after the earlier case had been dismissed) and that such would cure the first-to-file bar:  the “proposed amendment simply adds detail to [the relator’s] damages theories,” instead of “address[ing] any matters potentially relevant to the first-to-file rule, such as the dismissals of the [other actions].”  Id. at 210. The D.C. Circuit, in United States ex rel. Shea v. Cellco Partnership, 863 F.3d 923, 930 (D.C. Cir. 2017), came to a similar conclusion.  There, the court held that the relator’s action “was incurably flawed from the moment he filed it,” because the relator’s earlier-filed separate action was still pending at the time.  This was true even though the earlier-filed action was subsequently settled and dismissed.  Id. at 927.  On appeal, a divided panel affirmed, interpreting the bar to apply even when the initial action was no longer pending, since it had been “pending” at the time the second action was actually filed.  Id. at 928.  The D.C. Circuit also agreed with the district court that the relator could not amend his complaint, holding that it could not salvage his claims from the first-to-file bar and that the relator would need to re-file a new action if he wanted to litigate further.  Id. These cases stand in contrast to United States ex rel. Gadbois v. PharMerica Corp., 809 F.3d 1, 6 (1st Cir. 2015), discussed in a previous update, which effectively found a relator could amend his complaint, after a prior case had been dismissed, to avoid the first-to-file bar.  This sets up a potential split of authority that may eventually reach the Supreme Court. E.     The Ninth Circuit Examines the Scope of the Government-Action Bar Although the public disclosure bar and first-to-file bar are more commonly litigated, they are not the only bars that apply in FCA cases.  The related “government-action bar” prohibits a relator from bringing a qui tam suit “based upon allegations or transactions which are the subject of a civil suit . . . in which the Government is already a party.”  31 U.S.C. §3730(e)(3).  In a case of first impression, the Ninth Circuit recently clarified the reach of the government-action bar in a decision with potentially important ramifications for companies facing FCA liability.  United States ex rel. Bennett v. Biotronik, Inc., 876 F.3d 1011 (9th Cir. 2017). The case concerned a relator who tried to bring an FCA suit against a company that had already settled similar allegations with the government in a different suit, brought by a separate relator.  Id. at 1014–15.  The second relator argued that, because the first suit was no longer pending, the government-action bar no longer barred his subsequent suit.  Affirming summary judgment for the defendant company, the Ninth Circuit held “that the government-action bar applies even when the Government is no longer an active participant in an ongoing qui tam lawsuit.”  Id. at 1016.  In so holding, the court rejected arguments that the government was no longer a “party” in a suit it has settled.  Id. at 1019–20. Notably, the court also held that when the government-action bar applies, it applies to all claims that overlap with the earlier-settled suit, regardless of whether those specific claims were part of the government settlement.  In other words, if the government settles a qui tam action, that settlement bars subsequent suits based on any of the theories advanced by the original suit, regardless of whether those specific theories were investigated and included in the settlement.  Id. at 1020–21.  According to the Ninth Circuit, so long as “the Government was made aware of the claims it ultimately chose not to settle,” the government became “a ‘party’ to the suit as a whole,” and the government-action bar therefore likewise applies to the “suit as a whole.”  Id. at 1021. This provides an important point of reference for defendants, particularly those who face repeated FCA actions, to evaluate how earlier FCA actions may affect the viability of new cases.  Based on Bennett, claims that were involved in—but not settled by—government-settled cases may be off limits from further litigation by other relators. F.     The Fifth and Seventh Circuits Explore Causation Under the FCA For years, the Seventh Circuit stood as the sole circuit to apply a “but for” causation standard for damages in FCA cases, allowing plaintiffs to recover for those events that were “but for” caused by the alleged misconduct, even if the alleged misconduct was not a predominant or primary cause of the event at issue.  In Luce, discussed above, the Seventh Circuit finally joined its sister circuits by requiring that plaintiffs also show proximate causation, not just “but for” causation, to establish damages in an FCA matter. The case involved allegations that the defendant “had defrauded the Government by falsely asserting that he had no criminal history so that his company could participate in the FHA’s insurance program.”  873 F.3d at 1000.  The district court, applying the Seventh Circuit’s prior “but for” causation standard, granted summary judgment for the government, finding the defendant could be liable for government-insured loans that later went into default because, without the defendant’s initial alleged false assertion, defendant would not have been able to participate in the program.  The district court found this should be the case, even if the loans went into default for reasons unrelated to the defendant’s actions (such as because of reasons associated with borrower hardship or other borrower-related reasons).  Id.  On appeal, the Seventh Circuit reversed, and reversed its view on causation.  The Seventh Circuit, recognizing the unfair and inappropriate aspects of “but for” causation, found that a plaintiff should have to prove proximate causation, by showing both that the “defendant’s conduct was a material element and a substantial factor in bringing about the injury,” (cause in fact) and that “the injury is of a type that a reasonable person would see as a likely result of his or her conduct” (legal cause).  Id. at 1012 (internal citations and quotations marks omitted).  The Seventh Circuit remanded the case for further proceedings on the issue of proximate causation. Meanwhile, in King, also discussed above, the Fifth Circuit affirmed a grant of summary judgment for a defendant pharmaceutical company based on causation, because the relator failed to show that alleged off-label marketing and kickbacks caused any false claims.  Although there allegedly was evidence that the company discussed off-label uses with physicians and sponsored studies on off-label uses, among other activities, the court held there was insufficient evidence to show that these efforts caused any false claims.  871 F.3d at 330–31.  Likewise, the court held that there was no evidence that the company’s legal payments to physicians for consulting and speaker fees actually caused “those physicians to prescribe to Medicaid patients.”  Id. at 332. Notably, in ruling on the off-label issues, the Fifth Circuit also planted the seed for a more far-reaching defense against off-label promotion claims, at least in Medicaid cases.  According to the Fifth Circuit, because “Medicaid pays for claims without asking whether the drugs were prescribed for off-label uses,” and “given that it is not uncommon for physicians to make off-label prescriptions,” then “it [is] unlikely that prescribing off-label is material to Medicaid’s payment decisions under the FCA.”  Id. at 329 n.9.  Defendants in the Fifth Circuit, and across the country, are sure to push this defense in future Medicaid cases. G.     The Ninth Circuit Declines to Enforce Arbitration Agreement in FCA Case The Ninth Circuit weighed in this year on the relationship between arbitration agreements and the FCA, and in the process provided defendants a guide to what they should—and should not—include in arbitration agreements if they wish for the agreements potentially to cover FCA claims. In United States ex rel. Welch v. My Left Foot Children’s Therapy, LLC, 871 F.3d 791 (9th Cir. 2017), the Ninth Circuit affirmed a district court’s ruling that a relator’s FCA claims were not subject to an arbitration agreement between the relator and her employer.  Although the district court’s decision was based on the broad principle that the arbitration agreement at issue may not apply in an FCA suit, the Ninth Circuit said it was avoiding the “interesting” question of “the enforceability of a relator’s agreement to arbitrate FCA claims,” and instead engaged in an “unremarkable textual analysis” to hold that the plain text of the arbitration agreement at issue did not cover FCA claims.  Id. at 798.  To reach this conclusion, the Ninth Circuit explained that the relator’s FCA claims did not “arise out of” or “relate to” her employment; the claims had “no direct connection with [her] employment because even if [she] ‘had never been employed by defendants, assuming other conditions were met, she would still be able to bring a suit against them for presenting false claims to the government.'”  Id. at 799 (quoting Mikes v. Strauss, 889 F. Supp. 746, 754 (S.D.N.Y. 1995)).  Likewise, the court held that relator’s FCA claims could not be considered claims relator herself “ha[d] against” her employer because “FCA fraud claims always belong to the government.”  Id. at 800. Notably, however, the Ninth Circuit opined that “had the parties wished to agree to arbitrate FCA claims, they were free to draft a broader agreement that covers ‘any lawsuits brought or filed by the employee whatsoever’ or ‘all cases [the employee] brings against [the company], including those brought on behalf of another party.'”  Id. at 800 n.3.  By including this instructional dicta, the Ninth Circuit provided defendants a potential guide on how to structure arbitration provisions. H.     The Eighth and Ninth Circuits Examine Sovereign Immunity and the FCA In two cases dealing with sovereign immunity and the FCA, the Eighth and Ninth Circuits explored when quasi-governmental entities and Indian tribes can be liable under the FCA. First, in United States ex rel. Fields v. Bi-State Development Agency of the Missouri-Illinois Metropolitan District, 872 F.3d 872 (8th Cir. 2017), the Eighth Circuit held that a bi-state transportation agency created by a compact between Illinois and Missouri was not entitled to Eleventh Amendment immunity from suit under the FCA.  Applying a six-factor test for determining the nature of the entity created by state law, the Eighth Circuit affirmed a previous ruling that the transportation agency was “more like a local governmental entity than an arm of Missouri and Illinois,” and therefore could be liable under the FCA.  Id. at 877. Second, in United States ex rel. Cain v. Salish Kootenai College, Inc., 862 F.3d 939 (9th Cir. 2017), the Ninth Circuit held that an Indian tribe is not a “person” for purposes of the FCA, and therefore is immune from FCA liability.  The court analogized the Indian tribe’s sovereign immunity to a state’s sovereignty, which the Supreme Court has previously held exempts states from FCA liability.  Id. at 942.  Because the FCA applies only to “any person” who violates one of its provisions, and a sovereign Indian tribe is not a “person,” the Ninth Circuit affirmed the district court’s dismissal of the case against the Indian tribe (but remanded for further proceedings on whether a college operated by the tribe also had immunity).  Id. at 943. I.     The Sixth Circuit Supports Attorney’s Fees Against DOJ for Inflated FCA Allegations The Sixth Circuit weighed in once more—and perhaps for the final time—on the long-running Circle C Construction litigation, this time to find that the defendants were entitled to attorney’s fees because of the government’s “unreasonable” positions.  United States ex rel. Wall v. Circle C Construction, LLC, 868 F.3d 466 (6th Cir. 2017).  As we discussed in the 2016 Mid-Year Update, the Sixth Circuit previously reversed a $763,000 damages award for false claims allegedly resulting from non-compliance with Davis-Bacon wage requirements, and instead awarded the government $14,478.  United States ex rel. Wall v. Circle C Construction, LLC, 813 F.3d 616 (6th Cir. 2016).  In reversing the damages award, the Sixth Circuit observed that the damages the government sought to recover were “fairyland rather than actual.”  Id. at 618.  Because the government’s theories were so aggressive and “unreasonable,” the Sixth Circuit held in this most recent decision that defendant was entitled to attorney’s fees, representing a significant win against over-aggressive DOJ enforcement of the FCA. VI.     CONCLUSION The FCA continues to be a high-stakes and fast-changing area of law, and we will continue to both monitor and shape developments in the FCA space.  As always, we will report back to you on the latest news mid-year, in early July. [1] See Oversight of the False Claims Act:  Hearing Before the Subcomm. on the Constitution and Civil Justice of the Comm. on the Judiciary, House of Rep., 114th Cong. 72 (2016), https://judiciary.house.gov/wp-content/uploads/2016/04/114-72_99945.pdf. [2] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Justice Department Recovers Over $3.7 Billion From False Claims Act Cases in Fiscal Year 2017 (Dec. 21, 2017), https://www.justice.gov/opa/pr/justice-department-recovers-over-37-billion-false-claims-act-cases-fiscal-year-2017 [hereinafter DOJ FY 2017 Recoveries Press Release]. [3] See Fraud Statistics Overview (Dec. 21, 2017), https://www.justice.gov/opa/press-release/file/1020126/download [hereinafter DOJ FY 2017 Stats]. [4] That amount was originally reported as over $1.1 billion, see Fraud Statistics Overview (Nov. 23, 2015), http://www.justice.gov/opa/file/796866/download, but has since been revised to $512 million, see DOJ FY 2017 Stats. [5] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Acting Assistant Attorney General Stuart F. Delery Speaks at the American Bar Association’s Ninth National Institute on the Civil False Claims Act and Qui Tam Enforcement (June 7, 2012), http://www.justice.gov/iso/opa/civil/speeches/2012/civ-speech-1206071.html. [6] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Attorney General Jeff Sessions Delivers Remarks at Press Conference Announcing 2017 Health Care Fraud Takedown (July 13, 2017), https://www.justice.gov/opa/speech/attorney-general-jeff-sessions-delivers-remarks-press-conference-announcing-2017-health. [7] The Future of Housing in America: Oversight of the Department of Housing and Urban Development (Oct. 12, 2017), https://financialservices.house.gov/calendar/eventsingle.aspx?EventID=402415 at 3:12:40. [8] Daniel Wilson, DOJ Denies Claims of Change to FCA Dismissal Policy, (Nov. 17, 2017), https://www.law360.com/articles/986650/doj-denies-claims-of-change-to-fca-dismissal-policy. [9] Id. [10] Sue Reisinger and Kristen Rasmussen, As Priorities Shift at DOJ, Health Care Corporate Fraud Strike Force Gutted (July 10, 2017), The National Law Journal, https://www.law.com/nationallawjournal/almID/1202792591440/. [11] Id. [12] See DOJ FY 2017 Recoveries Press Release. [13] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Mylan Agrees to Pay $465 Million to Resolve False Claims Act Liability for Underpaying EpiPen Rebates (Aug. 17, 2017), https://www.justice.gov/opa/pr/mylan-agrees-pay-465-million-resolve-false-claims-act-liability-underpaying-epipen-rebates. [14] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Electronic Health Records Vendor to Pay $155 Million to Settle False Claims Act Allegations (May 31, 2017), https://www.justice.gov/opa/pr/electronic-health-records-vendor-pay-155-million-settle-false-claims-act-allegations. [15] See U.S. Dep’t of Health & Human Services, Office of Inspector Gen., Semiannual Report to Congress (October 1, 2016 – March 31, 2017) at 15, https://oig.hhs.gov/reports-and-publications/archives/semiannual/2017/sar-spring-2017.pdf. [16] See U.S. Dep’t of Health & Human Services, Office of Inspector Gen., Semiannual Report to Congress (October 1, 2015 – March 31, 2016) at 12, https://oig.hhs.gov/reports-and-publications/archives/semiannual/2016/SAR_Spring_2016.pdf. [17] See 42 U.S.C. § 1320a-7b. [18] See 42 U.S.C. § 1395nn. [19] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Shire PLC Subsidiaries to Pay $350 Million to Settle False Claims Act Allegations (Jan. 11, 2017), https://www.justice.gov/opa/pr/shire-plc-subsidiaries-pay-350-million-settle-false-claims-act-allegations. [20] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Healthcare Service Provider to Pay $60 Million to Settle Medicare and Medicaid False Claims Act Allegations (Feb. 6, 2017), https://www.justice.gov/opa/pr/healthcare-service-provider-pay-60-million-settle-medicare-and-medicaid-false-claims-act. [21] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Missouri Hospitals Agree to Pay United States $34 Million to Settle Alleged False Claims Act Violations Arising from Improper Payments to Oncologists (May 18, 2017), https://www.justice.gov/opa/pr/missouri-hospitals-agree-pay-united-states-34-million-settle-alleged-false-claims-act. [22] See DOJ FY 2017 Recoveries Press Release, supra note 2. [23] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, CA Inc. to Pay $45 Million for Alleged False Claims on Government-Wide Information Technology Contract (Mar. 10, 2017), https://www.justice.gov/opa/pr/ca-inc-pay-45-million-alleged-false-claims-government-wide-information-technology-contract. [24] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Import Merchandising Concepts L.P. and Two Individuals Agree to Pay $275,000 to Settle False Claims Act Liability for Evading Customs Duties (May 1, 2017), https://www.justice.gov/opa/pr/import-merchandising-concepts-lp-and-two-individuals-agree-pay-275000-settle-false-claims-act. [25] See DOJ FY 2017 Recoveries Press Release, supra note 2. [26] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, PHH Agrees to Pay Over $74 Million to Resolve Alleged False Claims Act Liability Arising from Mortgage Lending (Aug. 8, 2017), https://www.justice.gov/opa/pr/phh-agrees-pay-over-74-million-resolve-alleged-false-claims-act-liability-arising-mortgage. [27] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Three Companies and Their Executives Pay $19.5 Million to Resolve False Claims Act Allegations Pertaining to Rehabilitation Therapy and Hospice Services (July 17, 2017), https://www.justice.gov/opa/pr/three-companies-and-their-executives-pay-195-million-resolve-false-claims-act-allegations. [28] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Mylan Agrees to Pay $465 Million to Resolve False Claims Act Liability for Underpaying EpiPen Rebates (Aug. 17, 2017), https://www.justice.gov/opa/pr/mylan-agrees-pay-465-million-resolve-false-claims-act-liability-underpaying-epipen-rebates. [29] See Press Release, U.S. Atty’s Office for the Dist. of Minn., U.S. Dep’t of Justice, United States Recovers More Than $12 Million in False Claims Act Settlements for Alleged Kickback Scheme (Aug. 21, 2017), https://www.justice.gov/usao-mn/pr/united-states-recovers-more-12-million-false-claims-act-settlements-alleged-kickback. [30] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Cal., U.S. Dep’t of Justice, Action for Defrauding a Program for Individuals with Developmental Disabilities Settles for Approximately $2 M (Aug. 28, 2017), https://www.justice.gov/usao-edca/pr/action-defrauding-program-individuals-developmental-disabilities-settles-approximately. [31] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, CHRISTUS St. Vincent Regional Medical Center and CHRISTUS Health to Pay $12.24 Million to Settle Medicaid False Claims Act Allegations (Sept. 1, 2017), https://www.justice.gov/opa/pr/christus-st-vincent-regional-medical-center-and-christus-health-pay-1224-million-settle. [32] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Novo Nordisk Agrees to Pay $58 Million for Failure to Comply with FDA-Mandated Risk Program (Sept. 5, 2017), https://www.justice.gov/opa/pr/novo-nordisk-agrees-pay-58-million-failure-comply-fda-mandated-risk-program. [33] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Galena Biopharma Inc. to Pay More Than $7.55 Million to Resolve Alleged False Claims Related to Opioid Drug (Sept. 8, 2017), https://www.justice.gov/opa/pr/galena-biopharma-inc-pay-more-755-million-resolve-alleged-false-claims-related-opioid-drug. [34] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, South Carolina Family Practice Chain, Its Co-Owner, and Its Laboratory Director Agree to Pay the United States $2 Million to Settle Alleged False Claims Act Violations for Illegal Medicare Referrals and Billing Unnecessary Medical Services (Sept. 11, 2017), https://www.justice.gov/opa/pr/south-carolina-family-practice-chain-its-co-owner-and-its-laboratory-director-agree-pay. [35] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, New York Hospital Operator Agrees to Pay $4 Million to Settle Alleged False Claims Act Violations Arising from Improper Payments to Physicians (Sept. 13, 2017), https://www.justice.gov/opa/pr/new-york-hospital-operator-agrees-pay-4-million-settle-alleged-false-claims-act-violations. [36] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Alaska Department of Health and Social Services to Pay Nearly $2.5 Million to Resolve Alleged False Claims for SNAP Funds (Sept. 18, 2017), https://www.justice.gov/opa/pr/alaska-department-health-and-social-services-pay-nearly-25-million-resolve-alleged-false. [37] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Drug Maker Aegerion Agrees to Plead Guilty; Will Pay More Than $35 Million to Resolve Criminal Charges and Civil False Claims Allegations (Sept. 22, 2017), https://www.justice.gov/opa/pr/drug-maker-aegerion-agrees-plead-guilty-will-pay-more-35-million-resolve-criminal-charges-and. [38] See Press Release, U.S. Atty’s Office for the Dist. of S.C., U.S. Dep’t of Justice, AnMed Health Agrees to Pay $7 Million to Settle False Claims Act Allegations (Sept. 27, 2017), https://www.justice.gov/usao-sc/pr/anmed-health-agrees-pay-7-million-settle-false-claims-act-allegations. [39] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Huntsville Nursing Home Pays the United States and the State of Texas $5 million to Settle Claims Alleging Poor Quality of Care (Oct. 19, 2017), https://www.justice.gov/usao-sdtx/pr/huntsville-nursing-home-pays-united-states-and-state-texas-5-million-settle-claims. [40] See Press Release, U.S. Atty’s Office for the Western Dist. of N.Y., U.S. Dep’t of Justice, Catholic Health to Pay $6,000,000 to Settle False Claims Act Allegations (Oct. 27, 2017), https://www.justice.gov/usao-wdny/pr/catholic-health-pay-6000000-settle-false-claims-act-allegations. [41] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Chemed Corp. and Vitas Hospice Services Agree to Pay $75 Million to Resolve False Claims Act Allegations Relating to Billing for Ineligible Patients and Inflated Levels of Care (Oct. 30, 2017), https://www.justice.gov/opa/pr/chemed-corp-and-vitas-hospice-services-agree-pay-75-million-resolve-false-claims-act. [42] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Dallas-Based Physician-Owned Hospital to Pay $7.5 Million to Settle Allegations of Paying Kickbacks to Physicians in Exchange for Surgical Referrals (Dec. 1, 2017), https://www.justice.gov/opa/pr/dallas-based-physician-owned-hospital-pay-75-million-settle-allegations-paying-kickbacks. [43] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, 21st Century Oncology to Pay $26 Million to Settle False Claims Act Allegations (Dec. 12, 2017), https://www.justice.gov/opa/pr/21st-century-oncology-pay-26-million-settle-false-claims-act-allegations. [45] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Drug Maker United Therapeutics Agrees to Pay $210 Million to Resolve False Claims Act Liability for Paying Kickbacks (Dec. 20, 2017), https://www.justice.gov/opa/pr/drug-maker-united-therapeutics-agrees-pay-210-million-resolve-false-claims-act-liability. [46] See Press Release, U.S. Atty’s Office for the Middle Dist. of Fla., U.S. Dep’t of Justice, United States Settles False Claims Allegations Against Haven Hospice For More Than $5 Million (Dec. 21, 2017), https://www.justice.gov/usao-mdfl/pr/united-states-settles-false-claims-allegations-against-haven-hospice-more-5-million. [47] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Kmart Corporation to Pay U.S. $32.3 Million to Resolve False Claims Act Allegations for Overbilling Federal Health Programs for Generic Prescription Drugs (Dec. 22, 2017), https://www.justice.gov/opa/pr/kmart-corporation-pay-us-323-million-resolve-false-claims-act-allegations-overbilling-federal. [48] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Defense Contractor ADS Inc. Agrees to Pay $16 Million to Settle False Claims Act Allegations (Aug. 10, 2017), https://www.justice.gov/usao-dc/pr/defense-contractor-ads-inc-agrees-pay-16-million-settle-false-claims-act-allegations. [49] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Defense Contractor Agrees to Pay $9.2 Million to Settle False Billing Allegations (Aug. 15, 2017), https://www.justice.gov/opa/pr/defense-contractor-agrees-pay-92-million-settle-false-billing-allegations. [50] See Press Release, U.S. Atty’s Office for the Dist. of Columbia, U.S. Dep’t of Justice, Pacific Architects and Engineers, LLC to Pay $5 Million in False Claims Act Settlement (Sept. 13, 2017), https://www.justice.gov/usao-dc/pr/pacific-architects-and-engineers-llc-pay-5-million-false-claims-act-settlement. [51] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Western New York Contractors and Two Owners to Pay More Than $3 Million to Settle False Claims Act Allegations (Oct. 3, 2017), https://www.justice.gov/opa/pr/western-new-york-contractors-and-two-owners-pay-more-3-million-settle-false-claims-act. [52] See Press Release, U.S. Atty’s Office for the Eastern Dist. of Va., U.S. Dep’t of Justice, Government Contractor Pays $2.6M to Settle False Claims Act Suit (Oct. 16, 2017), https://www.justice.gov/usao-edva/pr/government-contractor-pays-26m-settle-false-claims-act-suit. [53] See Press Release, U.S. Atty’s Office for the Middle Dist. of Ga., U.S. Dep’t of Justice, Mercer Transportation Company Agrees to Pay $4.4 Million to Resolve Alleged Violations of the False Claims Act (Nov. 8, 2017), https://www.justice.gov/usao-mdga/pr/mercer-transportation-company-agrees-pay-44-million-resolve-alleged-violations-false. [54] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, PHH Agrees to Pay Over $74 Million to Resolve Alleged False Claims Act Liability Arising from Mortgage Lending (Aug. 8, 2017), https://www.justice.gov/opa/pr/phh-agrees-pay-over-74-million-resolve-alleged-false-claims-act-liability-arising-mortgage. [55] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, IBERIABANK Agrees to Pay Over $11.6 Million to Resolve Alleged False Claims Act Liability for Submitting False Claims for Loan Guarantees (Dec. 8, 2017), https://www.justice.gov/opa/pr/iberiabank-agrees-pay-over-116-million-resolve-alleged-false-claims-act-liability-submitting. [56] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, SolarCity Agrees to Resolve Alleged False Claims Act Violations Arising From Renewable Energy Grant Claims to Treasury (Sept. 22, 2017), https://www.justice.gov/opa/pr/solarcity-agrees-resolve-alleged-false-claims-act-violations-arising-renewable-energy-grant. [57] See Office of Pub. Affairs, U.S. Dep’t of Justice, Citation Companies Agree to Pay $2.25 Million to Settle Civil False Claims Act Allegations (Dec. 19, 2017), https://www.justice.gov/opa/pr/citation-companies-agree-pay-225-million-settle-civil-false-claims-act-allegations. [58] See Press Release, U.S. Atty’s Office for the Southern Dist. of N.Y., U.S. Dep’t of Justice, Acting Manhattan U.S. Attorney Announces Award of $296 Million Judgment Against Allied Home Mortgage Entities For Civil Mortgage Fraud (Sept. 19, 2017), https://www.justice.gov/usao-sdny/pr/acting-manhattan-us-attorney-announces-award-296-million-judgment-against-allied-home. [59] See Clarification of When Products Made or Derived From Tobacco Are Regulated as Drugs, Devices, or Combination Products; Amendments to Regulations Regarding “Intended Uses,” 82 Fed. Reg. 2193 (Jan. 9, 2017), https://www.gpo.gov/fdsys/pkg/FR-2017-01-09/pdf/2016-31950.pdf. [60] See Petition Interim Response from FDA OP to MIWG (Aug. 1, 2017), available in Docket Nos. FDA-2011-P-0512, FDA-2013-P-1079, FDA-2015-N-2002, and FDA-2016-N-1149 at https://www.regulations.gov [hereinafter FDA Interim Response]. [61] See Petition to Stay and for Reconsideration, Ropes & Gray and Sidley Austin LLP on behalf of the Medical Information Working Group, the Pharmaceutical Research and Manufacturers of America, and the Biotechnology Innovation Organization (Feb. 8, 2017), available in Docket Nos. FDA-2011-P-0512, FDA-2013-P-1079, FDA-2015-N-2002, and FDA-2016-N-1149 at https://www.regulations.gov. [62] See FDA Interim Response, supra note 60. [63] S.B. 387, 2017-2018 Reg. Sess. (Cal. 2017), https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB387. [64] S.B. 1577, 100th Gen. Assembly (Ill. 2017),  http://www.ilga.gov/legislation/billstatus.asp?DocNum=1577&GAID=14&GA=100&DocTypeID=SB&LegID=104225&SessionID=91. [65] S.B. 0669, 2017 Reg. Sess. (Mich. 2017), http://legislature.mi.gov/doc.aspx?2017-SB-0669. [66] A.B. A7989, 2017-2018 Leg. Sess. (N.Y. 2017), https://www.nysenate.gov/legislation/bills/2017/a7989; S.B. 378, 2017-2018 Reg. Sess. (N.C. 2017), https://legiscan.com/NC/bill/S378/2017. [67] S.B. 85, 2017 Reg. Sess. (Ala. 2017), https://legiscan.com/AL/bill/SB85/2017. [68] S.B. 216, 2016 Reg. Sess. (Ala. 2016), https://legiscan.com/AL/bill/SB216/2016. [69] S.P.B. 7006, 2017 Reg. Sess. (Fla. 2017), https://www.flsenate.gov/Session/Bill/2018/7006/ByVersion. [70] S.B. 564, 91st Gen. Assembly (Ark. 2017), https://legiscan.com/AR/bill/SB564/2017. [71] S.B. 0065, 2017 Reg. Sess. (Mich. 2017), http://legislature.mi.gov/doc.aspx?2017-SB-0065. [72] See Mich. Comp. Laws § 400.607 (2009). [73] H.B. 1027, 2017-2018 Reg. Sess. (Penn. 2017), http://www.legis.state.pa.us/cfdocs/billInfo/billInfo.cfm?sYear=2017&sInd=0&body=H&type=B&bn=1027. [74] H.B. 1174, 2017 Leg. Sess. (N.D. 2017), http://www.legis.nd.gov/assembly/65-2017/bill-actions/ba1174.html. The following Gibson Dunn lawyers assisted in preparing this client update: F. Joseph Warin, Stephen Payne, Robert Blume, Timothy Hatch, Alexander Southwell, Charles Stevens, Joseph West, Benjamin Wagner, Stuart Delery, Winston Chan, Andrew Tulumello, Karen Manos, Monica Loseman, Robert Walters, Reed Brodsky, John Partridge, James Zelenay, Jonathan Phillips, Ryan Bergsieker, Jeremy Ochsenbein, Sean Twomey, Reid Rector, Allison Chapin, Justin Epner, Chelsea Ferguson, Ian Sprague, and Harper Gernet-Girard. Gibson Dunn’s lawyers have handled hundreds of FCA investigations and have a long track record of litigation success.  Among other significant victories, Gibson Dunn successfully argued the landmark Allison Engine case in the Supreme Court, a unanimous decision that prompted Congressional action.  See Allison Engine Co. v. United States ex rel. Sanders, 128 S. Ct. 2123 (2008).  Our win rate and immersion in FCA issues gives us the ability to frame strategies to quickly dispose of FCA cases.  The firm has more than 30 attorneys with substantive FCA expertise and more than 30 former Assistant U.S. Attorneys and DOJ attorneys.  For more information, please feel free to contact the Gibson Dunn attorney with whom you work or the following attorneys. Washington, D.C. F. Joseph Warin (+1 202-887-3609, fwarin@gibsondunn.com) Stuart F. Delery (+1 202-887-3650, sdelery@gibsondunn.com) Joseph D. West (+1 202-955-8658, jwest@gibsondunn.com) Andrew S. Tulumello (+1 202-955-8657, atulumello@gibsondunn.com) Karen L. Manos (+1 202-955-8536, kmanos@gibsondunn.com) Stephen C. Payne (+1 202-887-3693, spayne@gibsondunn.com) Jonathan M. Phillips (+1 202-887-3546, jphillips@gibsondunn.com) Caroline Krass (+1 202-887-3784, ckrass@gibsondunn.com) New York Reed Brodsky (+1 212-351-5334, rbrodsky@gibsondunn.com) Alexander H. Southwell (+1 212-351-3981, asouthwell@gibsondunn.com) Denver Robert C. Blume (+1 303-298-5758, rblume@gibsondunn.com) Monica K. Loseman (+1 303-298-5784, mloseman@gibsondunn.com) John D.W. Partridge (+1 303-298-5931, jpartridge@gibsondunn.com) Ryan T. Bergsieker (+1 303-298-5774, rbergsieker@gibsondunn.com) Dallas Robert C. Walters (+1 214-698-3114, rwalters@gibsondunn.com) Los Angeles Timothy J. Hatch (+1 213-229-7368, thatch@gibsondunn.com) James L. Zelenay Jr. (+1 213-229-7449, jzelenay@gibsondunn.com) Palo Alto Benjamin Wagner (+1 650-849-5395, bwagner@gibsondunn.com) San Francisco Charles J. Stevens (+1 415-393-8391, cstevens@gibsondunn.com)Winston Y. Chan (+1 415-393-8362, wchan@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

December 1, 2017 |
Elder Abuse Reporting Under Scrutiny

​San Francisco partner Winston Chan and associate Ian Long are the authors of “Elder Abuse Reporting Under Scrutiny,” [PDF] published in Provider Magazine in December 2017.

November 30, 2017 |
Federal Circuit Update (November 2017)

This November 2017 edition of Gibson Dunn’s Federal Circuit Update discusses the recent Friedman Lecture on Appellate Advocacy by Judge Alan Lourie, the two pending Federal Circuit cases before the Supreme Court that consider issues regarding inter partes review proceedings, and the Federal Circuit’s en banc procedures.  This Update also provides summaries of the two pending en banc cases involving judicial review of timeliness determinations in inter partes review proceedings and attorneys’ fees for litigation involving the PTO.  Also included is a summary of the recent en banc decision regarding motions to amend in inter partes review proceedings and a pair of decisions relating to patent venue and patent eligibility. Federal Circuit News On November 17, 2017, Judge Alan Lourie spoke at the Friedman Memorial Lecture on Excellence in Appellate Advocacy put on by the Federal Circuit Bar Association.  In his remarks, Judge Lourie chiefly addressed the Supreme Court’s recent reversal of a number of Federal Circuit decisions, such as TC Heartland LLC v. Kraft Foods Group Brands LLC.  Judge Lourie stated that the Federal Circuit “should not be affronted” by these reversals, as they have not necessarily occurred because the appellate court was “wrong.”  Instead, these reversals may be attributed to factors such as changes in technology and the Supreme Court’s apparent desire “to limit the continued existence of long-established rules specific to patent law, that set it apart from general law.”  Finally, Judge Lourie stated that he believes the Federal Circuit has been and continues to serve its purpose of providing uniformity in patent law. Supreme Court.  The Supreme Court has heard oral argument on two cases from the Federal Circuit this term: Case Status Issue Oil States Energy Services, LLC v. Greene’s Energy Group, LLC, No. 16-712 Argued on Nov. 27, 2017 Constitutionality of inter partes review under Article III and the Seventh Amendment SAS Institute Inc. v. Matal, No. 16-969 Argued on Nov. 27, 2017 The number of claims that must be addressed by the Patent Trial and Appeal Board in a final written decision during inter partes review Upcoming En Banc Federal Circuit Cases Wi-Fi One, LLC v. Broadcom Corp., No. 15-1944 (Fed. Cir.):  The Federal Circuit’s jurisdiction to review the PTAB’s determination that a petitioner is not time-barred under 35 U.S.C. § 315(b). The PTAB instituted an inter partes review proceeding against Wi-Fi One’s patent.  Wi-Fi One argued that Broadcom was time-barred under 35 U.S.C. § 315(b) from seeking review because Broadcom was in privity with time-barred district court litigants.  The PTAB disagreed, determining that Wi-Fi One did not establish that Broadcom had sufficient control over district court litigation to support a privity finding.  On appeal, the Federal Circuit held that it does not have jurisdiction to review the PTAB’s determination that Broadcom was not time-barred, holding that the Supreme Court’s decision in Cuozzo Speed Technologies, LLC v. Lee, 136 S. Ct. 2131 (2016), did not implicitly overrule prior Federal Circuit precedent on the issue (decision available here).  To date, two amicus briefs have been filed in support of Wi-Fi One (WesternGeco LLC and 3DS Innovations, LLC), eight amicus briefs have been filed in support of neither party (Jeremy Cooper Doerre, New York Intellectual Property Law Association, Federal Circuit Bar Association, Intellectual Property Owners Association, Boston Patent Law Association, Professors of Patent and Administrative Law, American Intellectual Property Law Association, and Biotechnology Innovation Organization), and three amicus briefs have been filed in support of Broadcom (Oracle, Intel, and Apple).  Oral argument was heard on May 4, 2017. Question presented: Should this court overrule Achates Reference Publishing, Inc. v. Apple Inc., 803 F.3d 652 (Fed. Cir. 2015) and hold that judicial review is available for a patent owner to challenge the PTO’s determination that the petitioner satisfied the timeliness requirement of 35 U.S.C. § 315(b) governing the filing of petitions for inter partes review? Nantkwest, Inc. v. Matal, No. 16-1794 (Fed. Cir.):  Whether the PTO can recover attorneys’ fees in litigation under 35 U.S.C. § 145. After the PTAB affirmed the examiner’s rejection of Nantkwest’s patent application, Nantkwest appealed to the United States District Court for the Eastern District of Virginia under 35 U.S.C. § 145.  The PTO prevailed on the merits of the appeal and moved to recover both attorneys’ fees and expert fees.  Section 145 provides that “[a]ll the expenses of the proceedings shall be paid by the applicant.”  Applying this provision, the district court granted the PTO’s request for expert fees, but rejected the PTO’s request for attorneys’ fees.  A panel of the Federal Circuit reversed the district court’s holding as to attorneys’ fees, holding that “[a]ll expenses of the proceedings,” under § 145, authorizes an award of attorneys’ fees.  (Decision available here.)  Following the entry of judgment, however, the Federal Circuit sua sponte ordered that the panel decision be vacated and that the case be reheard en banc.  To date, no amicus briefs have been filed, and oral argument has not yet been scheduled. Question presented: Did the panel in NantKwest, Inc. v. Matal, 860 F.3d 1352 (Fed. Cir. 2017) correctly determine that 35 U.S.C. § 145’s “[a]ll the expenses of the proceedings” provision authorizes an award of the United States Patent and Trademark Office’s attorneys’ fees? Federal Circuit Practice Update The Federal Circuit’s Internal Operating Procedure No. 14 governs which judges may vote on whether to take a case en banc, and which judges may participate in the en banc.  Consistent with 28 U.S.C. § 46(c), the composition of the en banc court generally consists of all active judges who are not recused and not disqualified, as well as any senior judge who participated in the panel decision that is now being reviewed by the en banc court.  IOP #14.7.  The decision of whether to rehear a case en banc is made by the active judges and panel judges.  IOP #14.2.  As such, judges sitting by designation on a panel may vote on whether to take a case en banc, but may not participate in the en banc itself.  Decisions for hearings en banc are only made by active judges.  IOP #14.1.  Therefore, it is possible that a highly contentious issue in an en banc case might turn on the composition of the original panel. By way of illustration, the en banc court issued its decision in Aqua Products, Inc. v. Matal (PTO), 2015-1177, on October 4, 2017 (summary of the decisions below).  The decision consisted of five written opinions (Judge Stoll did not participate): An opinion by Judge O’Malley, in which Judges Newman, Lourie, Moore, and Wallach joined, and Judges Dyk and Reyna concurred in the result; An opinion by Judge Moore, in which Judges Newman and O’Malley joined; An opinion by Judge Reyna, in which Judge Dyk joined, and Chief Judge Prost and Judges Taranto, Chen, and Hughes joined in part; An opinion by Judge Taranto, in which Chief Judge Prost and Judges Chen and Hughes joined, and Judges Dyk and Reyna joined in certain respects; and An opinion by Judge Hughes, in which Judge Chen joined. The original panel consisted of Chief Judge Prost, Judge Reyna, and Chief District Judge Stark, sitting by designation.  Judge Stark did not participate in the en banc proceedings because he was sitting by designation.  But if a senior judge had been on the panel instead of Judge Stark, he or she would have been permitted to participate in the en banc proceedings.  And if that judge had joined only Judge O’Malley’s opinion, then no part of Judge Reyna’s opinion or Judge Taranto’s opinion would have commanded a majority of the court’s vote. Key Case Summaries (October – November 2017) In re Aqua Prods., Inc., No. 15-1177 (Fed. Cir. Oct. 4, 2017) (en banc):  Allocation of the burdens of persuasion and production when a patent owner moves to amend in an inter partes review proceeding.  The PTAB instituted an inter partes review proceeding against Aqua’s patent, which relates to automated swimming pool cleaners.  Aqua moved to amend the challenged claims to distinguish the cited prior art.  The PTAB, however, denied Aqua’s motion, determining that Aqua failed to carry its burden of showing patentability of the proposed substitute claims over the prior art of record.  On appeal, the PTO intervened to defend the PTAB’s decision.  A panel of the Federal Circuit affirmed, but the court subsequently granted Aqua’s petition for rehearing en banc. Sitting en banc, the Federal Circuit issued five separate opinions: a lead opinion written by Judge O’Malley, concurring opinions by Judges Moore and Reyna, and dissenting opinions by Judges Taranto and Hughes.  A majority of the Federal Circuit held that the PTO has not set forth an interpretation of 35 U.S.C. § 316(e)—titled “Evidentiary Standards”—that is entitled to deference under Chevron.  The court further held that § 316(e) is ambiguous as to the allocation of the burden of persuasion of establishing the unpatentability of substitute claims, but that the most reasonable interpretation is that the petitioner bears the burden of persuasion.  A majority also held that 35 U.S.C. § 316(d) and 37 C.F.R. § 42.121 place a default burden of production on the patentee.  As to whether the PTAB can sua sponte raise patentability challenges to a substitute claim, a majority concluded that the record before the court did not present the “precise question,” and thus opted not to answer it.  The Federal Circuit thus vacated the PTAB’s denial of Aqua’s motion to amend and remanded for the PTAB to reconsider the motion without placing the burden of persuasion on the patent owner. Two-Way Media Ltd. v. Comcast Cable Commc’ns, LLC, Nos. 16-2531, 16-2532 (Fed. Cir. Nov. 1, 2017): Importance of claim scope in 101 eligibility determinations. Two-Way Media sued Comcast alleging infringement of four patents.  The patents all involved IP multicasting, which provided a way to transmit a packet of information to multiple recipients.  Comcast moved for judgment on the pleadings, arguing that the claims were ineligible under 35 U.S.C. § 101.  Two-Way Media argued that the motion was premature because claim construction was necessary to evaluate the claims, but Two-Way Media also provided proposed claim constructions for certain terms.  Two-Way Media also asked the district court to take judicial notice of expert reports and testimony from other cases addressing the novelty and nonobviousness of the claimed inventions.  The district court adopted Two-Way Media’s proposed claim constructions for its analysis of the motion but denied Two-Way Media’s request to take judicial notice of the expert materials because the evidence was irrelevant to an eligibility analysis under § 101.  The district court then found the claims patent ineligible under § 101, and Two-Way Media appealed. The Federal Circuit (Reyna, J.) affirmed.  The court separated its analysis of the four patents into two groups.  In analyzing step 1 for the first set, the court explained that the representative claim required the functional results of converting, routing, controlling, monitoring, and accumulating records, but the claim did not describe how to achieve those results “in a non-abstract way.”  The court concluded that the claim constructions proposed by Two-Way Media did not change the analysis because the constructions “recite only conventional components” and were not directed to a scalable network architecture—as argued by Two-Way Media—that improved the functioning of the system. Turning to step two, the court held that the claimed elements did not provide an inventive concept to render the claims patent eligible.  The court concluded that, although the specification described the system architecture as a technological innovation, the representative claim failed to recite the purportedly innovative system architecture.  The court explained: “[t]he main problem that Two-Way Media cannot overcome is that the claim—as opposed to something purportedly described in the specification—is missing an inventive concept.”  The court therefore found the representative claim ineligible, even though the specification purportedly described an innovative system architecture, because the claim did not cover the same scope as described in the specification.  The court also rejected Two-Way Media’s argument regarding its evidence of novelty and nonobviousness because such evidence was not material to the eligibility analysis. The court similarly found the second set of patents ineligible under § 101.  According to the court, the district court did not err in citing to the preamble of the patents to determine the “focus” of the claims.  The court noted that the claims were broader than the claims in the first set of patents and were similarly directed to abstract ideas.  The claims also suffered from the same problem as the representative claim of the first set of patents: the claims did not cover an inventive concept, such as the purportedly innovative system architecture, despite the specification’s discussion of that architecture. In re Micron Techs., Inc., No. 2017-138 (Fed. Cir. Nov 15, 2017): The venue defense in TC Heartland was not previously “available” to defendants and thus not waived under Rule 12. In 2016, the President and Fellows of Harvard College filed a patent infringement case in the District of Massachusetts against Micron Technologies, which is incorporated in Delaware.  Under the then-prevailing view of venue articulated in V.E. Holding Corp. v. Johnson Gas Appliance Co., 917 F.2d 1574, 1575 (Fed. Cir. 1990), venue would have been proper.  As such, Micron, like many defendants, did not object to venue with a motion under Rule 12(b)(3). After the Supreme Court’s TC Heartland decision earlier this year, venue under 28 U.S.C. § 1400(b) on the basis of where Micron resides became improper, as the Court determined that “a domestic corporation ‘resides’ only in its State of incorporation for purposes of the patent venue statue” (here, Delaware, not Massachusetts).  The Supreme Court, however, stated that this determination was not a “change” of law, but rather an articulation of what the law always had been (notwithstanding the Federal Circuit’s view in V.E. Holding). Accordingly, when Micron brought a post-TC Heartland motion objecting to venue, the district court held that Micron had waived its venue objection by not raising it in its initial Rule 12 motion, there being no change of law to make waiver inapplicable.  See Rule 12(g)(2), (h)(1)(A).  Other district courts, however, have reached different conclusions, holding that the venue defense stated in TC Heartland was not previously available, and thus waiver does not apply. In Micron, the Federal Circuit resolved the split, holding that, as a matter of “common sense” the venue objection was not “available” until after TC Heartland.  Writing for the panel, Judge Taranto explained:  “[B]efore then, it would have been improper, given controlling precedent, for the district court to dismiss or to transfer for lack of venue.”  Given that the Federal Circuit’s controlling V.E Holding decision precluded district courts from adopting a venue defense or objection of this type, “the defense or objection was not ‘available’ to the movant.” Nevertheless, the panel held that waiver by operation of Rule 12 “is not the sole basis” on which a district court might rule that a defendant had forfeited an otherwise valid venue defense.  Citing a district court’s inherent authority, the panel noted that a court could find forfeiture of a venue objection if not timely raised, barring defendants from taking a “tactical wait-and-see” approach and foregoing earlier opportunities to raise the defense. Upcoming Oral Argument Calendar For a list of upcoming arguments at the Federal Circuit, please click here. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Federal Circuit.  Please contact the Gibson Dunn lawyer with whom you usually work or the authors of this alert: Blaine H. Evanson – Los Angeles (213-229-7228, bevanson@gibsondunn.com) Blair A. Silver – Washington, D.C. (202-955-8690, bsilver@gibsondunn.com) Please also feel free to contact any of the following practice group co-chairs or any member of the firm’s Appellate and Constitutional Law or Intellectual Property practice groups: Appellate and Constitutional Law Group: Mark A. Perry – Washington, D.C. (202-887-3667, mperry@gibsondunn.com) James C. Ho – Dallas (214-698-3264, jho@gibsondunn.com) Caitlin J. Halligan – New York (212-351-4000, challigan@gibsondunn.com) Nicole A. Saharsky – Washington, D.C. (202-887-3669, nsaharsky@gibsondunn.com) Intellectual Property Group: Josh Krevitt – New York (212-351-4000, jkrevitt@gibsondunn.com) Wayne Barsky – Los Angeles (310-552-8500, wbarsky@gibsondunn.com)Mark Reiter – Dallas (214-698-3100, mreiter@gibsondunn.com) © 2017 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

September 26, 2017 |
Federal Circuit Update (September 2017)

This September 2017 edition of Gibson Dunn’s Federal Circuit Update discusses the court’s upcoming sitting in New York, the two pending Federal Circuit cases before the Supreme Court that consider issues regarding inter partes review proceedings, and the Federal Circuit’s changes to two local rules involving certificates of interest and statements of related cases.  This update also provides summaries of the three pending en banc cases involving motions to amend claims during inter partes review proceedings, judicial review of timeliness determinations in inter partes review proceedings, and attorneys’ fees for litigation involving the PTO.  Also included are summaries of three recent decisions relating to the applicability of the Seventh Amendment to requests for attorneys’ fees, patent eligibility, and evidentiary issues in inter partes review proceedings. Federal Circuit News Federal Circuit Sitting in New York.  In October, the Federal Circuit will hold oral arguments in New York, NY, at the U.S. Court of International Trade.  Below is a brief description of some interesting cases on the schedule: October 3: Janssen Biotech, Inc. v. Celltrion Healthcare Co., Ltd. (17-1120) and In re Janssen Biotech, Inc. (17-1257) – These appeals involve the application of 35 U.S.C. § 121, which provides safe harbor protection against obviousness-type double patenting rejections for divisional applications filed as the result of a restriction requirement in another application.  The parties dispute whether the application at issue is entitled to safe harbor because it was not formally designated a "divisional application" at filing, but was prosecuted as a divisional and later formally amended to be a divisional during reexamination.  The district court in Janssen v. Celltrion and the PTAB in In re Janssen held that Section 121 did not apply.  Bill Rooklidge, a partner in Gibson Dunn’s Orange County office, will argue on behalf of Janssen in the PTAB appeal. October 4:  Classen Immunotherapies, Inc. v. Elan Pharmaceuticals, Inc. (17-1033) – This appeal presents the question whether, after submitting clinical data to the Food and Drug Administration, a company’s alleged analysis, disclosure, and use of that data for potential patenting and labeling activities are protected by the safe harbor provision of 35 U.S.C. § 271(e)(1).  The appellant, Classen, argues that such activities are commercial and therefore fall outside the Section 271(e)(1) safe harbor. October 5: Travel Sentry, Inc. v. Tropp (16-2386) – This appeal involves the issue of divided infringement and application of the "condition and manner" test of attribution established in Akamai Technologies, Inc. v. Limelight Networks, Inc., 797 F.3d 1020 (Fed. Cir. 2015).  The patents-in-suit cover a luggage screening method, and the question on appeal is whether sufficient direction and control is exercised over the Travel and Security Administration in carrying out the method to fall within the realm of attribution. Supreme Court.  The Supreme Court has granted certiorari on two cases from the Federal Circuit for the upcoming October Term 2017: Case Status Issue Oil States Energy Services, LLC v. Greene’s Energy Group, LLC, No. 16-712 Cert. granted, Resp. Br. due Oct. 23, 2017 Constitutionality of inter partes review under Article III and the Seventh Amendment SAS Institute Inc. v. Matal, No. 16-969 Cert. granted, Pet’r Reply Br. due Oct. 5, 2017 The number of claims that must be addressed by the Patent Trial and Appeal Board in a final written decision during inter partes review Upcoming En Banc Federal Circuit Cases In re Aqua Prods., Inc., No. 15-1177 (Fed. Cir.):  Allocations of the burdens of persuasion and production when a patent owner moves to amend in an inter partes review proceeding. The PTAB instituted an inter partes review proceeding against Aqua’s patent, which relates to automated swimming pool cleaners.  Aqua moved to amend the challenged claims to distinguish the cited prior art.  The PTAB, however, denied Aqua’s motion, determining that Aqua failed to carry its burden of showing patentability of the proposed substitute claims over the prior art of record.  On appeal, the PTO intervened to defend the PTAB’s decision.  The Federal Circuit affirmed (decision available here).  Eight amicus briefs have been filed: three in favor of neither party (American Intellectual Property Law Association, Intellectual Property Owners Association, and Houston Intellectual Property Law Association), three in favor of Aqua Products (Case Western Reserve University School of Law Intellectual Property Venture Clinic and Ohio Venture Association, Pharmaceutical Research and Manufacturers of America, and Biotechnology Innovation Organization), and two in favor of the PTO (Askeladden, L.L.C. and Internet Association et al.).  Oral argument was heard on December 9, 2016. Questions Presented: (a)  When the patent owner moves to amend its claims under 35 U.S.C. § 316(d), may the PTO require the patent owner to bear the burden of persuasion, or a burden of production, regarding patentability of the amended claims as a condition of allowing them?  Which burdens are permitted under 35 U.S.C. § 316(e)? (b)  When the petitioner does not challenge the patentability of a proposed amended claim, or the PTAB thinks the challenge is inadequate, may the PTAB sua sponte raise patentability challenges to such a claim?  If so, where would the burden of persuasion, or a burden of production, lie? Wi-Fi One, LLC v. Broadcom Corp., No. 15-1944 (Fed. Cir.):  The Federal Circuit’s jurisdiction to review the PTAB’s determination that a petitioner is not time-barred under 35 U.S.C. § 315(b).  The PTAB instituted an inter partes review proceeding against Wi-Fi One’s patent.  Wi-Fi One argued that Broadcom was time-barred under 35 U.S.C. § 315(b) from seeking review because Broadcom was in privity with time-barred district court litigants.  The PTAB disagreed, determining that Wi-Fi One did not establish that Broadcom had sufficient control over district court litigation to support a privity finding.  On appeal, the Federal Circuit held that it does not have jurisdiction to review the PTAB’s determination that Broadcom was not time-barred, holding that the Supreme Court’s decision in Cuozzo Speed Technologies, LLC v. Lee, 136 S. Ct. 2131 (2016), did not implicitly overrule prior Federal Circuit precedent on the issue (decision available here).  To date, two amicus briefs have been filed in support of Wi-Fi One (WesternGeco LLC and 3DS Innovations, LLC), eight amicus briefs have been filed in support of neither party (Jeremy Cooper Doerre, New York Intellectual Property Law Association, Federal Circuit Bar Association, Intellectual Property Owners Association, Boston Patent Law Association, Professors of Patent and Administrative Law, American Intellectual Property Law Association, and Biotechnology Innovation Organization), and three amicus briefs have been filed in support of Broadcom (Oracle, Intel, and Apple).  Oral argument was heard on May 4, 2017.  Question presented: Should this court overrule Achates Reference Publishing, Inc. v. Apple Inc., 803 F.3d 652 (Fed. Cir. 2015) and hold that judicial review is available for a patent owner to challenge the PTO’s determination that the petitioner satisfied the timeliness requirement of 35 U.S.C. § 315(b) governing the filing of petitions for inter partes review? Nantkwest, Inc. v. Matal, No. 16-1794 (Fed. Cir.):  Whether the PTO can recover attorneys’ fees in litigation under 35 U.S.C. § 145. After the PTAB affirmed the examiner’s rejection of Nantkwest’s patent application, Nantkwest appealed to the United States District Court for the Eastern District of Virginia under 35 U.S.C. § 145.  The PTO prevailed on the merits of the appeal and moved to recover both attorneys’ fees and expert fees.  Section 145 provides that "[a]ll the expenses of the proceedings shall be paid by the applicant."  Applying this provision, the district court granted the PTO’s request for expert fees, but rejected the PTO’s request for attorneys’ fees.  A panel of the Federal Circuit reversed the district court’s holding as to attorneys’ fees, holding that "[a]ll expenses of the proceedings," under § 145, authorizes an award of attorneys’ fees.  (Decision available here.)  Following the entry of judgment, however, the Federal Circuit sua sponte ordered the panel decision be vacated and that the case be reheard en banc.  To date, no amicus briefs have been filed.  Amicus briefs in support of the PTO or in support of neither party must be filed by November 22, 2017; amicus briefs in support of Nantkwest must be filed by December 22, 2017.  Oral argument has not yet been scheduled. Question presented: Did the panel in NantKwest, Inc. v. Matal, 860 F.3d 1352 (Fed. Cir. 2017) correctly determine that 35 U.S.C. § 145’s "[a]ll the expenses of the proceedings" provision authorizes an award of the United States Patent and Trademark Office’s attorneys’ fees? Federal Circuit Practice Update On September 18, 2017, the Federal Circuit posted a notice of final amendments to two local rules, Fed. Cir. L.R. 47.4 and 47.5, which relate to certificates of interest and statements of related cases.  The rules are scheduled to take effect on October 2, 2017.  This followed a formal notice and comment period pursuant to 28 U.S.C. § 2071(b).  The Federal Circuit also posted a revised Form 9, the Certificate of Interest form, which also will become effective on October 2, 2017. Rule 47.4 sets forth the requirements for the certificate of interest.  The October 2 revision adds a requirement that the party set forth the following information, in addition to the information previously required: "The title and number of any case known to counsel to be pending in this or any other court or agency that will directly affect or be directly affected by this court’s decision in the pending appeal." Rule 47.5 sets forth the requirements for the statement of related cases.  The October 2 revision makes four changes: It adds the requirement that certificates of interest include a statement of related cases (previously, only principal briefs required a statement of related cases). It clarifies that the certificate of interest must include cases pending before agencies, not just cases pending before courts. It eliminates the exception which had allowed parties to describe numerous related cases in a general fashion, rather than specifically listing each related case. It clarifies that cases merely involving the "same general legal issue," such as the correct construction of a statue, are not "related" within the meaning of the rule. The new Form 9 is updated to reflect these changes. Key Case Summaries (August – September 2017) AIA Am., Inc. v. Avid Radiopharms., No. 16-2647 (Fed. Cir. Aug. 10, 2017):  Seventh Amendment right to a jury trial does not apply to requests for attorneys’ fees under § 285. AIA sued Avid for infringement of two patents.  Avid argued that AIA lacked standing because AIA’s founder and the alleged sole inventor of the patents conspired to cut out the university where the research was performed.  The district court ordered targeted discovery and held a jury trial on AIA’s standing.  Based on the jury’s verdict, the district court found that AIA lacked standing and entered judgment in favor of Avid.  The Federal Circuit summarily affirmed.  Avid subsequently moved for attorneys’ fees in the district court.  The court allowed the parties to submit extensive briefing, evidence, and declarations on the issue of fees and eventually awarded nearly $4 million in fees to Avid.  AIA appealed the award of fees, but not the amount. The Federal Circuit (Hughes, J.) affirmed.  On appeal, AIA argued that the district court’s award of attorneys’ fees was improper because, when an award of attorneys’ fees is based in part or in whole on a party’s state of mind, intent, or culpability, and only a jury may decide those issues.  The court rejected AIA’s argument, explaining that attorneys’ fees were traditionally decided in courts of both law and equity.  Because this was an award of fees pursuant to a statutory provision, as opposed to a contractual indemnification provision, the attorneys’ fees are properly characterized as an equitable remedy.  The Federal Circuit also held that the district court was not foreclosed from making additional factual findings about AIA’s state of mind, intent, and culpability in deciding the fees motion. Visual Memory LLC v. NVIDIA Corp., No. 2016-2254 (Fed. Cir. Aug. 15, 2017):  Improvement to computer memory systems is not abstract under Alice. Visual Memory accused NVIDIA of infringing a patent related to a programmable memory system.  Believing that the claims were directed to patent-ineligible subject matter, NVIDIA filed a motion to dismiss for failure to state a claim under Fed. R. Civ. P. 12(b)(6).  The district court granted the motion, finding that the claims were directed to the abstract idea of "categorical data storage," which humans have practiced for many years, and that the claims did not contain an inventive concept because they recited components—main memory, cache, bus, and processor—that were generic and conventional. The Federal Circuit (Stoll, J.) reversed the district court decision.  The majority determined that the claims were patent-eligible because they were directed to an improved computer memory system, not just the abstract idea of categorical data storage.  The majority focused on the alleged improvements provided by the claimed memory system as explained in the specification.  The specification explained that prior art memory systems had to be designed specifically for different types of processors, which was costly, inefficient, and caused performance issued.  In the improved memory system, by contrast, the memory could be easily programmed to be used with any type of processor, thus avoiding the drawbacks of the prior art.  Because the claims were directed to an improvement in computer functionality, the majority found the claims were not abstract under Alice. Judge Hughes dissented, arguing that the claims did not provide any specificity on how to program memory to interoperate with different processors, and thus were not directed to a specific improvement in computer functionality. Ultratec, Inc. v. CaptionCall, LLC, Nos. 2016-1706, -1707, -1708, -1709, -1710, -1712, -1713, -1715, -2366 (Fed. Cir. Aug. 28, 2017):  The PTAB must sufficiently explain its reasons for decisions on evidentiary issues to allow meaningful appellate review. Ultratec sued CaptionCall for infringement of several patents and CaptionCall initiated inter partes review ("IPR") proceedings on all of the asserted patents.  CaptionCall retained the same invalidity expert in both the district court litigation and the IPRs, and the expert testified about the same issues in both proceedings.  Within a week of the expert’s trial testimony before the district court, Ultratec requested permission to supplement the IPR record with what it believed to be testimony inconsistent with the expert’s IPR declarations.  The PTAB held a conference call to discuss Ultratec’s request and denied the request during the call without ever reviewing the testimony.  The PTAB never issued a written order.  The PTAB subsequently issued final written decisions finding all challenged claims invalid.  The PTAB’s decisions relied heavily on the credibility of the expert whose alleged inconsistent testimony was not allowed.  Ultratec appealed the final written decisions, challenging the PTAB’s decision not to supplement the evidentiary record with the allegedly inconsistent testimony. The Federal Circuit (Moore, J.) vacated and remanded the PTAB’s decisions because the PTAB abused its discretion in refusing to admit and consider the expert’s trial testimony and did not explain its decision to do so.  Under PTAB rules, a request to submit new evidence must show (1) why the information reasonably could not have been obtained earlier, and (2) that consideration of the information would be in the interests of justice.  The Federal Circuit found that Ultratec’s request satisfied both prongs.  Ultratec submitted its request within a week of the trial, and thus could not have proffered the testimony sooner.  The PTAB offered no reasons why it would not be in the interests of justice to consider allegedly inconsistent testimony from the district court litigation on the identical issues it was considering.  According to the Federal Circuit, "[a] reasonable adjudicator would have wanted to review this evidence." The Federal Circuit also criticized the PTAB’s procedures impedeing meaningful appellate review. The PTAB required Ultratec to file a request to supplement the record that "must not include a discussion of the contents or types of the particular documents to be entered."  Having never reviewed the testimony at issue, the PTAB lacked the information necessary to make a reasoned decision on the admissibility of the evidence.  The Federal Circuit also criticized the fact that the PTAB made a significant evidentiary decision without providing a written explanation or a record of the conference call where the PTAB denied Ultratec’s request. Upcoming Oral Argument Calendar For a list of upcoming arguments at the Federal Circuit, please click here. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Federal Circuit.  Please contact the Gibson Dunn lawyer with whom you usually work or the authors of this alert: Blaine H. Evanson – Los Angeles (213-229-7228, bevanson@gibsondunn.com)Blair A. Silver – Washington, D.C. (202-955-8690, bsilver@gibsondunn.com) Please also feel free to contact any of the following practice group co-chairs or any member of the firm’s Appellate and Constitutional Law or Intellectual Property practice groups:  Appellate and Constitutional Law Group:Mark A. Perry – Washington, D.C. (202-887-3667, mperry@gibsondunn.com)James C. Ho – Dallas (214-698-3264, jho@gibsondunn.com) Caitlin J. Halligan – New York (212-351-4000, challigan@gibsondunn.com) Intellectual Property Group:Josh Krevitt – New York (212-351-4000, jkrevitt@gibsondunn.com)Wayne Barsky - Los Angeles (310-552-8500, wbarsky@gibsondunn.com)Mark Reiter – Dallas (214-698-3100, mreiter@gibsondunn.com) © 2017 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

September 4, 2017 |
2017 Mid-Year FDA and Health Care Compliance and Enforcement Update – Providers

There is no doubt that with the new year in 2017 came a great deal of uncertainty for health care providers.  But even with the change in administration, new leadership in the key health care oversight positions at the Department of Health and Human Services (HHS), Centers for Medicare & Medicaid Services (CMS), and U.S. Department of Justice (DOJ), and the whirlwind of failed (for now) efforts to repeal and replace the Affordable Care Act, the first half of the year has seen some familiar government activity on the enforcement and compliance fronts.  DOJ and the HHS Office of Inspector General (HHS OIG) continue to be extremely active pursuing, and courts continue to mold the contours of, enforcement actions against health care providers of all types under the False Claims (FCA), the Anti-Kickback Statute (AKS), and a variety of other theories based on the health care laws. As we have done in our previous semiannual updates, below we discuss enforcement and compliance efforts of particular note for health care providers in the following areas:  DOJ enforcement, including FCA enforcement and notable criminal prosecutions; HHS enforcement of various administrative sanctions, including HHS OIG actions and HIPAA enforcement; and case law developments and regulatory guidance on the AKS and Stark Law.  In addition to this Update, a collection of Gibson Dunn’s recent publications on health care issues impacting providers may be found on our website. I.     DOJ Enforcement Activity A.     False Claims Act Enforcement Activity Between January 1 and June 30, 2017, the DOJ announced $817 million in FCA recoveries from health care providers, putting it on pace to exceed the approximately $1.1 billion recovered from FCA settlements with providers in all of 2016.  The total of 54 health care provider settlements announced during that time is comparable to the 49 settlements announced in the first half of 2016, and the 57 settlements announced in the first half of 2015, showing early signs that the DOJ is not slowing down with the change in administration. As usual, the FCA settlements announced so far this year have been predicated on a variety of legal theories and have involved a wide variety of different types of providers, including home health providers, pharmacies, physicians, hospitals, billing services, and skilled nursing providers.  Number of FCA Settlements with Providers, by Provider Type   In terms of the number of settlements so far in 2017, clinics and single-providers cases have easily led the pack, with the majority of these cases resting, in primary part, on allegations of upcoding, lack of medical necessity, and unqualified personnel providing care.  Hospital settlements made up the second-largest group, but featured more cases based on alleged violations of the AKS and Stark Law.  Number of FCA Settlements with Providers, by Allegation Type   Overall, medical necessity was by far the most prevalent legal theory among the provider settlements, consistent with prior years, while AKS allegations and claims that services were not provided were also particularly prevalent in the first half of 2017.  One of the largest FCA recoveries in 2017 came from a settlement with electronic health records (EHR) software vendor eClinicalWorks (ECW), which agreed in May to pay $155 million to resolve allegations that ECW misrepresented its software’s capabilities in the process of obtaining certification that would make the company eligible for incentive payments under the government’s Electronic Health Records Incentive Program.[1]  Notably, the DOJ announced that under the terms of the settlement agreement, the company’s three founders agreed to be jointly and severally liable for the full amount of the payment by ECW, and three other individuals—a software developer and two project managers—were required separately to pay a total of $80,000.  Additionally, as part of the settlement, ECW entered into a five-year Corporate Integrity Agreement that, in addition to other requirements, calls for the retention of an Independent Software Quality Oversight Organization.  ECW’s settlement may have been the first in a wave of enforcement efforts involving EHR incentive payments.  In June, HHS OIG issued a report finding that CMS overpaid $729 million under the incentive payments program to providers that did not comply with program requirements between May 2011 and June 2014.[2]  Soon thereafter, HHS OIG announced that it would review hospitals’ incentive payments between 2011 and 2016 "to identify potential overpayments that the hospitals would have received as a result of [incentive payment calculation] inaccuracies."[3]  In light of the ECW settlement and recent attention to the issue in Congress,[4] it is likely that we have not seen the last of DOJ and HHS OIG enforcement actions, under the FCA and otherwise, involving this program.  One of the most significant FCA developments this year is not reflected in the summary data above:  a jury verdict of $347 million in a declined case, pursued by the relator to trial, against skilled nursing facility operator Consulate Health Care in the Middle District of Florida.[5]  In United States ex rel. Ruckh v. CMC II LLC et al., the relator, a former nurse at two of the defendant’s facilities, alleged the defendant artificially increased the amount of care patients required, resulting in inflated Resource Utilization Group reimbursements from the Medicare program in violation of the FCA.  The jury found the claims affected by that alleged conduct resulted in more than $115 million in single damages, which are subject to mandatory trebling under the statute, along with per-claim civil penalties.  Post-trial motions practice is ongoing, but if the verdict stands, it will be the second trial verdict exceeding $300 million obtained by a relator in a declined case in the past two years—a stark reminder of the massive potential sanctions under the FCA for cases litigated all the way to trial. In notable contrast, one of the largest skilled nursing facility operators in the country, Genesis Healthcare Inc., opted this year to settle a similar set of FCA claims and avoid litigating to trial.  In June, Genesis paid $53.6 million to resolve the DOJ’s investigation and six qui tam lawsuits involving allegations that the company and its subsidiaries and predecessors submitted false claims for medically unnecessary hospice services, medically unnecessary therapy services, and care that was materially substandard.[6]  Though the Genesis settlement amount was based upon the company’s ability to pay, the juxtaposition of that amount against the Ruckh verdict is a reminder of the heavy potential sanctions under the FCA for cases litigated all the way to trial. B.     FCA-Related Case Law Developments 1.     Developments in the Implied False Certification Theory Since Escobar It has now been a year since the Supreme Court recognized and defined, in Universal Health Services Inc. v. United States ex rel. Escobar, the so-called "implied certification theory" as a basis for FCA liability.  Specifically, in Escobar, the Supreme Court held that there could be FCA liability under the implied certification theory of liability "at least where two conditions are satisfied:  first, the claim does not merely request payment, but also makes specific representations about the goods or services provided; and second, the defendant’s failure to disclose noncompliance with material statutory, regulatory, or contractual requirements makes those representations misleading half-truths."[7]  This theory of liability is of particular importance to health care providers, who, like the provider in Escobar, could be subject to liability for a potentially wide variety of regulatory violations if those violations make something about the providers’ reimbursement claims into misleading "half-truths."  In the first half of 2017, more and more courts grappled with how to analyze implied certification claims under the guidance of Escobar.  We briefly summarize some of the most notable examples of that case law below. For additional discussion of these and other recent FCA developments, please refer to our 2017 False Claims Act Mid-Year Update. In particular, courts are continuing to answer, directly or indirectly, a potentially key question left open by Escobar—must FCA plaintiffs show a "specific representation" on a defendant’s claim for payment to ground implied certification liability.  Or, in other words, must both of Escobar‘s "two conditions" be satisfied?  Circuit courts have seemingly come to different conclusions in the first half of 2017.  For example, in United States ex rel. Badr v. Triple Canopy, Inc.,[8] the Fourth Circuit found that the relator’s claims—that the defendant’s guards billed to the government did not meet marksmanship requirements—were viable under an implied certification theory even though the defendant’s claims contained no "specific representation" about marksmanship qualifications.  The Ninth Circuit, however, seemed to take a different view in two cases in which it analyzed implied certification claims under the assumption that both of Escobar‘s "two conditions" are required—United States ex rel. Kelly v. Serco, Inc.[9] and United States ex rel. Campie v. Gilead Sciences, Inc.[10]  Even in those cases, though, the court did not appear to take a particularly rigorous view of how to prove an actionable "specific representation"—in Campie, for instance, the Ninth Circuit stated that the brand name of the defendant’s drug could itself be a "representation" of the fact that the drug had received FDA approval.[11] On Escobar‘s second "condition" for implied certification liability, a number of courts in the first half of 2017 analyzed how certain alleged noncompliance with legal rules might (or might not) be material to the government’s payment decision.  Perhaps most notably for health care providers, a rapidly growing number of courts have taken the view, suggested in Escobar, that an alleged regulatory violation is not material to government payment if the government knows of the violation and continues to pay the defendant’s claims anyway.  In fact, several courts in 2017 have gone so far as to suggest that the government’s decision not to intervene in the qui tam that originated the FCA claims itself can be proof of the immateriality of the defendant’s conduct.[12]  These cases could prove to be an important firewall for providers, given the extensive federal and state government survey apparatus that frequently results in findings of regulatory noncompliance where the consequence is that the providers must undertake corrective actions, not repay claims for reimbursement. 2.     Notable Development on FCA Scienter In May 2017, the Eleventh Circuit issued an opinion regarding the application of the FCA scienter element in a case in which a defendant relied upon a reasonable interpretation of an ambiguous regulation.[13]  In United States ex rel. Phalp v. Lincare Holdings Inc., the relators alleged that defendants, suppliers of oxygen and respiratory therapy services, submitted claims without authorization from the relevant Medicare beneficiaries and after making unsolicited telemarketing calls to Medicare beneficiaries, thereby allegedly violating Medicare regulations and the FCA.  The district court determined that the relators failed to provide evidence that false claims were submitted "knowingly," stating that "a defendant’s reasonable interpretation of any ambiguity inherent in the regulations belies the scienter necessary to establish a claim of fraud under the FCA."  The Eleventh Circuit upheld the lower court’s ruling, but with a tweak to the district court’s analysis, noting that FCA scienter can exist even if a provider’s interpretation of a vague regulation was reasonable.  The court explained that it wanted to preclude allowing FCA defendants to escape liability by adopting a "reasonable interpretation" of a regulation that they did not hold at the time the claims were submitted.  The decision could have a particular impact on health care provider defendants in FCA cases, which frequently see theories based on alleged violations of vague or broadly defined reimbursement requirements that leave a great deal of discretion to the treating clinician. 3.     Update on Fourth Circuit Opinion in Michaels In our 2016 Year-End Providers Update, we noted that the Fourth Circuit, in United States ex rel. Michaels v. Agape Senior Community, Inc.,[14] would have an opportunity to hear argument on a crucial issue for health care providers in FCA cases:  whether statistical sampling can be used to prove FCA liability, particularly for cases in which the theory of liability is predicated on a claim-specific review of only a sample of the claims submitted.  However, the Michaels court declined to reach this issue.  The court unanimously decided that it had erred in granting interlocutory review of the issue, since the statistical sampling question was not a purely legal one.  Accordingly, the district court decision denying relators the use of statistical sampling stands for the time being.  The Fourth Circuit did decide, however, that the DOJ may veto a settlement in an FCA case it has not actually joined and that such a veto is not subject to review.  The court found that the language of the FCA imposed no limitation on the government in that regard.  C.     Criminal Enforcement Actions On July 13, 2017, the DOJ announced the largest-ever health care fraud enforcement action in its history.  The DOJ brought charges against 412 individuals—including many physicians and pharmacists—who were allegedly responsible for $1.3 billion in health care fraud losses by Medicaid, Medicare, and TRICARE.[15]  The action was coordinated by the Criminal Division’s Health Care Fraud Unit and its partners in the Medicare Fraud Strike Force, and involved the Drug Enforcement Administration, Defense Criminal Investigative Service, and State Medicaid Fraud Control Units.  The enforcement action was focused heavily on the distribution of medically unnecessary prescription drugs, including the unlawful distribution of opioids and other prescription narcotics.  However, the cases involved a range of other theories, including embezzlement and theft, fraudulent billing, illegal kickbacks, and money laundering.  The action currently involves cases across more than 30 states and Puerto Rico.  HHS Secretary Tom Price emphasized the current administration’s focus on addressing health care fraud, stating: "The historic results of this year’s national takedown represent significant progress toward protecting the integrity and sustainability of Medicare and Medicaid, which we will continue to build upon in the years to come."[16]  Given the breadth of this enforcement action and the current administration’s stated dedication to health care fraud enforcement generally, we anticipate seeing continued efforts on this front. The DOJ’s announcement of the nationwide "takedown" was also notable for its reference to various defendants arrested on charges related to fraudulent distribution of opioids, which has become a priority issue for the new administration.  Indeed, shortly after the "takedown" was announced, Attorney General Jeff Sessions also announced the formation of a new "Opioid Fraud and Abuse Detection Unit."[17]  The new unit will involve participation by twelve different districts around the country and will focus on using data analytics to identify those "contributing to [the] opioid epidemic." The metrics used will include the number of opioid prescriptions written or dispensed in comparison to physicians’ and pharmacies’ peers, the number of patients of each physician who have died within 60 days of an opioid prescription, and the average age of patients receiving the opioid prescriptions. II.     HHS Enforcement Activity A.     HHS OIG Activity 1.     Developments and Trends in 2017 According to its Semiannual Report to Congress, although the numbers of reported HHS OIG criminal and civil actions are up in the first half of Fiscal Year 2017, as compared to Fiscal Year 2016, HHS OIG’s expected investigative recoveries are slightly down.[18]  Through the first half of Fiscal Year 2017, HHS OIG has reported 468 criminal actions and 461 civil actions, including FCA suits, civil monetary penalty (CMP) settlements, and administrative recoveries, against individuals or entities.[19]  During the first half of Fiscal Year 2017, OIG reported expected investigative recoveries of over $2.04 billion. 2.     Final Rule on Exclusions In January 2017, HHS OIG finalized a rule that imposes a 10-year limitations period on HHS OIG exclusion actions brought on the basis of violations of the AKS.[20]  HHS OIG had originally proposed to amend the relevant regulation to clarify that there was no limitations period.  However, in response to numerous comments objecting to the proposal, HHS OIG decided to adopt a 10-year limitations period.  In doing so, HHS OIG expressed the notable concern that "any limitations period on . . . exclusions may force OIG to either initiate administrative proceedings while [a given FCA] matter is proceeding or lose the ability to protect the programs and beneficiaries through an exclusion.  Litigating FCA and exclusion actions on parallel tracks wastes Government (both administrative and judicial) and private resources."[21]  Nevertheless, HHS OIG concluded that "such situations will be less frequent with a 10-year period than with a shorter period," and that a 10-year period balances the goal of avoiding government waste against the goals of "provid[ing] certainty" and avoiding the "administrative burden" of indefinite document retention that regulated parties could incur were HHS OIG to explicitly adopt an indefinite limitations period.[22]  HHS OIG’s response to the comments it received also noted the alignment between a 10-year limitations period and the FCA’s 10-year statute of repose,[23] and stated that, while recent conduct is more relevant to exclusion decisions, HHS OIG’s experience has shown that "exclusion can be necessary to protect the Federal health care programs even when the conduct is up to 10 years old."[24] The final rule also significantly expanded the scope of HHS OIG’s permissive exclusion authority, implementing and building upon changes included in the Affordable Care Act ("ACA") by allowing the agency to exclude individuals or entities who "request or receive payment" relating to covered  items or services; who are convicted for obstruction of audits related to the "use of funds received, directly or indirectly, from any Federal health care program"; who have ownership or control interest in excluded entities; or who knowingly make or cause to be made "any false statement, omission, or misrepresentation of a material fact in any application, agreement, bid, or contract to participate or enroll as a provider of services or supplier under a Federal health care program."[25]  3.     Significant HHS OIG Enforcement Activity a)     Exclusions An important force behind many resolution of enforcement actions in which HHS OIG is involved is the potential for exclusion from government health programs, which can be a crippling (if not fatal) sanction for many providers and other companies in the health care industry.  Exclusion from government programs must be imposed upon any entity or individual engaged in a patient abuse-related crime, felony health care fraud, or the use, manufacture, distribution, or prescription of controlled substances.[26]  HHS OIG has discretion to impose the penalty in cases of fraudulent conduct, in cases involving the submission of claims for unnecessary treatments or procedures, and in connection with a license suspension or Corporate Integrity Agreement (CIA).[27]  HHS OIG excluded 2,041 individuals and entities during the first half of calendar year 2017.[28]  These exclusions include 40 entities (already almost meeting calendar year 2016’s total of 41 entities), with pharmacies accounting for 10 exclusions and mental health facilities accounting for 6 exclusions.  Among excluded individuals, 208 have been identified as business owners or executives.  Home health agencies continue to be an area of focus for HHS OIG, accounting for over 25% of the exclusions for business owners or executives in the first half of calendar year 2017.  As with entities, HHS OIG is also focused on business owners and executives of pharmacies, with over 17% of the excluded business owners and executives in the first half of calendar year 2017 having been identified as affiliated with a pharmacy. b)     Civil Monetary Penalties In the first half of the 2017 calendar year, HHS OIG announced 47 CMPs as a result of settlement agreements and self-disclosures and recovered nearly $23 million, representing a slowdown in pace from calendar year 2016.[29]  Of the top-ten largest penalties for the first half of calendar year 2017, seven of the penalties were the result of self-disclosure to HHS OIG.  False and fraudulent billing and improper claims for payment were the leading reason for the assessment of CMPs, accounting for 23 of the announced CMPs thus far in 2017 and over $12.2 million in penalties.  As in past years, HHS OIG also routinely pursued CMPs where entities employed individuals that the entities allegedly knew or should have known were excluded from federal health care programs.  These cases account for 14 of the CMPs assessed this year, amounting to over $2.9 million in penalties.  Penalties also were assessed for violations of the Emergency Medical Treatment and Labor Act (EMTALA), the AKS, and the Stark Law’s physician self-referral prohibitions. The largest CMPs assessed against providers this year are summarized below: Crittenton Hospital Medical Center (CHMC) and Crittenton Cancer Center (CCC):  After self-disclosing conduct, CHMC and CCC agreed to the year’s highest penalty thus far, paying $3.2 million to resolve allegations related to physician self-referrals and AKS violations.  HHS OIG alleged that CHMC and CCC paid more than fair market value compensation for prohibited financial arrangements with a physician and entities owned by that physician.  HHS OIG also alleged that CHMC and CCC had compensation arrangements with the physician and owned entities that were not always set in writing or did not act in accordance with written contracts.[30]  Hartford Hospital, Connecticut:  Hartford Hospital (Hartford) entered into a $2.4 million settlement with HHS OIG to resolve allegations that Hartford submitted claims for home health services within three days of patients’ release from Hartford that were improperly coded as discharged rather than as post-acute care transfer.[31]  Metro Health Corporation and Metropolitan Hospital:  After self-disclosing conduct, Metro Health and its subsidiary agreed to pay $2.3 million to resolve allegations related to physician self-referrals and AKS violations.  HHS OIG alleged that Metro Health entered into professional services agreements with two independent contractor physician groups and paid the physician groups in excess of fair market value.[32] c)     Corporate Integrity Agreements HHS OIG employs CIAs in an effort to ensure that providers comply with Medicare and Medicaid rules and regulations.  After a slight decline in calendar year 2016, the first half of 2017 saw an uptick in CIAs, with 24 new CIAs taking effect.[33]  CIAs are often linked with other enforcement penalties.  For example, as noted above, in May 2017, eClinicalWorks (ECW) entered into a five-year CIA with HHS OIG, which includes the noteworthy requirement that ECW retain an Independent Software Quality Oversight Organization to assess ECW’s software quality control systems and provide semi-annual reports to OIG documenting its reviews and recommendations.  HHS OIG continues to pursue CIAs in individual cases and cases involving much smaller payment amounts.  In May, for example, a California dentist entered into a $31,000 settlement agreement, as well as a three-year CIA, to resolve allegations that the dentist submitted claims for medically unnecessary services for a number of Medicaid dental beneficiaries.[34]  B.     CMS Activity 1.     Transparency and Data Accessibility As previously discussed, CMS has prioritized improving access to data related to the use of Medicare and Medicaid services over the past few years.  As part of this ongoing effort, CMS has released two additional data sets and one updated data tool thus far in 2017: Health Care Spending by State for 1991-2014.[35]  The data, released by CMS’s Office of the Actuary, updates previous estimates published in 2011 and "examines personal health care spending (or the health care goods and services consumed) through a resident-based view."[36]  For each state, the data "is presented both by type of goods and services (such as hospital services and retail prescription drugs) and by major payer (including Medicare, Medicaid, and private health insurance)."[37] Healthcare Disparities by Race, Ethnicity, & Gender.[38]  CMS’s Office of Minority Health released two reports detailing the quality of care received specifically by Medicare Advantage enrollees. The first report focused on disparities by gender, while the second examined "racial and ethnic differences in health care experiences and clinical care among women and men."[39]    Market Saturation and Utilization Tool.[40]  In July, CMS announced its fifth update of this important data tool, which provides interactive maps and related data sets showing provider services and utilization data.  The updated tool includes long-term care hospital and chiropractic services data in addition to the previous categories of data. 2.     Continued Implementation of Moratoria On January 29, 2017, CMS extended for six months the moratoria on nonemergency ambulance suppliers and home health care agencies in six states that are designated as "hot spots" for fraud under the ACA.[41] The moratoria blocks any new provider enrollments for nonemergency ambulance services in New Jersey, Pennsylvania, and Texas, and for home health agencies in Florida, Texas, Illinois, and Michigan.[42]  The moratoria are imposed after consultation with the DOJ and HHS OIG[43] (and, in the case of Medicaid, with State Medicaid agencies) and will be continuously reviewed every six months to assess whether they remain necessary.[44] C.     OCR and HIPAA Enforcement In June 2017, HHS’s Office of Civil Rights (OCR) reported that it had reviewed and resolved 156,467 Health Information Portability and Accountability Act (HIPAA) complaints since HIPAA privacy rules went into effect in April 2003.[45]  Nearly 28,000 of these complaints have been resolved in just the past year.[46]  Since January, OCR has reported nine new settlements amounting to $17 million in fines.[47]  At this pace, fines imposed in 2017 are likely to far exceed the $23.5 million in fines imposed during the 2016 calendar year.  Protection of patients’ confidential information remains a priority for HHS, and providers should expect HIPAA scrutiny to increase as OCR focuses on providers’ role in minimizing the impacts of data breaches. 1.     Trends to Date OCR has continued to ramp up its scrutiny of cybersecurity and providers’ responses to data breaches in 2017.  In June, OCR issued its cyber-attack "quick-response" guidance, which explains the four steps HIPAA-covered entities and their business associates should take in response to cyber-related security incidents.[48]  In the event of a cyber-attack or a similar emergency, an entity:  (1) must execute its response and mitigation procedures and contingency plans; (2) should report the crime to other law enforcement agencies; (3) should report all cyber threat indicators to the appropriate federal agencies and information-sharing and analysis organizations; and (4) must report the breach to OCR as soon as possible, but no later than 60 days after the discovery of a breach affecting 500 or more individuals.  The "quick-response" guidance provides additional detail and references for each of these steps, and is accompanied by an "infographic" that helps to make the guidance more accessible for providers.[49] OCR also continued to issue its "Cyber Awareness Newsletters" that provide guidance on what specific security measures providers can take to decrease the possibility of being exposed by the various security threats and vulnerabilities that exist in the healthcare sector, and how to reduce breaches of electronic personal health information (ePHI).[50]  For example, OCR’s January newsletter provided guidance on how HIPAA-covered entities should comply with, and the importance of, the Security Rule’s Audit Controls standard, 45 C.F.R. § 164.312(b).[51]  OCR’s February newsletter urged relevant entities to report any suspicious activity, including cybersecurity incidents, cyber threat indicators and defensive measures, phishing incidents, malware, and software vulnerabilities to the U.S. Computer Emergency Readiness Team (US-CERT) within DHS, which is responsible for analyzing data, developing timely and actionable information on threats to governments and private industry, and responding to cybersecurity incidents.[52]  OCR’s June newsletter stressed that entities must account for the security concerns that accompany the implementation of file sharing and collaboration tools in their risk analyses, risk management policies, and business associate agreements.[53] 2.     HIPAA Enforcement Actions OCR has announced nine resolutions of HIPAA matters since the start of the calendar year, with the resolutions far exceeding the fines imposed at this time last year.  Five of these resolution agreements have resulted in seven-figure fines.  Significantly, this year brought the first HIPAA enforcement action for the lack of a timely breach notification.[54]  Illinois health care network, Presence Health, agreed to pay $475,000 to settle allegations that it violated HIPAA’s Breach Notification Rule by failing to notify patients of a breach within the 60-day period.  In October 2013,  Presence discovered that paper-based operating room schedules, containing the PHI of 836 individuals, went missing.   Presence did not file a breach notification report with OCR until January 31, 2014, and also did not notify the individuals affected by the breach or prominent media outlets within the 60-day period. In this year’s largest settlement, which OCR announced in February and stated was meant to "shine[] [a] light on the importance of audit controls," South Florida-based Memorial Healthcare System (MHS) agreed to pay $5.5 million to settle allegations that it violated HIPAA Privacy and Security Rules.[55]  MHS reported to OCR that the ePHI of more than 115,000 individuals had been impermissibly accessed by its employees and improperly disclosed to affiliated-physician office staff when the login credentials of a former employee had been used to access the ePHI on a daily basis without detection for a year.  According to OCR, MHS "failed to implement procedures with respect to reviewing, modifying, [or] terminating users’ right of access," despite having identified a risk over a period of several years.[56]  In January, Children’s Medical Center of Dallas agreed to pay a $3.2 million penalty for impermissible disclosure of unsecured ePHI and alleged noncompliance with the HIPAA Security Rule over a period of many years.[57]  The penalty followed several separate incidents resulting in the loss of ePHI, including the loss of an unencrypted, non-password protected Blackberry with the ePHI of 3,800 individuals and the theft of an unencrypted laptop with the ePHI of 2,462 individuals.  OCR’s investigation revealed that Children’s did not deploy encryption or other security measures on its laptops, work stations, mobile devices, and removable storage media for several years after the incidents, despite being aware of the risks. In April, wireless health services provider CardioNet agreed to pay $2.5 million to settle allegations that it violated the HIPAA Privacy and Security Rules after an employee’s laptop containing the ePHI of over 1,300 individuals was stolen from a parked vehicle.[58]  OCR’s investigation revealed that CardioNet had insufficient risk analysis and risk management processes in place at the time of the theft and that its HIPAA policies and procedures were in draft form and had not yet been implemented. In May, Texas-based Memorial Hermann Health System MHHS agreed to pay $2.4 million to settle allegations that it violated the HIPAA Privacy Rule by including a patient’s name in the title of a press release, which was approved by the company’s senior management, and by failing to timely sanction its employees.[59]  The press release described a 2015 incident in which a patient at one of the company’s clinics presented an allegedly fraudulent identification card to office staff and was subsequently arrested. III.     AKS Developments A.     AKS-Related Case Law Developments Federal courts handed down a number of interesting decisions applying a variety of important principles related to the AKS, with respect to the "one purpose test" and intent to induce; the scope of the AKS’s scienter requirement; the meaning of "remuneration"; the relationship between remuneration and referrals; and the contours of relevant evidence in AKS cases. 1.     The "One Purpose Test" Broadly speaking, the AKS prohibits offering or receiving remuneration intended to induce referrals of goods or services reimbursed by federal health programs.[60]  Some courts have taken a rather broad view of how to apply the intent-to-induce element, holding that AKS liability can attach to remuneration if only one purpose among multiple, other legitimate purposes was to induce referrals.  In recent years, the theory has been questioned by some commenters and courts, but recently, in United States v. Nagelvoort,[61] the United States Court of Appeals for the Seventh Circuit declined to strike down the "one purpose test" as unconstitutionally vague.[62]  Nagelvoort, a former hospital administrator, was convicted of violating the AKS by providing physicians various forms of remuneration in exchange for referrals of patients to the hospital at which he worked.[63]  On appeal, he argued that the "one purpose test" threatens to render illegal "every contractual relationship a [h]ospital has with a doctor," and that the proper test for intent under the AKS should be whether inducing referrals is the "primary or substantial purpose" of the remuneration in question.[64]  Relying on a 2011 decision in which it rejected a similar challenge to the "one purpose" test, the Seventh Circuit declined to revisit its approach to the AKS’s intent requirement and upheld the "one purpose" test amid Nagelvoort’s constitutional challenge.[65] 2.     Scienter under the AKS Liability under the AKS also requires that the defendant has acted "knowingly and willfully,"[66] which the Supreme Court has generally said means with "knowledge the conduct [is] unlawful."[67]  In a criminal case decided in June, United States v. Waller,[68] the defendant challenged the court’s failure to define "willfully" as requiring a showing of specific intent to defraud.[69]  The jury instruction the court gave stated that Waller need not have known of the AKS or have had specific intent to violate it, and used the word "willfully" only by way of stating that "[t]he government must prove that the defendant willfully committed an act that violated the [AKS]."[70]  The court, Waller argued, should have required a showing of specific intent to defraud, because a mere "knowing violation" is insufficient to establish AKS liability.[71]  The court rejected Waller’s argument as inconsistent with Fifth Circuit precedent which held—on the basis of the AKS’s text—that the AKS does not require a showing of specific intent to violate the statute.[72]  As such, the court indicated a reluctance to introduce any sort of specific intent requirement into the AKS analysis, even in the modified form ("specific intent to defraud") proposed by Waller.[73]  The court similarly rejected Waller’s argument that the AKS implicitly incorporates a requirement of materiality due to its close relationship to the FCA.[74]  No materiality element could be inferred in the AKS context, the court held, where Congress itself did not explicitly use the word "fraud" or "defraud" in the statute.[75] 3.     The Meaning of "Remuneration" As noted above, AKS liability attaches to "remuneration," which some courts have defined very broadly to include (with some exceptions) virtually anything of value.  It is well known that the AKS applies where such remuneration is given in exchange for referrals or recommendations of federally reimbursed goods or services.  But a separate provision of the AKS, which has received much less attention in the case law, attaches liability where the remuneration is provided in return for "arranging for" the furnishing of a federally reimbursed item.  In United States v. Addus HomeCare Corp.,[76] a federal District Court recently had the opportunity to weigh in on the scope of the "arranging for" provision.  In Addus, the relator alleged a False Claims Act scheme whereby a defendant home health provider would "arrange for" physicians from the co-defendant provider to visit patient homes to certify those patients for home health care, even if the patient was not eligible for such care.[77]  In exchange  for those certifications, the home health provider allegedly would refer to its co-defendant any of its patients that needed physician services.[78]  The court held that the false certifications of patients’ eligibility for home health services themselves constituted remuneration under the AKS, even though no "payment or compensation" was made.  The court explained that the false certifications made it possible for the provider who received the certifications to bill Medicare for home health services provided to the patients in question, which was enough to constitute actionable remuneration as "any thing[] of value [provided] to the alleged recipient[]."[79] 4.     The Relationship Between Remuneration and Referrals In United States ex rel. Graziosi v. Accretive Health, Inc., another district court reinforced the idea that a kickback need not actually result in a referral, purchase, or other act to violate the AKS.[80]  In Graziosi, an FCA case, the relator alleged that the defendant, a hospital operations consultant, received payments from hospitals in exchange for written recommendations that certain patients be designated as eligible for inpatient admission.[81]  In moving to dismiss the case, one of the defendant hospital systems argued that the consulting defendant’s alleged conduct had no "impact on patient care," and that the alleged kickback scheme did not result in the patients receiving any treatment they would not otherwise have received.[82]  The court held that this was irrelevant and that the consulting defendant need only have recommended the services in return for the kickbacks—regardless of whether the services were ever provided.  The court reasoned that requiring a showing that services were actually provided "would create a loophole for services that were recommended and billed, but not actually provided, which cannot have been the intent of the statute’s drafters."[83]  It is difficult to see how this analysis squares with the elements of a False Claims Act violation—especially causation—as opposed to a stand-alone AKS violation. 5.     Evidentiary Developments:  Medical Necessity and Fair Market Value In a unique FCA opinion issued in April, United States ex rel. Cairns v. D.S. Medical L.L.C., a federal judge ruled that the government could support kickback claims by introducing evidence regarding the medical necessity of the allegedly related services performed and devices used by the physician.[84]  To support its allegations that a defendant physician’s selections of a co-defendant distributor’s medical devices were the product of illegal kickback payments, the government proffered evidence that the devices and certain services by the physician were not medically necessary.  The government’s theory was that such evidence would distinguish the physician’s use of the devices in question from other physicians’ use, and so help show the physician’s state of mind regarding the financial implications of his use of the distributor’s devices.[85]  In ruling on what it called a "somewhat close question," the court held that the evidence was "probative of [the physician’s] intent," and that the potential prejudicial effect of the evidence did not substantially outweigh its probative value.[86] In another recent and instructive evidentiary ruling bearing on proof in AKS cases, United States v. Moshiri, the Seventh Circuit upheld a trial judge’s decision to permit expert testimony relevant to the fair market value of a teaching contract that the defendant allegedly received as a kickback.[87]  The expert in question did not actually render an opinion regarding the transaction’s fair market value; rather, he merely testified as to how the value of the contract at issue compared to contracts with which he was familiar based on "industry norms."[88]  The court held that the expert’s "specialized experience and knowledge within the field" was sufficient to qualify the expert as such, and that the lack of a nationwide "empirical analysis" of contracts similar to the defendant’s was not fatal to the admissibility of the expert’s testimony.[89]  Although the lack of empirical analysis was relevant to the weight of the expert’s testimony, the court reasoned, it did not affect the admissibility of the testimony in the first instance.[90] B.     Guidance and Regulations 1.     Free and Low-Cost Lodging and Meals to Low-Income Patients In an advisory opinion issued in March, HHS OIG approved a proposed arrangement involving the provision of free and low-cost meals and lodging to low-income patients.[91]  Under the arrangement set forth in the advisory opinion, the requestor—the owner and operator of a hospital whose patient population includes individuals "who reside in rural and medically underserved areas"—would provide free or low-cost meals and hotel rooms to patients at certain income thresholds to facilitate their access to "services they may not be able to obtain locally."[92]  Any given patient would have to meet specific geographic and income requirements to be eligible for the benefits, and patients would only be evaluated for participation in the program after their treatment appointments had been scheduled.[93]  Moreover, the requestor would not engage in advertising or marketing of the meal and lodging benefits to patients, would not seek federal reimbursement for the costs of the program, and would not provide any remuneration to physicians to induce referrals of eligible patients to the hospital.[94] HHS OIG analyzed the proposed program under Section 1128A(a)(5) of the Social Security Act, which imposes civil monetary penalties on those who induce federal healthcare program beneficiaries to choose particular providers.[95]  HHS OIG found that, given the parameters and limitations of the program, the benefits provided to patients would both "promote access to care" for, and "pose a low risk of harm" to, federal health care program beneficiaries—thereby satisfying the "Promotes Access to Care" exception to Section 1128A(a)(5).[96]  The opinion did not analyze the AKS extensively and noted that the Promotes Access to Care exception does not apply to the AKS.  However, the opinion did conclude that while the proposed program "would constitute remuneration" under the AKS, HHS OIG would not impose administrative sanctions on the requestor, provided that it lacked the "intent to induce or reward referrals."[97]  In reaching this conclusion, HHS OIG cited the same factors that it found persuasive in concluding that the proposed program would not violate Section 1128A(a)(5).[98] 2.     Reduction or Waiver of Cost Sharing Amounts Owed by Patients in a Clinical Study In an advisory opinion issued in June, HHS OIG considered a proposal to "reduce or waive, on a non-routine, unadvertised basis, cost-sharing amounts owed by financially needy Medicare beneficiaries for items and services furnished in connection with a clinical research study."[99]  The study involved a biomedical system indicated for treating ulcers and other chronic wounds.[100]  In the proposal advanced by the parties seeking the advisory opinion, a particular hospital participating in the study would "reduce or waive applicable cost-sharing amounts owed by financially needy beneficiaries for all Study-related items and services."[101]  The manufacturer of the system under study would not cover any of these reductions or waivers.  The hospital would only inform a given patient of the possibility of reduction or waiver if that patient, upon receiving notice that he or she "may owe cost-sharing amounts in connection with the Study," informed the hospital that he or she could not afford these payments.[102]  The hospital would then evaluate the patient’s financial need according to a set of uniform criteria.[103]  Neither the hospital nor the manufacturer would advertise the possibility of waiver or reduction of patients’ cost-sharing obligations.[104] Analyzing the proposal under the Beneficiary Inducement CMP,[105] HHS OIG found that the proposal fit within an exception to the definition of remuneration for any waiver of coinsurance or deductible amounts that are "not offered as part of any advertisement or solicitation"; that are not "routinely" provided; and that are only granted either after a "good faith" determination of financial need, or after "reasonable collection efforts" have failed.[106]  Given the non-advertised and "case-by-case" nature of the proposed reductions and waivers in this particular case, along with the "objective criteria" used to determine financial need, HHS OIG found that the proposal fit within this exception.[107]  For the same reasons, HHS OIG determined that it would not seek administrative sanctions under the AKS, provided that "the requisite intent to induce or reward referrals of Federal health care program business" remained absent.[108] IV.     Stark Law Developments The first half of 2017 saw several notable developments related to the physician self-referral law, or Stark Law.[109]  On the legislative and regulatory front, these developments included a new self-disclosure protocol from CMS and a Congressional report that touched on the intersection of cybersecurity and Stark Law enforcement.  On the case law and enforcement fronts, meanwhile, there were notable cases and settlements that explored and illuminated the broad scope of potential liability under the Stark Law. A.     Regulatory and Legislative Updates On March 28, 2017, CMS released the final version of its Voluntary Self-Referral Disclosure Protocol (SRDP), which establishes a standardized format for reporting overpayments caused by actual or potential violations of the Stark Law.[110]  As we previously reported in these pages, CMS’s revised protocol replaces the protocol CMS released after passage of the Patient Protection and Affordable Care Act (PPACA) in 2010 and streamlines the reporting process to conform it to the final overpayment regulations issued in February 2016.  Under the streamlined reporting format for self-disclosures, the new SRDP now includes Disclosure, Physician Information, and Financial Analysis Worksheet forms that providers must submit for each disclosure as of June 1, 2017.  In 2016, self-disclosures under the SRDP resulted in settlements between CMS and health care providers of more than $6.9 million.[111] Elsewhere, the Health Care Industry Cybersecurity Task Force, a federal task force established by the Cybersecurity Act of 2015, called for changes to the Stark Law in its final Report on Improving Cybersecurity in the Health Care Industry.[112]  To speed the sharing and adoption of improved cybersecurity tools and practices, the Task Force recommended that large health care organizations be able "to share cybersecurity resources and information with their partners."  But even though organizations "[o]ften . . . want to provide technology to ensure smaller business partners do not become a liability in the supply chain," the report noted that the Stark Law (and the AKS) can serve as impediments to such sharing agreements.  Therefore, the report recommended a "regulatory exception" to the Stark Law to permit such cooperation.  Such an exception would surely be welcomed by health care providers that increasingly face cybersecurity threats, but it remains to be seen whether CMS, or Congress, will act on the report’s recommendation, and if so, what such an exception would look like. Finally, in our 2016 Year-End Update, we noted several legislative initiatives to reexamine the Stark Law and its sweeping scope.  With Congress consumed by broader issues of health care reform and potential repeal of PPACA, those initiatives have not moved forward.  But we will continue to monitor any health care reform proposals for significant changes to the Stark Law. B.     Case Law Developments In United States ex rel. Emanuele v. Medicor Associates—a case with potentially broad implications for Stark Law enforcement—a federal district court ruled that the Stark Law’s requirement that financial arrangements with physicians be memorialized in a written agreement can be "material" to the government’s decision to pay claims.[113] The case involved financial arrangements between a Pennsylvania medical center and a cardiology group, under which a group of cardiologists provided oversight and supervision of the medical center’s cardiology services.  Although there were several written agreements memorializing these arrangements, those agreements lapsed at various points (before being renewed) and were sometimes unexecuted, among other minor deficiencies in the paperwork.[114]  On summary judgment, the relator relied on the incomplete documentation and contracts to show that the cardiologists could not satisfy relevant Stark Law exceptions, which require a written agreement.[115]  Defendants argued, meanwhile, that "even if [the arrangements] violated the Stark Act’s writing requirements, those violations do not rise to the level of materiality required to support an FCA claim."[116] Despite purporting to apply the "demanding" and "rigorous" materiality standard espoused in Universal Health Services, Inc. v. United States ex rel. Escobar, the district court sided with the relator to hold that "it is clear" that violations of the written agreement requirement are material, because the Stark Law "expressly prohibits Medicare from paying claims that do not satisfy each of its requirements, including every element of any applicable exception."[117]  The court noted that the Stark Law’s requirement of a "signature as a manifestation of the parties’ assent to the arrangement . . . plays a role in preventing fraud and abuse."[118] In so holding, the court essentially mandated perfect adherence to every requirement of Stark Law exceptions.  Although the court acknowledged that materiality was a fact issue, by denying summary judgment on these grounds, the court’s decision opens the door for whistleblowers to survive motions to dismiss and summary judgment even where there are only minor, administrative deficiencies in the required paperwork under the Stark Law.  This case serves as another reminder, therefore, that Stark Law compliance is a bedeviling exercise and warrants close attention.  This is, of course, one district court decision, and we will continue to monitor case law developments in this area. C.     Enforcement Two settlements also counted among the notable Stark Law developments during the first half of the year and served as reminders of the high price of Stark Law violations. In May, two Missouri hospitals agreed to pay $34 million to settle allegations that they made impermissible payments to oncologists in violation of the Stark Law, resulting in false claims under the FCA.[119]  The settlement stemmed from allegations that the hospitals paid oncologists, in part, based on a formula that considered the value of their patient referrals, and then submitted claims to Medicare for chemotherapy services referred by those physicians.  In June, a Los Angeles hospital agreed to pay $42 million to settle allegations that it violated the Stark Law and the AKS by entering into allegedly improper financial relationships with referring physicians.[120]  The hospital allegedly paid above-market rates to rent office space in physicians’ offices and entered into marketing arrangements with physicians that allegedly provided undue benefit to those physicians’ practices. V.     Conclusion As these issues and others important to the healthcare provider community continue to develop, we will track them and report back in our 2017 Year-End Update. [1] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Electronic Health Records Vendor to Pay $155 Million to Settle False Claims Act Allegations (May 31, 2017), https://www.justice.gov/opa/pr/electronic-health-records-vendor-pay-155-million-settle-false-claims-act-allegations. [2] U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Medicare Paid Hundreds of Millions in Electronic Health Record Incentive Payments That Did Not Comply With Federal Requirements (June 2017), https://oig.hhs.gov/oas/reports/region5/51400047.pdf.  [3] U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Nationwide Medicare Electronic Health Record Incentive Payments to Hospital (July 2017), https://oig.hhs.gov/reports-and-publications/workplan/summary/wp-summary-0000232.asp. [4] Letter from Sens. Orrin G. Hatch and Charles E. Grassley to CMS Administrator Seema Verma (July 12, 2017), https://www.grassley.senate.gov/sites/default/files/constituents/letter%20to%20CMS%20on%20electronic%20health%20incentive%20payments%207-12-17.pdf. [5] Ruckh v. CMC II, LLC, No. 8:11-cv-01303 (M.D. Fla. June 10, 2011), ECF Nos. 1, 121, 430, 441-446. [6] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Genesis Healthcare Inc. Agrees to Pay Federal Government $53.6 Million to Resolve False Claims Act Allegations Relating to the Provision of Medically Unnecessary Rehabilitation Therapy and Hospice Services (June 16, 2017), https://www.justice.gov/opa/pr/genesis-healthcare-inc-agrees-pay-federal-government-536-million-resolve-false-claims-act. [7] 136 S. Ct. 1989, 2001 (2016). [8] 857 F.3d 174 (4th Cir. 2017). [9] 846 F.3d 325, 332 (9th Cir. 2017). [10] 862 F.3d 890, 901 (9th Cir. 2017). [11] Id. at 902-03. [12] See, e.g., United States ex rel. Petratos v. Genentech Inc., 855 F.3d 481, 485 (3d Cir. 2017); Abbott v. BP Exploration & Production, Inc., 851 F.3d 384 (5th Cir. 2017).   [13] United States ex rel. Phalp v. Lincare Holdings Inc., 857 F.3d 1148 (11th Cir. 2017). [14] United States ex rel. Michaels v. Agape Senior Community, Inc., 848 F.3d 330 (4th Cir. 2017). [15] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, National Health Care Fraud Takedown Results in Charges Against Over 412 Individuals Responsible for $1.3 Billion in Fraud Losses (July 13, 2017), https://www.justice.gov/opa/pr/national-health-care-fraud-takedown-results-charges-against-over-412-individuals-responsible. [16] Id. (internal citations omitted). [17] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Attorney General Sessions Announces Opioid Fraud and Abuse Detection Unit (Aug. 2, 2017), https://www.justice.gov/opa/pr/attorney-general-sessions-announces-opioid-fraud-and-abuse-detection-unit. [18] See U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Semiannual Report to Congress, at iv (Apr. 1 – Sept. 30, 2016), https://oig.hhs.gov/reports-and-publications/archives/semiannual/2016/sar-fall-2016.pdf [hereinafter 2016 SA Report]; U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Semiannual Report to Congress, at ix (Oct. 1, 2016 – March 31, 2017),  https://oig.hhs.gov/reports-and-publications/archives/semiannual/2017/sar-spring-2017.pdf [hereinafter 2017 SA Report]. [19] 2017 SA Report. [20] See U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., Health Care Programs: Fraud and Abuse; Revisions to the Office of Inspector General’s Exclusion Authorities, 82 Fed. Reg. 4100, 4114 (Jan. 12, 2017), https://www.gpo.gov/fdsys/pkg/FR-2017-01-12/pdf/2016-31390.pdf. [21] Id. at 4102. [22] See id. at 4101–02. [23] See id. at 4102; 31 U.S.C. § 3731(b)(2). [24] 82 Fed. Reg. at 4102.  The final rule applies both to exclusions for conduct that violates the AKS, as well as exclusions for conduct that violates the CMP statute. See id. at 4114; 42 C.F.R. §§ 1001.901(c), 1001.951(c). [25] 82 Fed. Reg. at 4111-18. [26] See 42 U.S.C. § 1320a-7a. [27] 42 U.S.C. § 1320a-7b. [28] U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., LEIE Downloadable Databases, http://oig.hhs.gov/exclusions/exclusions_list.asp (last visited Aug. 10, 2017). [29] Data gathered through HHS OIG press releases and publicly available information.  See generally U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Civil Monetary Penalties and Affirmative Exclusions, http://oig.hhs.gov/fraud/enforcement/cmp/index.asp (last visited Aug. 10, 2017) [hereinafter CMP Assessments]; U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Provider Self-Disclosure Settlements, http://oig.hhs.gov/fraud/enforcement/cmp/psds.asp (last visited Aug. 10, 2017) [hereinafter Provider Self-Disclosure Settlements].  [30] See Provider Self-Disclosure Settlements, supra note 29. [31] See CMP Assessments, supra note 29. [32] See Provider Self-Disclosure Settlements, supra note 29. [33] See U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Corporate Integrity Agreement Documents, http://oig.hhs.gov/compliance/corporate-integrity-agreements/cia-documents.asp (last visited Aug. 10, 2017). [34] See CMP Assessments, supra note 29. [35] Press Release, Ctrs. for Medicare & Medicaid Servs., CMS Releases 1991-2014 Health Care Spending by State (June 14, 2017),  https://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2017-Press-releases-items/2017-06-14.html. [36] Id. [37] Id. [38] Press Release, Ctrs. for Medicare & Medicaid Servs., CMS releases quality data showing racial, ethnic and gender differences in Medicare Advantage health care during National Minority Health Month (Apr. 13, 2017), https://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2017-Press-releases-items/2017-04-13.html?DLPage=1&DLEntries=50&DLFilter=data&DLSort=0&DLSortDir=descending. [39] Id. [40] Press Release, Ctrs. for Medicare & Medicaid Servs., Market Saturation and Utilization Data Tool (July 24, 2017), https://www.cms.gov/Newsroom/MediaReleaseDatabase/Fact-sheets/2017-Fact-Sheet-items/2017-07-24.html?DLPage=1&DLEntries=10&DLSort=0&DLSortDir=descending. [41] 82 Fed. Reg. 2363 (Jan. 9, 2017), https://www.federalregister.gov/documents/2017/01/09/2016-32007/medicare-medicaid-and-childrens-health-insurance-programs-announcement-of-the-extension-of-temporary; see also The Patient Protection and Affordable Care Act of 2010, Pub. L. No. 111-148, § 6401(a). [42] See Press Release, Ctrs. for Medicare & Medicaid Servs., CMS extends, expands fraud-fighting enrollment moratoria efforts in six states (July 29, 2016), https://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2016-Press-releases-items/2016-07-29-2.html. [43] 42 C.F.R. § 424.570(a)(2)(iv) (2017) (setting forth these procedures for Medicare moratoria). [44] Id. § 424.570(b) (2017); id. § 455.470(a)(1) (requiring that Medicaid moratoria be imposed "in accordance with" regulations governing Medicare moratoria); id. § 455.470(c) (requiring that Medicaid moratoria be imposed and extended, as necessary, in six-month increments). [45] U.S. Dep’t of Health & Human Servs., Health Information Privacy, Enforcement Highlights (June 30, 2017), https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/data/enforcement-highlights/index.html. [46] U.S. Dep’t of Health & Human Servs., Health Information Privacy, Enforcement Highlights (May 31, 2016), https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/data/enforcement-highlights/2017-may/index.html. [47] Data gathered through HHS press releases and other publicly available information. See generally U.S. Dep’t of Health & Human Servs., HIPAA News Releases & Bulletins, https://www.hhs.gov/hipaa/newsroom (last visited Aug. 10, 2017). [48] U.S. Dep’t of Health & Human Servs., Office of Civil Rights, My entity just experienced a cyber-attack! What do we do now? (June 2017), https://www.hhs.gov/sites/default/files/cyber-attack-checklist-06-2017.pdf. [49] U.S. Dep’t of Health & Human Servs., Office of Civil Rights, Cyber-Attack Quick Response Infographic (June 2017), https://www.hhs.gov/sites/default/files/cyber-attack-quick-response-infographic.gif. [50] U.S. Dep’t of Health & Human Servs., Security Rule Guidance Material, https://www.hhs.gov/hipaa/for-professionals/security/guidance/index.html (last visited Aug. 10, 2017). [51] U.S. Dep’t of Health & Human Servs., Office of Civil Rights, Understanding the Importance of Audit Controls (Jan. 2017), https://www.hhs.gov/sites/default/files/january-2017-cyber-newsletter.pdf. [52] U.S. Dep’t of Health & Human Servs., Office of Civil Rights, Reporting and Monitoring Cyber Threats (Feb. 2017), https://www.hhs.gov/sites/default/files/february-2017-ocr-cyber-awareness-newsletter.pdf. [53] U.S. Dep’t of Health & Human Servs., Office of Civil Rights, File Sharing and Cloud Computing:  What to Consider? (June 2017), https://www.hhs.gov/sites/default/files/june-2017-ocr-cyber-newsletter.pdf. [54] See Press Release, U.S. Dep’t of Health & Human Servs., First HIPAA enforcement action for lack of timely breach notification settles for $475,000 (Jan. 9, 2017),  http://wayback.archive-it.org/3926/20170127111957/https://www.hhs.gov/about/news/2017/01/09/first-hipaa-enforcement-action-lack-timely-breach-notification-settles-475000.html. [55] See Press Release, U.S. Dep’t of Health & Human Servs., $5.5 million HIPAA shines light on the importance of audit controls, Feb. 16, 2017), https://www.hhs.gov/about/news/2017/02/16/hipaa-settlement-shines-light-on-the-importance-of-audit-controls.html. [56] Id. [57] See Press Release, U.S. Dep’t of Health & Human Servs., Lack of timely action risks security and costs money (Feb. 1, 2017), https://www.hhs.gov/about/news/2017/02/01/lack-timely-action-risks-security-and-costs-money.html?language=es. [58] See Press Release, U.S. Dep’t of Health & Human Servs., $2.5 million settlement shows that not understanding HIPAA requirements creates risk (Apr. 24, 2017), https://www.hhs.gov/about/news/2017/04/24/2-5-million-settlement-shows-not-understanding-hipaa-requirements-creates-risk.html?language=es.  [59] See Press Release, U.S. Dep’t of Health & Human Servs., Texas health system settles potential HIPAA disclosure violations (May 10, 2017), https://www.hhs.gov/about/news/2017/05/10/texas-health-system-settles-potential-hipaa-disclosure-violations.html?language=es. [60] 42 U.S.C. § 1320a-7b(b). [61] 856 F.3d 1117 (7th Cir. 2017). [62] Id. at 1129–30. [63] See id. at 1119–24. [64]  Id. at 1130 (internal quotation marks removed). [65] See id. [66] 42 U.S.C. § 1320a-7b(b)(1), (b)(2). [67] See Bryan v. United States, 524 U.S. 184 (1998). [68] No. 14-171-11, 2017 WL 2559092, at *1 (S.D. Tex. June 13, 2017). [69] Id. at *5. [70] See id. at *4. [71] Id. at *5. [72] See id. (discussing United States v. St. Junius, 739 F.3d 193, 210 (5th Cir. 2013)). [73] See id. at *5. [74] See id. at *6–7. [75] Id. at *7. [76] United States v. Addus HomeCare Corp., No. 13 CV 9059, 2017 WL 467673 (N.D. Ill. Feb. 3, 2017). [77] Id. at *5. [78] Id. [79] Id. at *9-10. [80] See United States ex rel. Graziosi v. Accretive Health, Inc., No. 13-CV-1194, 2017 WL 1079190, at *8 (N.D. Ill. Mar. 22, 2017). [81] See id. at *2. [82] See id. at *8. [83] Id. [84] See United States ex rel. Cairns v. D.S. Medical, L.L.C., No. 1:12CV00004 AGF, 2017 WL 1304947, at *3 (E.D. Mo. Apr. 7, 2017). [85] Id. at *2. [86] Id. at *3. [87] United States v. Moshiri, 858 F.3d 1077, 1084 (7th Cir. June 5, 2017). [88] Id. [89] See id. [90] Id. [91] See U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., OIG Advisory Op. 17-01 (Mar. 3, 2017), https://oig.hhs.gov/fraud/docs/advisoryopinions/2017/AdvOpn17-01.pdf. [92] Id. at 2. [93] See id. at 3–4. [94] Id. at 4. [95] See id. at 5. [96] Id. at 5–9 [97] Id. at 9. [98] Id. [99] U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., OIG Advisory Op. 17-02 at 1 (June 29, 2017), https://oig.hhs.gov/fraud/docs/advisoryopinions/2017/AdvOpn17-02.pdf [hereinafter OIG Advisory Op. 17-02]. [100] Id. at 3. [101] Id. [102] Id. at 3–4. [103] See id. at 4, 7. [104] Id. at 4. [105] 42 U.S.C. § 1320a-7a(a)(5). [106] See 42 U.S.C. § 1320a-7a(i)(6)(A).  As HHS OIG noted in the advisory opinion, the same exception to the definition of "remuneration" is found in the CMP statute’s implementing regulations.  See OIG Advisory Op. 17-02, supra note 114, at 6 n.6; 42 C.F.R. § 1003.110. [107] See OIG Advisory Op. 17-02, supra note 114, at 6–7. [108] Id. at 7. [109] 42 U.S.C. § 1395nn. [110] Ctrs. for Medicare & Medicaid Servs., Self-Referral Disclosure Protocol, https://www.cms.gov/Medicare/Fraud-and-Abuse/PhysicianSelfReferral/Self_Referral_Disclosure_Protocol.html (last visited Aug. 10, 2017). [111] Ctrs. for Medicare & Medicaid Servs., Self-Referral Disclosure Protocol Settlements, https://www.cms.gov/Medicare/Fraud-and-Abuse/PhysicianSelfReferral/Self-Referral-Disclosure-Protocol-Settlements.html (last visited Aug. 10, 2017). [112] Health Care Industry Cybersecurity Task Force, Report on Improving Cybersecurity in the Health Care Industry (June 2017), https://www.phe.gov/Preparedness/planning/CyberTF/Documents/report2017.pdf. [113] United States ex rel. Emanuele v. Medicor Assocs., 2017 WL 1001581, at *17 (W.D. Pa. Mar. 15, 2017). [114] Id. at *4-5. [115] Id. at *6. [116] Id. at *17. [117] Id. at *18. [118] Id. [119] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Missouri Hospitals Agree to Pay United States $34 Million to Settle Alleged False Claims Act Violations Arising from Improper Payments to Oncologists (May 18, 2017), https://www.justice.gov/opa/pr/missouri-hospitals-agree-pay-united-states-34-million-settle-alleged-false-claims-act. [120] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Los Angeles Hospital Agrees to Pay $42 Million to Settle Alleged False Claims Act Violations Arising from Improper Payments to Physicians (June 28, 2017), https://www.justice.gov/opa/pr/los-angeles-hospital-agrees-pay-42-million-settle-alleged-false-claims-act-violations-arising. The following Gibson Dunn lawyers assisted in the preparation of this client update:  Steve Payne, John Partridge, Jonathan Phillips, Coreen Mao, Laura Musselman, Reid Rector, Julie Schenker, Yamini Grema, Michael Dziuban and Stevie Pearl.  Gibson Dunn lawyers are available to assist in addressing any questions you may have regarding these developments.  Please contact the Gibson Dunn lawyer with whom you usually work or any of the following:  Washington, D.C.Stephen C. Payne, Co-Chair, FDA and Health Care Practice Group (202-887-3693, spayne@gibsondunn.com)F. Joseph Warin (202-887-3609, fwarin@gibsondunn.com)Marian J. Lee (202-887-3732, mjlee@gibsondunn.com)Daniel P. Chung (202-887-3729, dchung@gibsondunn.com)Jonathan M. Phillips (202-887-3546, jphillips@gibsondunn.com) Los AngelesDebra Wong Yang (213-229-7472, dwongyang@gibsondunn.com) San FranciscoCharles J. Stevens (415-393-8391, cstevens@gibsondunn.com)Winston Y. Chan (415-393-8362, wchan@gibsondunn.com) Orange CountyNicola T. Hanna (949-451-4270, nhanna@gibsondunn.com) New YorkAlexander H. Southwell (212-351-3981, asouthwell@gibsondunn.com) DenverRobert C. Blume (303-298-5758, rblume@gibsondunn.com)John D.W. Partridge (303-298-5931, jpartridge@gibsondunn.com)        © 2017 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

August 30, 2017 |
Webcast: 2017 Mid-Year Update: The False Claims Act and Health Care Providers

​The False Claims Act (FCA) is well-known as one of the most powerful tools in the government’s arsenal to combat fraud, waste and abuse anywhere government funds are implicated. The U.S. Department of Justice has made clear that vigorous FCA enforcement is here to stay,  with newly filed cases remaining at historical peak levels and the DOJ  on pace to recover more than $3 billion from FCA cases for the seventh straight year.  More than ever, any company that deals in government funds—including companies in the education, health care and life sciences, government contracting and financial services sectors—needs to stay abreast of how the government and private whistleblowers alike are wielding this tool, and how they can prepare and defend themselves. Please join Gibson Dunn for a 90-minute discussion of the latest developments in FCA, including: The latest trends in FCA enforcement actions and associated litigation involving Health Care Providers; Updates on the Trump Administration’s approach to FCA enforcement; Notable legislative and administrative developments affecting the FCA’s statutory framework and application; and The latest developments in FCA case law following the Supreme Court’s Escobar decision. View Slides [PDF] PANELISTS: Stephen Payne is a partner in the Washington, D.C. office. He is Chair of the firm’s FDA and Health Care practice group, and is a member of the Life Sciences practice group.  His practice focuses on FDA and health care compliance, enforcement, and litigation for pharmaceutical and medical device clients.  He has significant experience in the areas of fraud and abuse, product diversion and counterfeiting, good manufacturing practice regulations, product recalls and product promotion. Winston Chan is a partner in the San Francisco office.  He has particular experience leading matters involving government enforcement defense, internal investigations, compliance counseling, and civil trial litigation. Previously, he served as an Assistant U.S. Attorney in the Eastern District of NY, where he investigated a wide range of matters as part of that office’s Business and Securities Fraud Section, including FCA violations and health care fraud. Jonathan Phillips is a senior associate in the Washington, D.C. office, where his practice focuses on FDA and health care compliance, enforcement, and litigation, as well as other government enforcement matters and related litigation. He has substantial experience representing pharmaceutical, medical device, and health care provider clients in investigations by the DOJ, FDA, and Department of Health and Human Services Office of Inspector General. Previously, he served as a Trial Attorney in the Civil Division, Fraud Section of the DOJ, where he investigated and prosecuted allegations of fraud against the U.S. under the FCA and related statutes. Julie Schenker is a litigation associate in the Washington, D.C. office, where she focuses on governmentenforcement matters, health care compliance, and related litigation. She has represented health care providerclients in investigations by the DOJ and the Department of Health and Human Services Office of InspectorGeneral. MCLE CREDIT INFORMATION: This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 1.80 credit hours, of which 1.80 credit hours may be applied toward the areas of professional practice requirement.  This course is approved for transitional/non-transitional credit only. Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast.  Please contact Jeanine McKeown (National Training Administrator), at 213-229-7140 or jmckeown@gibsondun.com  to request the MCLE form. Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.50 hours. California attorneys may claim “self-study” credit for viewing the archived version of this webcast.  No certificate of attendance is required for California “self-study” credit.

August 25, 2017 |
2017 Mid-Year FDA and Health Care Compliance and Enforcement Update – Drugs and Devices

At the midpoint of 2017, much has changed, and yet much has stayed the same for U.S. manufacturers of pharmaceuticals and medical devices.  Although the new administration arrived in January, Dr. Scott Gottlieb, the new U.S. Food and Drug Administration ("FDA") Commissioner, was not confirmed until May.  Not surprisingly, then, much of the regulatory activity for the year is still on the horizon. In the meantime, various federal and state government enforcement agencies continue to keep drug and device manufacturers in their sights.  As in recent years, the first half of 2017 saw a steady cadence of enforcement actions against drug and device companies under the standard set of enforcement statutes: the False Claims Act ("FCA"), Anti-Kickback Statute ("AKS"), Federal Food, Drug, and Cosmetic Act ("FDCA"), and Foreign Corrupt Practices Act ("FCPA").  This included, most notably, the largest-ever FCA recovery in a kickback case involving a device company, a $350 million settlement that served as a continuing reminder of the high stakes for companies facing investigations under these statutes.  Other notable enforcement developments included increasing scrutiny of companies that manufacture and market opioids.  In the courts, FCA jurisprudence continued to evolve in the wake of the Supreme Court’s decision in Universal Health Services v. United States ex rel. Escobar in June of 2016. On the regulatory and legislative fronts, the headline has been the lack of any real headlines.  With the exception of a few pieces of guidance from FDA hurried out during the last days of the Obama Administration—including several notable guidance documents related to promotional issues—the regulatory landscape has, perhaps unsurprisingly, remained largely unchanged since President Trump’s inauguration in January.  On the Hill, several key pieces of potential legislation percolated in Congress, which battled over the state of the Affordable Care Act and possible replacements, passed the FDA Reauthorization Act in July and continued to debate drug pricing and promotional issues. Below, we discuss the most notable enforcement and regulatory developments from the first half of 2017 affecting drug and device manufacturers.  As in past updates, we begin with an overview of government enforcement efforts against drug and device companies under the FCA, the FDCA, and other laws.  We then address evolving regulatory guidance and enforcement actions on topics of note to drug and device companies: promotional activities, manufacturing practices, medical device regulation, and the AKS. I.     Department of Justice Enforcement in the Pharmaceutical and Medical Device Industries The first half of 2017 saw yet another string of headline-worthy developments in the enforcement arena.      A.     False Claims Act We begin this update, as always, with an overview of FCA recoveries from the pharmaceutical, medical device, and durable medical equipment ("DME") sectors in the first half of 2017.  The U.S. Department of Justice ("DOJ") pulled in more than $419 million from settlements with seven companies.  That number was driven by two settlements involving allegations that were predicated on purported AKS violations, including Shire Pharmaceuticals LLC’s record-setting $350 million resolution.  Filling out the government’s civil recoveries in the first six months of the year were $54 million from cases involving alleged violations of government health program or contractual requirements, and a $2 million settlement involving alleged violations of the FDCA.  Notably, none of the settlements announced by DOJ thus far in 2017 have focused primarily on alleged off-label promotion. 1.     Settlements in AKS-Related FCA Matters The lion’s share of government recoveries in FCA matters from the first half of 2017 resulted from the settlement among DOJ, Shire Pharmaceuticals LLC, and other Shire subsidiaries on January 11, 2017.[1]  Shire, a global pharmaceutical and medical device company, agreed to pay $350 million to resolve allegations that it offered kickbacks to induce clinics and physicians to use its bioengineered human skin substitute, an FDA-approved medical device.  Sales personnel allegedly offered expensive dinners and entertainment, medical equipment and supplies, sham speaking engagements and case studies, and rebates to encourage the use of the device.  The settlement also resolved allegations that Shire marketed the product for uses not approved by FDA, made false statements to inflate the price of the device, and caused improper coding of claims for reimbursement.  According to DOJ, the settlement with Shire is the largest-ever FCA recovery in a kickback case involving a medical device.[2] 2.     Government Program and Contractual Requirements Most of the balance of settlement recoveries so far in 2017 has come from alleged violations of government health program requirements.  In April, DOJ announced that Sanofi-Pasteur agreed to pay $19.8 million to resolve allegations that it miscalculated the prices it reported to the U.S. Department of Veterans Affairs ("VA") and thereby overcharged the VA for vaccine products.[3]  Under the Veterans Health Care Act, pharmaceutical manufacturers must list their covered drugs on the Federal Supply Schedule and charge no more than a fixed ceiling price, which is determined as a percentage of the drug’s average manufacturer price.[4]  In April and June 2017, several durable medical equipment suppliers also resolved claims of alleged violations of government health program rules related to product utilization.  Two companies, Lincare and Pacific Pulmonary Services, paid $20 million and $11.4 million, respectively, to resolve allegations that they submitted claims for oxygen equipment and other services that were not supported by medical necessity.[5]  Another company, Innovative Therapies, paid $2.7 million to resolve allegations that its negative pressure wound treatment devices were billed to government programs as DME, but did not meet program requirements to qualify as DME for billing purposes.[6] 3.     Manufacturing Requirements In January 2017, Baxter Healthcare Corporation agreed to pay more than $18 million to resolve claims related to its alleged failure to abide by current Good Manufacturing Practices ("cGMPs") in producing drug products it sold to the VA.[7]  Baxter agreed to pay approximately $2.158 million to settle the civil FCA claims, which stood on the theory that Baxter submitted "false claims" to the VA as a result of the company’s purported violation of contractual requirements mandating compliance with the FDCA.  As outlined in more detail in the FDCA section below, the company allegedly failed to follow cGMPs by manufacturing its large-volume sterile intravenous solutions in a "clean room" that was ventilated by moldy air filters.[8]  Notably, the Statement of Facts included in Baxter’s deferred prosecution agreement acknowledges that there was no indication that any product was affected by the alleged cGMP violations.[9]  That is significant; historically, where DOJ has pursued FCA enforcement actions involving manufacturing issues, it has focused on whether the issues impacted product quality such that DOJ could assert FCA liability under a "worthless products" theory. 4.     Developments in the Implied Certification Theory The first half of the year also saw continued developments in the application of the Supreme Court’s 2016 Escobar decision, in which the Court recognized the viability of the "implied false certification theory" of FCA liability.[10]  Under the implied certification theory, FCA liability can be predicated on violations of material statutory, regulatory, or contractual requirements.[11]  In the first half of 2017, we continued to see the courts diverge in their interpretations of key aspects of Escobar, including what specific representations (if any) are needed to support an FCA claim, how a company’s track record of interacting with the government or regulatory agencies may or may not impact the courts’ materiality analyses, and whether fraud-on-the-FDA claims under the FCA are viable after Escobar. a.     Framework for Assessing "Implied Certification" Claims As outlined in more detail in our 2016 Year-End Update, the Supreme Court explained in Escobar that "the implied certification theory can be a basis for [FCA] liability, at least where two conditions" are met, including (1) "the claim does not merely request payment, but also makes specific representations about the goods or services provided," and (2) "the defendant’s failure to disclose noncompliance with material statutory, regulatory, or contractual requirements makes those representations misleading half-truths."[12] Since Escobar, courts have taken differing approaches regarding whether an FCA plaintiff must satisfy both of Escobar‘s "two conditions" to state a viable implied certification claim.  The question of whether there must be a "specific representation" made in the claim submission process is particularly significant for drug and device companies.  Indeed, these companies typically do not submit claims for reimbursement themselves, and prescribing physicians’ and pharmacists’ claims typically are true statements about patients’ diagnoses and the drugs being prescribed and dispensed to the patients.  In United States v. Sanford-Brown Ltd., which we discussed in our 2016 Year-End Update, the Seventh Circuit suggested that it would enforce a strict reading of Escobar‘s two conditions.  Explaining that "bare speculation that [a defendant] made misleading representations is insufficient," the Sanford-Brown court affirmed summary judgment in favor of the defendant where the relator offered no evidence that the defendant made "any representations at all."[13]  The Ninth Circuit also has adopted a strict interpretation of the Escobar conditions, stating in United States ex rel. Campie v. Gilead Sciences, Inc., that a defendant "must not merely request payment, but also make specific representations about the goods or services provided" to succeed on an implied certification theory.[14]  District courts in other circuits have followed this line of reasoning.  For example, the Eastern District of Pennsylvania held in March that the "Escobar standard," which requires proof of specific representations made to the government payer, is "the only [standard] available for proving FCA liability" under the implied certification theory.  Accordingly, the court dismissed the plaintiffs’ FCA claims, which were based on alleged violations of the Poison Prevention Packaging Act.[15]  But some other courts, such as the Fourth Circuit, have recently said that Escobar does not necessarily require "specific representations" for implied certification liability.[16] Even among the courts that require FCA plaintiffs to satisfy both of Escobar‘s conditions, some have not made the "specific representations" condition a very high bar to cross.  In Campie, for example, the relators alleged that the defendant, a biotechnology company, caused the submission of claims for reimbursement for drugs manufactured in a manner inconsistent with representations that the company made to FDA in securing approval.  The Ninth Circuit indicated that the drugs’ proprietary names alone could constitute a false representation, because the names "necessarily refer to specific drugs under the FDA’s regulatory regime" and thus themselves represent FDA approval.[17]  Given that the defendant allegedly "requested payment for drugs that fell outside of that approval," the court reasoned that relators adequately alleged that the defendant "omitted critical information regarding compliance with FDA standards."[18]  If other courts follow Campie‘s lead and loosen the "specific representations" standard, Escobar may provide far less protection to future FCA defendants than some anticipated. b.     Government Knowledge and Materiality The Supreme Court emphasized in Escobar that the FCA’s materiality element, which requires an FCA plaintiff to show that the alleged violation of a legal requirement was material to the government’s decision to pay the claims in question, is "demanding" and "rigorous."   Accordingly, the Court clarified that the government’s mere option to refuse payment is not sufficient to establish materiality.[19]  The Court explained further that the government’s refusal to pay claims based on the alleged noncompliance may serve as evidence of materiality and that the government’s payment of claims "in full despite its actual knowledge that certain requirements were violated" is "very strong evidence" that the requirements are not material.[20]  In light of this guidance, several courts have recently grappled with what credence (if any) to attribute to the inaction of government officials with responsibility for payment and of agencies investigating the alleged compliance issues. In United States ex rel. Petratos v. Genentech Inc., the Third Circuit affirmed the district court’s decision to dismiss claims that the defendant pharmaceutical company had "suppressed data that caused doctors to certify incorrectly that [a drug] was ‘reasonable and necessary’ for certain at-risk Medicare patients."[21]  The relator alleged that the defendant was liable under the FCA because disclosures of certain data showing more common and severe side effects of its cancer drug "would have required the company to file adverse-event reports with FDA, and could have resulted in changes" to the drug’s FDA-approved labeling.[22]  The relator also alleged that, had the defendant disclosed the side-effect information, physicians would have prescribed different doses of the drug or decided not to prescribe it at all.[23] In affirming, the Third Circuit held that the alleged suppression of data was not material to payment under Escobar, noting that the relator’s claims must fail, in large part, because he "not only fail[ed] to plead that CMS ‘consistently refuses to pay’ claims like those alleged . . . but essentially concede[d] that CMS would consistently reimburse these claims with full knowledge of the purported noncompliance."[24]  As to the government’s knowledge of alleged wrongdoing, the court observed that neither FDA nor DOJ took any adverse action against the defendant after the relator disclosed the allegations, FDA added more approved indications for the drug, and DOJ declined to intervene in the qui tam suit.[25]  The court concluded that because the relator "concede[d] that the expert agencies and government regulators have deemed these violations insubstantial (or at least would do so if made aware) . . . it [is not] appropriate for a private citizen to enforce these regulations through the [FCA]."[26] c.     The Ninth Circuit Recognizes "Fraud on the FDA" Theory under Escobar In our 2016 Year-End Update, we addressed the First Circuit’s decision in United States ex rel. D’Agostino v. ev3, Inc., which rejected the relator’s theory that an alleged fraud perpetuated on FDA could serve as a basis for FCA liability.[27]  Cautioning against "turn[ing] the FCA into a tool with which a jury . . . could retroactively eliminate the value of FDA approval . . . when the FDA itself sees no reason to do so,"[28] the First Circuit reasoned that allegations that the "fraudulent representations ‘could have’ influenced the FDA to approve [the drug]" fell short of pleading the necessary "causal link" between representations made to FDA and payments made from CMS.[29]  The court also emphasized that FDA did not withdraw its approval of the device or take any other action despite being aware of the alleged fraudulent statements.[30]  More recently, however, the Ninth Circuit reached a different result from the First Circuit’s.  As noted above, in Campie, the relators alleged that the defendant biotechnology company fraudulently obtained approval for certain of its drugs by making false statements to FDA about the manufacturing source of the drugs’ active ingredient and negative results of internal quality testing of the products.[31]  According to the relators, FDA would not have approved the drugs if it had been aware of the alleged quality issues at the manufacturing site; the relators also alleged that the defendant took various steps to fraudulently conceal that it was obtaining the active ingredient from an unapproved manufacturing site before FDA’s approval.[32]  The government declined to intervene, and the district court granted the defendant’s pre-Escobar motion to dismiss, concluding that the relators did not plead that the FDA regulations allegedly violated by the defendant were a material condition of payment and thus failed to state a claim for relief under an implied certification theory.[33] The Ninth Circuit reversed.  After deciding that the defendant’s proprietary drug names themselves could constitute actionable "specific representations," the court rejected the distinction, advanced by the defendant and adopted by the district court, that any misrepresentations were made to FDA, not the government agency that paid for the drugs.[34]  The Campie court—quite incredibly—observed that the purported fraud was "committed against the Department of Health and Human Services," which oversees FDA, and concluded that a fraud on one component agency amounts to a fraud on a separate component agency, as long as they are "overseen" by the same cabinet secretary.[35]  In any event, the court continued, "[i]t is not the distinction between the agencies that matters, but rather the connection between the regulatory omissions and the claim for payment."[36]  According to the Campie court, the crux of the inquiry is whether the false statement is "integral to [the] causal chain leading to payment[.]"[37] Turning to materiality, the court concluded that the relators adequately pleaded that element because "FDA approval is ‘the sine qua non‘ of federal funding here."[38]  The court then rejected the defendant’s argument that FDA’s choice not to withdraw approval, even after it became aware of the unsanctioned manufacturing site and the alleged quality issues, showed that the alleged conduct was not material.[39]  The court noted that "there are many reasons the FDA may choose not to withdraw a drug approval," and stated that FDA’s continued approval of the drugs was unremarkable because the company had stopped using the manufacturing site in question.[40] The Campie court’s analysis of materiality appears, at best, incomplete.  The court emphasized that FDA approval was material to payment, but it never analyzed how the alleged statements or regulatory violations were material to the FDA approval or whether relators pleaded those seemingly required facts.  Nevertheless, the court concluded that the "issues raised by the parties here are matters of proof, not legal grounds to dismiss relators’ complaint."[41]  In doing so, the Campie court appears not to have given much regard to Escobar’s admonition that questions about materiality in the implied certification context are "[not] too fact intensive for courts to dismiss [FCA] cases on a motion to dismiss . . . ."[42] 5.     Rule 9(b) Particularity Federal Rule of Civil Procedure 9(b), which requires allegations of fraud to be pleaded with particularity, applies to FCA cases.  But federal circuit and district courts have diverged widely over the years as to how much detail FCA plaintiffs—and especially relators in cases after the government has declined to intervene—must plead about actual false claims to survive a Rule 9(b) challenge on a motion to dismiss.  That is a particularly salient issue in claims against pharmaceutical and medical device companies.  Because those companies typically do not submit false claims themselves, FCA plaintiffs must plead some level of factual information about the claims for reimbursement submitted by the physicians who prescribe or use the defendants’ drugs or devices, or by retail pharmacies that fill subscriptions.  In United States ex rel. Booker v. Pfizer,[43] the First Circuit added another entry to the growing body of case law on this question and reaffirmed a prior ruling that pleading aggregate government expenditure data for the drugs at issue does not, without more, pass muster under Rule 9(b).[44] In Booker, the relators brought FCA claims against the defendant pharmaceutical company alleging that the defendant continued to induce third parties to submit false claims for off-label pediatric use of its psychotropic drug despite settling prior claims with the government based on those off-label uses (and that the defendant failed to report those purported violations as required by its prior corporate integrity agreement).[45]  After allowing limited discovery on some of the claims, the district court granted summary judgment in favor of the defendant on the relators’ off-label and kickback claims.[46]  The First Circuit affirmed the dismissal of relators’ reverse FCA claim, which was based on the defendant’s alleged failure to comply with the corporate integrity agreement’s reporting requirements, on the ground that the relators did not assert that the defendant acted unreasonably in determining that the complaint was not a "Reportable Event" for purposes of the agreement.[47]  The court then affirmed the grant of summary judgment on the off-label FCA claims, as the only evidence proffered by the relators "[a]fter six years of litigation" was aggregate Medicaid reimbursement data for the alleged off-label use.[48]  Applying Rule 9(b)’s particularity requirements, the court echoed prior precedent, holding that "where relators offer only ‘aggregate expenditure data by the government for’ the drug at issue, ‘with[out] identify[ing] specific entities who submitted claims[,] much less times, amounts, and circumstances,’ their claims ‘fall short.’"[49]  The court further clarified that the First Circuit had not held that "aggregate data together with strong circumstantial evidence" could be used "to demonstrate the existence of false claims in an FCA case."[50]  Because the relators’ data was "woefully inadequate to support their FCA claim[,]" the court affirmed the district court’s grant of summary judgment for the defendant on the claims.[51]  It is somewhat unusual that the First Circuit would apply Rule 9(b), a pleading requirement, at the summary judgment stage, but the takeaway from Booker is clear that FCA plaintiffs alleging off-label theories in the First Circuit risk early dismissal if their claims are based solely on aggregate reimbursement data without at least some detail regarding individual claims. 6.     Public Disclosure The first half of 2017 saw two decisions applying the FCA’s public disclosure bar, 31 U.S.C. § 3130(e)(4), that may prove useful to drug and device companies.  Both addressed the level of specificity with which previous public disclosures must discuss the allegations at issue for the bar to apply. In the first decision, the Eighth Circuit affirmed the dismissal of the relator’s claims in United States ex rel. Lager v. CSL Behring, L.L.C., because various public sources disclosed "enough information" to identify the defendant and its products.[52]  There, the relator alleged that the defendant manufacturer conspired with specialty pharmacies to submit false claims to the United States for reimbursement for prescription drugs.  In particular, the relator asserted that CSL falsely reported inflated wholesale prices of two durable medical equipment infusion drugs, allowing the pharmacies to charge Medicare higher prices for the drugs and resulting in $280 million in Medicare overpayments.  Rejecting the relator’s argument that he added value by identifying the specific defendant in question in this case, the court held that a public disclosure must either "explicitly identify" the defendant or "provide enough information about the participants in the scheme such that the defendant is identifiable."[53]  The court agreed that, collectively, the various sources outlining issues with the average wholesale price ("AWP"), including CMS data showing the defendant’s prices and a government report identifying the same class of products, "provide[d] enough information" to "directly identify" the defendant and its products.[54]  Because the same sources disclosed the concept of fraudulently marketing the "spread" between the actual costs and the AWP at which Medicare reimburses the products, the "elements critical to [relator’s] complaint theory were already in the public domain before [he] brought suit"; as such, the FCA’s statutory bar applied to relator’s suit.[55] In the second decision, the Ninth Circuit joined a number of other courts that have concluded that the FCA’s enumerated sources of public disclosures encompass pleadings and other public filings in civil litigation.  In Amphastar Pharmaceuticals Inc. v. Aventis Pharma SA, the court held that the public disclosure bar can apply if the relator developed the bases for the allegations and transactions in question during discovery in a prior suit.[56]  There, the relator, a generic pharmaceutical manufacturer, alleged that the defendant innovator manufacturer violated the FCA by submitting false information to the U.S. Patent and Trademark Office in obtaining a patent for one of its drugs; the relator further contended that this purportedly false submission facilitated the defendant’s monopoly for the drug and led to overcharging of the government.[57]  In an earlier patent infringement suit brought by the defendant, the relator asserted similar claims of inequitable conduct as an affirmative defense and counterclaim.[58]  Observing that "pleadings or other public filings" can provide the basis for public disclosures that trigger the statutory bar,[59] the Ninth Circuit held that the relator’s amended answer and counterclaim for inequitable conduct in the prior suit "made nearly identical allegations to those made" in the FCA case.[60]  The court rejected the argument that the relator had not previously raised FCA claims, explaining that an allegation "need not include an express reference to the [FCA,]" nor must it contain "every specific detail" for the bar to apply.[61]  Notably, although the relator had not previously alleged that the government was buying the drug in question while the defendant asserted its patent, the court reasoned that it was "an obvious inference based on the publicly disclosed allegations."[62]  And because the underlying information was developed during earlier litigation, the court also found that the relator lacked the "direct and independent knowledge" necessary to qualify as an original source under the public disclosure bar as it existed prior to the 2010 amendments in the Patient Protection and Affordable Care Act.[63]      B.     Developments in Enforcement Actions Against Opioid Manufacturers In its first six months, the Trump Administration has stated that it will focus on responding to public health crises involving opioid abuse around the country and that its enforcement agencies will scrutinize companies that manufacture and market opioid drugs. In a first-of-its-kind settlement announced on July 11, 2017, Mallinckrodt, one of the largest manufacturers of generic oxycodone, agreed to pay $35 million to settle allegations that it violated certain civil penalty provisions of the Controlled Substances Act.[64]  The government alleged that Mallinckrodt failed to meet its obligations to detect and notify the Drug Enforcement Agency ("DEA") of suspicious orders of oxycodone, which is a controlled substance and is subject to certain order monitoring requirements.  From 2008 to 2011, Mallinckrodt purportedly supplied distributors with "excessive" quantities of oxycodone without notifying the DEA of the allegedly suspicious orders.  The settlement also resolved recordkeeping allegations related to purported issues with the batch records at one of the company’s manufacturing plants.  According to DOJ, the Mallinckrodt settlement is the first of its size to resolve claims premised on violations of suspicious order monitoring and reporting requirements with a drug maker.[65] Of particular note, the settlement includes a parallel agreement with the DEA under which the company must conduct certain data analyses to identify suspicious orders in the future.  The settlement requires Mallinckrodt to use downstream customer purchase information (provided by the company’s distributors to inform the amount of discounts, or "chargebacks," that Mallinckrodt may offer based on sales to certain downstream customers) to monitor and then report suspicious sales of oxycodone by distributors to pharmacy and pain clinic customers.[66]       C.     Notable Developments in FDCA Enforcement As noted above, Baxter Healthcare Corporation agreed to pay more than $18 million to resolve allegations that it failed to comply with cGMPs when manufacturing sterile intravenous ("IV") solutions.  Of that settlement sum, Baxter will pay $16 million in connection with its criminal deferred prosecution agreement and related penalties and forfeiture.[67]  According to the criminal information, the drugs were adulterated as a result of the presence of mold on some of the high-efficiency particulate absorption filters installed in the clean rooms in which the IV solutions were manufactured.  A Baxter employee allegedly reported the presence of mold on the filters to the management of the manufacturing plant, but, according to the government, Baxter did not remove the moldy filters until after an unannounced FDA inspection identified the issue.  Although there was no evidence that mold had any impact on the IV solutions, Baxter admitted to distribution of adulterated drugs in violation of the FDCA in its deferred prosecution agreement and agreed to implement enhanced compliance provisions, including periodic certifications to the government.[68] On April 18, 2017, DOJ announced that SCM True Air Technologies, Inc. and the company’s former president pleaded guilty to a criminal information involving one count of operating an establishment that manufactured medical devices without proper registration.[69]  According to the government, between 2010 and 2012, the president delivered to the VA misbranded bariatric hospital beds (Class II medical devices) manufactured in Ohio and Kentucky establishments that were not registered properly with FDA, even though the president and SCM had been advised that such registration was required.  The former president also pleaded guilty to one count of obstruction of an FDA investigation and one count of introducing misbranded medical devices into commerce.[70] Turning to case law developments, the Supreme Court refused to hear a case challenging the contours of the Park doctrine.  The Park doctrine (also known as the "responsible corporate officer" doctrine) derives from United States v. Park,[71] in which the Supreme Court held corporate officers could be criminally liable under the FDCA for failing to prevent or correct an FDCA violation without the usual criminal state of mind.[72]  As we reported in our 2016 Year-End FDA Update, a divided panel of the Eighth Circuit in United States v. DeCoster upheld the misdemeanor convictions of two owners and operators of an egg-production company for introducing eggs into interstate commerce that had been adulterated with salmonella enteritidis.[73]  The panel refused to undercut the Park doctrine (and distinguished officer liability from vicarious liability).  Instead, the panel focused on the fact that the defendants knew or should have known of the risks posed by unsanitary conditions at their egg barns, and held that the "elimination of a mens rea requirement does not violate the Due Process Clause for a public welfare offense where the penalty is ‘relatively small[.]’"[74]    In petitioning for certiorari, the defendants argued that their convictions were based on vicarious liability and thus violated due process because the defendants did not have knowledge that the distribution company sold adulterated eggs.[75]  But the Supreme Court ultimately denied the defendants’ petition (without any written order),[76] leaving the Park doctrine undisturbed.      D.     FCPA Investigations Two FCPA settlements from early in the year illustrate the potential consequences companies may face after failing to correct (from the government’s perspective) issues identified in previous investigations. In the first, Zimmer Biomet Holdings ("Biomet") entered a joint FCPA resolution with DOJ and the Securities and Exchange Commission ("SEC") in January 2017, stemming from Biomet’s alleged failure to sever ties with an unauthorized third-party distributor in Brazil and its purportedly improper payments to customs officials in Mexico.[77]  To settle the allegations, Biomet agreed to pay more than $30 million and retain a compliance monitor for three years.  By way of background, Biomet previously settled FCPA charges in 2012 involving allegedly improper payments to doctors employed by public institutions in Argentina, Brazil, and China by entering into a deferred prosecution agreement signed prior to Zimmer’s acquisition of Biomet.  As part of that settlement, Biomet agreed to a three-year independent compliance monitor; the company had to extend that monitorship for one year in light of the new allegations in Brazil and Mexico, which arose in the midst of its previously established compliance program.[78] According to the 2017 charging documents, Biomet continued its relationship with one of the distributors in Brazil that allegedly made some of the corrupt payments underlying the 2012 settlement, despite representations to the contrary made even after an internal audit allegedly identified a related company through which Biomet interacted with the distributor.[79]  The government took issue with Biomet’s books and records, claiming that they inaccurately recorded transactions with the pass-through company instead of the unauthorized distributor that actually performed the work.[80]  As to Mexico, the government alleged that a subsidiary used improper payments to customs officials through customs brokers and sub-agents to move unlicensed dental implants across the border.[81] In its resolution with the SEC, Biomet consented to an administrative cease-and-desist order alleging FCPA bribery and accounting violations.[82]  And to resolve the DOJ investigation, Biomet entered into a deferred prosecution agreement charging willful failure to implement internal controls, and a subsidiary pleaded guilty to a single count of causing the parent company’s books and records to be inaccurate.[83]  With the implementation of Biomet’s new settlement terms, by the end of its obligations the company will have operated under the supervision of a monitor for a total of eight years. On January 18, 2017, the SEC announced a settled cease-and-desist action against Texas-based medical device company Orthofix International; the action involved alleged FCPA accounting violations related to purportedly improper payments to doctors at state-run hospitals in Brazil.[84]  From 2011 to 2013, the company’s Brazilian subsidiary allegedly used inaccurately recorded discounts and improper payments through third-party commercial representatives and distributors to persuade doctors to use the company’s products.[85]  The SEC contended that Orthofix lacked policies or mechanisms to centrally approve and monitor discounts and commissions provided by the subsidiary.[86]  In the action, the SEC specifically referenced Orthofix’s previous FCPA resolution in 2012, which focused on allegedly improper payments by its subsidiary in Mexico.[87]  Like the Biomet case discussed above, Orthofix disclosed the facts leading to this second FCPA settlement as part of the company’s reporting obligations from its settlement in 2012.[88] To settle the SEC’s FCPA allegations, Orthofix consented to an administrative cease-and-desist order and agreed to pay more than $6 million, including nearly $3.2 million in disgorgement and prejudgment interest and a $2.9 million civil penalty.[89]  Orthofix also agreed to retain an independent compliance consultant for one year[90] and, notably, was required to admit the facts forming the basis for the settlement.[91]  In a coordinated non-FCPA resolution, Orthofix and four former executives settled with the SEC revenue recognition charges relating to distributor sales.[92] Additional discussion of these and other FCPA developments can be found in Gibson Dunn’s 2017 Mid-Year FCPA Update. II.     Promotional Issues After a flurry of last-minute activity by the Obama Administration in January, the first half of the year saw relatively little regulatory activity regarding the promotion of drugs and devices.  That is unsurprising, given that Commissioner Gottlieb did not take the helm until May.[93]  Before taking his new post, Commissioner Gottlieb publicly proposed changing FDA’s culture.  For example, he decried "increasing regulatory obstacles," observed that the "practice of medicine is supposed to be regulated by state governments," and noted that physicians "are not always required to strictly follow labels or FDA directives."[94]  These remarks may signal that a shift away from strict regulation of promotional information, which many observers feel has been warranted for a long time, is near. Below, we address the limited regulatory and legislative  developments from the first six months of 2017, as well as recent developments in FDA enforcement involving promotional issues.      A.     FDA Enforcement Activity – Advertising and Promotion In our 2016 Year-End Update, we reported a flurry of year-end FDA enforcement activity related to advertising and promotion by the outgoing administration.  But so far this year, the agency’s enforcement activity has nearly ground to a halt.  FDA’s Office of Prescription Drug Promotion ("OPDP") has issued only one warning letter so far.[95]   It remains to be seen whether this is the new normal (in light of growing First Amendment concerns about enforcement in this arena), a sign of shifting agency priorities under its new leadership, or simply an anomaly. OPDP’s sole warning letter this year concerns misleading risk information in electronic advertising—an area that has been a focus of FDA enforcement efforts in the past.  As in previous OPDP letters, FDA took issue with the presentation of risk information in the advertisement as well as the substance of that information. In a May 18, 2017 untitled letter, OPDP asserted that Orexigen Therapeutics, Inc.’s television advertisement promoting a chronic weight management drug made false or misleading representations about the associated risks of the drug.[96]  According to OPDP, the advertisement contained numerous effectiveness claims, but omitted relevant risk information.  Further, OPDP contended that the advertisement misled consumers because it presented certain risk information in the visual portion of the advertisement while simultaneously communicating unrelated risk information in the audio portion.[97]      B.     FDA’s Promotional Guidance FDA has issued two draft guidance documents relating to promotional practices this year, both as part of the Obama Administration’s last-minute efforts to shape FDA promotional policies. In January, FDA issued a draft "Questions and Answers" guidance entitled "Medical Product Communications That Are Consistent With the FDA-Required Labeling."[98]  The draft guidance document is intended to illuminate "how FDA evaluates firms’ medical product communications, including promotional materials, that present information that is not contained in the FDA-required labeling for the product but that may be consistent with the FDA-required labeling for the product."  FDA issued this draft guidance in response to manufacturers’ expressed interest in communicating "the approved/cleared uses of their products that are not contained in their products’ FDA-required labeling."[99] According to the draft guidance, a manufacturer would not be subject to FDA enforcement action if its promotional communication is consistent with the FDA-required labeling, and is otherwise truthful and non-misleading—even if such information is not clearly contained in the labeling.  In determining whether promotional communication is "consistent" with the labeling, FDA would evaluate three factors: First, FDA would consider whether any representations regarding the product in the communication conflict with particular conditions of use in the FDA-required labeling.  If there is a conflict, FDA would treat the communication as inconsistent under the draft guidance. Second, FDA would look to whether the representations negatively alter the benefit-risk profile of a product in a way that may result in increased harm to health.  If so, the communication would be deemed inconsistent with FDA-required labeling. Third, the agency would consider whether the product can be used safely and effectively under the conditions represented in the communication.  If so, the communication would be deemed consistent with FDA-required labeling.[100] Also in January, FDA issued a draft guidance document regarding communication of health care economic information ("HCEI") to payors about both approved and investigational drugs and devices.[101]  This draft guidance emphasized FDA’s belief that "information provided by firms to payors about their drugs [should] be truthful and non-misleading."[102] In regard to approved drugs, FDA first clarified that HCEI can be communicated to "a payor, formulary committee, or other similar entity with knowledge and expertise in the area of health care economic analysis, carrying out its responsibilities for the selection of drugs for coverage or reimbursement."  FDA then clarified that HCEI would be considered truthful and non-misleading if it relates to an approved indication.  According to FDA, illustrative examples of HCEI that is related to an approved indication include:  duration of treatment in clinical trials, use in additional practice settings, variations in dosing regimens, alternative patient subgroups, and clinical outcome assessments.[103] In regard to investigational drugs and devices, the draft guidance would permit manufacturers to provide certain information prior to FDA approval, so long as it is done in an "unbiased, factual, accurate, and non-misleading" manner.  Approved topics include, for example, indications for which approval is sought, clinical results, pricing, and related product information.[104] Halfway through 2017, the drug and device industry is still awaiting the long-ago promised guidance from FDA regarding its comprehensive review of policies relating to promotion of drugs and devices for off-label uses.  Although we continue to await that final guidance, we can report on a few notable regulatory developments in this area from the first half of 2017. As we noted in our 2016 Year-End Update, FDA held a public meeting last November to solicit commentary on the issue of off-label promotion.  Following up on the meeting, FDA issued a January 2017 memorandum in which it identified 12 alternative approaches to off-label promotion under the First Amendment.[105]  FDA rejected every potential approach as inadequate in its memorandum.  But, the agency nevertheless extended the commentary period on its review (which had closed on January 9, 2017) to solicit further input on the First Amendment implications because some commenters had "expressed the view that FDA had not sufficiently discussed the First Amendment in the notification of public hearing."  The extended review period, which closed in April, resulted in nearly 100 additional comments.[106] On January 9, 2017, FDA issued a final rule that partially amended the agency’s definition of "intended use" for drugs and devices.[107]  Departing from the prior definition of "intended use," which focused on whether a manufacturer had "knowledge of facts that would give him notice" that a drug or device would be used for off-label purposes, the new rule adopts a "totality of the evidence" standard.  The rule provides that "where the totality of evidence is sufficient to establish a new intended use for a medical product, relevant provisions of the [FDCA] and its implementing regulations will be triggered." On March 20, 2017 (after the change in administrations), FDA delayed the rule’s effective date until March 19, 2018 to allow for additional public comment.[108]  Opponents of the rule have criticized its definition of intended use as overbroad, and various industry organizations submitted a petition requesting that FDA reconsider and permanently stay the rule on that basis.[109]      C.     Notable Litigation Relating to Promotional Issues Although the first half of 2017 produced little relevant jurisprudence, one opinion provides an important reminder about the practical limits to the First Amendment’s protection of promotional speech. In United States ex rel. Gohil v. Aventis, Inc., the Eastern District of Pennsylvania declined to dismiss, on First Amendment grounds, allegations that the defendant "misrepresent[ed] the safety and effectiveness of the off-label use" of an FDA-approved drug for the treatment of cancer, reasoning that "[t]hat sort of speech is not necessarily protected by the First Amendment."[110]  The court recognized that "[l]iability for truthful, non-misleading speech related to off-label marketing may be protected by the First Amendment."[111]  But because the issue arose at the pleadings stage, the court declined to resolve the factual issue of whether "the off-label promotion [was] actually false and/or misleading."[112]  Although the Gohil court allowed the case to proceed, it is noteworthy that the court recognized the viability of a potential First Amendment defense in an FCA case based on off-label theories.      D.     Legislative Developments Reflecting the momentum for broader recognition of more permissive promotion communications about FDA-approved drugs and devices, the first half of 2017 featured notable legislative activity relating to off-label promotion at both the state and federal levels. At the state level, one state took matters into its own hands in the absence of FDA policy reform regarding the exchange of truthful off-label information between industry participants and physicians.  On March 21, 2017, Arizona became the first state to enact a law permitting drug and device manufacturers to communicate with health care providers about off-label treatments by eliminating state penalties for such conduct.[113]  Arizona’s "Free Speech in Medicine Act" allows manufacturers to "engage in truthful promotion of an off-label use of a drug, biological product or device" with licensed health care professionals, but not directly to the public.  Of course, because FDA retains the authority to police off-label promotion at the federal level, Arizona’s effort to relax restrictions is largely a symbolic gesture.  Nevertheless, the bill received widespread media attention and may help to encourage similar activity by other states and may even influence FDA’s policy development. Congress also shuffled forward this year, with House lawmakers introducing a pair of draft bills that would loosen restrictions on off-label drug and device communications. The first bill, entitled the Pharmaceutical Information Exchange Act, is aimed at loosening restrictions on what information manufacturers are permitted to communicate prior to FDA approval of a product.[114]  Introduced by Rep. Brett Guthrie (R-KY), the bill would amend the FDCA to permit the provision of "health care economic information or scientific information . . . to a payor, formulary committee, or other similar entity . . . if it is based on competent and reliable scientific evidence and relates to an investigational new drug or an investigational use of an approved drug." The second bill, entitled the Medical Product Communications Act of 2017, would enable manufacturers to proactively discuss certain off-label information with health care providers.[115]  The bill, introduced by Rep. Morgan Griffith (R-VA), provides that "the scientific exchange of information about a drug, biological product, or device . . . shall not constitute labeling, advertising, or evidence of a new intended use."  Thus, the bill would permit drug manufacturers to communicate information related to unapproved uses with health care professionals, provided that the communication is supported by appropriate data and the manufacturer makes no claim that the unapproved product or use has been demonstrated to be safe or effective. Although some lawmakers and industry groups expressed support for the draft bills during recent committee hearings—praising the proposed clarification of off-label communications and provision of more information to payers and health-care decision makers aimed at improving patient access to new treatments—other lawmakers and consumer groups expressed concern that the bills could undermine existing regulatory processes intended to protect patient health and safety.[116]  To date, neither bill has been advanced out of committee in the House.  III.     Developments in cGMP Regulations and Other Manufacturing Issues The biggest headline in the cGMP and manufacturing arena during the first six months of 2017 was the criminal conviction and sentencing of Barry Cadden, who was responsible for a deadly meningitis outbreak that arguably is the largest public health crisis caused by the defective manufacturing of a pharmaceutical product.  The first half of the year saw robust enforcement efforts on the part of DOJ and FDA.  For its part, FDA continues to crack down on manufacturing issues with warning letters and is on pace to exceed last year’s total number of warning letters by year’s end.  These developments, as well as recently issued final and draft guidance documents, are discussed below.      A.     Notable cGMP Compliance and Enforcement Activity 1.     Owner of New England Compounding Center Is Convicted and Sentenced In late 2014, an indictment was unsealed charging Barry Cadden, owner and head pharmacist of New England Compounding Center ("NECC"), with a host of crimes in connection with a nationwide meningitis outbreak.  According to DOJ, Cadden authorized the shipment of contaminated methylprednisolone acetate ("MPA") to NECC customers nationwide and, as a result, 753 patients in twenty states were diagnosed with a fungal infection after receiving injections of MPA.  The outbreak led to the deaths of 64 patients in nine states.  Cadden allegedly authorized the shipment of drugs without waiting for the return of sterility tests, failed to notify customers of nonsterile results, and compounded drugs with expired ingredients.  According to DOJ, this series of cGMP failures led to an outbreak that was the "largest public health crisis ever caused by a pharmaceutical product," with hundreds suffering from debilitating and life-changing injuries and a tragic number of wholly preventable fatalities.  In May 2017, after a nine-week trial, a federal jury convicted Cadden of racketeering, racketeering conspiracy, mail fraud, and introduction of misbranded drugs into interstate commerce with the intent to defraud and mislead.  The jury acquitted Cadden of murder charges.  In late June 2017, Cadden was sentenced to nine years in prison, three years of supervised release, and forfeiture and restitution in amounts to be determined.[117] In the wake of sentencing, FDA Commissioner Gottlieb commented, "[p]atients should not have to worry about the safety and sterility of the drugs they are prescribed. . . . [W]e will continue to hold accountable those who violate the law and put patients at risk."  According to Commissioner Gottlieb, this outcome serves as a cautionary tale against corner cutting and putting "profits over patients."[118] 2.     Consent Decrees Involving Two Drug Makers During the last six months, DOJ announced two notable consent decrees of permanent injunction entered by federal district courts against drug manufacturers to stop the distribution of unapproved, misbranded, and adulterated drugs.  On March 15, 2017, the U.S. District Court for the District of Colorado enjoined EonNutra LLC, two related companies (CDSM LLC and HABW LLC), and their owner from selling or distributing adulterated and misbranded dietary supplements and unapproved and misbranded drugs.[119]  The cGMP-based claims underlying the injunction alleged that the defendants’ products were not manufactured in compliance with federal regulations; a 2016 FDA inspection cited the defendants’ failure to establish specifications for the identity, purity, strength, and composition of their products or prepare and follow manufacturing plans. More recently, on June 15, 2017, the U.S. District Court for the Southern District of Florida entered a consent decree including a permanent injunction against Florida-based Stratus Pharmaceuticals Inc. and New Jersey-based Sonar Products Inc., as well as two of their officers, Alberto Hoyo and Juan Carlos Billoch.[120]  FDA accused Stratus and Sonar of regularly shipping unapproved dermatological products, such as washes, creams, and ointments promoted to treat skin conditions like acne and rosacea.  Sonar made the drugs for Stratus, which distributed prescription and nonprescription drugs and also owned 80% of Sonar.  The agency asserted that the companies had been violating cGMP requirements since 2014.  The consent decree requires Sonar to stop all operations until it hires a cGMP expert and receives written permission from FDA to resume operations.  Stratus is barred from distributing unapproved drugs until it gets clearance from FDA on those products. 3.     cGMP-Based Warning Letters FDA’s Office of Manufacturing Quality in the Center for Drug Evaluation and Research ("CDER") issued 26 warning letters in the first half of 2017, putting it on pace to exceed the 44 warning letters issued in 2016.[121]  As in 2016, FDA continued to focus on issues identified during foreign inspections, with warning letters issued to companies in China and India, as well as Japan, Singapore, Italy and the United Kingdom.  Also consistent with FDA’s activity in 2016, the warning letters thus far this year underscore FDA’s focus on data integrity.  Data integrity citations and recommendations for "Data Integrity Remediation" cropped up in 11 of the 26 warning letters issued by CDER in 2017.  CDER often found these violations in manufacturing facilities in China and India.   A few of the most notable warning letters from the first half of the year are summarized below: Jinan Jinda Pharmaceutical Chemistry Co.[122]  In February 2017, a Chinese manufacturer received a warning letter that cited, among other things, the lack of controls in place to prevent staff from altering or deleting electronic data.  FDA noted that "[a]nalysts manipulated and deleted audit trails" and that full administrative rights were given to the quality control manager and deputy manager, allowing them to manipulate data and turn off audit trails.  FDA also cited the company for failures of its quality unit to meet specifications for quality and purity and failure to adequately investigate out-of-specification results. Badrivishal Chemicals & Pharmaceuticals.[123]  In March 2017, FDA cited Badrivishal in India for multiple violations including quality and data integrity deficiencies.  In detailing the many asserted violations, FDA noted that original laboratory and production records were found in trash bags behind the facility, data on the discarded documents did not match official records, and the quality unit did not investigate the discrepancies.  Investigators discovered later that the trash bags had been removed, preventing further examination of the documents.  FDA recommended that the company hire a cGMP consultant to correct deviations. USV Private Limited.[124]  After a 2016 inspection of the company’s facility in India, FDA issued a March 2017 warning letter to USV listing cGMP violations.  The alleged violations included data integrity deficiencies, e.g., computer systems that were not appropriately controlled, data in laboratory records that were not complete, a computer system that allowed for deletion of files, the failure to maintain a backup file, and unrestricted access to microbial identification instrument and external hard drives.  To address these issues, FDA recommended a comprehensive data integrity remediation.  In the warning letter, FDA also asserted that USV failed to establish proper laboratory controls and procedures to prevent microbiological contamination on sterile products and to correctly and routinely perform environmental monitoring tests.  Notably, FDA pointed out that it found similar violations at another of the company’s facilities in 2014, which also resulted in a warning letter.  FDA admonished USV that "[t]hese repeated problems at multiple sites demonstrate that your company’s oversight and control over the manufacture of drugs is inadequate" and called for an immediate and comprehensive assessment of the company’s global manufacturing operations.      B.     cGMP Rulemaking and Guidance Activity Since January, FDA has issued four draft and final guidance documents related to cGMP compliance.  Like the guidance activity relating to promotional issues discussed above, FDA released three of the guidance documents in a last-minute effort to advance guidelines that had long been in the works before the change in administration. Combination Products.  In January 2017, FDA published final guidance entitled Current Good Manufacturing Practice Requirements for Combination Products, which describes and explains the final rule on cGMP requirements for combination products that FDA issued on January 22, 2013, as codified in 21 CFR part 4.[125]  The guidance defines what a combination product is, provides an overview of the final rule, and discusses the purpose and content of specific cGMP requirements addressed in the final rule.  In separate sections, the guidance also addresses certain general considerations for cGMP compliance for combination products and presents hypothetical scenarios to illustrate how to comply with requirements for particular types of combination products—specifically, a prefilled syringe, drug-eluting stent, and drug-coated mesh. Repackaging.  In January 2017, FDA also issued final guidance on the topic of Repackaging of Certain Human Drug Products by Pharmacies and Outsourcing Facilities.[126]  Repackaged drugs, which are prepared to meet the specific needs of particular patients, are generally subject to the adulteration, misbranding, and approval provisions of the FDCA.  The agency stated in the guidance, however, that it does not intend to enforce those provisions against state-licensed pharmacies, federal facilities or outsourcing facilities so long as they meet the criteria outlined in the guidance (e.g., that a licensed pharmacist repackage or directly supervise the repackaging of the drug product). Mixing, Diluting or Repackaging.  FDA issued draft guidance in January 2017 called Mixing, Diluting, or Repackaging Biological Products Outside the Scope of an Approved Biologics License Application.  The draft guidance details the conditions under which state-licensed pharmacies, federal facilities or outsourcing facilities can mix, dilute, and repackage biologics.[127]  According to FDA, "diluting or mixing a biological product with other components, or repackaging a biological product by removing it from its approved container-closure system and transferring it to another container-closure system, is, in the absence of manufacturing controls, highly likely to affect the safety and/or effectiveness of the biological product."[128]  FDA recognized, however, that in certain circumstances, it is appropriate to mix, dilute, or repackage a biological product to meet the needs of a specific patient (e.g., in the pediatric care context).  Although any biological product that is mixed, diluted, or repackaged such that it falls outside the scope of an approved BLA as an "unlicensed biological product," this draft guidance details the appropriate conditions under which these steps can be taken without risk of FDA action.  Notably, this document appears to provide more flexibility for outsourcing facilities to repackage biologics than the 2015 draft guidance.[129] Medical Gases.  Finally, FDA issued draft guidance in June 2017 addressing Current Good Manufacturing Practice for Medical Gases.  This draft guidance superseded the far lengthier May 2003 draft guidance regarding the same topic.[130]  In its most recent version, FDA explained that in an effort to reduce the regulatory compliance burden on the industry, it tailored the draft guidance to provide "clear, up-to-date, detailed recommendations regarding CGMP issues that have been the subject of industry questions."[131]  Among other issues, the draft guidance addresses requirements with respect to organization and personnel; facility and equipment; production and process controls; packaging and labeling, distribution, and laboratory controls; and records and reports. IV.     Medical Devices The first half of 2017 saw some late Obama Administration guidance with respect to medical devices followed by relative silence as FDA’s leadership turned over with the new administration.  We summarize below recent regulatory and enforcement developments relating to medical device manufacturers.      A.     FDA Guidance Since the Trump Administration took the reins, there has been little new guidance from FDA directed at medical devices.  In the waning days of the Obama Administration, however, CDRH released significant guidance regarding investigational device exemptions ("IDE"). On January 13, 2017, CDRH released guidance intended to clarify the "principal factors that FDA considers when assessing the benefits and risks of IDE applications for human clinical studies."[132]  The guidance sets forth a flexible review process that takes into account the "total product lifecycle" and the inherent "uncertainty (i.e., lower level of evidence)" available at the early stages of device development and investigational clinical study.  By recognizing the inherent uncertainty in early-stage device development, the guidance gives IDE sponsors and investigators leeway to pursue investigational devices without perfect knowledge of the ultimate benefit-risk balance.  The guidance also "characterize[s] benefits in the context of investigational research" to include both "direct benefits to the subject" and "benefits to others (to the extent there are indirect benefits to subjects such as knowledge to be gained from the study or information that may contribute to developing a treatment)."      B.     Update on Regulation of Laboratory Developed Tests We have previously reported on FDA’s controversial efforts to regulate Laboratory Developed Tests ("LDTs")—diagnostic tests designed, manufactured, and performed in clinical laboratories—including FDA’s indication that it would finalize its 2014 draft guidance regarding regulation of LDTs as medical devices.[133]  The change of administrations, paired with intense feedback from industry stakeholders, delayed efforts to finalize that guidance.  Indeed, FDA announced at the end of 2016 that it would not issue final guidance  on the oversight of LDTs. In January 2017, FDA went back to the drawing board and released a "Discussion Paper on Laboratory Developed Tests" that sets out a "possible approach to LDT oversight" based on the "extensive, and often conflicting, feedback [FDA] received from a broad range of stakeholders" on the aborted draft guidance.[134]  According to FDA, the approach outlined in the paper seeks to strike a balance between encouraging innovation, on the one hand, and ensuring that patients and health care providers have access to "accurate, reliable, and clinically valid tests," on the other.  To this end, the paper floats the possibility of requiring approval for "new and significantly modified high and moderate risk LDTs," while exempting "previously marketed LDTs" from "most or all FDA regulatory requirements" unless "necessary to protect the public health."[135]  Although the paper is non-binding and "does not represent the formal position of FDA," it previews an approach that could be more palatable to many stakeholders in continuing development of LDTs.[136]  There is no timeline for implementing or finalizing this framework, but FDA said it will continue to "work with all stakeholders in future conversations around the right path forward on LDT oversight."[137]      C.     Enforcement Letters FDA issued 11 device-related warning letters during the first six months of 2017, with only one of those coming from CDRH.[138]  Of those letters, all but one were related to manufacturing and Quality System Regulation issues.  Two letters warrant mention here. In January, Rapid Release Technologies received a warning letter concerning its "RPT PRO2" vibration pain therapy device; the Letter alleged that the company did not have an approved application for premarket approval or an approved application for an IDE.[139] In April, CDRH issued a warning letter to Abbott (St. Jude Medical Inc.) in connection with alleged battery defects in its defibrillators and alleged cybersecurity vulnerabilities in its home monitoring devices.[140]  CDRH’s focus on cybersecurity represents FDA’s first enforcement foray on that topic.  V.     Anti-Kickback Statute      A.     AKS-Related Case Law Developments Federal courts issued several notable decisions interpreting the AKS in the first half of 2017, including some that further expand the conduct reached by the AKS.  Continuing a trend we have noted in past updates, these courts broadly interpreted key language in the statute’s prohibition on drug and device manufacturers providing or receiving "remuneration" to induce, "arrange for," or reward referrals or business involving goods or services for which payment "may be made" by a federal health care program. Two notable opinions involved issues tied to the promotion of prescription drugs.  First, in United States ex rel. Brown v. Pfizer, Inc.,[141] the Eastern District of Pennsylvania declined to dismiss a case involving alleged speaker fees and other payments the defendant made to physicians to encourage prescriptions of an anti-infection drug.[142]  Although the defendant argued that imposing AKS liability on such allegations "would effectively criminalize the promotion of prescription drugs," the court disagreed.  The court recognized that the personal services and management contracts "safe harbor" to the AKS permits paid contractual  arrangements between pharmaceutical companies and physicians provided that they meet certain requirements (e.g., that the payments were set at "fair market value").  But the court concluded that relators had sufficiently alleged that the defendant’s payments were not made at fair market value, and, as a result, the defendant could not—at least at the pleadings stage—establish that it met the personal services and management contracts safe harbor.[143] In a second case, United States ex rel. Wood v. Allergan Inc.,[144] the Southern District of New York considered whether prescription drug sampling—a practice expressly permitted by the Prescription Drug Marketing Act ("PDMA")—could constitute "remuneration" under the AKS.  Specifically, the court declined to dismiss an FCA claim predicated on the defendant’s alleged payment of kickbacks to physicians in the form of prescription drug samples to encourage drug prescriptions.  The defendant argued that the PDMA permits pharmaceutical companies to provide drug samples to encourage physicians to prescribe the drugs and that HHS OIG guidance expressly acknowledges that prescription drug samples have no value to physicians unless resold or billed to government health care programs.  The court sidestepped the apparent conflict between the AKS and PDMA, however, and instead relied on the relator’s allegations that absent the provision of free samples, physicians may have had to purchase some amount of those drugs to use in their practices, rather than having prescriptions filled at retail pharmacies.  As a result, the court concluded that the samples could be "remuneration" insofar as they had value to physicians by allegedly "subsidiz[ing] . . . [their] costs."[145] Another federal court also adopted an expansive interpretation of the AKS in analyzing what it means to "arrange for" the provision of federally reimbursable goods or services, which the AKS penalizes if done in exchange for remuneration.[146]  In MedPricer.com, Inc. v. Becton, Dixon & Co.,[147] the court declared unenforceable a contract between a device manufacturer and the operator of an auction website under which the website operator would post device listings because performing the contract would violate the AKS’s "arrange for" provision.[148]  The court held that the website operator "arranged" for sales of devices within the meaning of the AKS despite the fact that the operator neither participated as a buyer or a seller, nor "cho[se] which particular suppliers participate[d] in the sales [or] which products [were] sold."[149]  In reaching this conclusion, the court relied largely on the website operator’s description of its business model as "facilitat[ing] sales" of medical devices.[150]  Notably, the MedPricer.com opinion has potentially broader applicability in that the court determined that AKS liability "requires only a minimal showing" that the goods or services in question are provided to a government program beneficiary and "may be" federally reimbursable—rejecting the argument that AKS liability only attaches when the goods or services are, in fact, actually reimbursed by the federal government.[151]  In reaching the latter conclusion, the court relied on the HHS OIG’s view in past advisory opinions that whether a product or service is in fact reimbursed by federal health care programs bears only on HHS OIG enforcement decisions, not on the scope of conduct covered by the AKS.[152]      B.     HHS OIG Final Rule Regarding AKS Statute of Limitations In January 2017, HHS OIG finalized a rule that imposes a 10-year limitations period on HHS OIG exclusion actions brought on the basis of violations of the AKS.[153]  HHS OIG had originally proposed to amend the relevant regulation to clarify that there was no limitations period.[154]  However, in response to numerous comments objecting to the proposal, HHS OIG decided to adopt a 10-year limitations period.[155]  In doing so, HHS OIG expressed concern that "any limitations period on . . . exclusions may force OIG to either initiate administrative proceedings while [a given FCA] matter is proceeding or lose the ability to protect the programs and beneficiaries through an exclusion.  Litigating FCA and exclusion actions on parallel tracks wastes Government (both administrative and judicial) and private resources."[156]  Nonetheless, HHS OIG concluded that "such situations will be less frequent with a 10-year period than with a shorter period," and that a 10-year period balances the goal of avoiding government waste against the goals of "provid[ing] certainty" and avoiding the "administrative burden" of indefinite document retention that regulated parties could incur were HHS OIG to explicitly adopt an indefinite limitations period.[157]  HHS OIG’s response to the comments it received also noted the alignment between a 10-year limitations period and the FCA’s 10-year statute of repose,[158] and stated that, while recent conduct is more relevant to exclusion decisions, HHS OIG’s experience has shown that "exclusion can be necessary to protect the Federal health care programs even when the conduct is up to 10 years old."[159]      C.     Notable HHS OIG Guidance Among a number of advisory opinions issued by HHS OIG so far in 2017, one opinion had particular relevance for drug and device companies in the context of clinical studies and patient assistance programs. In an advisory opinion issued on June 29, 2017, HHS OIG considered a proposal to "reduce or waive, on a non-routine, unadvertised basis, cost-sharing amounts owed by financially needy Medicare beneficiaries for items and services furnished in connection with a clinical research study."[160]  The study involved a biomedical system indicated for treating ulcers and other chronic wounds.[161]  In the proposal advanced by the parties seeking the advisory opinion, a particular hospital participating in the study would "reduce or waive applicable cost-sharing amounts owed by financially needy beneficiaries for all Study-related items and services."[162]  The manufacturer of the system under study would not cover any of these reductions or waivers.  The hospital would only inform a given patient of the possibility of reduction or waiver if that patient, upon receiving notice that he or she "may owe cost-sharing amounts in connection with the Study," informed the hospital that he or she could not afford these payments.[163]  The hospital would then evaluate the patient’s financial need according to a set of uniform criteria.  Neither the hospital nor the manufacturer would advertise the possibility of waiver or reduction of patients’ cost-sharing obligations.[164] Analyzing the proposal under the Beneficiary Inducement CMP,[165] HHS OIG found that the proposal fits within an exception from the definition of remuneration for any waiver of coinsurance or deductible amounts that "is not offered as part of any advertisement or solicitation"; that is not "routinely" provided; and that is only granted either after a "good faith" determination of financial need, or after "reasonable collection efforts" have failed.[166]  Given the non-advertised and "case-by-case" nature of the proposed reductions and waivers in this particular case, along with the "objective criteria" used to determine financial need, HHS OIG found that the proposal fit within this exception.[167]  For the same reasons, HHS OIG determined that it would not seek administrative sanctions under the AKS, provided that "the requisite intent to induce or reward referrals of Federal health care program business" remained absent.[168] VI.     Conclusion As these issues, and others, in the drug device industries continue to develop, we will track them and report back in our 2017 Year-End Update. [1]      Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Shire PLC Subsidiaries to Pay $350 Million to Settle False Claims Act Allegations (Jan. 11, 2017), https://www.justice.gov/opa/pr/ shire-plc-subsidiaries-pay-350-million-settle-false-claims-act-allegations. [2]      Id. [3]      Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Sanofi Pasteur Agrees to Pay $19.8 Million to Resolve Drug Overcharges to the Department of Veterans Affairs (Apr. 3, 2017), https://www.justice.gov/ opa/pr/sanofi-pasteur-agrees-pay-198-million-resolve-drug-overcharges-department-veterans-affairs. [4]      See 38 U.S.C. § 8126. [5]      Nate Raymond, Linde’s Lincare settles U.S. whistleblower case for $20 million, Reuters, June 27, 2017, http://www.reuters.com/article/us-linde-lawsuit-idUSKBN19I2GX; Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Oxygen Equipment Provider Pays $11.4 Million to Resolve False Claims Act Allegations (Apr. 25, 2017), https://www.justice.gov/opa/pr/oxygen-equipment-provider-pays-114-million-resolve-false-claims-act-allegations. [6]      Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Durable Medical Equipment Manufacturer Agrees To Pay $2.715 Million To Resolve False Claims Allegations (June 29, 2017), https://www.justice.gov/usao-mdtn/pr/ durable-medical-equipment-manufacturer-agrees-pay-2715-million-resolve-false-claims. [7]      Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Baxter Healthcare Corporation to Pay More Than $18 Million to Resolve Criminal and Civil Liability Relating to Sterile Products (Jan. 12, 2017), https://www.justice.gov/opa/pr/baxter-healthcare-corporation-pay-more-18-million-resolve-criminal-and-civil-liability. [8]      Id. [9]      See Statement of Facts ¶¶ 37–40, United States v. Baxter Healthcare Corp., No. 1:17-mj-00010-DLH (W.D.N.C. Jan. 12, 2017), ECF No. 1-1. [10]     See generally Universal Health Servs., Inc. v. United States ex rel. Escobar, 136 S. Ct. 1989 (2016). [11]     See id. at 1995. [12]     Id. at 2001 (emphasis added). [13]     840 F.3d 445, 447 (7th Cir. 2016). [14]     862 F.3d 890, 902 (9th Cir. 2017). [15]     United States ex rel. Schiemelpfenig v. Dr. Reddy’s Labs. Ltd., No. 11-4607, 2017 WL 1133956, at *6 (E.D. Pa. Mar. 27, 2017) (interpreting language from the Third Circuit’s decision in United States ex rel. Whatley v. Eastwick College, 657 F. App’x 89 (3d Cir. 2016)) [16]     See United States ex rel. Badr v. Triple Canopy, Inc., 857 F.3d 174, 178 (4th Cir. 2017); see also United States ex rel. Landis v. Tailwind Sports Corp., 2017 WL 573470, at *11 (D.D.C. Feb. 13, 2017). [17]     Campie, 862 F.3d at 902–03. [18]     Id. at 903. [19]     136 S. Ct. at 2002–04. [20]     Id. at 2003. [21]     855 F.3d 481, 485 (3d Cir. 2017). [22]     Id. [23]     Id. at 486. [24]     Id. at 490 (quoting Escobar, 136 S. Ct. at 2003). [25]     Petratos, 855 F.3d at 490. [26]     Id. [27]     845 F.3d 1 (1st Cir. 2016). [28]     Id. at 8. [29]     Id. at 7. [30]     Id. at 8. [31]     862 F.3d at 895–96. [32]     Id. at 896–97. [33]     See id. at 898; see also United States ex rel. Campie v. Gilead Sci., Inc., No. C-11-0941 EMC, 2015 WL 3659765, at *6–8 (N.D. Cal. June 12, 2015). [34]     862 F.3d at 902–03. [35]     Id. at 903. [36]     Id. [37]     Id. (citation and internal quotation marks omitted). [38]     Id. at 905 (citation omitted). [39]     Id. at 906. [40]     Id. [41]     Id. at 907. [42]     136 S. Ct. at 2004 n.6. [43]     847 F.3d 52 (1st Cir. 2017). [44]     See id. at 58 (upholding United States ex rel. Ge v. Takeda Pharm. Co. Ltd., 737 F.3d 116, 121, 124 (1st Cir. 2013)). [45]     847 F.3d at 54–55. [46]     See id. at 55. [47]     Id. at 57. [48]     Id. at 58. [49]     Id. (quoting United States ex rel. Ge v. Takeda Pharm. Co., 737 F.3d 116, 121, 124 (1st Cir. 2013) (alterations in original)). [50]     847 F.3d at 58. [51]     Id. at 58–59. [52]     855 F.3d 935, 945–46 (8th Cir. 2017) (citation and internal quotation marks omitted). [53]     Id. at 944 (citation and internal quotation marks omitted). [54]     Id. at 945–46 (citation and internal quotation marks omitted). [55]     Id. at 948–49. [56]     856 F.3d 696 (9th Cir. 2017).  Gibson, Dunn & Crutcher LLP represented the defendants-appellants in the district court and in their successful appeal of this matter in the Ninth Circuit. [57]     Id. at 702. [58]     Id. at 701. [59]     Id. at 703. [60]     Id. at 704. [61]     Id. (citation and internal quotation marks omitted). [62]     Id. [63]     Id. at 706–08. [64]     Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Mallinckrodt Agrees to Pay Record $35 Million Settlement for Failure to Report Suspicious Orders of Pharmaceutical Drugs and for Recordkeeping Violations (July 11, 2017), https://www.justice.gov/opa/pr/mallinckrodt-agrees-pay-record-35-million-settlement-failure-report-suspicious-orders. [65]     Id. [66]     Id. [67]     See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Baxter Healthcare Corporation to Pay More Than $18 Million to Resolve Criminal and Civil Liability Relating to Sterile Products (Jan. 12, 2017), https://www.justice.gov/opa/pr/baxter-healthcare-corporation-pay-more-18-million-resolve-criminal-and-civil-liability. [68]     See id. [69]     Press Release, U.S. Dep’t of Justice, U.S. Attorney’s Office, W.D. of Ky., SCM True Air Technologies, Of Ohio And Kentucky, And Its Former Company President – Guilty Of Delivering Misbranded Medical Devices From Unregistered Facilities To A Georgia V.A. Medical Center And Obstructing An FDA Investigation Into Their Conduct (Apr. 18, 2017), https://www.justice.gov/usao-wdky/pr/scm-true-air-technologies-ohio-and-kentucky-and-its-former-company-president-guilty. [70]     Id. [71]     421 U.S. 658 (1975). [72]     Id. at 670–76. [73]     United States v. DeCoster, 828 F.3d 626, 629–33 (8th Cir. 2016). [74]     Id. at 633. [75]     See Petition for Writ of Certiorari at 2–4, DeCoster v. United States (No. 16-877). [76]     137 S. Ct. 2160 (2017). [77]     Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Zimmer Biomet Holdings Inc. Agrees to Pay $17.4 Million to Resolve Foreign Corrupt Practices Act Charges (Jan. 12, 2017), https://www.justice.gov/opa/pr/ zimmer-biomet-holdings-inc-agrees-pay-174-million-resolve-foreign-corrupt-practices-act. [78]     See id. [79]     See Superseding Information ¶¶ 20, 22–44, United States v. Zimmer Biomet Holdings, Inc., No. 12-CR-00080 RBW (D.D.C. Jan. 12, 2017). [80]     See id. at ¶¶ 72–75. [81]     See id. at ¶ 45. [82]     Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Zimmer Biomet Holdings Inc. Agrees to Pay $17.4 Million to Resolve Foreign Corrupt Practices Act Charges (Jan. 12, 2017), https://www.justice.gov/opa/ pr/zimmer-biomet-holdings-inc-agrees-pay-174-million-resolve-foreign-corrupt-practices-act; Press Release, U.S. Sec. & Exch. Comm’n, Biomet Charged With Repeating FCPA Violations (Jan. 12, 2017), https://www.sec.gov/news/pressrelease/2017-8.html. [83]     Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Zimmer Biomet Holdings Inc. Agrees to Pay $17.4 Million to Resolve Foreign Corrupt Practices Act Charges (Jan. 12, 2017), https://www.justice.gov/opa/pr/zimmer-biomet-holdings-inc-agrees-pay-174-million-resolve-foreign-corrupt-practices-act. [84]     Press Release, U.S. Sec. & Exch. Comm’n, Medical Device Company Charged With Accounting Failures and FCPA Violations (Jan. 18, 2017), https://www.sec.gov/news/pressrelease/2017-18.html. [85]     Id. [86]     See Order Instituting Cease-and-Desist Proceedings 2, In the Matter of Orthofix Int’l N.V., Admin. Proc. File No. 3-17800 (Jan. 18, 2017), https://www.sec.gov/litigation/admin/2017/34-79828.pdf. [87]     See id. at 2, 3.18, 2017), https://www.sec.gov/litigation/admin/2017/34-79828.pdf. [88]     See id. at 6. [89]     See Press Release, U.S. Sec. & Exch. Comm’n, Medical Device Company Charged With Accounting Failures and FCPA Violations (Jan. 18, 2017), https://www.sec.gov/news/pressrelease/2017-18.html. [90]     See Order Instituting Cease-and-Desist Proceedings 9, In the Matter of Orthofix Int’l N.V., Admin. Proc. File No. 3-17800 (Jan. 18, 2017), https://www.sec.gov/litigation/admin/2017/34-79828.pdf. [91]     See id. at 1. [92]     See Press Release, U.S. Sec. & Exch. Comm’n, Medical Device Company Charged With Accounting Failures and FCPA Violations (Jan. 18, 2017), https://www.sec.gov/news/pressrelease/2017-18.html. [93]     Meet Scott Gottlieb, M.D., Commissioner of Food and Drugs, U.S. Food & Drug Admin., https://www.fda.gov/AboutFDA/CentersOffices/ucm557569.htm (last updated May 18, 2017). [94]     Scott Gottlieb, Changing the FDA’s Culture, Nat’l Affairs (2012), https://www.nationalaffairs.com/publications/detail/changing-the-fdas-culture. [95]     Warning Letters 2017: Office of Prescription Drug Promotion, U.S. Food & Drug Admin., https://www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/default.htm (follow "Enforcement Activities by FDA" hyperlink; then follow "Warning Letters and Notice of Violation Letters to Pharmaceutical Companies" hyperlink; then follow "Warning Letters 2017" hyperlink) (last updated Aug. 3, 2017). [96]     Untitled Letter from Meena Ramachandra, Regulatory Review Officer, Office of Prescription Drug Promotion, U.S. Food & Drug Admin. to Stacy Hennings, Senior Director, Regulatory Affairs Advertising & Promotions, Orexigen Therapeutics, Inc. (May 18, 2017), https://www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/default.htm (follow "Enforcement Activities by FDA" hyperlink; then follow "Warning Letters and Notice of Violation Letters to Pharmaceutical Companies" hyperlink; then follow "Warning Letters 2017" hyperlink; then follow "Untitled Letter" hyperlink under "Office of Prescription Drug Promotion"). [97]     Id. [98]     U.S. Food & Drug Admin., Draft Guidance for Industry: Medical Product Communications That Are Consistent With the FDA-Required Labeling—Questions and Answers (Jan. 2017), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM537130.pdf. [99]     Id. at 1–2. [100]   Id. at 3–5. [101]   U.S. Food & Drug Admin., Draft Guidance for Industry and Review Staff:  Drug and Device Manufacturer Communications With Payors, Formulary Committees, and Similar Entities—Questions and Answers (Jan. 2017), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM537347.pdf. [102]   Id. at 3. [103]   Id. at 4–8. [104]   Id. at 16. [105]   U.S. Food & Drug Admin., Public Health Interests and First Amendment Considerations Related to Manufacturer Communications Regarding Unapproved Uses of Approved or Cleared Medical Products 1, 26–34 (Jan. 2017), https://www.federalregister.gov/documents/2017/01/19/2017-01013/manufacturer-communications-regarding-unapproved-uses-of-approved-or-cleared-medical-products. [106]   U.S. Food & Drug Admin., Manufacturer Communications Regarding Unapproved Uses of Approved or Cleared Medical Products; Availability of Memorandum; Reopening of the Comment Period, 82 Fed. Reg. 6367, 6368 (Jan. 19, 2017). [107]   U.S. Food & Drug Admin., Clarification of When Products Made or Derived From Tobacco Are Regulated as Drugs, Devices, or Combination Products; Amendments to Regulations Regarding "Intended Uses," 82 Fed. Reg. 2193 (Jan. 9, 2017). [108]   U.S. Food & Drug Admin., Clarification of When Products Made or Derived From Tobacco Are Regulated as Drugs, Devices, or Combination Products; Amendments to Regulations Regarding "Intended Uses"; Further Delayed Effective Date; Request for Comments, 82 Fed. Reg. 14319 (Mar. 20, 2017), https://www.federalregister.gov/documents/2017/03/20/2017-05526/ clarification-of-when-products-made-or-derived-from-tobacco-are-regulated-as-drugs-devices-or. [109]   Id. [110]   United States ex rel. Gohil v. Aventis, Inc., No. 02-2964, 2017 WL 85375, at *1, 8 (E.D. Pa. Jan. 10, 2017). [111]   Id. at *8 (citation omitted). [112]   Id. [113]   Free Speech in Medicine Act, HB 2382 (2017), http://www.azleg.gov/legtext/53leg/1r/bills/hb2382p.pdf. [114]   Pharmaceutical Information Exchange Act, H.R. 2026, 115th Cong. (2017), https://www.congress.gov/bill/115th-congress/house-bill/2026. [115]   Medical Product Communications Act of 2017, H.R. 1703, 115th Cong. (2017), https://www.congress.gov/bill/115th-congress/house-bill/1703/text. [116]   Jeff Overley, Off-Label Drug Bills Get Little Traction On Capitol Hill, Law360, https://www.law360.com/health/articles/943303/off-label-drug-bills-get-little-traction-on-capitol-hill. [117]   Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Owner of New England Compounding Center Sentenced for Racketeering Leading to Nationwide Fungal Meningitis Outbreak (June. 26, 2017), https://www.justice.gov/opa/pr/ owner-new-england-compounding-center-sentenced-racketeering-leading-nationwide-fungal; see also Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Owner of New England Compounding Center Convicted of Racketeering Leading to Nationwide Fungal Meningitis Outbreak (Mar. 22, 2017), https://www.justice.gov/opa/pr/ owner-new-england-compounding-center-convicted-racketeering-leading-nationwide-fungal. [118]   Id. [119]   Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, District Court Enters Permanent Injunction Against Colorado Companies to Stop Distribution of Adulterated And Misbranded Dietary Supplements and Unapproved and Misbranded Drugs (Mar. 15, 2017), https://www.justice.gov/opa/pr/district-court-enters-permanent-injunction-against-colorado-companies-stop-distribution. [120]   Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, District Court Enters Permanent Injunction Against Florida and New Jersey Companies and Senior Managers to Stop the Distribution of Unapproved, Misbranded, and Adulterated Drugs (June 15, 2017), https://www.justice.gov/opa/pr/district-court-enters-permanent-injunction-against-florida-and-new-jersey-companies-and. [121]   See U.S. Food & Drug Admin., Warning Letters 2017 (Aug. 8, 2017), https://www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/default.htm (follow "Enforcement Activities by FDA" hyperlink; then follow "Warning Letters and Notice of Violation Letters to Pharmaceutical Companies" hyperlink; then follow "Warning Letters 2017" hyperlink). [122]   Warning Letter from Thomas J. Cosgrove, Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Mr. Yu Shui Cheng, General Manager, Jinan Jinda Pharmaceutical Chemistry Co., Ltd (Feb. 24, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm546319.htm. [123]   Warning Letter from Thomas J. Cosgrove, Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Mr. Deepak Rawat, CEO, Badrivishal Chemicals & Pharmaceuticals (Mar. 2, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm545454.htm. [124]   Warning Letter from Thomas J. Cosgrove, Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Mr. Prashant K. Tewari, Managing Dir., USV Private Limited (Mar. 10, 2017), https://www.fda.gov/ICECI/EnforcementActions/ WarningLetters/2017/ucm546483.htm. [125]   U.S. Food & Drug Admin., Guidance for Industry and FDA Staff: Current Good Manufacturing Practice Requirements for Combination Products (Jan. 10, 2017), https://www.fda.gov/downloads/ RegulatoryInformation/Guidances/UCM429304.pdf. [126]   U.S. Food & Drug Admin., Guidance for Industry: Repackaging of Certain Human Drug Products by Pharmacies and Outsourcing Facilities (Jan. 12, 2017), https://www.fda.gov/downloads/Drugs/ GuidanceComplianceRegulatoryInformation/Guidances/UCM434174.pdf. [127]   U.S. Food & Drug Admin., Draft Guidance for Industry: Mixing, Diluting, or Repackaging Biological Products Outside the Scope of an Approved Biologics License Application (Jan. 12, 2017), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM434176.pdf. [128]   Id. at 3. [129]   U.S. Food & Drug Admin., Draft Guidance for Industry: Mixing, Diluting, or Repackaging Biological Products Outside the Scope of an Approved Biologics License Application (Feb. 2015), https://www.regulations.gov/document?D=FDA-2014-D-1525-0356. [130]   U.S. Food & Drug Admin., Draft Guidance for Industry: Current Good Manufacturing Practice for Medical Gases (June 28, 2017), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM070270.pdf.    [131]   Id. at 2. [132]   U.S. Food & Drug Admin., Factors to Consider When Making Benefit-Risk Determinations for Medical Device Investigational Device Exemptions 5–6 (Jan. 13, 2017), https://www.fda.gov/downloads/MedicalDevices/‌DeviceRegulationandGuidance/GuidanceDocuments/UCM451440.pdf. [133]   See U.S. Food & Drug Admin., Draft Guidance for Industry, Food and Drug Administration Staff, and Clinical Laboratories: FDA Notification and Medical Device Reporting for Laboratory Developed Tests (LDTs) (Oct. 3, 2014), http://www.fda.gov/downloads/%20MedicalDevices/‌ DeviceRegulationandGuidance/GuidanceDocuments/UCM416684.pdf; U.S. Food & Drug Admin., Draft Guidance for Industry, Food and Drug Administration Staff, and Clinical Laboratories: Framework for Regulatory Oversight of Laboratory Developed Tests (LDTs) (Oct. 3, 2014), https://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm416685.pdf. [134]   U.S. Food & Drug Admin., Discussion Paper on Laboratory Developed Tests (LDTs) (Jan. 13, 2017), https://www.fda.gov/downloads/medicaldevices/productsandmedicalprocedures/ invitrodiagnostics/laboratorydevelopedtests/ucm536965.pdf. [135]   Id. at 4. [136]   Id. at 1. [137]   Id. at 10. [138]   Warning Letters 2017, U.S. Food & Drug Admin., https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/default.htm (last updated Aug. 24, 2017). [139]   Warning Letter from Steven E. Porter, L.A. District Dir., U.S. Food & Drug Admin. to Dr. Stanley R. Stanbridge, Vice President of R&D, Rapid Release Technologies (Jan. 17, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm538234.htm. [140]   Warning Letter from Sean M. Boyd, Deputy Dir. for Regulatory Affairs, Office of Compliance, Ctr. for Devices & Radiological Health, U.S. Food & Drug Admin. to Mike Rousseau, President, Abbott (Apr. 12, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm552687.htm. [141]   No. 05-6795, 2017 WL 1344365, at *1 (E.D. Pa. Apr. 12, 2017). [142]   Id. at *6. [143]   Id. at *8. [144]   No. 10-CV-5645, 2017 WL 1233991, at *1 (S.D.N.Y. Mar. 31, 2017). [145]   Id. at *21. [146]   The AKS prohibits remuneration solicited or received "in return for purchasing, leasing, ordering, or arranging for . . . any good, facility, service, or item for which payment may be made in whole or in part under a Federal health care program."  42 U.S.C. § 1320a-7b(b)(1)(B) (emphasis added).  A similar prohibition exists for remuneration offered or given as an inducement for the recipient to "arrange for" a covered item or service.  See 42 U.S.C. § 1320a-7b(b)(2)(B). [147]   No. 3:13-cv-1545 (MPS), 2017 WL 888479 (D. Conn. Mar. 6, 2017). [148]   Id. at *1. [149]   Id. at *5. [150]   Id. The court also found that the AKS’s scienter requirement does not need to be fulfilled in order for a contract to be illegal under the AKS and thus unenforceable.  See id. at *9. [151]   See id. at *8. [152]   See id.. [153]   See U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., Health Care Programs: Fraud and Abuse; Revisions to the Office of Inspector General’s Exclusion Authorities, 82 Fed. Reg. 4100, 4114 (Jan. 12, 2017), https://www.gpo.gov/fdsys/pkg/FR-2017-01-12/pdf/2016-31390.pdf. [154]   See id. at 4101. [155]   See id. at 4101–02. [156]   Id. at 4102. [157]   See id. at 4101–02. [158]   See id. at 4102; 31 U.S.C. § 3731(b)(2). [159]   82 Fed. Reg. at 4102.  The final rule applies both to exclusions for conduct that violates the AKS, as well as exclusions for conduct that violates the CMP statute. See id. at 4114; 42 C.F.R. §§ 1001.901(c), 1001.951(c). [160]   U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., OIG Advisory Op. 17-02 at 1 (June 29, 2017), https://oig.hhs.gov/fraud/docs/advisoryopinions/2017/AdvOpn17-02.pdf. [161]   Id. at 3. [162]   Id. [163]   Id. at 3–4. [164]   Id. at 4, 7. [165]   42 U.S.C. § 1320a-7a(a)(5). [166]   See 42 U.S.C. § 1320a-7a(i)(6)(A).  As HHS OIG noted in the advisory opinion, the same exception to the definition of "remuneration" is found in the CMP statute’s implementing regulations.  See OIG Advisory Op. 17-02 at 6 n.6; 42 C.F.R. § 1003.110. [167]   See OIG Advisory Op. 17-02 at 6–7. [168]   See id. at 7.   The following Gibson Dunn lawyers assisted in the preparation of this client update:  Stephen Payne, Marian Lee, John Partridge, Jonathan Phillips, Sean Twomey, Reid Rector, Naomi Takagi, Allison Chapin, Coreen Mao, and Michael Dziuban.    Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments.  Please contact the Gibson Dunn lawyer with whom you usually work or any of the following:  Washington, D.C.Stephen C. Payne, Chair, FDA and Health Care Practice Group (202-887-3693, spayne@gibsondunn.com)F. Joseph Warin (202-887-3609, fwarin@gibsondunn.com)Marian J. Lee (202-887-3732, mjlee@gibsondunn.com)Daniel P. Chung (202-887-3729, dchung@gibsondunn.com)Jonathan M. Phillips (202-887-3546, jphillips@gibsondunn.com) Los AngelesDebra Wong Yang (213-229-7472, dwongyang@gibsondunn.com) San FranciscoCharles J. Stevens (415-393-8391, cstevens@gibsondunn.com)Winston Y. Chan (415-393-8362, wchan@gibsondunn.com) Orange CountyNicola T. Hanna (949-451-4270, nhanna@gibsondunn.com) New YorkAlexander H. Southwell (212-351-3981, asouthwell@gibsondunn.com) DenverRobert C. Blume (303-298-5758, rblume@gibsondunn.com)John D. W. Partridge (303-298-5931, jpartridge@gibsondunn.com) © 2017 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

August 8, 2017 |
Cybersecurity & Data Privacy: An Overview for Health Care, Pharmaceutical, and Biotech Companies

Cyberthreats are ubiquitous, and significant cyberattacks on private and publicly traded companies occur on a near-daily basis.  As a result of the ongoing barrage of increasingly advanced and evolving cyberattacks, even companies with sophisticated security systems are potentially susceptible to a cybersecurity breach.  A breach may lead to unauthorized access to sensitive company and personal data and have far-ranging and costly consequences.  Immediately following a cyberattack, a company must work to secure its systems from further damage and/or data loss, handle media inquiries, and confront often-complex legal issues concerning notification to consumers, business partners, and government agencies.  Thereafter, there may be civil lawsuits (including litigation with business partners, consumer class actions, and, for publicly traded companies, actions by shareholders), regulatory enforcement actions, and investigations by federal and state agencies.  As breaches have become more frequent, federal, state, and foreign government regulators have responded by strengthening and expanding laws, regulations, and enforcement concerning cybersecurity and data privacy.  This article provides an overview of the key issues health care, pharmaceutical, and biotech companies face with regard to cybersecurity and data privacy.  The article begins with a discussion of federal regulations, guidance, and enforcement actions.  With myriad federal regulators asserting jurisdiction to regulate data security, companies are subject to an increasingly complex regulatory framework.  The article also reviews certain notable state regulations and guidance that address cybersecurity and data security issues, and briefly summarizes some of the key issues related to data privacy outside the United States.  Finally, the article closes with a discussion of the private civil litigation that can result from a data breach.  ________________________________________ Table of Contents 1.             Federal Regulation, Enforcement, and Guidance 1.1           Federal Trade Commission 1.1.1        Authority to Regulate Privacy and Cybersecurity1.1.2        Enforcement1.1.3        Guidance 1.2           Department of Health and Human Services 1.2.1        Applicability to Health Care, Pharmaceutical, and Biotech Companies1.2.2        The Privacy Rule1.2.3        The Security Rule1.2.4        The Breach Notification Rule1.2.5        HHS OCR Enforcement 1.3           Securities and Exchange Commission 1.3.1        Guidance 1.3.2       Enforcement 1.4           Food and Drug Administration 1.4.1        Guidance1.4.2       Enforcement 2.                     State Regulation, Enforcement, and Guidance 3.                     International Issues 3.1            Key Non-U.S. Regulators 3.2           EU-U.S. Safe Harbor and Data Transfer 3.3           New European Regulations: NIS and GDPR 3.4           New Asia-Pacific Regulations 4.                     Civil Litigation 4.1           Data that Creates Exposure to Civil Litigation 4.1.1        Consumer Data4.1.2        Employee Data4.1.3        Intellectual Property and Trade Secrets 4.2           Theories of Liability 4.2.1         Common Law Liability—Negligence and Related Theories4.2.2        Statutory Liability4.2.3        Contractual Liability 4.3           Standing in Data Breach Litigation 4.4           Shareholder and Securities Litigation 4.4.1         Shareholder Derivative Litigation4.4.2        Securities Class Action Litigation 5.                     Conclusion ________________________________________   1.    Federal Regulation, Enforcement, and Guidance There is no single regulatory body tasked with enforcing a uniform set of cybersecurity standards.  For many years, the Federal Trade Commission ("FTC" or the "Commission") and the Department of Health and Human Services ("HHS") have been the primary federal regulators in the cybersecurity area.  Recently, however, a number of other federal regulators have also entered the arena and have issued guidance and/or taken legal action against companies that allegedly have failed to implement adequate cybersecurity measures.  These regulators include the Securities and Exchange Commission ("SEC"), the Food and Drug Administration ("FDA"), the Federal Communications Commission ("FCC"), the Consumer Financial Protection Bureau ("CFPB"), the Department of Energy ("DOE"), the Federal Deposit Insurance Corporation ("FDIC"), and the Financial Industry Regulatory Authority ("FINRA"), among others. Although there are many federal regulators asserting jurisdiction over cybersecurity issues, the primary cybersecurity and privacy regulators for health care, pharmaceutical, and biotech companies (and those covered in this article) are the FTC, HHS, SEC, and FDA.  The recent trends in guidance and enforcement actions by these agencies are described below. 1.1     Federal Trade Commission 1.1.1     Authority to Regulate Privacy and Cybersecurity The FTC derives its authority to regulate cybersecurity practices from Section 5 of the FTC Act, which states that "unfair or deceptive acts or practices in or affecting commerce, are . . . unlawful."[1]  Because the FTC Act dates to 1914, it does not mention cybersecurity.  However, the FTC has long taken the position that Congress intended "unfair" practices to be defined broadly and flexibly to allow the agency to effectively protect consumers as the economy and technology develop.[2] The FTC first asserted that its authority under Section 5 encompassed investigating and prosecuting companies for insufficient data security procedures in 2002.[3]  Since that time, the FTC has brought more than 60 data security cases—with more than half of those initiated since 2010.  Although most FTC enforcement actions have settled with a company agreeing to a consent order (discussed further below), there have been several high-profile challenges to the FTC’s authority to bring data security enforcement actions.  For example, companies have argued that Congress did not intend for the FTC to have broad regulatory authority over corporate cybersecurity practices under the FTC Act.[4] While courts have thus far accepted the FTC’s assertions of jurisdiction, a case regarding that issue is currently pending before the Eleventh Circuit.  The case involves LabMD, a now-defunct medical testing laboratory.  In 2013, the FTC sued LabMD, alleging that the company had failed to "develop, implement, or maintain a comprehensive information security program" to protect consumers’ sensitive personal and health information.[5]  After an Administrative Law Judge ruled in favor of LabMD on the company’s argument that the FTC lacked authority to bring the action, the Commission overturned that decision and entered an order against the company.  LabMD sought relief from the Eleventh Circuit, challenging the FTC’s broad regulatory authority over cybersecurity practices.[6]  Oral argument was heard on June 21, 2017, but the case remains pending; a three-judge panel granted LabMD’s request to stay enforcement of the FTC’s decision pending appeal.[7] 1.1.2     Enforcement As noted above, the FTC has used its regulatory authority to initiate a number of civil enforcement actions in recent years.  When the FTC brings these actions, data security liability under Section 5 is governed by a "reasonableness" test.  This test considers data security measures (and statements made about such measures) in light of factors such as the sensitivity and volume of consumer information being stored; the size and complexity of the data storage operations; and the costs and benefits of taking additional steps to improve security and reduce vulnerabilities within the system.  The FTC has stressed that because a perfect data security system is neither expected nor required, the mere fact that a data breach occurred will not necessarily subject a company to liability—so long as the security system and all statements issued about it were reasonable under the circumstances.  The LabMD case described above is relatively unique because most enforcement actions brought by the FTC are not litigated but, rather, result in the FTC entering into a consent order with the targeted company.  Consent orders often include civil penalties and require that companies establish comprehensive security programs subject to independent audits or monitoring for up to 20 years; agree to make no misrepresentations regarding their handling of consumer data; and agree to notify consumers about the data breach and about methods to safeguard their personal information.[8] 1.1.3     Guidance The FTC also has issued cybersecurity guidance to companies falling within its purview.  For example, in June 2015 the FTC launched the "Start with Security" business education initiative.[9]  The initiative includes guidance for businesses drawing on lessons learned from the data security cases previously brought by the FTC.  The guidance outlines ten steps to implement in order to achieve effective data security.  The steps are high-level, consisting of general advice such as "control access to data sensibly"; "require secure passwords and authentication"; "secure remote access to your network"; and "make sure your service providers implement reasonable security measures." In September 2016, the FTC published a guide specifically relating to data breaches, Data Breach Response: A Guide for Business.[10]  The guide features steps for securing operations, preventing additional data loss, fixing vulnerabilities, and notifying the appropriate parties of a data breach—including law enforcement, regulators, affected businesses and individuals, and the media.  In May 2017, the FTC also launched a new website, ftc.gov/SmallBusiness, that includes articles, videos, and other information aimed at helping small businesses protect their computers and networks from scams and cyberattacks.[11] Notably, whether or not a company follows the FTC’s cybersecurity guidance has been cited as a factor in determining liability in FTC enforcement actions.  For example, in FTC v. Wyndham Worldwide Corp., the Third Circuit held that the defendant was on sufficient notice that its cybersecurity practices fell short of the FTC’s cybersecurity standards.[12]  In reaching its decision, the court pointed to several FTC publications and enforcement actions regarding cybersecurity, and noted that the company should have been aware that its practices fell short of those the FTC had previously deemed necessary.[13] The FTC seems determined to maintain its position as the primary federal regulator of cybersecurity issues, as evidenced by recent statements regarding the regulation of broadband providers.  In March 2017, Acting FTC Chair Maureen K. Ohlhausen issued a statement, together with the Chair of the FCC, stating that "jurisdiction over broadband providers’ privacy and data security practices should be returned [from the FCC] to the FTC, the nation’s expert agency with respect to these important subjects."[14]  Ohlhausen expressed that all online actors should be governed by the same rules, enforced by one agency, stating that the federal government shouldn’t favor one set of companies over another—and certainly not when it comes to a marketplace as dynamic as the Internet.  So going forward, we will work together to establish a technology-neutral privacy framework for the online world.  Such a uniform approach is in the best interests of consumers and has a long track record of success. 1.2     Department of Health and Human Services The United States Department of Health and Human Services Office for Civil Rights ("HHS OCR") has enforcement responsibility for the Health Insurance Portability and Accountability Act of 1996 ("HIPAA").  HIPAA provides a comprehensive framework for the use and disclosure of certain protected health information ("PHI").  Its requirements govern how such data may be used (the "Privacy Rule"); physical, technical, and administrative security standards that companies must have in place (the "Security Rule"); and notice obligations in the case of unauthorized use or disclosure (the "Breach Notification Rule"). Enacted in 1996, HIPAA is in many ways the oldest and most well-developed data security regime under federal law.  Although most other government agencies have only begun to address cyber-related issues in recent years, HHS OCR has been addressing these issues for more than two decades. There has been a recent increase in both attention and enforcement proceedings related to HIPAA.  As data security gets more attention, HHS OCR has increased the aggressiveness and scope of its enforcement efforts.  Moreover, as health care companies increasingly become the target of cyberattacks, HIPAA has emerged as a key backdrop for all sorts of data breach litigation, in cases brought by both the government and private plaintiffs.  1.2.1     Applicability to Health Care, Pharmaceutical, and Biotech Companies HIPAA regulations are directly applicable to "covered entities," which include health plans (e.g. insurers), certain health care providers (e.g., hospitals), and health care clearinghouses.  However, HIPAA also is applicable to "business associates" of those covered entities, including companies that perform functions or activities on behalf of, or provide certain services to, a covered entity that involve the use or disclosure of individually identifiable health information. By the very nature of their businesses, health care, pharmaceutical, and biotech companies are very likely to encounter some type of protected health information.  Although not every such company will be covered by HIPAA, many will, at least in some capacity.  Indeed, it is possible that certain aspects of a company’s business will be covered, for example, in its role as a business associate, even while others may not.  1.2.2     The Privacy Rule The HIPAA Privacy Rule[15] establishes a set of standards for the protection of certain health information, and requires that covered entities and business associates use or disclose PHI only as permitted by the rule.[16]  Although the rule is meant to allow for ordinary business operations, the regulations are nonetheless complicated and demand significant attention.  Uses generally permitted under the rule include those connected with the treatment of a patient, payment requests, and a company’s own health care operations (e.g., quality assessment and improvement activities).[17]  There is also a hierarchy of other permitted uses, which are organized according to the type of permission or authorization required: some uses are permitted only with express patient authorization (e.g., commercial sale of PHI);[18] other uses require an opportunity for the individual to agree or object (e.g., listing in facility directories or for disaster relief purposes);[19] and finally, some uses are permitted even without authorization, so long as certain protections are in place (e.g., in litigation when there is a HIPAA-qualified protective order in place).[20]  The Privacy Rule also establishes standards that govern the use of PHI for marketing purposes (e.g., prescription refill reminders),[21] research purposes,[22] and reporting related to public health activities, including reporting to the FDA.[23]  The Privacy Rule is directly applicable to both covered entities and business associates, and also requires that covered entities have agreements in place with their business associates that limit the use of PHI to the specific purposes enumerated by the agreement and permitted by HIPAA.[24]  Before using or disclosing PHI in any fashion, it is important to understand how HIPAA treats that type of use under the hierarchy just described, and what rules therefore might apply. 1.2.3     The Security Rule Whereas the Privacy Rule establishes how and when protected information may be used and disclosed, the Security Rule establishes standards for how that information must be protected.[25]  The Security Rule references a variety of administrative, technical, and physical safeguards, and it includes required standards and implementation specifications related exclusively to electronic PHI ("ePHI").  Those standards and specifications deal at a relatively granular level with system requirements where ePHI is kept or stored.  For example, HIPAA includes implementation specifications that govern encryption, automatic logoff, password management, and other detailed issues.  Like the Privacy Rule, the Security Rule is also directly applicable to business associates. Importantly, the Security Rule also requires that companies "conduct an accurate and thorough assessment of the potential risks and vulnerabilities to . . . electronic protected health information."[26]  These mandatory HIPAA risk assessments can be complicated and time-consuming, and HHS OCR has demonstrated its willingness to take enforcement action where a comprehensive and up-to-date assessment is not in place, as discussed below.  A risk analysis process includes: (1) evaluating the likelihood and impact of potential risks to ePHI; (2) implementing appropriate security measures to address the risks identified in the risk analysis; (3) documenting the chosen security measures and, where required, the rationale for adopting those measures; and (4) maintaining continuous, reasonable, and appropriate security protections.  Every company that deals with ePHI should therefore carefully evaluate its obligation to conduct a risk analysis and ensure it has a current, well documented, and comprehensive assessment in place. 1.2.4     The Breach Notification Rule The third major component of HIPAA is the Breach Notification Rule.[27]  Under the Breach Notification Rule, a covered entity must report unauthorized uses or disclosures of PHI to the government, the media, and affected individuals, with certain exceptions for small breaches.[28]  Business associates are required to report breaches to the covered entity.[29]  Under HIPAA, a breach is (1) the acquisition, access, use, or disclosure (2) of PHI (3) in a manner not permitted under the HIPAA Privacy Rule (4) that compromises the security or privacy of the PHI.[30]  Any disclosure of PHI in a manner not permitted under the Privacy Rule is presumed to be a breach unless the covered entity performs a required "Risk Assessment" under 45 C.F.R. § 164.402(2) and demonstrates that there is a "low probability that the [PHI] has been compromised."  Generally speaking, breach notifications must be sent within 60 days of the discovery of the breach.[31]  HIPAA’s notification obligations are in addition to state law requirements, which may impose notice obligations of shorter than 60 days. 1.2.5     HHS OCR Enforcement HHS OCR has increased its enforcement efforts related to HIPAA in recent years.  Several recent enforcement actions illustrate the types of incidents that can draw scrutiny from HHS OCR and the types of failures under the Privacy and Security Rules that can lead to large settlements.[32] In April 2017, HHS OCR announced the first ever settlement involving a wireless health service provider, CardioNet, which provides mobile monitoring and rapid response to patients with cardiac arrhythmias.  CardioNet agreed to pay $2.5 million in a HIPAA settlement after an employee’s laptop containing the ePHI of over 1,300 individuals was stolen from a parked vehicle.[33]  OCR’s investigation revealed that CardioNet’s policies and procedures were in draft form and had not yet been implemented, and CardioNet had "insufficient risk analysis and risk management processes in place." In February 2017, Memorial Healthcare System paid a $5.5 million HIPAA settlement with HHS.[34]  Memorial Healthcare System reported to HHS OCR that the ePHI of more than 115,000 individuals had been impermissibly accessed by its employees and improperly disclosed to affiliated physician office staff when the login credentials of a former employee had been used to access ePHI on a daily basis without detection for a year.  HHS noted that although Memorial Healthcare System had workforce access policies and procedures in place, it failed to implement the procedure with regard to reviewing, modifying, or terminating users’ rights of access. In January 2017, HHS OCR issued a notice of Final Determination and a $3.3 million civil monetary penalty against Children’s Medical Center of Dallas ("Children’s") following impermissible disclosure of ePHI and many years of alleged non-compliance with the Security Rule.[35]  The penalty followed several separate incidents resulting in the loss of ePHI, including loss of an employee’s BlackBerry and theft of an unencrypted laptop.  OCR’s investigation of these incidents revealed that Children’s failed to implement risk management plans even after they received external recommendations to do so, and they failed to deploy encryption measures on their devices, despite knowledge of the risk of maintaining unencrypted devices containing ePHI.  The OCR Acting Director stated that "[a]lthough OCR prefers to settle cases and assist entities in implementing corrective action plans, a lack of risk management not only costs individuals the security of their data, but it can also cost covered entities a sizable fine." In November 2016, the University of Massachusetts – Amherst ("UMass") agreed to pay $650,000 and enter a corrective action plan to settle alleged HIPAA violations.[36]  UMass reported to OCR that "a workstation . . . was infected with a malware program, which resulted in the impermissible disclosure of electronic protected health information (ePHI) of 1,670 individuals, including names, addresses, social security numbers, dates of birth, health insurance information, diagnoses and procedure codes."[37]  According to OCR, UMass "determined that the malware was a generic remote access Trojan that infiltrated their system, providing impermissible access to ePHI, because UMass did not have a firewall in place."[38]  OCR’s investigation found that UMass had failed to categorize components of its operations appropriately under HIPAA, resulting in ePHI being present on systems that were not HIPAA compliant.  OCR’s investigation also faulted UMass for its failure to complete an accurate and thorough risk analysis and the lack of a firewall. In August 2016, Advocate Health Care System ("Advocate") agreed to pay $5.55 million to settle a variety of HIPAA violations.[39]  Among the violations was a data breach of Advocate’s subcontractor billing company that exposed sensitive patient information.  HHS found that Advocate failed to obtain written assurances from its business associate that electronic patient data would be appropriately protected. Finally, in December 2015, the University of Washington ("UW") agreed to pay $750,000 and enter into a corrective action plan to resolve allegations that it violated the HIPAA Security Rule.[40]  OCR initiated an investigation of UW after it received a breach report indicating that ePHI for more than 90,000 individuals was "accessed after an employee downloaded an email attachment that contained malicious malware."[41]  According to OCR, the malware "compromised the organization’s IT system," including patient data such as names, medical record numbers, dates of service, bill balances, social security numbers, and insurance identification or Medicare numbers.[42]  OCR’s investigation found that UW failed to ensure that its affiliates conducted risk assessments and responded to risks and vulnerabilities in their environments. 1.3     Securities and Exchange Commission In the last few years, the SEC has increased its focus on cybersecurity, particularly in the areas of protecting client data, creating disclosure standards for cybersecurity risks and incidents, and ensuring the orderly functioning of the markets.  In May 2016, then-SEC Chair Mary Jo White explained that cybersecurity is the biggest risk facing the financial system, stating that the "[SEC] can’t do enough in this sector[.]"[43]  The SEC’s Office of Compliance Inspections and Examinations identified cybersecurity as one of its examination priorities in 2015, 2016 and 2017.[44]  And most recently, Trump administration officials reiterated the SEC’s dedication to cybersecurity issues and enforcement, with SEC Chairman Jay Clayton affirming that the SEC is working "to improve [its] ability to receive critical information and alerts and react to cyber threats."[45] In addition, as explained below, the SEC staff has issued disclosure guidance relating to cybersecurity that is applicable to all public companies, including those in the health care, pharmaceutical, and biotech industries.  1.3.1     Guidance In 2011, the SEC staff released CF Disclosure Guidance: Topic No. 2, which relates to public company disclosures regarding cybersecurity risks and cyber incidents.[46]  The guidance provides that registrants should disclose risks of cybersecurity incidents if "these issues are among the most significant factors that make an investment in the company speculative or risky."[47]  The guidance provides recommendations on a number of topics.  For example, the SEC instructs that companies should disclose the risk of cyber incidents and that disclosures should not be generic or boilerplate.  However, companies are not required to disclose threats if doing so would compromise the companies’ cybersecurity.  The guidance also advises that companies should address cybersecurity risks in their Management’s Discussion and Analysis of Financial Condition and Results of Operations ("MD&A") if the costs associated with the risks are likely to have a material effect on the company’s operations, liquidity, or financial condition, or would cause reported financial information not to be necessarily indicative of future operating results or financial condition.  The SEC staff further advises that companies should disclose cyber incidents that materially affect their operations in their Description of Business and Legal Proceedings disclosures.  Finally, the SEC staff provides guidance on how to account for cybersecurity risks and incidents in company financial statements.  Additionally, in a June 2014 speech, then-SEC Commissioner Luis A. Aguilar provided boards of directors with important, albeit informal, cybersecurity guidance.[48]  He advised that boards of directors should ensure the adequacy of a company’s cybersecurity measures and, as a guide, should look to the industry standards and best practices described in the Framework for Improving Critical Infrastructure Cybersecurity, released by the National Institute of Standards and Technology ("NIST").  Commissioner Aguilar’s other recommendations included cyber-risk education for directors, creating a separate enterprise risk committee on the board, ensuring that the company has cyber-risk management personnel who report regularly to the board, and developing a well-constructed, deliberate company cyber incident response plan.[49] The SEC also issued a Ransomware Alert in response to the WannaCry ransomware attack of May 2017, which affected numerous organizations in over one hundred countries.[50]   The alert explained how hackers gain access to servers, and encouraged organizations to review the alert published by the U.S. Department of Homeland Security’s Computer Emergency Readiness Team and evaluate whether applicable operating system patches had been installed.  The SEC alert also discussed the importance of conducting periodic cyber-risk assessments, conducting penetration tests and vulnerability scans, and updating system maintenance.  1.3.2     Enforcement  To date, the SEC has brought only a few cybersecurity enforcement actions, involving companies’ failure to adequately safeguard their customers’ personal information.  The enforcement actions involved companies in the financial sector and alleged violations of Rule 30(a) of Regulation S-P, also know n as the "Safeguards Rule."  This regulation requires brokers, dealers, investment companies, and registered investment advisers to "adopt written policies and procedures that address administrative, technical and physical safeguards for the protection of customer records and information."[51] In 2015, investment adviser R.T. Jones Capital Equities Management agreed to pay a $75,000 penalty as a settlement for the firm’s failure to establish cybersecurity policies and practices.[52]  The penalty was levied in response to a June 2013 breach of the company’s server, which exposed the personal information of 100,000 customers.  On April 12, 2016, Craig Scott Capital agreed to pay $100,000 to resolve allegations that it violated the Safeguards Rule by using email addresses other than those with the company’s domain name to electronically receive more than 4,000 faxes from customers and other third parties.[53]  The SEC found that this practice was evidence of a "failure to adopt written policies and procedures reasonably designed to insure the security and confidentiality of customer records and information." On June 8, 2016, Morgan Stanley agreed to pay a $1 million penalty to settle charges "related to its failures to protect customer information, some of which was hacked and offered for sale online."[54]  These alleged failures included the company’s decision not to conduct auditing or testing of its "portals" that allowed for access to customer data.[55]  As a result of these failures, the company suffered a breach, which exposed customer data on the internet.  Despite the fact that Morgan Stanley had acted quickly to respond to the breach, take the customer data offline, and alert the proper authorities, the SEC found that Morgan Stanley violated the "Safeguards Rule."[56] In each of these matters, the SEC found against the companies even though there was no apparent financial harm to their customers.  Thus, companies should be aware that lax cybersecurity standards could lead to an SEC enforcement action even if there is no appreciable harm to customers resulting from such practices.  That said, it is important to note that these cases involved companies in the financial sector, which are subject to the SEC’s Regulation S-P.  It is not clear whether the SEC would treat companies outside the financial sector (and not subject to Regulation S-P) in a similar manner.  In addition, while the SEC has now acted three times against companies for failure to protect investor data, it has yet to initiate an enforcement action against a company for the failure to disclose a cybersecurity incident or threat.  However, in April 2016, the SEC warned that it expects to initiate more cybersecurity enforcement actions in the future.[57] 1.4     Food and Drug Administration Thus far, the FDA has not been a leader in cybersecurity enforcement.  In fact, a recent report analyzing the FDA’s cybersecurity regulatory practices criticized the FDA as being "in a constant state of offering subtle suggestions where regulatory enforcement is needed."[58] In the absence of clarity on the agency’s cybersecurity priorities based on past enforcement actions, health care, pharmaceutical, and biotech companies should pay particular attention to recent cybersecurity guidance issued by the FDA.  The guidance is most applicable to medical device companies, as medical devices have been the primary focus of those guidance efforts.  1.4.1     Guidance In December 2016, the FDA released the Postmarket Management of Cybersecurity in Medical Devices Guidance, which outlines steps manufacturers should take to continually address cybersecurity risks associated with medical devices.[59]  The "Internet of Things" (which refers to everyday objects, such as thermostats and refrigerators, with connectivity to the Internet) now includes medical devices, which are often connected to both the Internet and hospital intranets and are vulnerable to cyberattacks.  The FDA’s guidance is aimed at ensuring the security of such devices in light of these vulnerabilities.  To that end, the FDA recommends that medical device manufacturers conduct routine post-market surveillance of their products and develop programs to assess the cyber risks that could potentially be associated with their products.  In January 2017, the FDA held a webinar on the guidance.[60]  The 2016 guidance follows guidance issued by the FDA in 2014 regarding pre-market steps medical device companies should take to implement security into the design and development of medical devices.[61] 1.4.2     Enforcement In April 2017, the FDA sent a warning letter to Abbott (St. Jude Medical Inc.), marking its most public enforcement effort to date in the cybersecurity space.[62]  Specifically, the letter addressed alleged cybersecurity issues related to Abbott’s at-home monitoring devices.  It remains to be seen, however, whether this is the beginning of a trend of FDA enforcement actions related to cybersecurity, or an isolated foray into the field. 2.     State Regulation, Enforcement, and Guidance State attorneys general play a significant role in policing cybersecurity issues.  Several states have enacted statutes or regulations that establish specific cybersecurity standards.[63]  State attorneys general also use state consumer protection laws, including laws patterned after the FTC Act (known as "Little FTC Acts"), and the Uniform Deceptive Trade Practice Act to address data security issues using theories analogous to those applied by the FTC in enforcing Section 5 of the FTC Act.  Companies may look to FTC guidance (supra, Section 1.1.3) to understand what these state analogues typically require with regard to data security practices. In addition, nearly every state has adopted laws that impose notification requirements on entities that have suffered a data breach.  These laws generally contain provisions describing who must comply with the law (e.g., businesses, data/information brokers, government entities); definitions of "personal information" (e.g., name combined with social security number, driver’s license or state ID numbers, account numbers); what constitutes a breach (e.g., unauthorized acquisition of data); requirements for notice (e.g., timing or method of notice, who must be notified); and exemptions (e.g., for encrypted information).  State attorneys general have brought enforcement actions pursuant to these provisions.[64]  One such action revolves around Target’s 2013 data breach that resulted in the theft of the names, credit card numbers, and email addresses of approximately forty million customers.  In May 2017, Target reached a $18.5 million settlement agreement with forty-seven state attorneys general and the District of Columbia.[65]  In addition to the monetary settlement, Target agreed to better maintain software encryption programs, separate cardholder data from its normal computer network, and pay for an independent assessment of its security efforts.   Some states also have issued specific guidance or regulations on data security.  In 2014, the California Attorney General released "Cybersecurity in the Golden State," a framework for protecting against and responding to data breaches and other cyber incidents.[66]  The California report, like other guidance, emphasizes risk assessment, involvement from a company’s leadership, adherence to industry best practices, training and education, and incident response planning.  Likewise, in New York, new regulations relating to data security standards in the financial industry have recently come into effect; these regulations may affect many health insurance providers, among others.[67]  Companies should be aware of the regulations in those states in which they do business.  3.     International Issues 3.1     Key Non-U.S. Regulators In addition to the many U.S. government regulations, companies with operations overseas must also consider data protection regulations of foreign jurisdictions.  Prominent foreign regulators include those in the European Union (European Data Protection Supervisor), the United Kingdom (Information Commissioners Office – ICO), Germany (the Federal Data Protection Commissioner, the states’ Data Protection Authority), and Canada (Office of the Privacy Commission of Canada, provincial Information and Privacy Commissioners).  While a full discussion of cybersecurity requirements outside the United States is beyond the scope of this article, every company should evaluate the laws, regulations, and other requirements of each country in which it operates so that it complies with all applicable requirements and is prepared to interact quickly with regulators in the event of a breach. 3.2     EU-U.S. Safe Harbor and Data Transfer One important international privacy law issue for many companies involves European data transfer law, which governs the protection of personal data in the European Union and limits how U.S.-based companies may use and transfer data originating in Europe. The Charter of the Fundamental Rights of the European Union (the "Charter") creates a right to protection of personal data.[68]  The European Union also issued Directive 95/46/EC ("EU Data Protection Directive") in 1995, governing the protection of individuals with regard to the processing of their personal data within the EU.[69]  Article 28(1) of the EU Data Protection Directive requires Member States to establish public authorities responsible for independent monitoring of compliance with EU rules on the protection of individuals and processing of personal data.  Article 25(1) of the EU Data Protection Directive also specifies a principle that transfers of personal data from the Member States to third countries may take place only if the third country ensures an "adequate level of protection."[70] To facilitate international commerce between EU Member States and the United States, the U.S. Department of Commerce issued the Safe Harbor Privacy Principles (the "Safe Harbor") in 2000.[71]  The Safe Harbor included a number of principles on protection of personal data to which U.S. companies could subscribe voluntarily.  For years, the Safe Harbor was used by U.S. organizations receiving personal data from the EU.  Companies pledged adherence to Safe Harbor principles through a process of self-certification.  Despite European acceptance of the Safe Harbor for many years, the Safe Harbor became increasingly questioned, with EU policymakers calling for an overhaul of the system.  Then, in 2015, the European Court of Justice ("ECJ") invalidated the EU-U.S. Safe Harbor.[72] In mid-2016, the U.S. Department of Commerce announced the approval of the EU-U.S. Privacy Shield Framework ("Privacy Shield"), which replaces the Safe Harbor.  The Privacy Shield allows U.S. businesses to develop a conforming privacy policy, identify an independent recourse mechanism, and self-certify through a Commerce Department website.  Among other benefits, the Privacy Shield states that participating organizations will be deemed to provide "adequate" privacy protection for the transfer of personal data outside of the European Union under the EU Data Protection Directive.[73] However, legal challenges against the Privacy Shield already have been filed, asserting many of the same arguments used against the Safe Harbor.  Given the potential that the Privacy Shield, like the Safe Harbor, may be disallowed by the ECJ, companies would be well-served to consider a "belt and suspenders" approach to data transfer, pairing Privacy Shield participation with the adoption of other measures—such as Binding Corporate Resolutions ("BCRs") regarding the manner in which the company will handle EU data that can facilitate such transfers in accordance with EU law.  3.3     New European Regulations: NIS and GDPR In 2016, the European Union announced the adoption of the Network and Information Security ("NIS") Directive and General Data Protection Regulation ("GDPR"), which will go into effect in May 2018.  The GDPR establishes security and notification provisions to protect personal data, while the NIS establishes security obligations for operators of essential services and digital service providers.  The NIS and GDPR, taken together, amount to a comprehensive overhaul of EU data protection regulations, and impose steep penalties for non-compliance.  These regulations deserve close scrutiny from any company performing business in Europe or processing data on EU residents. The United Kingdom has repeatedly reaffirmed its commitment to data privacy in the wake of its decision to exit the European Union.  For example, in a June 2017 speech, Queen Elizabeth II outlined the UK’s proposed Data Protection Bill, which would replace the Data Protection Act of 1998.[74]  Importantly, the UK will implement the EU’s GDPR while the UK is still a member of the EU.  Once the UK has left the European Union, the UK appears poised to enable members of the UK to have the same ability to share data with the EU as they did previously. 3.4     New Asia-Pacific Regulations On June 1, 2017, a new Chinese law went into effect that "bans the collection and sale of users’ personal information" and requires that firms store sensitive user data on servers in China.[75]  Commentators have expressed concerns with the new law because it is unclear what information will be considered sensitive.  Additionally, the scope of some of the key provisions of the law, such as the requirement that companies submit their products to the Chinese government for cybersecurity checks, remains unknown.  It is unclear how often such checks will be required and how the Chinese government will determine what products need to be checked.[76]  Failure to comply with the new law could result in fines up to one million yuan (about $150,000) and potential criminal charges.[77] 4.     Civil Litigation In addition to government regulatory action, in the wake of a data breach companies handling sensitive data also face the risk of private civil litigation.  To date, pharmaceutical and biotech companies have not been frequent targets of such litigation.  But because no company is immune in the wake of a cyberattack, any comprehensive data security assessment and plan should account for the specific risks posed by civil litigation. This section (1) provides an overview of the types of information that create the greatest exposure to civil litigation, (2) reviews the most common theories of liability in civil litigation, and (3) discusses the key issue of a plaintiff’s standing to bring data breach litigation.  4.1     Data that Creates Exposure to Civil Litigation 4.1.1     Consumer Data Most data security litigation is premised on the loss or exposure of consumer data.  Often, these cases involve retailers, health care providers, and technology companies that collect personal identifying information ("PII") from customers, including names, addresses, credit card numbers, and social security numbers.  Any amount of consumer data—if accessed in a data breach—can create exposure for a company.  Indeed, while the greatest risks come from purported class actions involving compromises of hundreds of thousands of consumers’ information, plaintiffs have shown a willingness to bring suits even when far fewer consumer records are exposed in a breach.[78]  As such, health care, pharmaceutical and biotech companies should understand and identify what consumer data they collect and retain as part of their business operations, whether it is from clinical trials, customer lists, or other sources. 4.1.2     Employee Data Data breach litigation also can be premised on the loss or exposure of employee data.  Most companies have extensive information about their employees, including PII (e.g., name, address, social security number), financial information (e.g., bank account numbers, retirement account numbers), and even protected health information (e.g., medical insurance information, disability claims information).  Large companies may maintain such information for tens- or even hundreds-of-thousands of individuals.  To facilitate business functions related to human resources, benefits administration, and information technology systems, among other things, this information is often centrally managed and accessible.  It is no surprise then, that employee data can be a rich target for cyber criminals.  The loss of such data inevitably gives rise to civil litigation.  In one high-profile data breach, for example, employees at a media company sued their employer for allegedly failing to protect their personal data, claims that the company eventually settled for more than $8 million.[79] 4.1.3     Intellectual Property and Trade Secrets Although the vast majority of data breach litigation is based on the loss of consumer or employee data, health care, pharmaceutical, and biotech companies also may face a risk of litigation related to the theft of intellectual property or trade secrets during any data breach.  For companies that depend on research, development, and innovation to drive their business, loss of such information can be highly costly in its own right.  Although it has not been the basis of many prominent cases to date, theft of that information could also give rise to private litigation, whether from business partners, shareholders, or other affected groups. 4.2     Theories of Liability Data breach litigation is a relatively new area, with most cases having been filed within the last five years.  As such, few cases have proceeded to adjudication on the merits—whether through summary judgment or trial—and therefore substantive standards of liability are underdeveloped.  There are, however, several common theories of liability that plaintiffs routinely advance.  Under any of these claims, a company’s liability will, of course, depend on the facts of the case.  But in evaluating the risks associated with a data breach, companies should be mindful of how their actions could be viewed under different legal theories.  Some of the common claims and legal theories that have been advanced by plaintiffs are discussed below. 4.2.1     Common Law Liability—Negligence and Related Theories The most common claim in data breach litigation is common law negligence.  Plaintiffs argue that companies have a duty to provide security for customer, employee, and other sensitive information, and that a company violates that duty by failing to protect against a data breach.[80]  In negligence cases, the fundamental standard against which companies are judged is "reasonableness"—that is, did the company take reasonable precautions to understand risks, prepare for, and prevent a data breach.  In the event of a breach, the reasonableness of a company’s response, including adequate breach notification under relevant notice statutes (discussed below), is equally important.  Until a body of case law develops to determine what is considered "reasonable," the touchstone for reasonableness is likely to be the government guidance discussed in Section 2 above, along with industry best practices.  Even then, given the rapidly evolving nature of cyber threats and defenses, reasonableness is likely to be a moving target. In addition to negligence, other common law theories of liability advanced by plaintiffs include invasion of privacy,[81] unjust enrichment,[82] negligent misrepresentation, and fraud.[83]  Compared to negligence, which plaintiffs allege in almost every case, these are secondary theories of liability.  But they present some unique risks.  For example, to guard against the risk of negligent misrepresentation and fraud claims (in addition to securities actions and FTC enforcement actions, among others), companies must remain attuned to what they say and represent about their security practices, not only the objective reasonableness of those practices. 4.2.2     Statutory Liability There are also several federal and state statutes that, in certain circumstances, provide for a private right of action for an individual plaintiff in cases of data breaches. At the federal level, plaintiffs have attempted to bring suit under a variety of federal statutes in the wake of data breaches, including the Fair Credit Reporting Act,[84] the federal Privacy Act,[85] and the Stored Communications Act.[86]  Thus far, plaintiffs have not been very successful under these statutes,[87] which tend to require intentional or knowing behavior that results in a disclosure of information, and therefore are inapplicable to most data breach situations (where a company, along with its consumers or employees, is a victim of a criminal third party).  As such, these federal statutes, as interpreted and applied to date, have presented a relatively low risk in the civil litigation context—at least insofar as data breaches are concerned.[88] At the state level, there are several different theories of liability that plaintiffs have pursued with more success.  First, state consumer protection statutes often provide plaintiffs with private causes of action for unfair and deceptive trade practices, and plaintiffs have been able to use such statutes to pursue data breach litigation premised on those allegedly unfair business practices.[89]  Like FTC enforcement actions and claims premised on fraud and misrepresentation, these claims are most often based on statements a company makes about its data security practices, and are most successful when those statements are inconsistent with a company’s actual practices.  Second, some states have passed laws or regulations specific to data security or consumer records.[90]  And third, nearly every state also has a data breach notification statute that requires companies to notify consumers in the event of a data breach.[91]  Most data breach litigation includes at least some of these state law claims in addition to common law theories of liability discussed above.[92]  And in nationwide breaches, companies can often face numerous state law claims from different jurisdictions.[93] 4.2.3     Contractual Liability Health care, pharmaceutical, and biotech companies may also be subject to liability, based on an express or implied contract, for data security issues that affect their customers or business partners.[94]  Although these theories are less common than negligence-based and statutory theories by customers, their existence counsels in favor of careful consideration of contractual approaches to limiting risk in the event of a data breach.[95] There is also the potential for more novel theories of contractual liability.  For example, an area of risk for biotech companies is the possibility that medical devices may be hacked to create a "back-door" into networks at health care companies.  Indeed, some reports have warned against a threat of cyber criminals hacking devices such as X-ray machines, CT scanners, and MRI machines—which are connected to hospital networks—to gain broader access to patient records and other sensitive information at health care providers.[96]  Contracts should address the risks of improper use and cyberattacks of such devices.  Without contractual indemnification, this type of attack potentially could give rise to liability for manufacturers. 4.3     Standing in Data Breach Litigation As noted, very few data breach cases have reached adjudication on the merits.  Instead, much of the litigation by private plaintiffs has focused on the threshold issue of whether plaintiffs have standing to pursue their cases.  Because of the importance of standing issues to data breach litigation, this issue is addressed in more detail below. For many years, companies facing civil suits related to data breaches often succeeded at the motion to dismiss stage by arguing that plaintiffs could not show actual harm, and therefore did not have standing to pursue their claims.  As one court observed, "despite generating little or no discussion in most other cases, the issue of injury-in-fact has become standard fare in cases involving data privacy[, and] the court is hard-pressed to find even one recent data privacy case . . . in which injury-in-fact has not been challenged."[97]  Indeed, one of the first and most powerful defense tools in any data breach litigation is to challenge, with a motion to dismiss, whether a plaintiff or class of plaintiffs has sufficiently alleged actual harm.  Reflecting the importance of this issue, the Supreme Court has weighed in with two decisions in recent years that set the framework for analyzing standing in data breach cases. In Clapper v. Amnesty International USA[98] the Supreme Court established the test for the injury-in-fact element of Article III standing in data security cases.  In Clapper, human rights organizations and media groups challenged the constitutionality of an amendment to the Foreign Intelligence Surveillance Act that made it easier for the government to obtain wiretaps on intelligence targets outside of the United States.  The plaintiffs, all U.S. persons, alleged that they had standing because their work included privileged telephone and email communications with people who were likely foreign targets of surveillance and such communications could be intercepted in the future.  The plaintiffs also alleged that they had suffered injury by undertaking costly steps to protect their communications from surveillance.  The Supreme Court held that the allegations of potential interception of privileged communications were too speculative to sustain a claim, determining that "a highly attenuated chain of possibilities [] does not satisfy the requirement that threatened injury must be certainly impending"[99] and that plaintiffs cannot manufacture standing "merely by inflicting harm on themselves based on their fears of hypothetical future harm."[100] Where plaintiffs might not otherwise be able to satisfy Article III standing requirements—in particular the element of actual injury—they have often tried to predicate their privacy claims on statutory rights of action, under the theory that a statutory violation is a sufficient harm to create Article III standing.  That is the issue the Supreme Court took up in Spokeo, Inc. v. Robins.[101]  In Spokeo, the plaintiff, Thomas Robins, filed a class action complaint claiming that Spokeo—which operates a "people search engine" that gathers and provides information about individuals —willfully failed to comply with the requirements of the Fair Credit Reporting Act, 15 U.S.C. § 1681e(b).[102]  The Ninth Circuit ruled that Robins had satisfied the Article III injury-in-fact requirement because "Spokeo violated his statutory rights, not just the statutory rights of other people" and his "personal interests in the handling of his credit information are individualized rather than collective."[103] The Supreme Court vacated and remanded, holding that the Ninth Circuit’s Article III analysis was "incomplete"; although it considered whether the alleged injury was "particularized," it had "overlooked" whether Robins had also alleged a "concrete" injury.[104]  The Court explained that it has "made it clear time and time again that an injury in fact must be both concrete and particularized."[105] An injury must be "particularized" in that it "must affect the plaintiff in a personal and individual way."[106]  But while "[p]articularization is necessary to establish injury in fact, . . . it is not sufficient" because "[a]n injury in fact must also be ‘concrete.’"[107] While the Court did not resolve whether Robins had alleged a concrete injury, it provided guidance on the meaning of this requirement and the role that statutes play in assessing whether a plaintiff has standing under Article III.  The Court first explained that "[a]lthough tangible injuries are perhaps easier to recognize, . . . intangible injuries can nevertheless be concrete."[108] The Court made clear that this "does not mean that a plaintiff automatically satisfies the injury-in-fact requirement whenever a statute grants a person a statutory right and purports to authorize that person to sue to vindicate that right."[109]  Rather, "Article III standing requires a concrete injury even in the context of a statutory violation."[110]  Thus, "Robins could not, for example, allege a bare procedural violation, divorced from any concrete harm, and satisfy the injury-in-fact requirement of Article III."[111]  The Court, however, noted that it is possible for a "risk of real harm" to "satisfy the requirement of concreteness," and acknowledged that "the violation of a procedural right granted by statute can be sufficient in some circumstances to constitute injury in fact."[112] After the decisions in Clapper and Spokeo, plaintiffs have become more adept at pleading standing, and more and more suits are therefore surviving motions to dismiss.  In the immediate wake of Clapper, the majority of courts deciding data breach cases held that absent allegations of actual identity theft or other fraud, increased risk of harm alone is insufficient to confer Article III standing.[113]  But plaintiffs have succeeded in pleading the requisite "certainly impending" harm when they are able to point to alleged injuries such as unlawful charges, restricted or blocked access to bank accounts, inability to pay bills, or late payment charges or new card fees.[114]  In the short time since the Supreme Court’s decision in Spokeo, lower courts have continued to grapple with when, and how, a statutory violation can create standing.  While several courts have held that plaintiffs fail to allege a concrete injury when their harm is based on a procedural violation of a statute,[115] others have found that plaintiffs can survive under Spokeo, especially where a statute creates substantive, not only procedural, rights.[116] One issue that could arise for health care, pharmaceutical and biotech companies in this context relates to the nature of the information they possess.  Whereas plaintiffs have had difficulty showing that mere disclosure of their identity—without more—creates standing, health-related information is more sensitive.  Thus far, medical information has not necessarily been subject to any heightened standard absent a showing of actual harm.  Indeed, several courts that have considered alleged breaches related to medical records and personal health information have declined to find standing.[117]  But as plaintiffs become more adept at pleading around the standing requirement, precisely how courts analyze standing in the context of health-related information after Clapper and Spokeo remains to be seen. 4.4     Shareholder and Securities Litigation 4.4.1      Shareholder Derivative Litigation Some corporate data breaches also may result in shareholder derivative litigation against a company’s officers and directors, alleging breaches of fiduciary duties, mismanagement, abuse of control, and/or corporate waste relating to a company’s policies and procedures concerning cybersecurity, disclosures, and response to cyberattacks.  To date, plaintiffs have not had great success pursuing such claims.  But the risk of shareholder derivative litigation remains alive in any data breach situation, so boards and officers should be proactive in addressing cybersecurity practices and disclosures both before and after any breach to protect themselves against liability. In Palkon v. Holmes, one of the few cases to address claims against directors and officers after a cyberattack, plaintiff filed a derivative lawsuit in the District of New Jersey against directors and officers of Wyndham Hotels.  After making a demand on the board that was refused, plaintiff brought an action asserting claims for breach of fiduciary duty, waste of corporate assets, and unjust enrichment, relating to three separate data breaches that took place between April 2008 and January 2010 and impacted more than 600,000 customers, alleging that the defendants failed to implement adequate data security mechanisms and failed to timely disclose the breaches after they occurred.[118]  In October 2014, the district court dismissed the action, finding that the board’s refusal of the shareholder demand constituted a legitimate exercise of the business judgment rule.  The court based this finding on a number of factors, including the fact that the board and audit committee had discussed the breaches and data security at numerous meetings, the company had hired technology security firms to investigate the breaches and make recommendations, and the company had begun to implement the recommendations.[119] One of the most prominent derivative actions based on a cyberattack was brought against directors and officers of Target after a breach in 2013 compromised credit card and personal data of up to 110 million people.  In Davis v. Steinhafel, plaintiffs filed derivative lawsuits against Target directors and officers, asserting claims of breach of fiduciary duty, gross mismanagement, waste of corporate assets, and abuse of control.  Plaintiffs alleged that the defendants failed to take adequate steps to prevent a cyberattack, concealed facts from the public, and "bungled" the company’s response to the attack.  In response to the derivative lawsuits and a demand on the board, Target’s board established a Special Litigation Committee, which conducted an extensive, two-year investigation into whether it was in the corporation’s best interests to pursue any of the claims.  The Special Litigation Committee ultimately concluded that it was not in Target’s best interests to pursue such claims based on numerous factual and legal considerations, including the applicability of the business judgment rule protecting reasonably prudent good faith business decisions.[120] After issuing a report containing its conclusions, the Committee made a motion to dismiss the action, which was unopposed by plaintiffs, and was granted in July 2016.[121] Plaintiffs brought similar claims against directors and officers of Home Depot following another high-profile data breach.  In In re the Home Depot, Inc. Shareholder Derivative Litigation, Home Depot shareholders filed a derivative lawsuit in September 2015 in district court in Georgia.  On November 30, 2016, the court dismissed the action on grounds that shareholders failed to either demand that the board take action or demonstrate that such a demand would have been futile.[122]  Since the Home Depot plaintiffs made no demand prior to filing suit, the court turned to the issue of demand futility.[123]  To demonstrate demand futility under Delaware law, a plaintiff must plead particularized facts that establish reasonable doubt regarding the ability and willingness of the board to evaluate a demand in a disinterested manner.[124]  With regard to plaintiffs’ primary claim for breach of the duty of loyalty, the court found that "[w]hen added to the general demand futility standard, the Plaintiffs essentially need to show with particularized facts beyond a reasonable doubt that a majority of the Board faced substantial liability because it consciously failed to act in the face of a known duty to act."[125]  The court concluded that plaintiffs’ allegations that the board violated this duty by disbanding Home Depot’s infrastructure committee and moving too slowly in addressing the security breach were insufficient to overcome this "incredibly high hurdle."[126]  After arriving at a similar conclusion for the claims for corporate waste[127] and violations of Section 14(a) of the Securities Exchange Act,[128] the court held that plaintiffs’ failure to make a pre-suit demand was not excused, dismissed the case with prejudice, and permitted defendants to recover costs.[129] Although the hurdles for success of such shareholder claims remain high, a company experiencing a major breach should be prepared for such litigation.  As the decisions to date demonstrate, in such litigation, it will be important for any defense of directors and officers to be able to show that cybersecurity risks are routinely considered and addressed, even before a breach occurs.  4.4.2     Securities Class Action Litigation In addition to shareholder derivative litigation, in the wake of a cyberattack, there is also a risk of securities class actions premised on a company’s public disclosures about its cybersecurity practices and risks, particularly if a disclosure concerning a breach causes a significant stock price drop. A good starting point for any company seeking to understand its obligations with regard to disclosures about data security is the SEC’s 2011 guidance.[130]  As discussed above in Section 2.3.1, the SEC has recommended that registrants make disclosures related to data security in certain circumstances, including where the risks associated with potential or actual cyber incidents represents a material event for the company or could have a material effect on the financial condition of the company.[131] In the few securities cases that have been filed, plaintiffs have argued that companies committed securities fraud by making misleading statements about their data security practices or the risks posed by cybersecurity incidents or breaches.  For example, in January 2017, Yahoo! Inc. (now Altaba Inc.) was sued after announcements in September and December 2016 that it had suffered significant cybersecurity breaches..[132]  Thus far, however, these types of theories have been largely unsuccessful.  Indeed, in one of the few cases to address such theories, a court rejected plaintiffs’ claims and recognized that even a company’s good-faith statements can be quickly outdated given the challenges of data security issues.[133]  As one court has noted, "[t]he fact that a company has suffered a security breach does not demonstrate that the company did not place significant emphasis on maintaining a high level of security."[134] Nonetheless, the threat of securities fraud litigation is another reason that every company should carefully evaluate its public disclosures regarding its data security practices and risks. 5.     Conclusion Given the varied cybersecurity-related regulatory and litigation risks that health care, pharmaceutical, and biotech companies face, planning, assessment, and preparation are key.  Among other things, such activities require close coordination between companies’ legal, IT, and senior management teams with regard to setting strategy; auditing areas of cyber risk; and developing, implementing, and testing response plans.  While no defense is perfect, making such preparations may help companies minimize the impact of any cybersecurity incidents when such incidents occur.  [1]   15 U.S.C. § 45(a)(1).    [2]   See FTC v. Wyndham Worldwide Corp., 799 F.3d 236, 242 (3d Cir. 2015).     [3]   See Fed. Trade Comm’n, "Commission Statement Marking the FTC’s 50th Data Security Settlement" (Jan. 31, 2014), available at https://www.ftc.gov/system/files/documents/cases/140131gmrstatement.pdf.    [4]   See Wyndham, 799 F.3d at 247.  The hotel chain Wyndham Worldwide Corp. raised this argument (among others) in response to an enforcement action brought by the FTC in the wake of three data breaches suffered by the company.  The FTC alleged that the hotelier’s failure to use encryption, firewalls, and non-obvious passwords constituted an "unfair" practice under Section 5 of the FTC Act.  After Wyndham challenged the FTC’s ability to bring its case, in 2015 the Third Circuit unanimously upheld the FTC’s jurisdiction over such issues.  Id. at 240.  Wyndham entered into a consent order with the FTC shortly thereafter.  Press Release, Fed. Trade Comm’n, Wyndham Settles FTC Charges It Unfairly Placed Consumers’ Payment Card Information At Risk (Dec. 9, 2015), available athttps://www.ftc.gov/news-events/press-releases/2015/12/wyndham-settles-ftc-charges-it-unfairly-placed-consumers-payment.     [5]   Complaint, In the Matter of LabMD, Inc., No. 102-3099 (Aug. 28, 2013), No. 9357.    [6]   Specifically, LabMD challenged the FTC’s authority to bring an enforcement action on three bases, arguing: (1) only HHS is empowered to regulate patient-related or health care data-security practices, and the FTC is thus preempted from initiating enforcement actions in this area; (2) Congress intended for the FTC’s Section 5 "unfairness" authority to be limited and very narrow in scope, demonstrated by the fact that Congress has enacted many other specific statutes governing data security; and (3) the FTC had failed to publish guidelines or standards for data security practices that LabMD could follow and, as a result, the company did not have fair notice as to what a violation of Section 5 would entail.[6]  See Petition for Review from the Fed. Trade Comm’n, In the Matter of LabMD Inc., No. 16-16270, 2016 WL 7474626 (11th Cir. Dec. 27, 2016).    [7]   See Order, In the Matter of LabMD Inc., No. 16-16270 (11th Cir. Nov. 10, 2016).    [8]   For example, a recent settlement involving mobile advertising company inMobi required the company to pay $950,000 in civil penalties and implement a new privacy program that will be independently audited for the next 20 years.  See Press Release, Fed. Trade Comm’n, Mobile Advertising Network InMobi Settles FTC Charges It Tracked Hundreds of Millions of Consumers’ Locations Without Permission (June 22, 2016), available athttps://www.ftc.gov/news-events/press-releases/2016/06/mobile-advertising-network-inmobi-settles-ftc-charges-it-tracked.  See also Press Release, Fed. Trade Comm’n, ASUS Settles FTC Charges That Insecure Home Routers and "Cloud" Services Put Consumers’ Privacy At Risk (Feb. 23, 2016), available athttps://www.ftc.gov/news-events/press-releases/2016/02/asus-settles-ftc-charges-insecure-home-routers-cloud-services-put; Press Release, Fed. Trade Comm’n, FTC Approves Final Order In TRUSTe Privacy Case (Mar. 18, 2015), available athttps://www.ftc.gov/news-events/press-releases/2015/03/ftc-approves-final-order-truste-privacy-case.     [9]   Fed. Trade Comm’n, Start with Security: A Guide for Business, Lessons Learned from FTC Cases (June 2015), available athttps://www.ftc.gov/system/files/documents/plain-language/pdf0205-startwithsecurity.pdf.   [10]   Fed. Trade Comm’n, Data Breach Response: A Guide for Business (Sept. 2016), available athttps://www.ftc.gov/tips-advice/business-center/guidance/data-breach-response-guide-business. [11]   Press Release, Fed. Trade Comm’n, New FTC Website Helps Small Businesses Avoid Scams and Cyber Attacks (May 19, 2017), available athttps://www.ftc.gov/news-events/press-releases/2017/05/new-ftc-website-helps-small-businesses-avoid-scams-cyber-attacks. [12]   799 F.3d at 259. [13]   Id. at 256–57. [14]   Press Release, Fed. Trade Comm’n, Joint Statement of Acting FTC Chairman Maureen K. Ohlhausen and FCC Chairman Ajit Pai on Protecting Americans’ Online Privacy (Mar. 1, 2017), available at https://www.ftc.gov/news-events/press-releases/2017/03/joint-statement-acting-ftc-chairman-maureen-k-ohlhausen-fcc.  [15]   45 C.F.R. § 164.500 et seq. [16]   Id. § 164.504. [17]   Id. § 164.506. [18]   Id. § 164.508. [19]   Id. § 164.510. [20]   Id. § 164.512. [21]   Id. § 164.508. [22]   Id. § 164.512(i). [23]   Id. § 164.512(b). [24]   Id. § 164.504. [25]   Id. §§ 164.302–164.318. [26]   Id. § 164.308. [27]   Id. § 164.400, et seq. [28]   Id. §§ 164.404, 406, 408. [29]   Id. § 164.410. [30]   Id. § 164.402. [31]   E.g., id. § 164.404(b). [32]   The settlements detailed below are only a sample of recent HHS OCR settlements and fines.  Nine settlements have been reached between HHS and various covered entities in the first half of 2017 alone.  A list of settlements can be accessed at https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/index.html. [33]   Press Release, U.S. Dep’t of Health and Human Servs., Office for Civil Rights, $2.5 million settlement shows that not understanding HIPAA requirements creates risk (Apr. 24, 2017), available at https://www.hhs.gov/about/news/2017/04/24/2-5-million-settlement-shows-not-understanding-hipaa-requirements-creates-risk.html. [34]   Press Release, U.S. Dep’t of Health and Human Servs., $5.5 million HIPAA settlement shines light on the importance of audit controls (Feb. 16, 2017), available athttps://www.hhs.gov/about/news/2017/02/16/hipaa-settlement-shines-light-on-the-importance-of-audit-controls.html. [35]   Press Release, U.S. Dep’t of Health and Human Servs., Office for Civil Rights, Lack of timely action risks security and costs money (Feb. 1, 2017), available athttps://www.hhs.gov/about/news/2017/02/01/lack-timely-action-risks-security-and-costs-money.html. [36]   Press Release, U.S. Dep’t of Health and Human Servs., Office for Civil Rights, UMass settles potential HIPAA violations following malware infection (Nov. 22, 2016), available athttps://www.hhs.gov/about/news/2016/11/22/umass-settles-potential-hipaa-violations-following-malware-infection.html. [37]   Id. [38]   Id. [39]  Press Release, U.S. Dep’t of Health and Human Servs., Advocate Health Care Settles Potential HIPAA Penalties for $5.55 Million, available at http://www.hhs.gov/about/news/2016/08/04/advocate-health-care-settles-potential-hipaa-penalties-555-million.html. [40]   Press Release, U.S. Dep’t of Health and Human Servs., Office for Civil Rights, $750,000 HIPAA settlement underscores the need for organization-wide risk analysis (Dec. 14, 2015), available athttps://www.hhs.gov/about/news/2015/12/14/750000-hipaa-settlement-underscores-need-for-organization-wide-risk-analysis.html?language=en. [41]   Id. [42]   Id. [43]   Lisa Lambert & Suzanne Barlyn, SEC says cyber security biggest risk to financial system, Reuters (May 18, 2016), available at http://www.reuters.com/article/us-finance-summit-sec-idUSKCN0Y82K4. [44]   SeeOCIE’s 2015 Cybersecurity Examination Initiative, Nat’l Exam Program Risk Alert, Vol. IV, Issue 8 (Sept. 15, 2015), available at https://www.sec.gov/ocie/announcement/ocie-2015-cybersecurity-examination-initiative.pdf; Carmen Germain, SEC Poised to Turn Cybersecurity Focus Into Enforcement, Law360.com, July 7, 2017, available athttps://www.law360.com/cybersecurity-privacy/articles/937197/sec-poised-to-turn-cybersecurity-focus-into-enforcement?nl_pk=daebfb21-b47a-48aa-a4f0-e78841e97f3a&utm_‌source=newsletter&‌utm_‌medium=email&utm_campaign=cybersecurity-privacy. [45]   Jay Clayton, Chairman, Sec. and Exch. Comm’n, Remarks at the Economic Club of New York (July 12, 2017), available at https://www.sec.gov/news/speech/remarks-economic-club-new-york. [46]   Sec. and Exch. Comm’n, CF Disclosure Guidance: Topic No. 2, Cybersecurity (Oct. 13, 2011), available at https://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm. [47]   Id. [48]   Comm’r Luis Aguilar, Sec. and Exch. Comm’n, Boards of Directors, Corporate Governance and Cyber-Risks: Sharpening the Focus (June 10, 2014), available at https://www.sec.gov/News/Speech/Detail/Speech/1370542057946. [49]   Id. [50]   OCIE’s Cybersecurity: Ransomware Alert, Nat’l Exam Program Risk Alert, Vol. VI, Issue 4 (May 17, 2017), available at https://www.sec.gov/files/risk-alert-cybersecurity-ransomware-alert.pdf. [51]   17 C.F.R. § 248.30; see also Sec. and Exch. Comm’n, Regulation S-P, available at https://www.sec.gov/spotlight/regulation-s-p.htm. [52]   Teri Robinson, "R.T. Jones reaches settlement with SEC in data breach case," SC Magazine (Sept. 23, 2015), available athttp://www.scmagazine.com/sec-hits-security-adviser-with-75000-penalty-in-breach-settlement/article/440268/. [53]   SeeIn re Craig Scott Capital, Sec. Exch. Act Release No. 77595, Admin. Proceeding File No. 3-17206 (Apr. 12, 2016) (Order), available athttps://www.sec.gov/litigation/admin/2016/34-77595.pdf. [54]   Press Release, Sec. and Exch. Comm’n, SEC: Morgan Stanley Failed to Safeguard Customer Data (June 8, 2016), available at https://www.sec.gov/news/pressrelease/2016-112.html. [55]   See In re Morgan Stanley Smith Barney LLC, Sec. Exch. Act Release No. 78021, Inv. Advisers Act Release No. 4415, Admin. Proceeding File No. 3-17280 (June 8, 2016), available athttps://www.sec.gov/litigation/admin/2016/34-78021.pdf. [56]   Id. at 6. [57]   Andrew Ceresney, Dir., Sec. and Exch. Comm’n, Compliance Outreach Program – 2016 National Seminar for Inv. Adviser and Inv. Co. Senior Officers, Webcast (Apr. 19, 2016), available athttps://www.sec.gov/video/webcast-archive-player.shtml?document_id=041916ccoia. [58]   James Scott & Drew Spaniel, Assessing the FDA’s Cybersecurity Guidelines for Medical Device Manufacturers: Why Subtle ‘Suggestions’ May Not Be Enough 1 (2016), available at http://icitech.org/wp-content/uploads/2016/02/ICIT-Blog-FDA-Cyber-Security-Guidelines2.pdf. [59]   Food and Drug Admin., Postmarket Management of Cybersecurity in Medical Devices: Guidance for Industry and Food and Drug Administration Staff (Dec. 2016), available at https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM482022.pdf. [60]   Food and Drug Admin., Webinar – Postmarket Management of Cybersecurity in Medical Devices Final Guidance (Jan. 12, 2017), available at https://www.fda.gov/MedicalDevices/NewsEvents/WorkshopsConferences/ucm534592.htm. [61]   Food and Drug Admin., Content of Premarket Submissions for Management of Cybersecurity in Medical Devices; Guidance for Industry and Food and Drug Administration Staff; Availability, 79 Fed. Reg. 59,493 (Oct. 2, 2014), available at https://www.federalregister.gov/documents/2014/10/02/2014-23457/content-of-premarket-submissions-for-management-of-cybersecurity-in-medical-devices-guidance-for. [62]   Food and Drug Admin., Warning Letter to Abbott (St. Jude Medical Inc.) (Apr. 12, 2017), available at https://www.fda.gov/iceci/enforcementactions/warningletters/2017/ucm552687.htm. [63]   See, e.g., 201 CMR 17.00 (promulgated under Mass. Gen. Law 93H) (establishing minimum data security standards for storing consumers’ personal information); Nev. Rev. Stat. 603A.210 (same). [64]   See, e.g., California v. Kaiser Foundation Health Plan, Inc., No. RG14711370 (Cal. Sup. Ct., Alameda Co., Feb. 10, 2014) (Kaiser paid $150,000 to settle claims by the California Attorney General that Kaiser’s notification regarding a breach of personal information was unreasonably delayed; according to the California Attorney General, Kaiser should have provided notice as soon as it determined that particular individuals’ information had been or was "reasonably believed to have been" breached.). [65]   Rachel Abrams, Target to Pay $18.5 Million to 47 States in Security Breach Settlement (May 23, 2017), available at https://www.nytimes.com/2017/05/23/business/target-security-breach-settlement.html. [66]   Atty. Gen. Kamala D. Harris, Cybersecurity in the Golden State: How California Businesses Can Protect Against and Respond to Malware, Data Breaches and Other Cyberincidents (Feb. 2014), available athttps://oag.ca.gov/sites/all/files/agweb/pdfs/cybersecurity/2014_cybersecurity_guide.pdf. [67]   On March 1, 2017, new cybersecurity regulations enforced by the New York State Department of Financial Services ("DFS") became effective.  See http://www.dfs.ny.gov/about/cybersecurity.htm.  [68]   See Charter of Fundamental Rights of the European Union art. 8, 2000 O.J. C 364/01, available athttp://www.europarl.europa.eu/charter/pdf/text_en.pdf. [69]   See Directive 95/46/EC of the European Parliament and of the Council of 24 Oct. 1995 on the Protection Of Individuals With Regard To The Processing Of Personal Data And On The Free Movement Of Such Data, 1995 O.J. L 281/31, available athttp://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:31995L0046&from=EN.‌ [70]   See id. at 47–48. [71]   Issuance of Safe Harbor Principles and Transmission to European Commission, 65 Fed. Reg. 45666 (July 24, 2000). [72]   See Case C-362/14, Maximillian Schrems v. Data Prot. Comm’r, 2015 E.C.R. I-1-35, available athttps://cdt.org/files/2015/10/schrems.pdf. [73]   A complete overview of the requirements and benefits of the Framework is maintained at www.privacyshield.gov. [74]   Queen’s Speech: new data protection law, BBC (June 21, 2017), available at http://www.bbc.com/news/technology-40353424. [75]   China data protection tightened in new laws, BBC (May 31, 2017), available athttp://www.bbc.com/news/technology-40106826. [76]   Mike Orcutt, Unprecedented Cyber Law Signals Its Intent to Protect a Precious Commodity: Data, MIT Technology Review (June 1, 2017), available athttps://www.technologyreview.com/s/608010/chinas-unprecedented-cyber-law-signals-its-intent-to-protect-a-precious-commodity-data/. [77]   Sophia Yan, China’s new cybersecurity law takes effect today, and many are confused, CNBC (June 1, 2017), available at http://www.cnbc.com/2017/05/31/chinas-new-cybersecurity-law-takes-effect-today.html. [78]   E.g., Smith v. Triad of Ala., LLC, 2017 WL 1044692 (M.D. Ala. Mar. 17, 2017) (discussing data breach that allegedly involved a maximum of 1,208 affected individuals); Khan v. Children’s Nat’l Health Sys., 188 F. Supp. 3d 524, 527 (D. Md. 2016) (allegations based on purported disclosure of 18,000 patient records). [79]   See Order re Motion for Preliminary Approval of Class Settlement, Corona v. Sony Pictures Entm’t, Inc., No. 14-cv-09600 (C.D. Cal. Nov. 24, 2015); see also Ben Fritz, Sony Pictures Settles Emp. Class Action Over Hack, Wall St. J., Oct. 20, 2015, available athttp://www.wsj.com/articles/sony-pictures-settles-employee-class-action-over-hack-1445369345. [80]   See, e.g., Dugas v. Starwood Hotels & Resorts Worldwide, Inc., No. 16-CV-00014, 2016 WL 6523428, at *12 (S.D. Cal. Nov. 3, 2016) (discussing allegations that defendant "did not take adequate security measures to protect the information they obtained, [] and that Defendants owed a duty to Plaintiff and class members to exercise reasonable care in [] securing, safeguarding, and protecting [] personal information" (internal quotations and citations omitted)); see also In re Sony Gaming Networks & Customer Data Sec. Breach Litig., 996 F. Supp. 2d 942, 963 (S.D. Cal. 2014) (discussing allegations that "Sony had a duty to provide reasonable security consistent with industry standards, to ensure Sony Online Services were secure, and to protect Plaintiffs’ Personal Information from theft or misuse . . . . [and that] Sony breached this duty by failing to adequately secure its network"). [81]   See, e.g., In re Barnes & Noble Pin Pad Litig., No. 12-CV-8617, 2013 WL 4759588, at *4 (N.D. Ill. Sept. 3, 2013) (dismissing invasion of privacy claim for lack of standing). [82]   See, e.g., In re Target Corp. Data Sec. Breach Litig., 66 F. Supp. 3d 1154, 1177–78 (D. Minn. 2014) (discussing theory of unjust enrichment in data breach cases). [83]   See, e.g., In re Sony Gaming Networks & Customer Data Sec. Breach Litig., 996 F. Supp. 2d 942, 976, 990 (S.D. Cal. 2014) (granting in part and denying in part a motion to dismiss claim for negligent and fraudulent misrepresentations). [84]   15 U.S.C. § 1681. [85]   5 U.S.C. § 552a. [86]   18 U.S.C. § 2702(a)(1). [87]   See, e.g., Holmes v. Countrywide Fin. Corp., No. 08-CV-00205, 2012 WL 2873892, at *15–17 (W.D. Ky. July 12, 2012) (granting motion to dismiss under FCRA where claims were not against a "consumer credit reporting agency"); In re Sci. Applications Int’l Corp. (SAIC) Backup Tape Data Theft Litig., 45 F. Supp. 3d 14, 28–34 (D.D.C. 2014) (granting motion to dismiss claims under the Privacy Act); Worix v. MedAssets, Inc., 857 F. Supp. 2d 699, 701 (N.D. Ill. 2012) (granting motion to dismiss under Stored Communications Act). [88]   There are also a handful of federal statutes that plaintiffs use to litigate data privacy issues—separate from instances of data breaches.  These statutes (e.g., the Wiretap Act or the Telephone Consumer Protection Act) most often focus on the collection or disclosure of communications. [89]   In re Michaels Stores Pin Pad Litig., 830 F. Supp. 2d 518, 528 (N.D. Ill. 2011) (denying motion to dismiss under Illinois Consumer Fraud Act). [90]   See, e.g., 201 CMR 17.00 (Massachusetts’ "Standards for the Protection of Personal Information of Residents of the Commonwealth"). [91]   See, e.g., Cal. Civ. Code §§ 1798.29, 1798.80 et seq.; N.Y. Gen. Bus. Law § 899-aa; N.Y. State Tech. Law § 208. [92]   See, e.g., Remijas v. Neiman Marcus Grp., LLC, 794 F.3d 688, 690–91 (7th Cir. 2015) (discussing claims for "negligence, breach of implied contract, unjust enrichment, unfair and deceptive business practices, invasion of privacy, and violation of multiple state data breach laws"). [93]   See, e.g., In re Anthem, Inc. Data Breach Litig., No. 15-MD-02617, 2016 WL 3029783, at *39 (N.D. Cal. May 27, 2016) (discussing claims under state laws in New Jersey, New York, California, and Georgia). [94]   See, e.g., In re Target Corp. Data Sec. Breach Litig., 66 F. Supp. 3d at 1176–77 (discussing claims for breach of a credit card contract and "an implied contract in which Plaintiffs agreed to use their credit or debit cards to purchase goods at Target and Target agreed to safeguard Plaintiffs’ personal and financial information"). [95]   For example, companies have been subject to lawsuits by business partners, including financial institutions and other entities which suffered financial losses associated with a cyberattack on a business partner.  This type of litigation has arisen most frequently against retailers when credit and debit cards have been compromised.  See, e.g., Consolidated Class Action Complaint, In re Target Corp. Customer Data Sec. Breach Litig., No. 14-md- 02522 (D. Minn. Aug. 1, 2014) ECF No. 163. [96]   See, e.g., Darlene Storm, MEDJACK: Hackers hijacking medical devices to create backdoors in hospital networks, Computerworld (June 8, 2015), available at http://www.computerworld.com/article/2932371/cybercrime-hacking/medjack-hackers-hijacking-medicaldevices-to-create-backdoors-in-hospital-networks.html. [97]   In re Google, Inc. Privacy Policy Litig., No. 12-CV-01382, 2013 WL 6248499, at *4 (N.D. Cal. Dec. 3, 2013). [98]   133 S. Ct. 1138, 1147 (2013). [99]   Id. at 1148. [100]   Id. at 1151. [101]   136 S. Ct. 1540 (2016), as revised (May 24, 2016). [102]   Id. at 1543 [103]   Robins v. Spokeo, Inc., 742 F.3d 409, 413–14 (9th Cir. 2014) (emphasis in original). [104]   Spokeo, Inc., 136 S. Ct. at 1548–50. [105]   Id. at 1548 (emphasis in original). [106]   Id. [107]   Id. [108]   Id. at 1549. [109]   Id. [110]   Id. [111]   Id. [112]   Id. [113]   See, e.g., Storm v. Paytime, Inc., 90 F. Supp. 3d 359, 368 (M.D. Pa. 2015) (finding no standing where plaintiffs did not allege that they actually suffered any form of identity theft as a result of the defendant’s data breach); Green v. eBay Inc., No. 14-1688, 2015 WL 2066531, *1, *5 (E.D. La. May 4, 2015) (citing Clapper and finding threat of future harm stemming from disclosure of names, passwords, birthdates, email and physical addresses "far too hypothetical or speculative"); Peters v. St. Joseph Servs. Corp., 74 F. Supp. 3d 847, 850, 854 (S.D. Tex. 2015) (finding alleged future harm "speculative" where disclosed information included social security numbers, addresses, medical records and bank account information, and where fraudulent credit card purchase was declined); In re Zappos.com, Inc., 108 F. Supp. 3d 949, 958–59 (D. Nev. 2015) (distinguishing cases within the Ninth Circuit that conferred standing based on increased risk of harm alone, and holding that increased risk of future harm was insufficient to confer standing given no evidence of personal data misuse in three-year period). [114]   See, e.g., Galaria v. Nationwide Mut. Ins. Co., No. 15-3386, 2016 WL 4728027, at *3 (6th Cir. Sept. 12, 2016) (finding standing based on "a substantial risk of harm, coupled with reasonably incurred mitigation costs"); Remijas, 794 F.3d at 692 (finding standing based on allegations of, among other things, "lost time and money resolving [] fraudulent charges" and "protecting [] against future identity theft"). [115]   See, e.g., Smith v. Ohio State Univ., No. 15-CV-3030, 2016 WL 3182675, at *4 (S.D. Ohio June 8, 2016) (finding no Article III standing under FCRA); Gubala v. Time Warner Cable, Inc., No. 15-cv-1078, 2016 WL 3390415, at *5 (E.D. Wis. June 17, 2016) (finding plaintiff failed to allege a concrete harm where his suit was based on the defendant’s failure to comply with the Cable Communications Policy Act); Khan, 188 F. Supp. 3d at 534 (finding plaintiff failed to connect the alleged statutory and common law violations to a concrete harm). [116]   Aranda v. Caribbean Cruise Line, Inc., No. 12 C 4069, 2016 WL 4439935, at *6 (N.D. Ill. Aug. 23, 2016) (finding plaintiff’s allegations of harm under the Telephone Consumer Protection Act were "concrete and particularized, traceable to defendants’ conduct, and judicially redressable"). [117]   See Fernandez v. Leidos, Inc., 127 F. Supp. 3d 1078, 1087 (E.D. Cal. 2015)  (holding plaintiff had not "shown he has standing to bring actual identity theft, identity fraud and/or medical fraud claims"); In re Sci. Applications Int’l Corp. (SAIC) Backup Tape Data Theft Litig., 45 F. Supp. 3d at 19 ("[T]he mere loss of data—without evidence that it has been either viewed or misused—does not constitute an injury sufficient to confer standing."). [118]   Verified Shareholder Derivative Complaint for Breach of Fiduciary Duty, Waste of Corporate Assets, and Unjust Enrichment, Palkon v. Holmes, No. 14-cv-01234, 2014 WL 11071195 (D.N.J. May 2, 2014). [119]   Palkon v. Holmes, No. 14-cv-01234, 2014 WL 5341880, at *5–7 (D.N.J. Oct. 20, 2014). [120]   Target Corp. Report of the Special Litig. Comm., Davis v. Steinhafel, No. 14-cv-00203 (D. Minn. May 5, 2016), ECF No. 62-2. [121]   Davis v. Steinhafel, No. 14-cv-00203 (D. Minn. July 7, 2016), ECF No. 88. [122]   Opinion and Order at 11, In re The Home Depot, Inc. S’holder Derivative Litig., No. 1:15-cv-2999-TWT (N.D. Ga. Nov. 30, 2016), ECF No. 62. [123]   Id. at 11–12. [124]   Id. at 13–14. [125]   Id. at 14. [126]   Id. at 14–18. [127]   Id. at 22. [128]   Id. at 30. [129]   Judgment at 1, In re The Home Depot, Inc. S’holder Derivative Litig., No. 1:15-cv-2999-TWT (N.D. Ga. Nov. 30, 2016), ECF No. 63.  Before plaintiffs appealed, the parties reached a settlement including $1,125,000 in attorneys’ fees to plaintiffs.  See  In re The Home Depot, Inc. S’holder Derivative Litig., No. 1:15-CV-2999, 2017 WL 1830055 (N.D. Ga. Apr. 28, 2017) (stipulation of settlement and release agreement). [130]   See Sec. & Exch. Comm’n, Div. of Corp. Fin., CF Disclosure Guidance: Topic No. 2 – Cybersecurity (Oct. 13, 2011), available at https://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm. [131]   See id. [132]   See Complaint, Madrack v. Yahoo! Inc., No. 5:17-cv-00373 (N.D. Cal. Jan. 24, 2017). [133]   See, e.g., In re Heartland Payment Sys., Inc. Sec. Litig., No. 09-1043, 2009 WL 4798148, at *2, *7 (D.N.J. Dec. 7, 2009) (granting motion to dismiss where plaintiffs alleged that "statements concerning the general state of security [] [we]re fraudulent because [company officers] were aware that Heartland had poor data security and had not remedied the problem"); Avila v. LifeLock Inc., No. 15-01398, 2016 WL 4157358, at *7 (D. Ariz. Aug. 3, 2016) (granting motion to dismiss claims of misrepresentations concerning effectiveness of identity theft protection services and compliance with applicable payment card industry standards because plaintiffs failed to show that public statements regarding the company’s data security practices were made with scienter). [134]   In re Heartland Payment Sys., 2009 WL 4798148, at *5 (internal quotations omitted). The following Gibson Dunn lawyers prepared this client update: Jennifer L. Conn, Ryan T. Bergsieker, Reid F. Rector and Danielle Serbin. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the above developments.  Please contact the Gibson Dunn lawyer with whom you usually work, or the following authors: Jennifer L. Conn – New York (+1 212-351-4086, jconn@gibsondunn.com)Ryan T. Bergsieker – Denver (+1 303-298-5774, rbergsieker@gibsondunn.com) Please also feel free to contact the following practice group leaders: Alexander H. Southwell – Chair, Privacy, Cybersecurity and Consumer Protection Practice, New York (+1 212-351-3981, asouthwell@gibsondunn.com) Caroline Krass – Chair, National Security Practice, Washington, D.C. (+1 202-887-3784, ckrass@gibsondunn.com) Daniel J. Thomasch – Co-Chair, Life Sciences Practice, New York (+1 212-351-3800, dthomasch@gibsondunn.com) Tracey B. Davies – Co-Chair, Life Sciences Practice, Dallas (+1 214-698-3335, tdavies@gibsondunn.com) Ryan A. Murr – Co-Chair, Life Sciences Practice, San Francisco (+1 415-393-8373, rmurr@gibsondunn.com) Stephen C. Payne – Chair, FDA and Health Care Practice, Washington, D.C. (+1 202-887-3693, spayne@gibsondunn.com)   © 2017 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

August 2, 2017 |
Webcast: 2017 Mid-Year Update: The False Claims Act and Drug and Device Manufacturers

​The False Claims Act (FCA) is well-known as one of the most powerful tools in the government’s arsenal to combat fraud, waste and abuse anywhere government funds are implicated. The U.S. Department of Justice has made clear that vigorous FCA enforcement is here to stay,  with newly filed cases remaining at historical peak levels and the DOJ  on pace to recover more than $3 billion from FCA cases for the seventh straight year.  More than ever, any company that deals in government funds—including companies in the education, health care and life sciences, government contracting and financial services sectors—needs to stay abreast of how the government and private whistleblowers alike are wielding this tool, and how they can prepare and defend themselves. Please join Gibson Dunn for a 90-minute discussion of the latest developments in FCA, including: The latest trends in FCA enforcement actions and associated litigation involving drug and device manufacturers; Updates on the Trump Administration’s approach to FCA enforcement; Notable legislative and administrative developments affecting the FCA’s statutory framework and application; and The latest developments in FCA case law following the Supreme Court’s Escobar decision. View Slides PDF   PANELISTS: Stuart Delery is a partner in the Washington, D.C. office. He represents corporations and individuals in high-stakes litigation and investigations that involve the federal government across the spectrum of regulatory litigation and enforcement. Previously, as the Acting Associate Attorney General of the United States (the third-ranking position at the Department of Justice) and as Assistant Attorney General for the Civil Division, he supervised the DOJ’s enforcement efforts under the FCA, FIRREA and the Food, Drug and Cosmetic Act. Marian J. Lee is a partner in the Washington, D.C. office, where she provides FDA regulatory and compliance counseling to life science and health care companies. She has significant experience advising clients on FDA regulatory strategy, risk management, and enforcement actions. She regularly advises companies during FDA inspections and investigations, and she has led an array of regulatory assessments for mergers, acquisitions, and other transactions involving FDA-regulated entities. John Partridge is a partner in the Denver office. He focuses on white collar defense, internal investigations, regulatory inquiries, corporate compliance programs, and complex commercial litigation. He has particular experience with the FCA and the FCPA, including advising major corporations regarding their compliance programs. Jonathan Phillips is a senior associate in the Washington, D.C. office, where his practice focuses on FDA and health care compliance, enforcement, and litigation, as well as other government enforcement matters and related litigation. He has substantial experience representing pharmaceutical, medical device, and health care provider clients in investigations by the DOJ, FDA, and Department of Health and Human Services Office of Inspector General. Previously, he served as a Trial Attorney in the Civil Division, Fraud Section of the DOJ, where he investigated and prosecuted allegations of fraud against the U.S. under the FCA and related statutes.   MCLE CREDIT INFORMATION: This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 1.80 credit hours, of which 1.80 credit hours may be applied toward the areas of professional practice requirement.  This course is approved for transitional/non-transitional credit only. Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast.  Please contact Jeanine McKeown (National Training Administrator), at 213-229-7140 or jmckeown@gibsondunn.com  to request the MCLE form. Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.50 hours. California attorneys may claim “self-study” credit for viewing the archived version of this webcast.  No certificate of attendance is required for California “self-study” credit.

July 31, 2017 |
Federal Circuit Update (July 2017)

This July 2017 edition of Gibson Dunn’s Federal Circuit Update discusses four recent Supreme Court decisions covering venue, exhaustion, biosimilars, and offensive trademarks, and two Federal Circuit cases regarding inter parties review now pending before the Supreme Court.  This update also includes summaries of the two appeals pending before the en banc court, also regarding inter partes review procedures.  Also included is an overview of the process for cross-appealing before the Federal Circuit, as well as summaries of a pair of key recent decisions relating to fee awards that reach opposite results. Federal Circuit News The Supreme Court continues to be very active in its review of Federal Circuit decisions, issuing four opinions in the last two months. In TC Heartland LLC v. Kraft Foods Group Brands LLC, No. 16-341 (May 22, 2017) (available here) (in-depth analysis by Gibson Dunn available here), the Court reversed the Federal Circuit’s decision and long-standing precedent allowing patent suits to be filed anywhere that personal jurisdiction existed over a defendant.  Consistent with its earlier precedent, the Court held that, instead, a "domestic corporation ‘resides’ only in its State of incorporation for purposes of the patent venue statute [28 U.S.C. § 1400(b)]."                                                                             In Impression Products, Inc. v. Lexmark International, Inc., No. 15-1189 (May 30, 2017) (available here) (earlier Gibson Dunn coverage available here), the Court addressed international patent exhaustion and post-sale restrictions.  The Court held that: (1) "[a] patentee’s decision to sell a product exhausts all of its patent rights in that item, regardless of any restrictions the patentee purports to impose"; and (2) "[a]n authorized sale outside the United States, just as one within the United States, exhausts all rights under the Patent Act."  In Sandoz Inc. v. Amgen Inc., Nos. 15-1039, 15-1195 (June 12, 2017) (available here), the Court held that under 42 U.S.C. § 262(l) from the BPCIA a biosimilar manufacturer does not need to wait for FDA approval before giving its 180-day notice to the manufacturer of the corresponding biologic that it intends to commercially market the biosimilar, and that that the biosimilar manufacturer can give the 180-day notice "before or after receiving FDA approval."  In addition, the Court held that, where a biosimilar manufacturer fails to provide the manufacturer of the corresponding biologic a copy of the biologics application as required under Section 262(l), courts cannot provide recourse through an injunction under federal law.  The Court remanded to the Federal Circuit to determine whether a state-law injunction is available. In Matal v. Tam, No. 15-1293 (June 19, 2017) (available here) (in-depth analysis by Gibson Dunn available here), the Court addressed the constitutionality of the Lanham Act’s disparagement clause.  The Court held the disparagement clause, "which denies registration to any mark that is offensive to a substantial percentage of the members of any group," violates the First Amendment’s free speech clause.  In reaching that conclusion, the Supreme Court held that trademarks "are private, not government speech."  The Supreme Court has also granted certiorari on two cases from the Federal Circuit: Case Status Issue Oil States Energy Services, LLC v. Greene’s Energy Group, LLC, No. 16-712 Cert. granted Constitutionality of inter partes review under Article III and the Seventh Amendment SAS Institute Inc. v. Matal, No. 16-969 Cert. granted The number of claims that must be addressed by the Patent Trial and Appeal Board in a final written decision during inter partes review Upcoming En Banc Federal Circuit Cases In re Aqua Prods., Inc., No. 15-1177 (Fed. Cir.):  Allocations of the burdens of persuasion and production when a patent owner moves to amend in an inter partes review proceeding. The PTAB instituted an inter partes review proceeding against Aqua’s patent, which relates to automated swimming pool cleaners.  Aqua moved to amend the challenged claims to distinguish the cited prior art.  The PTAB, however, denied Aqua’s motion, determining that Aqua failed to carry its burden of showing patentability of the proposed substitute claims over the prior art of record.  On appeal, the PTO intervened to defend the PTAB’s decision.  The Federal Circuit affirmed (decision available here).  Eight amicus briefs have been filed: three in favor of neither party (American Intellectual Property Law Association, Intellectual Property Owners Association, and Houston Intellectual Property Law Association), three in favor of Aqua Products (Case Western Reserve University School of Law Intellectual Property Venture Clinic and Ohio Venture Association, Pharmaceutical Research and Manufacturers of America, and Biotechnology Innovation Organization), and two in favor of the PTO (Askeladden, L.L.C. and Internet Association et al.).  Oral argument was heard on December 9, 2016. Questions Presented: (a)  When the patent owner moves to amend its claims under 35 U.S.C. § 316(d), may the PTO require the patent owner to bear the burden of persuasion, or a burden of production, regarding patentability of the amended claims as a condition of allowing them?  Which burdens are permitted under 35 U.S.C. § 316(e)? (b)  When the petitioner does not challenge the patentability of a proposed amended claim, or the PTAB thinks the challenge is inadequate, may the PTAB sua sponte raise patentability challenges to such a claim?  If so, where would the burden of persuasion, or a burden of production, lie? Wi-Fi One, LLC v. Broadcom Corp., No. 15-1944 (Fed. Cir.):  The Federal Circuit’s jurisdiction to review the PTAB’s determination that a petitioner is not time-barred under 35 U.S.C. § 315(b).  The PTAB instituted an inter partes review proceeding against Wi-Fi One’s patent.  Wi-Fi One argued that Broadcom was time-barred under 35 U.S.C. § 315(b) from seeking review because Broadcom was in privity with time-barred district court litigants.  The PTAB disagreed, determining that Wi-Fi One did not establish that Broadcom had sufficient control over district court litigation to support a privity finding.  On appeal, the Federal Circuit held that it does not have jurisdiction to review the PTAB’s determination that Broadcom was not time-barred, holding that the Supreme Court’s decision in Cuozzo Speed Technologies, LLC v. Lee, 136 S. Ct. 2131 (2016), did not implicitly overrule prior Federal Circuit precedent on the issue (decision available here).  To date, two amicus briefs have been filed in support of Wi-Fi One (WesternGeco LLC and 3DS Innovations, LLC), eight amicus briefs have been filed in support of neither party (Jeremy Cooper Doerre, New York Intellectual Property Law Association, Federal Circuit Bar Association, Intellectual Property Owners Association, Boston Patent Law Association, Professors of Patent and Administrative Law, American Intellectual Property Law Association, and Biotechnology Innovation Organization), and three amicus briefs have been filed in support of Broadcom (Oracle, Intel, and Apple).  Oral argument was heard on May 4, 2017.  Question presented: Should this court overrule Achates Reference Publishing, Inc. v. Apple Inc., 803 F.3d 652 (Fed. Cir. 2015) and hold that judicial review is available for a patent owner to challenge the PTO’s determination that the petitioner satisfied the timeliness requirement of 35 U.S.C. § 315(b) governing the filing of petitions for inter partes review? Federal Circuit Practice Update Cross-Appealing.  Cross-appealing is "only necessary and appropriate" if a party "seeks to enlarge its own rights under the judgment or to lessen the rights of its adversary under the judgment."  Bailey v. Dart Container Corp. of Mich., 292 F.3d 1360, 1362 (Fed. Cir. 2002).  For example, if a district court finds an asserted patent not infringed and not invalid, and the Federal Circuit modifies the non-infringement judgment and remands, the district may only reopen the invalidity judgment on remand if the defendant had cross-appealed the invalidity finding.  Lazare Kaplan Int’l, Inc. v. Photoscribe Techs., Inc., 714 F.3d 1289, 1297 (Fed. Cir. 2013). Unlike other federal courts of appeal, the Federal Circuit does not does not permit "protective" or "conditional" cross-appeals, i.e., appeals that preserve challenges to the trial court or agency’s rulings in the event that the court of appeals modifies the judgment.  Aventis Pharma S.A. v. Hospira, Inc., 637 F.3d 1341, 1343 (Fed. Cir. 2011).  Instead, the appellee is "free to devote as much of [its] responsive briefing as needed to flesh out additional arguments and alternative grounds for affirming the judgment on appeal," but the appellee is "not free . . . to game the system by filing a cross-appeal to obtain the final word: this is neither fair to the appellant nor an efficient use of the appellate process."  Id. Procedurally, the party that first files a notice of appeal is designated the appellant; if the notices of appeal are filed on the same day, the plaintiff below is designated the appellant, and the other party is referred to as either the appellee or the cross-appellant.  Fed. R. App. P. 28.1(b).  The briefing structure in a case that involves a cross-appeal includes four briefs. The Appellant’s Principal Brief.  The Appellant’s Principal Brief addresses issues raised in the appellant’s notice of appeal.  The Appellant’s Principal Brief has a blue cover and is limited to 14,000 words.  Fed. R. App. P. 28.1(d); Fed Cir. R. 28.1(b)(1)(A).  The Appellant’s Principal Brief must at least include the contents specified in Rule 28(a) of the Federal Rules of Appellate Procedure and must comply with Rule 28(a) of the Federal Circuit Rules.  Fed. R. App. P. 28.1(c)(1). The Appellee’s Principal and Response Brief.  Due 40 days after the Appellant’s Principal Brief, the Appellee’s Principal and Response Brief responds to issues raised in the Appellant’s Principal Brief and may address all the issues in the appellee’s notice of appeal. Fed. Cir. R. 31(a)(2); Fed. R. App. P. 28.1(c)(2).  The Appellee’s Principal and Response Brief has a red cover and is limited to 16,500 words.  Fed. R. App. P. 28.1(d); Fed Cir. R. 28.1(b)(2)(A).  The Appellee’s Principal and Response Brief must at least include the contents specified in Rule 28(a) of the Federal Rules of Appellate Procedure and must comply with Rule 28(a) of the Federal Circuit Rules, except that this brief need not include a statement of the case unless the appellee is dissatisfied with the appellant’s statement.  Fed. R. App. P. 28.1(c)(2).         The Appellant’s Response and Reply Brief. The Appellant’s Response and Reply Brief must be filed within 40 days of the Appellee’s Principal and Response Brief and can respond to all issues raised in the Appellee’s Principal and Response Brief.  Fed. Cir. R. 31(a)(3)(A); Fed. R. App. P. 28.1(c)(3).   The Appellant’s Response and Reply Brief has a yellow cover and is limited to 14,000 words.  Fed. R. App. P. 28.1(d); Fed Cir. R. 28.1(b)(1)(A).  The Appellant’s Response and Reply Brief must at least include the contents specified in Rule 28(a)(2)–(8) and (10) of the Federal Rules of Appellate Procedure, except that the following need not appear unless the appellant is dissatisfied with the appellee’s statement: the jurisdictional statement, the statement of the issues, the statement of the case, and the statement of the standard of review.  Fed. R. App. P. 28.1(c)(3).  The Appellee’s Reply Brief.  The Appellee’s Reply Brief is filed 14 days after Appellant’s Response and Reply Brief and may only respond to arguments raised in Appellant’s Response and Reply Brief regarding the issues in the appellee’s notice of appeal.  Fed. Cir. R. 31(a)(3)(B); Fed. R. App. P. 28.1(c)(4).  The Appellee’s Reply Brief has a gray cover and is limited to 7,000 words.  Fed. R. App. P. 28.1(d); Fed Cir. R. 28.1(b)(3).  The Appellee’s Reply Brief must at least include the contents specified in Rule 28(a)(2)–(3) and (10) of the Federal Rules of Appellate Procedure.  Fed. R. App. P. 28.1(c)(4).  Key Case Summaries (June – July 2017)  Rothschild Connected Devices Innovations, LLC v. Guardian Protection Servs., Inc., No. 2016-2521 (Fed. Cir. June 5, 2017):  Deficient early case diligence and motivation for a litigation campaign supports fee award. Plaintiff, part of the Rothschild high-volume patent assertion group, sued over fifty companies in the Eastern District of Texas on U.S. Patent No. 8,788,090, accusing scores of seemingly disparate Internet-related products of infringement.  Rothschild’s fifty-eight lawsuits were consolidated before Judge Gilstrap.  While a number of defendants settled, ADS Security refused to settle.  Instead, ADS served a Rule 11 notice letter, asserting that the ‘090 patent claimed ineligible subject matter, as well providing Rothschild with notice of alleged invalidating prior art.  ADS offered to settle if Rothschild paid ADS’s attorneys’ fees and costs.  After Rothschild refused, ADS filed a motion for judgment on the pleadings and also sent a "Safe Harbor Notice" under Federal Rule of Civil Procedure Rule 11(c)(2).  Rothschild moved to dismiss ADS voluntarily, and ADS moved for its attorneys’ fees under section 285.  The district court denied ADS’s fees motion, holding that Rothschild had set forth "non-conclusory and facially plausible arguments supporting patent eligibility" and that its intent in filing "numerous other suits" did not make the case exceptional.  Rather, the district court held that Rothschild’s voluntary dismissal was "the type of reasonable conduct Rule 11 is designed to encourage."  The Federal Circuit disagreed.  First, the Federal Circuit (Prost, C.J.) held that Rothschild could not have had a good faith belief in the validity of the ‘090 patent after it failed to investigate prior art raised in ADS’s Rule 11 letter.  Second, citing Octane Fitness, the panel reaffirmed that the "motivation" behind a litigation campaign may justify fee shifting, holding that the lower court ignored "undisputed evidence regarding Rothschild’s vexatious [pattern of] litigation."  Third, the panel held that the district court erred by conflating Rule 11 with the standard for fee shifting, which does not require "independently sanctionable" conduct.  Finally, in concurrence, Judge Mayer opined that the ‘090 patent "falls far beyond the bounds of section 101," describing Rothschild’s complaint as "frivolous on its face." Checkpoint Sys., Inc. v. All-Tag Security S.A., No. 2016-1397 (Fed. Cir. June 5, 2017):  Deficient early case diligence and motivation for a litigation campaign does not itself support fee award. On the same day as the Rothschild decision, a different Federal Circuit panel reached the opposite result on fee shifting.  Checkpoint asserted U.S. Patent No. 4,876,555, which claimed security tags for merchandise.  Although Checkpoint’s claims survived summary judgment, Defendant All-Tag prevailed, obtaining a verdict that the patent was invalid, unenforceable, and not infringed.  In seeking fees, All-Tag presented evidence that "Checkpoint never looked at the accused products" before filing suit.  In granting an award of fees, the district court cited this deficient pre-suit investigation, as well as Checkpoint’s motivation behind its litigation campaign, which was allegedly designed to "interfere improperly" with competitors’ businesses "to protect [Checkpoint’s] own competitive advantage."  The Federal Circuit reversed.  The panel (Newman, J.) noted that Checkpoint had sufficient evidence to survive summary judgment, and that "a party is entitled to rely on a court’s denial of summary judgment … as an indication that the party’s claims were objectively reasonable."  In addition, All-Tag had not proven that the unaccused products inspected by Checkpoint before filing suit were materially different from the accused products.  The court then held that the district court abused its discretion in considering Checkpoint’s motivation for its litigation campaign.  "[P]atent law provides the statutory right to exclude those that infringe a patented invention.  Enforcement of this right is not an ‘exceptional case’ under patent law."  The Supreme Court’s statement in Octane Fitness that a party’s "motivation" for filing suit can be considered in determining fees requires a showing of "harassment or abuse," which was lacking in this case.  Upcoming Oral Argument Calendar For a list of upcoming arguments at the Federal Circuit, please click here. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Federal Circuit.  Please contact the Gibson Dunn lawyer with whom you usually work or the authors of this alert: Blaine H. Evanson – Los Angeles (213-229-7228, bevanson@gibsondunn.com)Blair A. Silver – Washington, D.C. (202-955-8690, bsilver@gibsondunn.com) Please also feel free to contact any of the following practice group co-chairs or any member of the firm’s Appellate and Constitutional Law or Intellectual Property practice groups:  Appellate and Constitutional Law Group:Mark A. Perry – Washington, D.C. (202-887-3667, mperry@gibsondunn.com)James C. Ho – Dallas (214-698-3264, jho@gibsondunn.com) Caitlin J. Halligan – New York (212-351-4000, challigan@gibsondunn.com) Intellectual Property Group:Josh Krevitt – New York (212-351-4000, jkrevitt@gibsondunn.com)Wayne Barsky - Los Angeles (310-552-8500, wbarsky@gibsondunn.com)Mark Reiter – Dallas (214-698-3100, mreiter@gibsondunn.com) © 2017 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

June 15, 2017 |
TC Heartland—A Renewed Opportunity to Challenge Venue in Patent Infringement Cases

On May 22, 2017, the U.S. Supreme Court narrowed the scope of proper venue for patent infringement actions for domestic corporations.  See TC Heartland LLC v. Kraft Foods Grp. Brands LLC, No. 16-341 (May 22, 2017).[1]  The TC Heartland decision reverses the approach to venue previously adopted by the U.S. Court of Appeals for the Federal Circuit, which had held for 27 years that a domestic corporation can be sued for patent infringement anywhere that corporation was subject to personal jurisdiction.  The previous approach enabled what has been perceived as rampant forum shopping by patent-infringement plaintiffs, particularly non-practicing entities.  The Supreme Court’s decision provides new opportunities for defendants sued in undesirable forums to challenge improper venue.  The strategy and considerations will vary depending on the state of the case and other factual matters, as we explore below.  And because the application of TC Heartland raises numerous unsettled questions, it will be important for defendants to begin positioning their cases for appeal starting from the filing of a motion to dismiss or to transfer.  Plaintiffs, on the other hand, should begin developing facts showing that venue is proper under the TC Heartland approach and should develop their arguments that defendants have waived their venue challenges. History of Proper Venue in Patent Litigation The special venue statute for patent infringement actions, 28 U.S.C. § 1400(b), has two provisions permitting venue:  "[1] where the defendant resides, or [2] where the defendant has committed acts of infringement and has a regular and established place of business."[2] Since the enactment of that statute, the Supreme Court consistently has interpreted Section 1400(b)’s first provision of proper venue—"where the defendant resides"—as limited to the location where the defendant was incorporated if the defendant is a domestic corporation.  E.g., Fourco Glass Co. v. Transmirra Prods. Corp., 353 U.S. 222, 226 (1957).  In 1990, however, based on a modification to the general venue statute that Congress had enacted two years earlier in 28 U.S.C. § 1391(c), the Federal Circuit held that Fourco and its predecessors no longer governed.  VE Holding, 917 F.2d at 1579.  The Federal Circuit held that the modification to the general venue statute redefined the meaning of "resides" in Section 1400(b) to permit venue in any district where a corporation is subject to personal jurisdiction.  Id. at 1580, 1583.  This expansive interpretation, which stood for 27 years, allowed for what is widely perceived as forum shopping by plaintiffs in patent-infringement suits. The Supreme Court overturned this regime in TC Heartland.  The Court reaffirmed its earlier holding that a domestic corporation "resides" only in its state of incorporation and thereby abrogated VE Holding.  TC Heartland, slip op. at 2, 10.  As a result, a domestic corporation may now be sued for patent infringement only in its state of incorporation or where it has committed acts of infringement and has a regular and established place of business.  Overcoming Potential Waiver of a Challenge to Improper Venue Because VE Holding had extended venue to the limits of personal jurisdiction, defendants rarely contested the propriety of venue during the 27 years VE Holding governed.  The biggest hurdle to challenging venue for many defendants will therefore be convincing the court that they have not waived their venue objections.  There are, however, a number of exceptions to the waiver doctrine that may be available, depending on the jurisdiction and the procedural posture of the case.  An objection to improper venue must be "timely and sufficient."  28 U.S.C. § 1406(b).  Typically, venue is challenged via a motion to dismiss or transfer for improper venue under Federal Rule of Civil Procedure 12(b)(3).  But that objection is waived if it is omitted from the defendant’s first motion to dismiss or answer.  Fed. R. Civ. P 12(h)(1).  Thus, the best practice is to challenge venue prior to answering a complaint—although including a venue challenge in the initial answer also preserves the issue.  A defendant, however, that did not challenge venue at the outset of the case may be able to resurrect a waived challenge to venue due to the new TC Heartland decision.  That is because courts have applied their equitable authority to excuse waiver of a defense that only became "available" after the time for the defendant to raise the argument has passed.  Because "[r]egional circuit law governs the question of wavier of a defense," there may be some variation among the circuits in addressing waiver.  Ultra-Precision Mfg., Ltd. v. Ford Motor Co., 411 F.3d 1369, 1376 (Fed. Cir. 2005).  But courts regularly excuse waiver when the defense previously was "unavailable" because "it was for all practical purposes impossible for the defendants to interpose their respective defenses at the time of the answer."  Chatman-Bey v. Thornburgh, 864 F.2d 804, 813 n.9 (D.C. Cir. 1988). For example, a waivable Rule 12 defense like improper venue is not waived if it became available due to intervening Supreme Court authority (e.g., In re Vivendi Universal, S.A. Sec. Litig., 765 F. Supp. 2d 512, 532 (S.D. N.Y. 2011) (collecting cases from various circuits); see, e.g., Chatman-Bey, 864 F.2d at 813 n.9 (Rule 12 defense not waived "if its legal basis did not exist at the time of the answer or pre-answer motion")), or if the defense is based on facts that were not available to defendant at the time of the purported waiver.  E.g., Ambriz v. Coca Cola Co., 2014 WL 296159, at *2 (N.D. Cal. Jan. 27, 2014) (venue defense not waived because plaintiff failed to put the defendant on notice regarding the plaintiff’s true residence and work history).  A plaintiff may contend that a defendant’s venue challenge always was available under Fourco.  Courts, however, are likely to forgive a defendant for failing to lodge a defense that was foreclosed by decades of controlling circuit precedent.  Even the strictest courts excuse waiver when the argument "would have been directly contrary to controlling precedent in [the] Circuit."  Hawknet, Ltd. v. Overseas Shipping Agencies, 590 F.3d 87, 92 (2d Cir. 2009); see also Am. Fidelity Assur. Co. v. Bank of N.Y. Mellon, 810 F.3d 1234, 1242 n.4 (10th Cir. 2016) (waiver exception applies only where "precedent did not allow the defense and [the new rule] did"); Gucci Am., Inc. v. Weixing Li, 768 F.3d 122, 135 (2d Cir. 2014) (not waiver if the argument is contrary to controlling circuit precedent).  Because the new Supreme Court decision—TC Heartland—overruled previously controlling circuit precedent foreclosing the argument—VE Holding—courts may be inclined to excuse waiver under Rule 12(h).  See Holzsager v. Valley Hosp., 646 F.2d 792, 796 (2d Cir. 1981).  Even if a district court deems the venue objection waived, it might transfer sua sponte or consider a motion to transfer regardless of waiver.  Those courts reason that "waiver is not an issue because § 1406 specifically provides that the district court may act to transfer a matter even if a ‘party … does not interpose [a] timely and sufficient objection to venue.’"  Wright v. Comm’r of Soc. Sec., 2008 WL 2246043, at *3 (E.D. Mich. May 30, 2008) (quoting 28 U.S.C. § 1406(b)) (alteration in original); see, e.g., Manley v. Engram, 755 F.2d 1463, 1468–71 (11th Cir. 1985) (granting plaintiff’s motion to transfer even though "the defendant expressly assented to venue in his answer"); see also, e.g., Butz v. Schleig, 2009 WL 971410, at *1 n.2 (D.N.J. Apr. 7, 2009) (district court may "transfer under Section 1406(a) where [it] sua sponte raise[s] venue issue"); Weiss v. Credit Suisse First Boston, 2003 WL 115252, at *1 (N.D. Ill. Jan. 10, 2003) (ruling on venue on its own motion); United Fin. Mortg. Corp. v. Bayshores Funding Corp., 245 F. Supp. 2d 884, 896 (N.D. Ill. 2002) ("It is appropriate for this Court to consider a transfer under this section sua sponte.").  But as this practice is not uniform or predictable, a party should not count on a court’s forgiveness and should take all steps necessary to present its strongest case for an exception to any potential waiver.  Two common scenarios where venue potentially has been waived are where venue was conceded prior to the Supreme Court’s TC Heartland decision or where venue was unsuccessfully challenged given the prevailing VE Holding standard at the time.  Both are analyzed below.[3]  Venue Conceded Prior to TC Heartland.  Where venue was not challenged pre-TC Heartland, and the defendant already has answered or filed a motion to dismiss, the defendant normally would be held to have waived a challenge to venue.  There are two major avenues for raising a new venue challenge in this circumstance after TC Heartland. The first avenue is to argue that the improper venue defense was not "available" until after TC Heartland and thus that waiver should thus be excused.  To do so requires proving that the venue defense, which was not viable under controlling precedent in VE Holding, is now viable under TC Heartland.  This showing may require a defendant to (1) admit that it is subject to personal jurisdiction in the forum (making the venue defense unavailable under VE Holding) and (2) establish that it is not incorporated in the forum state and that it either did not commit acts of infringement or does not have "a regular and established place of business" in the district under Section 1400(b) (making the defense available now under TC Heartland).  In addition and in the alternative, a motion to transfer for convenience under 28 U.S.C. § 1404(a) should be raised.  Because a motion to transfer venue under Section 1404(a) is not a "defense" that must be raised in a pre-answer motion or responsive pleading, it is still available even if venue is waived.  E.g., Allen v. U.S. Dep’t of Homeland Sec., 514 F. App’x 421, 422 & n.5 (5th Cir. 2013) ("a party may seek a § 1404(a) transfer of venue after filing its first responsive pleading"); Brown v. Federated Capital Corp., 991 F. Supp. 2d 857, 860 (S.D. Tex. 2014) (no waiver under Section 1404(a) even though the defendant did not "plead improper venue in the initial responsive pleading"); Johnson v. United Airlines, Inc., 2013 WL 323404, at *3 (N.D. Ill. Jan. 25, 2013) (a defendant’s waiver of improper venue "does not foreclose it from seeking transfer under § 1404(a)").   Moreover, a combined motion under Sections 1406(a) and 1404(a) is recommended, because courts sometimes have used Section 1404 to transfer from an improper forum even though no venue objection was pleaded.  See, e.g., Jones v. Hawk-Sawyer, 2003 WL 145029, at *7–8 (N.D. Tex. Jan. 15, 2003).  A party can always argue in the alternative that the court should, at minimum, transfer under Section 1404(a) even if it does not (or could not due to waiver) transfer under Section 1406—although this may meet with some resistance if the judge adopts a formalistic view that Sections 1404 and 1406 address distinct situations.  Venue Previously Challenged Under Pre-TC Heartland Law.  In addition to the combined motion discussed above, parties that unsuccessfully challenged venue under the pre-TC Heartland law may also move for reconsideration.  For example, on May 12, 2017, just ten days before TC Heartland was decided, one district court denied a motion to dismiss for improper venue under then-"existing law regarding venue in a patent infringement action."  Snyders Heart Valve LLC v. St. Jude Med. S.C., Inc., No. 4:16-CV-00812 (E.D. Tex. May 12, 2017) (Dkt. 98).  This sort of decision is ripe for challenge on reconsideration. Various local rules may permit reconsideration or the court may act on its general authority under Rule 54(b) to "revise[]" its prior ruling "at any time before the entry of a judgment."  "[A]n intervening change in controlling law" is a widely accepted ground for reconsideration.  Bd. of Trs. of Bay Med. Ctr. v. Humana Military Healthcare Servs., Inc., 447 F.3d 1370, 1377 (Fed. Cir. 2006); accord, e.g., Wannall v. Honeywell Int’l, Inc., 292 F.R.D. 26, 32 (D.D.C. 2013).  Thus, if "the governing law [was] altered," the previous decision "applied the old law," and the new law "compel[s] a different result under the facts of the particular case," the court should reconsider and reverse its earlier decision.  Dow Chem. Co. v. Nova Chem. Corp. (Can.), 803 F.3d 620, 629 (Fed. Cir. 2015) (reconsidering definiteness ruling after Nautilus).  Moreover, for cases on appeal to the Federal Circuit, if the defendant previously challenged venue in the district court and properly preserved the issue for appeal, then that issue can be addressed by the Federal Circuit under the new TC Heartland standard.  See Oplus Techs., Ltd. v. Vizio, Inc., 782 F.3d 1371, 1374 (Fed. Cir. 2015) (vacating denial of fee award and remanding for reconsideration after Octane Fitness).  Depending on the current posture of the appeal, it may make sense to raise the issue in an opening brief or as a motion to remand under Federal Rule of Appellate Procedure 27(f).  Expect a Dispute:  "Acts of Infringement" and "Regular and Established Place of Business" TC Heartland did not limit venue to just the state of incorporation of the defendant corporation.  The second venue provision—"where the defendant has committed acts of infringement and has a regular and established place of business"—is likely to become the central focus of any dispute over venue going forward.  Because plaintiffs—who needed to sue where the defendant was subject to personal jurisdiction anyway—had relied on the first provision of Section 1400(b) instead, courts had little occasion to consider the meaning of this provision during the VE Holding era.  Before VE Holding, however, courts held that "regular and established place of business" means more than merely "’doing business’ in a district."  E.g., Mastantuono v. Jacobsen Mfg. Co., 184 F. Supp. 178, 180 (S.D.N.Y. 1960).  The Federal Circuit, though, held that this provision requires only a "permanent and continuous presence" in the forum, rather than "a fixed physical presence in the sense of a formal office or store."  In re Cordis Corp., 769 F.2d 733, 737 (Fed. Cir. 1985).  Thus, in Cordis, the court refused to disturb (on mandamus) the assertion of venue in a district where the defendant permanently employed two sales representatives to sell its products but did not have a physical office.  Id. at 735–37.  A defendant will now have to show that no act of infringement occurred in the district or that it does not have a regular and established place of business in the forum.  This inquiry is likely to be fact-laden and case-dependent.  Plaintiffs should seek limited discovery into the defendant’s business to help determine whether such a regular and established place of business exists or whether any acts of infringement occurred in the district.  Such discovery will be helpful, because Rule 12(b)(3) permits the court to consider facts outside the pleadings.  E.g., Faulkenberg v. CB Tax Franchise Sys., LP, 637 F.3d 801, 809–10 (7th Cir. 2011).  For example, in Cordis, the factual record related to venue included the detailed activities of two Cordis sales representatives employed in the district—including that they received salaries, commissions, and expense reimbursements, that they claimed tax deductions for their home offices, that they "act[ed] as technical consultants" in the operating room when Cordis pacemakers were implanted, and that they employed a secretarial service that held itself out to the public as if it were Cordis, among a number of other details.  769 F.2d at 735.  Court Has Discretion to Transfer or Dismiss When attacking venue, parties will have the option to move to transfer or to dismiss.  "The decision of whether to dismiss or transfer is within the district court’s sound discretion."  First of Mich. Corp. v. Bramlet, 141 F.3d 260, 262 (6th Cir. 1998).  Under Section 1406(a), transfer is available where it is "in the interest of justice" to transfer instead of dismiss.  If "no ‘justice-defeating technicalities’ exist," dismissal is the appropriate remedy.  Bockman v. First Am. Mktg. Corp., 459 F. App’x 157, 162 n.11 (3d Cir. 2012) (quoting Goldlawr, Inc. v. Heiman, 369 U.S. 463, 467 (1962)).  Relevant criteria include: "(i) whether or not the statute of limitations will bar the plaintiff from re-filing his complaint in another forum; (ii) whether the plaintiff filed his complain[t] in the forum to harass the defendant; and (iii) whether the plaintiff was forum shopping."  Montoya v. Fin. Fed. Credit, Inc., 872 F. Supp. 2d 1251, 1281 (D.N.M. 2012) (alteration in original).  Courts may also consider whether "the claims are likely to have merit."  Trujillo v. Williams, 465 F.3d 1210, 1223 n.16 (10th Cir. 2006).  A party seeking dismissal should emphasize these factors.  But, in the end, transfer is the usual course.  See 15 Charles Alan Wright, Arthur R. Miller, & Edward H. Cooper, Federal Practice & Procedure § 3827 & nn.3, 32.50 (4th ed. 2017).  Move to Transfer or Dismiss As Soon As Possible Defendants should file their TC Heartland motions as soon as possible.  While a court may excuse a party’s failure to raise a defense due to an intervening change in controlling circuit precedent, litigants should act swiftly once the Supreme Court makes a defense available.  An argument that a party did not waive an objection is viable "especially when [a litigant] does raise the objection as soon as [its] cognizability is made apparent."  Holzsager, 646 F.2d at 796 (emphasis added); see also In re Vivendi Sec. Litig., 838 F.3d 223, 224 (2d Cir. 2016) ("[T]he intervening authority must have established an argument that was ‘not known to be available’ to the party seeking to excuse waiver at the first opportunity that the party had to raise the argument."); cf. Glater v. Eli Lilly & Co., 712 F.2d 735, 739 (1st Cir. 1983) (applying the same rule with regard to a change in factual predicates and finding the fact that defendant "moved quickly to confirm its suspicions . . . and then raised the defense reinforces our conclusion that it did not waive the defense earlier").  As one example, the Second Circuit recently considered a defendant’s filing a motion asserting a defense within "less than a month" of a change in binding authority relevant to determining whether it had waived this new defense.  See Vivendi, 838 F.3d at 264–65.  Even if a defendant moves quickly, however, it may face delays in obtaining a ruling.  District courts resistant to TC Heartland may exercise a so-called "pocket veto" by proceeding with substantive phases of litigation while refusing to decide a motion to transfer or dismiss due to improper venue.  In addition, even if the motion is granted, it could, in some circumstances, take significant time for the transferor court to actually transfer and the transferee court to schedule the transferred case.  A careful evaluation of the district’s timing for addressing motions and procedurally transferring may reveal strategic reasons to seek transfer over dismissal.  For example, a party might be more interested in seeking a transfer if the attendant delays give sufficient time for a pending inter partes review proceeding to complete. Be Prepared for Mandamus It is not yet clear how the district courts will treat the upcoming flood of motions challenging venue.  District courts with pending cases may resist attempts to re-raise or re-litigate venue.  In these circumstances, parties must look ahead to the appellate end-game, because mandamus review by the Federal Circuit may be needed to compel action by the district court.  As a result, counsel should put together not only a persuasive motion challenging venue, but also a motion that is fully positioned to tee up the dispute as a legal, not factual, issue to preserve a de novo standard of review on appeal.  To accomplish this, good appellate counsel should be retained to present a fair representation of the facts, while perhaps strategically making those factual concessions necessary to avoid a factual fight.  It is important to develop in the district court a clear legal case that TC Heartland has made viable a previously unavailable venue challenge.  The district court’s finding of waiver is reviewed for abuse of discretion.  See United States v. Ziegler Bolt & Parts Co., 111 F.3d 878, 883 (Fed. Cir. 1997) (waiver of personal jurisdiction reviewed under the abuse of discretion standard).  Presenting the issue as one of law will be important to obtain de novo review in case of an unfavorable ruling from a hostile district court.  If the district court denies the motion to transfer, a defendant should consider seeking mandamus relief before the Federal Circuit.  This is, indeed, the procedural course TC Heartland followed.  See In re TC Heartland LLC, 821 F.3d 1338, 1340–41 (Fed. Cir. 2016).  That case is now back before the Federal Circuit, which will likely decide in the coming months whether venue in that case is in fact improper and, if so, whether it is correctable on mandamus.  A defendant should also present its motion to transfer under Section 1404(a) as well as under Section 1406 because mandamus is also available to correct egregious denials of transfer under Section 1404.  See In re TS Tech USA Corp., 551 F.3d 1315, 1319 (Fed. Cir. 2008).  Appellate counsel with experience filing such mandamus petitions can help place the district court motion in the best posture to present the issue at the Federal Circuit. Draft Motions with an Eye to the Supreme Court There was considerable disagreement and uncertainty among the circuits prior to VE Holding about the meaning of "regular and established place of business."  The Federal Circuit held in Cordis that only a "permanent and continuous presence" such as two salesmen in the forum is required for proper venue and rejected the argument that there must also be "a fixed physical presence in the sense of a formal office or store."  Cordis Corp., 769 F.2d at 737.  But contrary to the Federal Circuit in Cordis, a number of courts held that that a physical sales location or office is required to show a "place of business."  See, e.g., Univ. of Ill. Found. v. Channel Master Corp., 382 F.2d 514, 516 (7th Cir. 1967); Warner-Lambert Co. v. C.B. Fleet Co., 583 F. Supp. 519, 522–24 (D.N.J. 1984).  This circuit split has been acknowledged in a number of cases.  See Johnston v. IVAC Corp., 681 F. Supp. 959, 962–64 (D. Mass. 1987) (noting circuit split and collecting cases); OMI Int’l Corp. v. MacDermid, Inc., 648 F. Supp. 1012, 1015–16 (M.D.N.C. 1986); see also Dual Mfg. & Eng’g, Inc. v. Burris Indus., Inc., 531 F.2d 1382, 1386–88 (7th Cir. 1976).  Exactly how much influence these decades-old decisions will have today remains to be seen, and it is possible that the Federal Circuit’s interpretation of a "regular and established place of business" in Cordis could similarly be overturned or modified by the Supreme Court in light of its precedent.  To illustrate, in contrast to Cordis, the Supreme Court previously held pursuant to an older venue statute for patent infringement that a company with a sales representative who solicited orders, forwarded them to the company for execution, received a small salary, commission, and travel expenses, and who received from the company partial rent for his headquarters and stenographer’s wages did not have a "regular and established place of business."  W. S. Tyler Co. v. Ludlow-Saylor Wire Co., 236 U.S. 723, 725 (1915).  In the context of diversity jurisdiction, the Supreme Court also recently defined a similar term—"principal place of business"—narrowly, as limited the "nerve center" of the corporation.  E.g., Hertz Corp. v. Friend, 559 U.S. 77, 92–93 (2010) ("'[P]rincipal place of business’ is best read as referring to the place where a corporation’s officers direct, control, and coordinate the corporation’s activities"—"the place where the corporation maintains its headquarters—provided that the headquarters is the actual center of direction, control, and coordination, i.e., the ‘nerve center’").  In addition, Gibson Dunn has argued and won a number of recent landmark Supreme Court decisions on the due process limits of personal jurisdiction over corporations that are likely to limit the forums where defendant corporations can be sued for patent infringement under Section 1400(b).  In Daimler AG v. Bauman, 134 S. Ct. 746 (2014), the Supreme Court held that, when a plaintiff pleads a cause of action that does not arise in the forum state, the Due Process Clause of the Fourteenth Amendment prohibits a state court from exercising personal jurisdiction unless the defendant is "at home" in the state (where the corporation is incorporated or has its principal place of business).  Id. at 760; see also Goodyear Dunlop Tires Operations, S.A. v. Brown, 564 U.S. 915, 919 (2011).  In BNSF Railway Co. v. Tyrrell, No. 16-405 (May 30, 2017), the Supreme Court extended that reasoning to hold that even very substantial business operations in the forum do not make the defendant "at home" there if the forum is not the corporation’s place of incorporation or principal place of business.  Slip op. at 11.  The Court also held more generally that the due process constraint in Daimler "does not vary with the type of claim asserted or business enterprise sued."  Id.  In that case, the Supreme Court held that the due process constraints in Daimler still limited the exercise of personal jurisdiction, even though the Federal Employers’ Liability Act statute, 45 U.S.C. § 56, broadly authorized venue in any district "in which the defendant shall be doing business at the time of commencing such action."  BNSF Railway, slip op. at 5.  The same due process limits of personal jurisdiction over corporations are likely to apply and be tested as courts grapple with the scope of proper venue for patent infringement actions under Section 1400(b). Given the split among the circuits and related contrary Supreme Court precedent, strong appellate counsel with expertise in the intricacies of personal jurisdiction and venue can help craft a strategy from motion through certiorari that not only presents a persuasive motion to transfer or dismiss, but also argues for the most favorable interpretation of a "regular and established place of business" that is consistent with precedent and maximizes the chances of Supreme Court review and reversal. Considerations for Plaintiffs For plaintiffs, who generally will want to keep their lawsuits in the forum of their choice and avoid the delays attendant to transfer, it will be important to immediately begin preparing a strategy to defeat a potential venue challenge.  Plaintiffs can start developing facts showing that the defendant committed acts of infringement and maintains a regular and established place of business in the district, including using targeted discovery.  Plaintiffs can also argue waiver.  As noted above, it is not clear whether any given court will excuse a defendant’s failure to raise a venue challenge in its first motion to dismiss or answer.  If a plaintiff can show that the defendant knew about the pending TC Heartland decision, yet neglected to challenge venue, this may garner sympathy from a court committed to enforcing waiver under Rule 12(h). A panel of the Federal Circuit recently, over the dissent of Judge Newman, denied a petition for mandamus seeking transfer when the defendants "waived their venue challenge" and attempted to re-raise it "[a]pproximately two weeks before the start of trial."  In re Sea Ray Boats, Inc., No. 2017-124 (Fed. Cir. June 9, 2017) (non-precedential), slip op. at 2.  Sea Ray Boats suggests that at least certain judges on the Federal Circuit may be weary of granting mandamus to order a transfer that would disrupt trial. Strategic Planning In addition to addressing existing cases, companies should also look toward the future.  Companies that are frequently sued for patent infringement should review their activities in patent venues popular to plaintiffs to determine whether it is worthwhile to change any of their activities to avoid a finding that they maintain a "regular and established place of business" in that district.  Given the limited number of plaintiff-friendly districts, some companies may find it relatively painless to modify their business activities in these districts.  This is especially so where companies’ activities in a district already are limited, as they may be in relatively economically peripheral districts like the Eastern District of Texas.  The District of Delaware is also a forum popular with plaintiffs and also one where many companies are incorporated and thus can find themselves subject to suit under TC Heartland.  Indeed, a recent study suggests that many plaintiffs will choose to file their cases in Delaware after the decision.  See Colleen Chien & Michael Risch, Recalibrating Patent Venue 35 (Santa Clara Univ. Legal Studies Research Paper No. 10-1, 2016), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2834130.[4]  Nonetheless, even Delaware corporations may still be able to employ creative strategies to avoid litigating in Delaware, including by filing early declaratory judgment actions in preferable forums.  While these strategies will be subject to new challenges, such as litigation over exceptions to the first-to-file rule, experienced patent appellate counsel can help navigate such issues. *  *  * While the full impact of the Supreme Court’s decision in TC Heartland remains to be seen as parties litigate over what it means to have a regular and established place of business, parties in previously proper, but now improper, venues should move quickly to transfer or dismiss.  The window is open.  It may not remain open for long.      [1]      Gibson Dunn wrote an amicus brief in TC Heartland, on behalf of the Software & Information Industry Association (the "SIIA"), advocating the view the Court ultimately adopted: that "resides" in the special patent venue statute means a domestic corporation’s state of incorporation only.  Gibson Dunn also had previously written an amicus brief on behalf of Dell Inc. and the SIIA, asking the Court to grant certiorari and review the issue.     [2]      Declaratory judgment actions, however, are governed by the general venue statute.  See VE Holding Corp. v. Johnson Gas Appliance Co., 917 F.2d 1574, 1583 (Fed. Cir. 1990).     [3]      There are several other considerations that could alter the analysis below, such as where a party has proceeded materially into a litigation or engaged in settlement negotiations.     [4]      Plaintiffs may favor Delaware less after TC Heartland, however.  The influx of new cases, combined with the vacancy of two of the court’s four full-time judgeships, may impair the district’s ability to issue quick decisions.  That court recently announced it will use visiting judges to plug the gap.  See Tom McParland, Stark Enlists Visiting Judges Ahead of Expected ‘TC Heartland’-Caused Wave, Del. Law Weekly, May 26, 2017.  This measure is unlikely to permanently alleviate the overcrowded docket, however, and plaintiffs may be more wary of suing in Delaware if judge assignments are less predictable.    The following Gibson Dunn lawyers assisted in the preparation of this alert: Mark Perry, Blaine Evanson, Jason Lo, Blair Silver, Alex Harris, and Matthew O’Sullivan. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments.  Please contact the Gibson Dunn lawyer with whom you usually work, or the authors: Mark A. Perry – Washington, D.C. (+1 202-887-3667, mperry@gibsondunn.com)Blaine H. Evanson – Los Angeles (+1 213-229-7228, bevanson@gibsondunn.com)Jason C. Lo – Los Angeles (+1 213-229-7153, jlo@gibsondunn.com) Blair A. Silver – Washington, D.C. (+1 202-955-8690, bsilver@gibsondunn.com) Please also feel free to contact the following leaders of the firm’s Intellectual Property, Appellate and Constitutional Law, and Life Sciences practice groups:  Intellectual Property Group:Josh Krevitt – New York (+1 212-351-4000, jkrevitt@gibsondunn.com)Wayne Barsky - Los Angeles (+1 310-552-8500, wbarsky@gibsondunn.com)Mark Reiter – Dallas (+1 214-698-3100, mreiter@gibsondunn.com) Appellate and Constitutional Law Group:Mark A. Perry – Washington, D.C. (+1 202-887-3667, mperry@gibsondunn.com)James C. Ho – Dallas (+1 214-698-3264, jho@gibsondunn.com) Caitlin J. Halligan – New York (+1 212-351-4000, challigan@gibsondunn.com) Life Sciences Group: Daniel J. Thomasch – New York (+1 212-351-3800, dthomasch@gibsondunn.com) Tracey B. Davies – Dallas (+1 214-698-3335, tdavies@gibsondunn.com) Ryan A. Murr – San Francisco (+1 415-393-8373, rmurr@gibsondunn.com)     © 2017 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

March 28, 2017 |
Federal Circuit Update (March 2017)

This March 2017 edition of Gibson Dunn’s Federal Circuit Update discusses summary affirmance at the Federal Circuit, two recent Supreme Court decisions on laches and exhaustion, and the Federal Circuit cases now pending before the Supreme Court.  This update also provides an overview of the process for petitioning for mandamus before the Federal Circuit.  Also included are summaries of the two pending en banc cases involving motions to amend claims during inter partes review and judicial review of timeliness determinations in inter partes review, as well as a two key recent decisions relating to admissibility of settlement agreements in support of a reasonable royalty and eligibility of a patent for covered business method review. Federal Circuit News Summary Affirmance Before the Federal Circuit.  The Federal Circuit can summarily affirm an appeal–without an opinion–under Fed. Cir. R. 36.  This has led to some controversy by appellants who would have preferred a written decision or viewed a summary affirmance as a lack of attention by the Court.  On March 3 (as reported here), Judges Kimberly Moore and Kara Stoll addressed the Court’s continued use of Rule 36 judgments as part of a panel discussion at the PTAB Bar Association’s inaugural conference in Washington, D.C.  With respect to the Court’s use of Rule 36 judgments, Judge Moore said:  "I know everybody wants an opinion.  I would love to have enough hours in the day to write every single one of you an opinion.  But sometimes . . . it’s clear why you lose.  I don’t think that anyone that ever comes to an oral argument that I’ve participated in loses and doesn’t know why."  Judge Stoll explained that a Rule 36 judgment should not be viewed as indicating that less time or effort was put into a given case:  "It’s just an indication that the decision below is affirmed . . . It doesn’t mean that the time and effort wasn’t made."  The Supreme Court.  The Supreme Court issued two important decisions on appeal from the Federal Circuit since our last update:  In SCA Hygiene Products v. First Quality Baby Products, No. 15-927 (Mar. 21, 2017) (available here), the Supreme Court addressed the availability of laches as defense in patent infringement cases.  In a 7-1 decision written by Justice Alito, the Supreme Court held that laches cannot be invoked as a defense in patent infringement suits that are brought within the Patent Act’s six-year limitations period.  The Court reasoned that because the Patent Act contains a statutory limitations period for recoverable damages, laches cannot further shorten the window for filing suit.  The Court stated that it "would be exceedingly unusual, if not unprecedented, if Congress chose to include in the Patent Act both a statute of limitations for damages and a laches provision applicable to a damages claim."  Justice Breyer dissented, arguing that for more than a century courts have uniformly applied laches in patent damages cases to fill a "gap" in the statutory regime.  In Life Technologies Corp. v. Promega Corp., No. 14-1538 (Feb. 22, 2017) (available here), the Supreme Court unanimously held that exporting a single component cannot constitute "all or a substantial portion of the components" of a patented invention under U.S.C. § 271(f)(1), and therefore cannot trigger liability for infringement abroad.  Rather, more than one component must be exported to constitute induced infringement.  The Court reasoned that the reference to a "substantial portion" in the statute was a quantitative rather than a qualitative requirement, as a qualitative requirement would render the phrase "of the components" without meaning.  This reading was supported by the plural nature of the word "components" appearing several times in § 271(f)(1), and the singular nature of "component" in § 271(f)(2). The Supreme Court has also granted certiorari on five cases from the Federal Circuit.  Below is a table summarizing the status of those cases.  Case Status Issue Amgen Inc. v. Sandoz Inc., No. 15-1195 Cert. granted, argument set for Apr. 26, 2017 Requirements under the BPCIA to provide sponsor a copy of the biologics license application and sponsor’s recourse for failure to provide that information Impression Prods., Inc. v. Lexmark Int’l, Inc., No. 15-1189 Argued, Mar. 21, 2017 Patent exhaustion due to conditional sales and authorized sales outside the United States Lee v. Tam, No. 15-1293 Argued, Jan. 18, 2017 Constitutionality of disparaging marks provision of the Lanham Act Sandoz Inc. v. Amgen Inc., No. 15-1039 Cert. granted, argument set for Apr. 26, 2017 Commercial marketing notice under the BPCIA TC Heartland LLC v. Kraft Foods Grp. Brands LLC, No. 16-341 Argued, Mar. 27, 2017 Patent venue Upcoming En Banc Federal Circuit Cases In re Aqua Prods., Inc., No. 15-1177 (Fed. Cir.):  Allocations of the burdens of persuasion and production when a patent owner moves to amend in an inter partes review proceeding. The PTAB instituted an inter partes review proceeding against Aqua’s patent, which relates to automated swimming pool cleaners.  Aqua moved to amend the challenged claims to distinguish the cited prior art.  The PTAB, however, denied Aqua’s motion, determining that Aqua failed to carry its burden of showing patentability of the proposed substitute claims over the prior art of record.  On appeal, the PTO intervened to defend the PTAB’s decision.  The Federal Circuit affirmed, holding that the PTAB properly considered all of the arguments that Aqua had raised and that precedent upheld the PTAB’s approach of allocating to the patentee the burden of showing that the proposed amendments would overcome the prior art of record (decision available here).  Eight amicus briefs have been filed:  three in favor of neither party (American Intellectual Property Law Association, Intellectual Property Owners Association, and Houston Intellectual Property Law Association), three in favor of Aqua Products (Case Western Reserve University School of Law Intellectual Property Venture Clinic and Ohio Venture Association, Pharmaceutical Research and Manufacturers of America, and Biotechnology Innovation Organization), and two in favor of the PTO (Askeladden, L.L.C. and Internet Association et al.).  Oral argument was heard on December 9, 2016. Questions Presented: When the patent owner moves to amend its claims under 35 U.S.C. § 316(d), may the PTO require the patent owner to bear the burden of persuasion, or a burden of production, regarding patentability of the amended claims as a condition of allowing them?  Which burdens are permitted under 35 U.S.C. § 316(e)? When the petitioner does not challenge the patentability of a proposed amended claim, or the PTAB thinks the challenge is inadequate, may the PTAB sua sponte raise patentability challenges to such a claim?  If so, where would the burden of persuasion, or a burden of production, lie? Wi-Fi One, LLC v. Broadcom Corp., No. 15-1944 (Fed. Cir.):  The Federal Circuit’s jurisdiction to review the PTAB’s determination that a petitioner is not time-barred under 35 U.S.C. § 315(b).  The PTAB instituted an inter partes review proceeding against Wi-Fi One’s patent, which is directed to a method for improving the efficiency by which messages are sent from a receiver to a sender in a telecommunications system.  Wi-Fi One argued that Broadcom was time-barred under § 315(b) from seeking review because Broadcom was in privity with time-barred district court litigants.  The PTAB disagreed, finding that Wi-Fi One did not establish that Broadcom had sufficient control over district court litigation to support a privity finding.  On appeal, the Federal Circuit held that it does not have jurisdiction to review the PTAB’s determination that Broadcom was not time-barred, holding that the Supreme Court’s decision in Cuozzo Speed Technologies, LLC v. Lee, 136 S. Ct. 2131 (2016), did not implicitly overrule prior Federal Circuit precedent on the issue (decision available here).  To date, two amicus briefs have been filed in support of Wi-Fi One (WesternGeco LLC and 3DS Innovations, LLC) and eight amicus briefs have been filed in support of neither party (Jeremy Cooper Doerre, New York Intellectual Property Law Association, Federal Circuit Bar Association, Intellectual Property Owners Association, Boston Patent Law Association, Professors of Patent and Administrative Law, American Intellectual Property Law Association, and Biotechnology Innovation Organization).  Amicus briefs in support of Broadcom must be filed by March 27, 2017.  Oral argument is scheduled for May 4, 2017.  Question presented: Should this court overrule Achates Reference Publishing, Inc. v. Apple Inc., 803 F.3d 652 (Fed. Cir. 2015) and hold that judicial review is available for a patent owner to challenge the PTO’s determination that the petitioner satisfied the timeliness requirement of 35 U.S.C. § 315(b) governing the filing of petitions for inter partes review? Federal Circuit Practice Update Petitioning for Mandamus Review.  In some instances where the need for appellate review is urgent, but an interlocutory appeal under 28 U.S.C. § 1292 is not available–such as an order requiring disclosure of privileged material that would be particularly injurious–immediate appellate relief may be sought by petitioning for a writ of mandamus.  See, e.g., Cheney v. Dist. Ct. for Dist. of Columbia, 542 U.S. 367, 380 (2004).  Mandamus relief may be granted where:  (1) the petitioner’s "right to issuance of the writ is clear and indisputable"; (2) there is "no other adequate means to attain the relief [the petitioner] desires"; and (3) the "writ is appropriate under the circumstances."  Id. at 380–81 (quotation marks omitted). A petition for a writ of mandamus filed in the Federal Circuit must not exceed 7,800 words, and a separate supporting brief is not permitted.  FRAP 21(d)(1); Fed. Cir. R. 21(b)(2).  The Federal Circuit may deny the petition without an answer; otherwise, the court must order an answer.  FRAP 21(b)(1).  No answer may be filed by the respondent unless ordered by the court, but if the court does order an answer, the petitioner may also file a reply.  Fed. Cir. R. 21(a)(5), (c).  The reply may not exceed 3,900 words.  Fed. Cir. R. 21(c). A mandamus petition will be acted upon by the full three-judge motions panel assigned to hear motions that month.  IOP #2 ¶ 4(c); id. ¶ 9.  Although oral argument on a mandamus petition ordinarily is not granted, a motions panel may elect to hear oral argument if the panel deems it necessary.  Id. ¶ 5. Key Case Summaries (Feb. 2017 – Mar. 2017) Prism Techs. LLC v. Sprint Spectrum L.P., Nos. 2016-1456, 2016-1457 (Fed. Cir. Mar. 6, 2017):  Admissibility of litigation settlement agreements as evidence in a Georgia Pacific analysis. Sprint Spectrum sought to use some of Prism’s smaller settlement agreements in its reasonable royalty damages analysis but to exclude Prism from referring to a larger settlement agreement it had with AT&T.  The district court admitted the AT&T settlement into evidence, and the jury ultimately awarded Prism $30 million in damages.  On appeal, the Federal Circuit (Taranto, J.) confirmed that district courts have "broad discretion" to admit or exclude such settlement licenses and the district court’s verdict, agreeing that litigation settlements could be "probative of the technology’s value" and "reflect the assessment by interested and adversarial parties of the range of plausible litigation outcomes."  The Federal Circuit directed that courts should assess "the probativeness and prejudice components of the Rule 403 balance" by considering the circumstances and facts specific to the settlement.  The Federal Circuit then clarified that the fact that the license results from litigation "does not automatically turn the prejudice side of the Rule 403 balance into one that substantially outweighs the probativeness side."   The Federal Circuit observed that prior settlements may have a "strong connection" to a case if they cover the same technology.  This would be "especially probative if [the settlement is] reached after the litigation was far enough along" such that the merits were "well explored and well tested."  But, the Federal Circuit also noted that litigation settlements can underestimate value if the patentee discounts for the chance of losing on validity or infringement.  The value may also be affected by the parties’ desire to avoid litigation costs or the risk of enhanced damages.  Similarly, a settlement may not be of comparable scope to the technology at issue–all factors that the panel directed courts to address when determining admissibility. Secure Axcess, LLC v. PNC Bank Nat’l Assoc., No. 2016-1353 (Fed. Cir. Feb. 21, 2017):  The scope of patents eligible for covered business method review before the PTAB. Secure Axcess owns U.S. Patent No. 7,631,191, disclosing a "System and Method for Authenticating a Web Page" that serves to confirm ownership of a web page to enhance computer security.  The claims of the ‘191 patent were not expressly limited to use by financial institutions or to the management of a financial product or service.  The specification, however, describes using the invention in the financial area, such as on merchant sites, bank websites, card institutions, and also describes that the invention helps facilitate online commerce transactions.  The claims of the ‘191 patent themselves, however, are not expressly limited to use by financial institutions or to the "management of a financial product or service."  The PTAB instituted CBM review of the ‘191 patent, finding that the ‘191 patent was eligible because claims performed "operations used in the practice, administration, or management of a financial product or service" and had been against "approximately fifty financial institutions."  The PTAB further noted that the patent claims were "incidental to a financial activity."  The Federal Circuit (Plager, J.) reversed, holding that the statutory definition of a CBM review does not cover patents that are "incidental" or "complementary" to financial activity because AIA Section 18(d)(1) specifically requires the claim expressly contain "a financial activity element."  The ‘191 patent claims were not expressly limited to financial activity and were thus not eligible for CBM review.  The Federal Circuit held that the specification statements (directing use of the invention with financial institutions to facilitate financial transactions) and the litigation history against financial institutions were not relevant. Judge Lourie dissented, observing that patent claims do not need to recite the ultimate uses or products to which they are applied.  He stated that the ‘191 patent claims "are surely claims to ‘a method or corresponding apparatus for performing data processing or other operations used in the practice, administration, or management of a financial product or service’ . . . . No other applications of the invention are described in the patent."  According to Judge Lourie, the ‘191 patent should not be barred from CBM review simply because the Board "used overly broad language" and also identified the claimed subject matter as "incidental to a financial activity."   Upcoming Oral Argument Calendar For a list of upcoming arguments at the Federal Circuit, please click here. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Federal Circuit.  Please contact the Gibson Dunn lawyer with whom you usually work or the authors of this alert: Blaine H. Evanson – Los Angeles (213-229-7228, bevanson@gibsondunn.com)Blair A. Silver – Washington, D.C. (202-955-8690, bsilver@gibsondunn.com) Please also feel free to contact any of the following practice group co-chairs or any member of the firm’s Appellate and Constitutional Law or Intellectual Property practice groups:  Appellate and Constitutional Law Group:Mark A. Perry – Washington, D.C. (202-887-3667, mperry@gibsondunn.com)James C. Ho – Dallas (214-698-3264, jho@gibsondunn.com) Caitlin J. Halligan – New York (212-351-4000, challigan@gibsondunn.com) Intellectual Property Group:Josh Krevitt – New York (212-351-4000, jkrevitt@gibsondunn.com)Wayne Barsky - Los Angeles (310-552-8500, wbarsky@gibsondunn.com)Mark Reiter – Dallas (214-698-3100, mreiter@gibsondunn.com) © 2017 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

February 15, 2017 |
2016 Year-End Health Care Compliance and Enforcement Update – Providers

Just days into the new administration’s regime, the U.S. health care sector is at the forefront of the President’s and Congress’s attention. Repeal and, perhaps, replacement of the Affordable Care Act ("ACA"), a much-debated Republican stalking horse for more than half a decade, could now be near at hand. Legislative and executive action on this front is likely to dominate discussion in 2017, but what that means for U.S. health care providers, particularly in the regulatory and enforcement areas unrelated to the more controversial exchanges and individual and employer mandates, remains to be seen. As we await further signs regarding the fate of the ACA and the scope of any successor legislation, we will focus here on health care fraud and abuse enforcement activity during the final year of the Obama administration. It will come as no surprise to practitioners in the health care fraud and abuse field and participants in the health care industry that the administration did not go out quietly. Both the U.S. Department of Justice ("DOJ") and the U.S. Department of Health and Human Services ("HHS") pursued wide-ranging and robust enforcement agendas in 2016, resulting in significant recoveries under the False Claims Act ("FCA"), a steady stream of criminal health care fraud actions, and amplified civil monetary penalties and administrative exclusions. In keeping with the structure of our 2015 Year-End Health Care Compliance and Enforcement Update – Providers ("2015 Year-End Update"), we address below regulatory and enforcement developments that affected health care providers during the past year. This update begins by addressing DOJ enforcement activity targeting health care providers, activity which–as in years past–centered on civil and criminal FCA investigations, resolutions, and cases. We then turn to noteworthy HHS enforcement matters, Anti-Kickback Statute ("AKS") developments, and Stark Law activity from 2016. Finally, we address significant government health program payment and reimbursement issues from the past year. A collection of Gibson Dunn’s recent publications on enforcement and regulatory issues confronting health care providers, as well as a link to our recent webcast, Hot Topics in Fraud and Abuse Enforcement Involving Health Care Providers, may be found on our website. I.      DOJ Enforcement Activity       A.      False Claims Act Enforcement Activity DOJ enforcement efforts in the second half of 2016 allowed President Obama’s administration to close out the year with 106 announced settlements against health care providers, resulting in recoveries of approximately $1.14 billion. In terms of both overall numbers and dollar value, the past year’s settlements were significantly lower than those in 2015, which saw 195 settlements and recoveries of nearly $2 billion. The 2016 calendar-year settlements spanned a range of provider types and legal theories, as the charts below illustrate. Number of FCA Settlements with Providers, by Provider Type:   As usual, hospitals, clinics, and single providers represented the largest proportion of provider settlements (more than sixty percent of the 106 resolutions). Hospitals entered into thirty-three settlements with the DOJ in 2016, while clinics and single providers agreed to thirty-one settlements. This fairly even split contrasts with 2015, when settlements with hospitals far outpaced settlements with clinics and single providers (121 to twenty-seven), as a result of a nationwide investigation that ensnared a large number of hospitals (as reported on in both our 2015 Year-End and 2016 Mid-Year Health Care Compliance and Enforcement Update – Providers ("2016 Mid-Year Update")). Absent a large-scale sweep (like that in 2015), the DOJ typically resolves a similar number of matters each year with hospitals, on the one hand, and clinics and single providers, on the other. In 2016, the DOJ recovered almost $492 million from hospitals, compared to the approximately $93 million collected from smaller clinics and single providers. Skilled nursing and rehabilitation services providers were responsible for a higher portion of the total dollars recovered ($318 million) than the relatively low number of settlements (eleven) might have suggested. Number of FCA Settlements with Providers, by Allegation Type:   Not surprisingly, allegations relating to medical necessity far outpaced other theories of liability. What is more interesting is the significant number of settlements based on allegations that services were never provided–in the prior two years, this theory has provided the basis for fewer settlements than both the AKS and the Stark Law. Yet, in 2016, services-not-provided settlements accounted for more total settlements than alleged AKS and Stark Law violations combined.  Nevertheless, the AKS featured in the largest FCA settlement involving a provider in 2016.  On September 30, 2016, Tenet Healthcare Corporation and certain of its subsidiaries entered into a civil Settlement Agreement with the United States and others to resolve allegations that four hospitals located in the southeastern United States entered into referral source arrangements in violation of various federal and state laws, including federal and state anti-kickback statutes and false claims acts.[1]  Under the Settlement Agreement, Tenet agreed to pay $368 million, plus interest, to the United States, the State of Georgia, and the State of South Carolina.[2]  A Tenet subsidiary simultaneously entered into a Non-Prosecution Agreement with the DOJ’s Criminal Division and the U.S. Attorney’s Office for the Northern District of Georgia; the Agreement, inter alia, requires Tenet to retain an independent compliance monitor to assess, oversee, and monitor Tenet’s compliance with the terms of the Agreement.[3]  As contemplated by the Settlement Agreement, the DOJ also filed a criminal Information against two Tenet subsidiaries, alleging that each entity conspired to violate the AKS and defraud the United States.[4]  The two entities entered into Plea Agreements, under which they agreed to plead guilty and to pay forfeiture money judgments totaling approximately $146 million.[5] The second largest provider settlement in 2016 involved Life Care Centers of America, an operator of skilled nursing facilities, and its owner, Forrest Preston. The settlement resolved allegations that Life Care systematically billed Medicare and TRICARE for rehabilitation therapy services that exceeded the level of care beneficiaries actually required. In particular, the government alleged that Life Care adopted policies and practices to place as many patients as possible in the group that receives the highest level of rehab therapy reimbursed by Medicare Part A. Under the terms of the settlement, Life Care and Preston agreed to pay the government $145 million; two former Life Care employees, who brought suit under the FCA’s qui tam provisions, received nearly $30 million of that sum.[6] The Life Care settlement first made headlines–including in our 2014 Year-End Health Care Compliance and Enforcement Update – Providers ("2014 Year-End Update") –when the district court decided to permit the government to rely on statistical sampling and extrapolation to support FCA liability.[7] That decision, coupled with another decision issued the same day denying Life Care’s motion to exclude as unreliable the testimony of the government’s sampling expert,[8] allowed the government to extrapolate from a relatively small set of claims–just 400 total–to the entire universe of Medicare claims submitted by LifeCare, a whopping 54,396 potentially at-issue claims. The case is a sobering reminder of the potentially expansive liability in nationwide cases against providers, especially in light of the FCA’s per-claim penalties and treble damages. The Life Care settlement is also noteworthy as an illustration of the government’s application of the principles of individual accountability set out in the Yates Memorandum, which was issued in September 2015.[9] Before the Yates Memorandum, relators and the government generally focused their attention, at least in civil cases, on corporations rather than individuals (based in part on companies’ greater ability to pay settlements). This pre-Yates Memorandum practice was evident in the management of the Life Care litigation at its earliest stages: although relators originally named several individuals (including Preston) as defendants, they were voluntarily dismissed from the litigation in October 2014.[10] Post-Yates, however, the government changed course by bringing a separate civil action against Preston.[11] The government’s complaint against Preston was filed just seven months after the Yates Memorandum (and six months before the settlement was announced). The inclusion of Preston in the settlement gives at least the appearance of individual accountability, by holding Preston and Life Care jointly liable for the full settlement amount.[12] Although insurance coverage and director indemnification policies may well ensure that Preston does not suffer any direct financial losses, the collateral consequences–including reputational harm–may well satisfy the government’s expectations regarding individual accountability in the civil context.       B.      FCA-Related Case Law Developments       1.      Statistical Sampling As reported in our 2016 Mid-Year Update, the first half of 2016 saw some developments–particularly at the district court level–regarding the use of statistical sampling to establish liability in FCA cases. In these cases, plaintiffs and/or the government have attempted to establish that a certain number of claims in a much larger universe were "false" for purposes of FCA liability based on a review of only a sample of the claims. Generally, district courts have declined to hold that statistical evidence is, per se and as a matter of law, inadmissible to establish the falsity of claims subject to direct review (although courts have been careful to note that other evidentiary issues evaluated on a case-by-case basis may preclude the use of sampling to establish liability in some circumstances). To date, no appellate court has weighed in on this issue in the FCA context. Defendants continue to oppose the practice of extrapolating falsity from both an evidentiary and a legal perspective. For example, Prime Healthcare filed a motion on September 1, 2016, in the Central District of California to exclude, as a matter of law, statistical sampling to establish falsity under the FCA.[13] In that case, the government has alleged that there are more than 35,000 claims potentially at issue. Prime Healthcare filed its motion to exclude even before it had answered the government’s intervened complaint. But the court declined to consider the issue given the early stage of the litigation; indeed, as of the time of Prime Healthcare’s motion, neither the government nor relator had filed any report suggesting the use of statistical sampling to establish falsity.[14] The court recognized, however, that at some point it would likely be called upon to address the question: under the court’s order, Prime Healthcare is free to renew its motion "[i]f the government attempts to introduce sampling evidence" at any point in the litigation.[15] As noted above, the federal courts of appeals have yet to address the use of sampling to establish liability in FCA cases. Two closely watched cases–United States ex rel. Michaels v. Agape Senior Community, Inc. and United States ex rel. Paradies v. AseraCare, Inc.–were billed as the first cases in which an appellate court might weigh in on these important issues. During oral argument in Agape, however, the Fourth Circuit panel signaled that it was not inclined to reach the merits of the statistical sampling question. The panel has not decided the case, and may ultimately reach the question despite its suggestions to the contrary during oral argument. As to AseraCare, the issue on appeal to the Eleventh Circuit focuses on the district court’s decision to vacate a jury’s finding of liability after trial and to grant summary judgment in favor of AseraCare based on the court’s view that a mere difference of medical opinion is insufficient to support FCA liability. The propriety of the district court’s earlier decision to permit statistical sampling is not squarely presented in AseraCare (at least not yet). Thus, it may be some time before the appellate courts actually weigh in on, and bring clarity to, this closely watched and heavily litigated issue.       2.      The Supreme Court’s Escobar Decision This past year was notable not only because of blockbuster settlements, but also because of critical developments in FCA jurisprudence. As we reported in our 2016 Mid-Year Update, the Supreme Court’s landmark Escobar decision reframes key questions that arise in many FCA cases against health care providers. Although the Court affirmed the viability of the "implied false certification" theory of liability under certain circumstances, the Court also recast the falsity analysis in common-law terms and sharpened the FCA’s "demanding" materiality standard. For complete coverage of post-Escobar developments, please refer to our 2016 Year-End False Claims Act Update. Of course, Escobar involved a health care provider, and it will come as no surprise to those who followed the case that it will alter the contours of cases that the government and relators can pursue against providers in the future. Since the Supreme Court decided Escobar in June 2016, FCA defendants have invoked Escobar to attempt to scale back the scope of FCA liability. In the first set of district court–and, to a lesser extent, appellate court–decisions applying Escobar, two key issues regarding the meaning of Escobar have been the focus: (1) the extent to which a plaintiff must identify specific representations in a claim for payment that are rendered false or misleading to support an "implied false certification" theory of liability; and (2) the proper application of the FCA’s materiality element, as clarified by Escobar.             a)      Defining the Boundaries of an "Implied False Certification" Claim The Supreme Court stated in Escobar that "the implied certification theory can be a basis for [FCA] liability, at least where two conditions" are met: (1) "the claim does not merely request payment, but also makes specific representations about the goods or services provided"; and (2) "the defendant’s failure to disclose noncompliance with material statutory, regulatory, or contractual requirements makes those representations misleading half-truths."[16] In reaching that conclusion, the Court explained that the phrase "false or fraudulent" under the FCA should be interpreted in accordance with the meaning of those terms at common law.[17] Since Escobar, the lower courts have reached different conclusions as to the precise requirements for showing liability based on an implied certification. A number of courts have taken Escobar at face value, requiring the FCA plaintiff to show both of Escobar‘s conditions, including that the defendant made "specific" misleading representations about the goods or services provided to be liable based on an implied certification theory.[18] One of these courts observed that imposing liability in the absence of a sufficiently "specific" misrepresentation about the goods or services provided "would result in an ‘extraordinarily expansive view of liability’ under the FCA, a view that the Supreme Court rejected in Escobar."[19] But some courts have asserted that they are not bound by Escobar‘s "specific representation" requirement. For example, in Rose v. Stephens Institute, the Northern District of California rejected the argument "that Escobar establishes a rigid" test for falsity "that applies to every single implied false certification claim."[20] Reasoning that the Supreme Court left the door open by limiting its holding to "at least" the circumstances before it in Escobar and by expressly declining to "resolve whether all claims for payment implicitly represent that the billing party is legally entitled to payment," the court held that a relator can state an implied false certification claim without necessarily identifying a "specific" representation that was a "misleading half-truth" in any claim.[21] In United States ex rel. Brown v. Celgene Corp., one of the first cases against a pharmaceutical or device company to test this theory, the Central District of California followed Rose and held that a relator’s implied false certification allegations against the pharmaceutical company Celgene Corp.–based on off-label promotion and alleged kickbacks–could survive despite the fact that the relator failed to identify any "specific misrepresentation" made in a claim for payment.[22] Federal appellate courts have not yet had the opportunity to fully develop their take on the scope of Escobar‘s "two conditions," including whether a "specific representation" is required. The Seventh Circuit has recently signaled that it will enforce a strict reading of Escobar‘s requirements. In United States v. Sanford-Brown Ltd., for example, the Seventh Circuit affirmed summary judgment in favor of a defendant where the relator offered no evidence that the defendant had made "any representations at all," explaining that "bare speculation that [a defendant] made misleading representations is insufficient."[23] Other federal appellate courts are likely to begin to address the "two conditions" in 2017. Indeed, the Rose court subsequently certified its decision embracing a less restrictive reading for interlocutory appeal to the Ninth Circuit.[24] And in United States ex rel. Panarello v. Kaplan Early Learning Co., a magistrate judge in the Western District of New York similarly declined to require an FCA plaintiff to show "specific representations," but recommended that the question be certified for interlocutory appeal to the Second Circuit.[25] As appellate courts take their turns at addressing this issue, we will watch carefully for any emerging circuit split that could send this issue back to the Supreme Court sooner rather than later.             b)      Application of Escobar‘s "Demanding" Materiality Standard In Escobar, the Supreme Court not only specified the requirements for the implied false certification theory, but also reframed the FCA’s materiality standard as a question of whether a violation of the specific statute, regulation, or requirement at issue would actually have affected the government’s decision to pay for a claim had the government known of the alleged noncompliance.[26] In so doing, the Court made clear that materiality does not exist merely because the government may have the option not to pay a claim due to the alleged wrongdoing. The Court also explained that whether the particular statutory, regulatory, or contractual requirement at issue is specifically labeled a condition of payment remains relevant to materiality, but it is not dispositive.[27] The Court also stated that the FCA’s materiality requirement, which is an important bulwark against plaintiffs looking to bootstrap garden-variety regulatory violations or breach of contract claims into FCA liability, is "demanding" and "rigorous"–and that courts must ensure FCA plaintiffs satisfy this "rigorous" requirement by pleading facts showing materiality "with plausibility and particularity under Federal Rules of Civil Procedure 8 and 9(b)."[28] Since Escobar, several courts have seized on the Court’s command to rigorously review a complaint’s materiality allegations at the motion to dismiss stage–and have demanded that complaints include plausible, more-than-conclusory allegations showing that (1) the government either actually does not pay claims involving violations of the statute, rule, or regulation at issue, or (2) the government was unaware of the violation but "would not have paid" the claims at issue "had it known of" the alleged violations.[29] In Sanford-Brown, one of the first appellate court decisions on the issue, the Seventh Circuit held that a relator must provide "evidence that the government’s decision to pay" a claim "would likely or actually have been different had it known of [the defendant’s] alleged noncompliance" with the statute, rule, or regulation at issue.[30] The court affirmed summary judgment for the defendant, concluding the alleged noncompliance was not material to the government’s decision to pay claims because the government had "already examined" the defendant "multiple times over and concluded that neither administrative penalties nor termination was warranted."[31] Similarly, in United States ex rel. D’Agostino v. ev3, Inc., which is discussed in further detail below, the First Circuit concluded that allegations that a defendant’s misconduct–i.e., misstatements to FDA during the drug approval process–"could have" influenced "FDA to grant approval" failed to satisfy the "demanding" materiality standard set by Escobar.[32] In holding the relator had not adequately alleged materiality, the First Circuit also relied on the fact that the government neither "denied reimbursement" for the claims at issue nor took any other regulatory actions despite having been made aware of the allegations of the defendant’s fraudulent conduct six years earlier.[33] In line with Escobar’s statement that identifying a provision as a condition of payment is "not automatically dispositive" of materiality,[34] some courts have also dismissed complaints that merely allege payment "was conditioned on the claim being compliant" with the allegedly violated laws.[35] Similarly, nakedly alleging that the government "has a practice of not paying claims" involving the alleged violations is not enough to survive the rigorous pleading requirements reiterated in Escobar, especially when the government has actually paid claims after learning of the alleged violations.[36]       C.      Criminal Prosecutions As reported in our 2016 Mid-Year Update, two major, record-breaking criminal investigations marked the first six months of 2016. In one, the DOJ brought charges against 301 individuals in a civil and criminal takedown of unprecedented scope, which was coordinated by the Medicare Fraud Strike Force.[37] The other record-breaking investigation involved only three individuals, but a remarkable $1 billion of allegedly fraudulent claims. According to the government, that alleged fraud and money laundering scheme centered around the provision of medically unnecessary services at skilled nursing and assisted living facilities and the payment of kickbacks.[38] The DOJ continued its routine enforcement efforts against individuals involved in relatively small-scale schemes to defraud the federal health care program (particularly in the home health care space). For example, the administrator of five home health agencies in the Houston, Texas area pleaded guilty for her role in a fraud scheme in which she and her co-conspirators allegedly paid illegal kickbacks for patient referrals for services that were not medically necessary and/or never were provided.[39] The scheme cost the agencies almost $8 million in purported fraudulent payments.[40] An administrator of a Miami-based home health agency was convicted after a jury trial for a similar scheme that resulted in $2.5 million in allegedly fraudulent reimbursements.[41] These cases, and others like them, illustrate the DOJ’s commitment to combatting fraud schemes both large and small and the concentration of resources in areas that historically have proven to be particularly susceptible to fraudulent activity. Although it is difficult to predict the enforcement priorities of the next presidential administration, recent DOJ leaders have signaled that the criminal toolkit will be brought to bear as appropriate in an increasing number of corporate health care fraud investigations. II.      HHS Enforcement Activity       A.      HHS OIG Activity       1.      2016 Developments and Trends As we predicted in our 2016 Mid-Year Update, HHS OIG’s $5.66 billion in expected recoveries from its investigative and audit enforcement efforts in 2016 far surpassed the agency’s abnormally low recoveries in 2015.[42] (In 2015, HHS OIG expected to recover only $3.35 billion, far lower than the more than $5 billion in expected recoveries in each of the prior two years.[43]) Expected recoveries, as reported by HHS OIG, consist of audit receivables (representing amounts identified in OIG audits that HHS officials have determined should not be charged to the government) and investigative receivables (consisting of expected criminal penalties, civil or administrative judgments, or settlements that have been ordered or agreed upon).[44] HHS OIG’s improved performance in Fiscal Year 2016 was driven by investigative receivables of $4.46 billion, which is more in line with prior years than with the slower Fiscal Year 2015.[45] Despite the jump in the dollar value of recoveries, total enforcement activity in 2016 changed little from 2015, with 844 criminal actions and 708 civil actions initiated. These figures are considerably higher than the enforcement activity figures as recently as five years ago, due to a sustained, relatively significant increase during President Obama’s second term.[46] The initial increase in total enforcement activity from 2012 to 2015 was driven in large part by an increase in both criminal and, even more so, civil enforcement activity. Between 2015 and 2016, criminal enforcement efforts leveled off (and decreased slightly), whereas civil enforcement efforts have continued to increase (albeit at a slower rate). The increased activity, particularly in civil actions, may reflect the work of the new HHS OIG affirmative litigation team first announced in 2015. The result of these trends in HHS OIG enforcement action is that, today, HHS OIG plays a much more active role in enforcement, and the agency is increasingly reliant on its civil enforcement toolkit.         2.      Proposed Rule Amending Regulation Governing State Medicaid Fraud Control Units In September 2016, CMS and HHS OIG announced a proposed rule amending the regulation governing State Medicaid Fraud Control Units ("MFCUs"), which was first adopted in 1978 and had been amended only twice since then.[47] Much has changed in that time, and the proposed rule largely plays catch-up with changes in both policy and practices over the past four decades. Perhaps the most significant development reflected in the proposed rule are certain measures designed to ensure that MFCUs work more closely with their federal counterparts. For example, the proposed rule would require MFCUs to submit information regarding convictions they obtain to OIG within thirty days of sentencing, so that OIG can pursue program suspension and/or exclusion as appropriate.[48] The proposed rule also includes a requirement that MFCUs coordinate with federal investigators and prosecutors on overlapping matters.[49] The proposed rule also: incorporates statutory changes, such as raising the federal matching rate for operating costs from fifty percent to seventy-five percent, allowing the MFCUs to seek approval from the Inspector General of the relevant agency (usually HHS) to prosecute violations of state law related to fraud (as long as the fraud is primarily related to Medicaid), and giving the MFCUs the option to investigate and prosecute patient abuse or neglect in board and care facilities, regardless of whether the facilities receive Medicaid payments;[50] provides additional guidance to MFCUs on administrative matters such as staffing of the MFCUs and the annual recertification process with OIG;[51] and adds definitions for several terms, including "fraud," "abuse of patients," "neglect of patients," ”misappropriation of patient funds," and "program abuse."[52] The definition of "fraud" is intended to clarify that the term encompasses both criminal and civil actions.[53] Although MFCUs have long spent much of their resources pursuing civil actions under existing regulations, their mission was historically defined as the investigation and prosecution of criminal violations. The revised definitions reflect the observation that federal and state health care prosecutors commonly use both criminal and civil remedies to resolve provider fraud cases.[54] The proposed rule also broadens the definition of "provider" to include individuals or entities that are "required to enroll in a State Medicaid program, such as ordering or referring physicians."[55] This modified definition seeks to underscore "that providers who are not furnishing items or services for which payment is claimed under Medicaid can be the subject of a MFCU investigation and prosecution."[56] In general, the changes reflected in the proposed rule expand the investigative and prosecutorial authority and the responsibilities of MFCUs (at least as compared to the authority and responsibilities described in the current version of the regulations). Notably, many of the proposed changes actually reflect current policies and practices, and thus the regulation, if adopted, may serve only to formalize current practices rather than drive future changes. Many stakeholders submitted comments on the proposed rule by the November 21, 2016 deadline. We will monitor the agency’s response to those comments and the impact they may have on any final rulemaking.       3.      Notable Reports and Reviews HHS OIG’s public reports in 2016 included its annual review of MFCU activity for the prior fiscal year.[57] In 2015, MFCUs reported 1,553 convictions and 731 civil settlements and judgments, totaling $744 million in criminal and civil recoveries.[58] These numbers represent an increase in convictions but a decrease in civil resolutions compared to prior years, in contrast to the shift toward civil resolutions at the federal level.[59] HHS OIG exclusions based on MFCU referrals have increased over time, with more than 1,300 each in Fiscal Years 2014 and 2015, compared to 1,022 in 2013 and fewer than 750 per year in 2011 and 2012.[60] Although the MFCUs did produce more criminal convictions in Fiscal Year 2015 than they had in prior years, the increase in the number of exclusions since 2011 has been far more dramatic, suggesting that it may be driven by HHS OIG’s push for improvements in the reporting of convictions by the MFCUs to their federal counterparts.[61] The Texas MFCU was particularly successful in 2015, accounting for more than a quarter of the Fiscal Year 2015 recoveries, thanks to the completion of several large, multi-defendant investigations that resulted in significant recoveries.[62] Other states with relatively active and productive MFCUs included California, Florida, New York, Tennessee, and Wisconsin.[63] In June 2016, HHS OIG completed a review of home health fraud cases, which have been a focal point for enforcement for both HHS OIG and the DOJ (as noted above in Section I.C).[64] According to HHS OIG’s report, common characteristics among OIG-investigated cases of home health fraud include: high percentages of episodes for which the beneficiary had no recent visits with supervising physicians that were not preceded by a hospital or nursing home stay (or where the beneficiary’s primary diagnosis is diabetes or hypertension); and high percentages of beneficiaries with claims from multiple HHAs or with multiple home health readmissions in a short period of time.[65] HHS OIG has identified more than 500 home health agencies and 4,500 physicians as outliers with respect to these characteristics, and expects to apply greater scrutiny to these outliers. This represents yet another example of using statistical tools to drive enforcement decisions. HHS OIG also used this process to identify twenty-seven "hotspots" in twelve states, many in areas that HHS OIG already considers to have high rates of Medicaid fraud.[66] These reports did not quite complete the agency’s work plan for 2016; indeed, HHS OIG did not publish several reports that it had identified as forthcoming as of the time of our 2016 Mid-Year Update. Those reports–which include an analysis of outlier payments relating to outpatient short stay claims, payment credits related to the replacement of implanted medical devices, and the validation of hospital-submitted quality data–have been re-listed as goals for 2017.[67] HHS OIG’s 2017 plan also includes some noteworthy new goals. For example, HHS OIG intends to conduct several reviews relating to skilled nursing facilities (on the heels of its extensive review of home health agencies), including an analysis of unreported incidents of abuse and neglect, a review of reimbursements focusing on whether facilities bill for higher levels of care than are provided or necessary, and an evaluation of whether state agencies respond properly to complaints.[68] HHS OIG also expects to assess the effect of the CMS "two-midnight" rule.[69]       4.      Significant HHS OIG Enforcement Activity As noted above, HHS OIG invoked its enforcement authority aggressively in 2016, particularly in the area of Civil Monetary Penalties ("CMPs"). The agency’s focus remained, as in years past, on instances of false and fraudulent billing, as well as home health agencies and emergency ambulance services.             a)      Exclusions Perhaps the most powerful tool in HHS OIG’s enforcement toolkit is its ability (and, in some cases, its obligation) to exclude entities and individuals from participation in federal health care programs,[70] which can have a devastating impact on a provider’s bottom line. After record-setting 2014 and 2015–in which HHS OIG excluded 4,017 and 4,112 entities and individuals, respectively, from government health care programs[71]–HHS OIG reported that it excluded 3,635 entities and individuals in Fiscal Year 2016.[72] The exclusions in calendar year 2016 include forty-one entities, which included eight home health agencies, five clinics, four transportation/ambulance companies, and four pharmacies.[73] Of the individuals placed on the exclusion list in the calendar year, 285 were identified as business owners or executives.[74] Fifty-four of the excluded executives operated home health agencies and an additional twenty-four executives operated transportation or ambulance companies.[75]             b)      Civil Monetary Penalties In the 2016 calendar year, HHS OIG announced 169 CMPs, which resulted from settlement agreements and self-disclosures, and recovered approximately $52 million.[76] As noted in our 2016 Mid-Year Update, HHS OIG’s increased pursuit of CMPs is likely attributable to the work of HHS OIG’s new litigation team. In keeping with past years, HHS OIG primarily pursued CMPs for false or fraudulent billing and for the employment of individuals who entities knew or should have known were excluded from health care programs. These cases account for seventy and fifty-six, respectively, of the total number of CMPs assessed in 2016.[77] Additional penalties were assessed for violations of the Emergency Medical Treatment and Labor Act ("EMTALA"), violations of AKS and Stark Law physician self-referral prohibitions, drug price reporting requirements, and the improper submission of claims for emergency ambulance transportation.[78] The largest penalties in 2016 have come in self-disclosure cases. For example, the $8.6 million figure paid by Lancaster Healthcare Center in June 2016, summarized in the 2016 Mid-Year Update, is by far the largest CMP assessed in 2016. Other notable CMPs assessed in the second half of 2016 are summarized below: Memorial Hermann Health System: After self-disclosing issues to HHS OIG, Memorial Hermann agreed to pay more than $5.6 million to resolve claims that it improperly billed federal health care programs for certain outpatient services that automatically appended modifier 59 (for distinct or independent procedures or services provided to the same patient on the same day) or modifier 91 (repeat diagnostic laboratory test) to Current Procedural Terminology codes. This CMP was the second largest of 2016.[79] Stony Brook University Hospital: Like Memorial Hermann, Stony Brook self-disclosed conduct and then agreed to pay more than $3.2 million to resolve allegations that it failed to timely obtain re-certifications of medical necessity for inpatient psychiatric services provided to Medicare Part A beneficiaries. HHS OIG also alleged that the hospital did not properly code daily activities in its Medicaid-qualified Continuing Day Treatment Program, resulting in Medicare Part B reimbursement for non-covered services to dual-eligible beneficiaries.[80] University of California San Francisco Health (d/b/a UCSF Medical Center): UCSF Health also self-disclosed issues to HHS OIG; thereafter, it entered into a $1.4 million settlement to resolve allegations that it submitted claims for "new patient" evaluation and management outpatient clinic visits even though the patients at issue were actually "established patients" (and thus UCSF was only entitled to use a lower-paying Healthcare Common Procedure System code).[81] Cheshire Medical Center and Dartmouth-Hitchcock Clinic: CMC and DHC also entered into a $1.4 million settlement after they self-disclosed certain conduct. HHS OIG alleged that CMC and DHC submitted claims to Medicare for services that were not performed as billed and/or were not medically necessary.[82]             c)      Corporate Integrity Agreements HHS OIG employs corporate integrity agreements ("CIAs") in an effort to ensure that providers comply with Medicare and Medicaid rules and regulations. After a robust 2015, which saw forty-seven CIAs take effect, 2016 saw a slight decline with a total of thirty-seven.[83] CIAs are often linked with other enforcement penalties. For example, a skilled nursing services company, the chairman of its board, and the senior vice president of reimbursement analysis settled civil claims that they allegedly violated the FCA. The government’s allegations involved the purported submission of false or medically unnecessary services. The settlement provided for payments of $28.5 million from the company, $1 million from the board chairman, and $500,000 from the senior vice president. The settlement further provided for the company to enter into a CIA.[84] In another DOJ settlement involving allegations of medically unnecessary services, Vibra Healthcare agreed to pay $33 million and enter a five-year CIA.[85] Finally, Lexington Medical Center, a South Carolina hospital, agreed to a $17 million settlement and a five-year CIA for violations of the Stark Law and FCA with regard to physician employment agreements and practice acquisitions; its CIA calls for the appointment of a compliance officer, creation of a compliance committee, and oversight of compliance by the hospital’s board of directors.[86] Although not yet finalized, Mylan Inc. announced on October 7, 2016 that it agreed to enter into a $465 million settlement with the DOJ and expects to enter into a CIA with HHS OIG. The settlement follows the DOJ’s investigation into the company’s classification of the allergy treatment EpiPen as a generic drug for purposes of the Medicaid Drug Rebate Program.[87] To underscore that CIAs have teeth, HHS OIG continues to pursue entities that violate the terms of their CIAs. For example, in September 2016, Kindred Healthcare paid a $3 million penalty–the largest penalty to date–for violating the terms of its CIA by using improper billing practices a year before its five-year agreement was set to expire.[88]             d)      HHS Guidance for Independent Review Organizations Health care provider CIAs often call for independent review organizations ("IROs"), which typically handle claim reviews or cost report reviews during the CIA period, to certify their independence and objectivity in connection with the review. Although IROs are engaged by the provider subject to the CIA, HHS OIG typically has the power to reject IROs that lack either independence or the necessary qualifications. In August 2016, HHS OIG released new independence and objectivity guidelines for IROs; HHS OIG’s prior guidance on the subject dates back to 2010 and, before that, 2004.[89] The new guidelines are intended to reflect the Government Accountability Office’s current auditing standards, which are referred to as the "Yellow Book" and were most recently revised in 2011. Although HHS OIG’s guidance essentially confirms existing views regarding independence and objectivity, these guidelines crystallize those views. HHS OIG’s guidance tracks the Yellow Book’s definition of objectivity, which includes "independence of mind and appearance when providing audits, maintaining an attitude of impartiality, having intellectual honesty, and being free of conflicts of interest."[90] According to the guidance, independence of mind and appearance requires that IROs impartially judge all issues relating to the CIA review. The two categories identified as threats to independence are instructive. The first identified threat to independence–the "self-review threat"–is the threat that an auditor that has previously provided nonaudit services to the audited organization will not be able to appropriately (i.e., independently) evaluate the results of judgments made or services performed as part of those nonaudit services. The second identified threat is the "management participation threat," which is defined as the threat that results from an auditor taking on the role of management or otherwise performing management functions on behalf of the entity undergoing the audit.[91] The agency also incorporated into the new guidance the Yellow Book standards on professional judgment and competence, providing that auditors should use professional judgment in all aspects of their responsibilities, including following the independence standards and related conceptual framework; maintaining objectivity and credibility; assigning competent staff to the audit; defining the scope of work; evaluating, documenting, and reporting the results of the work; and maintaining appropriate quality control over the audit process.[92]       B.      CMS Activity In 2016, CMS continued to pursue quality-of-care initiatives and address payment processing challenges, described in Section V. CMS also persisted in its anti-fraud efforts. For example, the proposed rule regarding MFCUs discussed above in Section II.A.2 was a joint effort between CMS and HHS OIG. And–as reported in our 2016 Mid-Year Update–CMS proposed (but has not yet finalized) a rule intended to enhance fraud controls associated with the provider enrollment process. Recent developments in CMS’s program safeguard activities and other anti-fraud initiatives are described below.       1.      Transparency and Data Accessibility Access to data has been a focus for CMS for the past few years, and 2016 was no different. In January 2016, CMS proposed rules that would broaden the "qualified entity program" created by the ACA to enable certain entities to sell nonpublic analyses using Medicare data to providers or others who might use the analyses to improve care.[93] CMS promulgated a final rule (similar, though not identical, to the proposed rule) in July 2016.[94] CMS currently has certified sixteen entities as eligible to participate in the qualified entity program.[95] In its press release announcing the final rule, CMS noted that future rulemaking is expected to "expand the data available to qualified entities to include standardized extracts of Medicaid data."[96] CMS also continued to release and expand its library of already extensive data sets, including: An "Open Payments" searchable dataset of more than eleven million records from 2015, accounting for more than $7 billion in payments;[97] Updated datasets in Hospital Compare, a tool created to enable consumers to compare providers on more than 100 quality metrics;[98] The Skilled Nursing Facility Utilization and Payment Public Use File, a newly available set of data that includes 2013 claims information from more than 15,000 skilled nursing facilities, accounting for $27 billion in Medicare payments;[99] A second release of prescription drug cost data relating to Medicare Part D, which covers calendar year 2014 and includes data from more than one million providers accounting for approximately $121 billion in payments;[100] The Hospice Utilization and Payment Public Use File, a newly released file which includes 2014 claims information from 4,025 hospice providers, accounting for more than $15 billion in Medicare payments during 2014.[101] An update to the Market Saturation and Utilization Tool (formerly called the Moratoria Provider Services and Utilization Data Tool), which provides interactive maps and related data sets showing provider services and utilization data.[102]       2.      Moratoria and Other Enforcement Priorities The ACA authorizes CMS to impose moratoria on certain geographic areas, blocking any new provider enrollments within regions designated as "hot spots" for fraud.[103] The moratoria, which may focus on particular provider categories, are imposed after consultation with the DOJ and HHS OIG (and, in the case of Medicaid, with State Medicaid agencies) and reviewed every six months to assess whether they remain necessary.[104] In 2013 to 2014, CMS established moratoria affecting home health programs and ground ambulance services in several cities.[105] On July 29, 2016, CMS announced that it would expand and extend these moratoria to cover home health agencies state-wide in Florida, Texas, Illinois, and Michigan, and non-emergency ground ambulance suppliers in New Jersey, Pennsylvania, and Texas.[106] (The initial versions of these moratoria focused on particular cities within those states.[107]) CMS did, however, lift a temporary moratorium affecting Medicare Part B, Medicaid, and Children’s Health Program emergency ground ambulance suppliers; the moratorium now in place relates specifically to non-emergency services.[108]       C.      OCR and HIPAA Enforcement In November 2016, HHS’s Office of Civil Rights ("OCR") reported that since the Health Information Portability and Accountability Act ("HIPAA") privacy rules went in effect in April 2003, it has received more than 146,345 HIPAA complaints, of which it has resolved 143,230.[109] In the 2016 calendar year, OCR reported thirteen settlements totaling approximately $23.5 million.[110] This is a dramatic increase from the approximately $6.2 million reported in 2015 from six settlements.[111]       1.      2016 Developments             a)      HIPAA Compliance Audits As noted in our 2015 Year-End Update, OCR announced that HIPAA compliance audits were to begin anew in early 2016.[112] In July 2016, OCR announced its launch of Phase 2 of the Privacy, Security, and Breach Notification Audit Program; the pilot audit program and Phase 1 occurred in 2011 and 2012.[113] Phase 2 primarily will involve desk audits supplemented by some on-site audits to review the policies and procedures of covered entities and business associates with respect to the specifications of the Privacy, Security, and Breach Notification Rules.[114] The audit process will begin with an email request for verification of an entity’s address and contact information, followed by a pre-audit questionnaire to gather data regarding the size, type, and operations of prospective auditees. If an entity does not respond to the questionnaire, OCR will gather publically available data. This data, along with other information, will be used to create potential audit subject pools. OCR has stated that it is "committed to transparency about the [audit] process [and] will post updated audit protocols on its website" as the audit process progresses.[115]             b)      HIPAA in the Digital Age On October 6, 2016, HHS OIG released guidance on HIPAA and Cloud Computing.[116] This guidance confirms that a covered entity or business associate may engage a cloud service provider ("CSP") for electronic protected health information ("ePHI"), but cautions that the covered entity or business associate "should understand the cloud computing environment or solution offered by a particular CSP so that the covered entity (or business associate) can appropriately conduct its own risk analysis and establish risk management policies."[117] Of course, all CSPs engaged by HIPAA-covered entities (or their business associates) are themselves considered business associates under the Act, subjecting them to the limitations on uses and disclosure of protected patient information, as well as the Act’s breach notification requirements.[118] The guidance provides that "[t]his is true even if the CSP processes or stores only encrypted ePHI and lacks an encryption key for the data"[119]–that is, even if the CSP itself cannot actually access the underlying protected information. For this reason, providers who choose to engage CSPs should take care to enter HIPAA-compliant business associate agreements,[120] which will at least ensure the CSPs are aware of the applicability of the Act to their operations on the provider’s behalf. Notably, a CSP may be subject to the Act even if the provider that supplies HIPAA-protected data does not apprise the CSP of the nature of the information. Indeed, OCR recognizes that "a CSP may not have actual or constructive knowledge that a covered entity or another business associate is using its services to create, receive, maintain[] or transmit ePHI."[121] In such an instance, "if a CSP becomes aware that it is maintaining ePHI, it must come into compliance with the HIPAA Rules, or securely return the ePHI to the customer or, if agreed to by the customer, securely destroy the ePHI."[122] This guidance provides important information for covered entities, their business associates, and CSPs, particularly in light of the past year’s hefty OCR settlements related to the use of cloud services.[123]       2.      HIPAA Enforcement Actions In 2016, the smallest HIPAA penalty assessed was $25,000, whereas the largest weighed in at $5.55 million,[124] but it is clear that OCR has its eyes on resolutions that fall on the latter end of the spectrum. Recently, OCR issued a memorandum noting that it will continue to focus enforcement efforts on cases that "identify industry-wide noncompliance, where corrective action under HIPAA may be the only remedy, and where corrective action benefits the greatest number of individuals."[125] The enforcement activity described below generally furthered this mission; OCR focused on widespread alleged wrongdoing and approaches to data processing and storage that present particular and unique risks to patient information. The year’s biggest settlement–and the largest settlement to date against a single entity–was announced in August 2016. Advocate Health Care Network agreed to pay $5.55 million to resolve allegations that it had violated HIPAA on several occasions with regard to its patients’ ePHI; the entity also agreed to adopt a corrective action plan.[126] OCR’s investigation, which began in 2013, targeted purported issues that ran the gamut of potential HIPAA compliance issues.[127] According to OCR, Advocate failed to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to all of its ePHI; implement policies and procedures and facility access controls to limit physical access to the electronic information systems housed within a large data support center; obtain satisfactory assurances in the form of a written business associate contract that its business associate would appropriately safeguard all ePHI in its possession; and reasonably safeguard an unencrypted laptop which was left in an unlocked vehicle overnight.[128] It appears that "the extent and duration" of Advocate’s alleged HIPAA compliance failures factored into the size of the settlement, and that OCR intended for the settlement to "send[] a strong message" to providers regarding ePHI security.[129] Following an OCR investigation that revealed widespread data maintenance problems, Oregon Health & Science University ("OHSU") agreed to a settlement in July 2016 that provided for a monetary payment of $2.7 million and a comprehensive three-year corrective action plan.[130] The investigation, which began "after OHSU submitted breach reports . . . involving unencrypted laptops and a stolen unencrypted thumb drive," revealed extensive vulnerabilities within the provider’s compliance program.[131] In particular, OCR uncovered OHSU’s storage of ePHI of more than 3,000 individuals "on a cloud-based server without a business associate agreement."[132] Another HIPAA enforcement example–Care New England Health System’s ("CNE") $400,000 settlement with OCR on September 23, 2016–further underscores the importance of business associate agreements.[133] "CNE provide[d] centralized corporate support for its subsidiary affiliated entities," including Women & Infants Hospital of Rhode Island.[134] The settlement resolved alleged HIPAA violations in connection with the hospitals’ transmission of PHI to CNE, having "failed to renew or modify its business associate agreement."[135] OCR emphasized that "[t]his case illustrates the vital importance of reviewing and updating, as necessary, business associate agreements, especially in light of required revisions under the Omnibus Final Rule, [which] outlined necessary changes to established business associate agreements and new requirements which include provisions for reporting."[136] On July 21, 2016, the University of Mississippi Medical Center ("UMMC") agreed to pay $2.75 million and adopt a corrective action plan to resolve allegations that it violated HIPAA.[137] OCR’s investigation "was triggered by a breach of unsecured ePHI affecting approximately 10,000 individuals."[138] OCR determined that despite being "aware of the risks and vulnerabilities to its systems as far back as April 2005, [UMMC undertook] no significant risk management activity until after the breach [as a result of] organizational deficiencies and insufficient institutional oversight."[139] This case underscores that "[i]n addition to identifying risks and vulnerabilities to their ePHI, entities must also implement reasonable and appropriate safeguards to address them within an appropriate time frame."[140] St. Joseph Health System ("SJHS") entered into a $2.14 million settlement on October 17, 2016 for alleged HIPAA violations in connection with "a report that files containing [ePHI] were publicly accessible . . . from February 1, 2011, until February 13, 2012 via Google and possibly other internet search engines."[141] This vulnerability stemmed from a file sharing application on the server that SJHS purchased to store the files. The default settings of the server "allowed anyone with an internet connection" to access the files and consequently, the public conceivably could have accessed the .pdf files "containing ePHI of 31,800 individuals, including their names, health statuses, diagnoses, and demographic information."[142] As part of the settlement, SJHS must implement a corrective action plan.[143] This past year’s final OCR settlement came in November. The University of Massachusetts Amherst ("UMass") agreed to pay $650,000 to resolve allegations arising from an OCR investigation triggered by a report that a malware program that infiltrated a workstation in UMass’s Center for Language, Speech, and Hearing (the "Center") led to the "impermissible disclosure of [ePHI] of 1,670 individuals."[144] According to OCR, its investigation discovered the following potential violations: UMass "failed to designate all of its health care components" and accordingly "did not implement policies and procedures at the Center to ensure [HIPAA] compliance"; UMass did not "implement technical security measures at the Center to guard against unauthorized access to ePHI" (e.g., failing to implement a firewall); and UMass "did not conduct an accurate and thorough risk analysis" relating to the security of PHI.[145] According to OCR, the settlement amount reflects the fact that UMass "operated at a financial loss in 2015."[146] III.      Anti-Kickback Statute Developments       A.      AKS-Related Case Law Federal courts handed down several notable decisions interpreting the AKS during the second half of 2016. Most notably, the Fifth Circuit offered guidance (albeit in an unpublished opinion) on the bounds of the "one purpose" test for assessing the AKS’s inducement element. In United States ex rel. Ruscher v. Omnicare, Inc., the relator, a former employee of Omnicare, alleged that the company violated the AKS by offering prompt payment discounts and writing off debt owed to it by skilled nursing facilities in exchange for referrals to its long-term care pharmacy business. But the Fifth Circuit affirmed the district court’s grant of summary judgment to Omnicare. The court explained that although relators "need only show that one purpose of [] remuneration [is] to induce [] referrals . . . [t]here is no AKS violation . . . where the defendant merely hopes or expects referrals from benefits that were designed wholly for other purposes."[147] According to the court, the evidence indicated that Omnicare was "trying to collect verifiable debt and settle billing disputes without necessarily aggravating [] its clients in the midst of ongoing or anticipated contact negotiations."[148] The relator offered no evidence that Omnicare "designed its settlement negotiations and bad debt collection practices to induce" referrals. Nor did the relator show that Omnicare tied its collection practices to an effort to secure referrals. Yet, "[i]f the purported benefits were designed to encourage [skilled nursing facilities] to refer Medicare and Medicaid patients to Omnicare," the Fifth Circuit observed, "one might expect to find evidence showing that the [facilities] at least knew about those benefits."[149] As such, the court determined that "[a]t best, the evidence support[ed] a finding that Omnicare did not want unresolved settlement negotiations to negatively impact its contract negotiations with [] clients and was, likewise, avoiding confrontational collection practices that might discourage [clients] from continuing to do business with Omnicare."[150] Thus, the Fifth Circuit confirmed some bounds on the inducement standard, which may offer defendants in AKS-predicated FCA cases an avenue to defend business practices that are not designed to induce referrals, even if they are providing some remuneration to a referral source.       B.      Guidance and Regulations On December 7, 2016, more than two years after issuing the proposed rule discussed in our 2014 Year-End Update, HHS OIG issued a final rule that creates additional safe harbors to the AKS and revises the definition of "remuneration" under CMP regulations. According to HHS OIG, the new rule "enhances flexibility for providers [] to engage in health care business arrangements to improve efficiency and access to quality care while protecting programs and patients from fraud and abuse."[151] The final rule took effect on January 6, 2017.[152]       1.      Additional or Modified Safe Harbors HHS OIG finalized each AKS safe harbor rule that it proposed with certain modifications based on the comments it received.[153] As reported in our 2014 Year-End Update, four new or revamped safe harbors may have the most significant effects on health care providers; those safe harbors pertain to: (a) free or discounted local transportation to federal health program beneficiaries; (b) certain cost-sharing reductions or waivers for emergency ambulance services; (c) transactions between Federally Qualified Health Centers and Medicare Advantage organizations; and (d) referral services.[154]             a.      Free or Discounted Local Transportation The final rule allows "eligible entities" to provide free or discounted local transportation to "established patients" so long as the entities comply with certain conditions. HHS OIG had initially proposed that a patient would be considered "established" only after the patient "had attended an appointment with that provider or supplier," but the final rule broadens the definition of "established patient" to encompass any patient that has made an appointment with the provider or supplier.[155] Conditions for offering such transportation include the following: (1) the entity may not advertise or market the program to patients or other potential referral sources; (2) the entity may not advertise health care items or services during the transport; (3) drivers must not be paid on a per-beneficiary-transported basis; (4) the transportation must not be by air, luxury, or ambulance-level transport; (5) eligible entities must have a set policy regarding the availability of transportation assistance, which is applied uniformly and consistently; (6) the distance transported must not exceed twenty-five miles for patients in urban areas or fifty miles for patients in rural areas; and (7) the entity must bear the costs of the free or discounted local transportation service.[156]             b.      Reductions or Waivers for Emergency Ambulance Services The final rule allows the reduction or waiver of coinsurance or deductible amounts owed for emergency ambulance services.[157] This safe harbor applies to amounts owed under federal health care programs, and only for emergency ambulance services provided by a state, a political subdivision of the state, or a tribal health program.[158] To qualify, the ambulance provider or supplier must offer the reduction or waiver on a uniform basis, without regard to patient-specific factors, and not shift costs to any state or federal health care program.[159]             c.      Transactions between Federally Qualified Health Centers and Medicare Advantage Organizations In its final form, this safe harbor protects "any remuneration between a federally qualified health center ["FQHC"] (or an entity controlled by such a health center) and a [Medicare Advantage] organization pursuant to a written agreement" under the Medicare Prescription Drug, Improvement, and Modernization Act of 2003, so long as the level and amount of the payment to the FQHC does not exceed the level or amount for similar providers.[160] HHS OIG clarified that the remuneration does have to meet a "fair market value" requirement to be protected under the safe harbor.[161]             d.      Technical Change to the Safe Harbor for Referral Services HHS OIG proposed this rule change, discussed in our 2014 Year-End Update, to correct an inadvertent error in the language of the safe harbor for referral services. The final rule effectively reverts the language of the safe harbor to the language of its 1999 version. The final version of the safe harbor now "precludes protection for payments from participants to referral services that are based on the volume or value of referrals to, or business otherwise generated by, either party for the other party."[162] Previously, the safe harbor excluded "payments . . . or business otherwise generated by either party for the referral service."[163]       2.      Exclusions from "Remuneration" under Civil Monetary Penalties Rules As described in our 2014 Year-End Update, the CMP law proscribes the offer or transfer of remuneration to Medicare or Medicaid beneficiaries that may induce the beneficiaries to order or receive items or services paid for by federal or state health care programs.[164] The final rule carves out several exceptions to what is considered "remuneration" under the law: (1) "[c]opayment reductions for certain hospital outpatient department services"; (2) certain remuneration that encourages access to care (while posing a low risk of abuse); (3) "coupons, rebates, or other" retailer reward programs that meet specified requirements; (4) "certain remuneration to financially needy individuals"; and (5) "copayment waivers for the first fill of generic drugs." HHS OIG has explicitly cautioned, however, that these CMP law exceptions "do not provide protection under the anti-kickback statute" and that providers could consider requesting protection from sanctions under the AKS for similar arrangements through HHS OIG’s advisory opinion process.[165]       C.      Notable Settlements Providers entered into several noteworthy AKS-predicated settlements during the second half of 2016. As noted above, two Georgia-based subsidiaries of Tenet Healthcare agreed to pay forfeiture money judgments totaling approximately $146 million as part of a larger settlement, in part to resolve allegations that they conspired to violate the AKS by paying kickbacks for referrals.[166] In October 2016, Omnicare, Inc., the nation’s largest nursing home pharmacy, agreed to pay $28.13 million to settle claims that it solicited and received kickbacks from pharmaceutical manufacturer Abbott Laboratories in exchange for promoting and purchasing the manufacturer’s prescription anti-epileptic drug for controlling behavioral disturbances when reviewing medical charts as the nursing homes’ consultant pharmacy.[167] According to the government’s complaint in the two consolidated whistleblower lawsuits, Omnicare allegedly concealed improper market share rebate payments conditioned on the company’s active promotion of the drug, payments for market data and management conferences, and other improper grants and payments as rebates, educational grants, and other corporate financial support.[168] This settlement follows on the heels of the government’s previous civil and criminal resolution with Abbott in May 2012 for $1.5 billion.[169] As part of an initiative focusing on the submission of improper TRICARE claims by compound pharmacies, several owners of QMedRx agreed in September and October 2016 to pay $7.75 and $4.25 million, respectively, to resolve allegations that they violated the FCA by submitting claims for compound prescriptions that were tainted by alleged AKS violations between January 2013 and January 2014.[170] Previously, in December 2015, the former CEO and co-owner also agreed to pay $6.5 million in restitution for his role in the purported scheme.[171] Among other alleged conduct, the government asserted that the claims were improper because of allegedly improper incentive compensation arrangements for marketers who obtained the prescriptions from physicians. IV.      Stark Law Developments The second half of 2016 saw additional developments in the interpretation and enforcement of the Stark Law, or physician self-referral law. First, Congress took several steps toward possible reform of the Stark Law and its related regulations. Second, CMS issued its 2017 Medicare Physician Fee Schedule Update, with several updates relevant to Stark Law compliance. Finally, recent settlements illustrate the ways in which the government continues to hold both individuals and companies accountable for Stark Law violations.       A.      Legislative Developments In our recent 2016 Mid-Year Update, we reported on several pieces of proposed legislation with implications for the Stark Law: H.R. 776, H.R. 1083, and H.R. 5088. None of these items have moved forward since our last report.[172] Although progress on those bills has stalled, Congress remains focused on Stark Law issues. At the end of June 2016, the U.S. Senate Committee on Finance issued a report titled: "Why Stark, Why Now? Suggestions to Improve the Stark Law to Encourage Innovative Payment Models."[173] The report notes that despite the Stark Law’s intended effect–to provide a bright-line rule to prevent physician self-referral–the law has resulted in a vastly complex and overly broad scheme that has "created a minefield for the health care industry."[174] The report describes the obstacles that the Stark Law has created for alternative payment models and notes that the law’s proscriptions are, in fact, not necessary given the incentive structures of many payment models. Following an in-depth analysis, the Committee stated that it would continue to examine issues arising from the Stark Law and consider reforms. In July 2016, the same Senate Committee held a hearing titled: "Examining the Stark Law: Current Issues and Opportunities" to address these issues.[175] In his introductory statement, Senator Orrin Hatch explained that although the Stark Law was passed with the best of intentions, it has become a muddled and complex collection of regulations and exceptions.[176] In response, Senator Hatch explained, the Committee intended to explore possible changes to the Stark Law to make it more practicable and to align its requirements with the payment structures common in the health care industry. In his statement, Senator Ron Wyden emphasized the twin priorities of coordination between health care providers and protection of providers’ independent medical judgment, which underpin the Stark Law, and his hope that the hearing would lead to productive discussions regarding these issues.[177]       B.      Regulatory Updates In November 2016, CMS issued its 2017 Medicare Physician Fee Schedule update, which included several items relevant to Stark Law compliance. First, CMS reissued a regulation that prohibits the use of "per-click" fees for equipment or space lease arrangements, as well as payment rates based upon a calculation that accounts for services provided to patients that the lessor referred to the lessee.[178] In a recent opinion, the U.S. Court of Appeals for the D.C. Circuit overturned an earlier iteration of this prohibition after rejecting the rationale CMS initially provided for the restriction. Specifically, the court concluded that CMS’s reliance on a reinterpretation of a 1993 House Committee Report was arbitrary and capricious. The court explicitly noted, however, that CMS had the authority to issue the regulation.[179] CMS attempted to respond to the D.C. Circuit’s concerns by relying exclusively on the Secretary’s authority to impose any additional requirements necessary to prevent program or patient abuse. Under the reissued regulation, compensation arrangements for leases of space or equipment may not involve per-unit-of-service rental charges, if those charges are based upon patient services provided to referrals by the lessor to the lessee.[180] Second, CMS adopted updates to the list of Current Procedural Terminology/Healthcare Common Procedure Coding System ("CPT/HCPCS") codes that define designated health services, or "DHS," under the Stark Law and incorporate additional services that may qualify for exceptions to the law.[181] Finally, CMS added a minor change to its instructions regarding how to submit a Stark advisory opinion request.[182]       C.      Significant Settlements Recent settlements underscore the continued efforts of the Department of Justice and HHS OIG to enforce Stark Law prohibitions and related regulations against both companies and individuals. In July 2016, Lexington Medical Center settled allegations of Stark Law and FCA violations for $17 million and agreed to enter into a five-year CIA intended to prevent similar future issues.[183] The allegations concerned financial arrangements with twenty-eight outside physicians that allegedly exceeded fair market value, were not commercially reasonable, or were based instead on the value or volume of referrals to the hospital. The hospital admitted no wrongdoing. In September 2016, the former CEO of Tuomey Healthcare System, Ralph J. Cox III, settled allegations that he had caused the company to enter into problematic contracts with nineteen physicians in violation of the Stark Law.[184] Under the settlement, Cox must pay $1 million and is barred from participating in federal health care programs for four years. This settlement follows the $237 million verdict (discussed in our 2015 Year-End Update) the DOJ secured against Tuomey for billings for services by physicians with financial relationships with the company that were deemed to be improper. V.      Developments in Payments and Reimbursements With the change in administration, 2017 could be an interesting and dynamic year for the regulation of government health program payments and reimbursements. In the meantime, we address below developments relating to several issues on which we have reported previously. Through the end of 2016, CMS continued to promulgate rules and regulations designed to transition payment and reimbursement systems for federal health programs away from quantity-based metrics and toward quality-based metrics. This was highlighted by CMS’s finalization of the rule implementing the Medicare Access and CHIP Reauthorization Act ("MACRA"). CMS also issued its final rule regarding 340B ceiling prices.       A.      MACRA and Other Developments in Continued Shift Towards Pay-for-Performance In our 2016 Mid-Year Update, we noted that HHS had reached its goal of tying thirty percent of Medicare payments to quality through alternative payment models. The agency has set its next goal: to tie fifty percent of Medicare payments to quality metrics by 2018. In keeping with that goal, CMS finalized MACRA, proposed a new rule regarding episode payments for hospital care, and put the finishing touches on a new rule concerning primary care payments.       1.      The Medicare Access and CHIP Reauthorization Act In October 2016, as part of CMS’s move towards a "pay-for-performance" model, CMS issued its final rule implementing MACRA. The rule repeals the Medicare Sustainable Growth Rate methodology and replaces it with a new payment approach.[185] Specifically, the rule sets the parameters for the two different payment tracks, the Merit-Based Payment Systems ("MIPS") and the Advanced Alternative Payment Models ("APMs"), which together form the basis for MACRA’s "Quality Payment Program." We reported on the details of these two different payment tracks in our 2016 Mid-Year Update, in our discussion of the MACRA proposed rulemaking. MIPS will essentially serve as the base or standard payment system by which providers will receive either an upward, downward, or neutral payment adjustment based on their performance in four categories: quality; use of electronic health records; clinical practice improvement activities; and cost.[186] Advanced APMs, an alternative to MIPS, will operate as more generous incentive programs that are exempt from the MIPS requirements.[187] To qualify for the MIPS exemption, however, providers in the Advanced APMs track must accept some amount of downside financial risk.[188] In response to a record number of comments during the comments period, CMS made a number of changes and reduced certain requirements of the proposed rule. This is highlighted by the establishment of calendar year 2017 as the "transition year," during which the reporting requirements placed on providers will be significantly reduced.[189] According to CMS, the goal of the transition period is to give providers greater flexibility and to allow them to adopt the new payment system at their own pace. As part of the transition period, providers now have four potential paths for reporting during 2017: (1) report under MIPS for ninety days; (2) report under MIPS for less than a year but more than ninety days and report more than one quality measure, more than one improvement activity, or more than the required measures in the advancing care information performance category; (3) report one measure in each MIPS category (besides resource use, which is automatically reported) for the entire year; or (4) participate in an Advanced APM.[190] As providers progress through the four different reporting options, their payment adjustment improves, with the first (and least burdensome) path resulting in no negative penalty and the last (the Advanced APM) resulting in a five percent incentive payment.[191] In addition, CMS made some other important changes to the final rule in an attempt to accommodate smaller practices and to make it easier to qualify as an Advanced APM. For instance, CMS increased the low-volume thresholds that dictate which providers must participate in the program; in the final rule, the threshold is $30,000 in Medicare Part B allowed charges or less than or equal to 100 Medicare patients.[192] This means that a number of smaller practices that provide a minimal amount of care to Medicare patients will not be subject to the burdensome MIPS requirements. According to CMS, this represents thirty-two and a half percent of pre-exclusion Medicare clinicians but only five percent of Medicare Part B spending.[193] CMS also has accommodated smaller practices by allowing for "virtual groups," a MIPS reporting option under which as many as ten clinicians can combine reporting as one group.[194] The agency will not implement virtual groups in the 2017 transition year, however. As for the Advanced APMs, in an effort to expand the number of APMs that will qualify under MACRA, the final rule allows for retrofitting existing APMs to qualify as Advanced APMs and provides for the creation of new models.[195] And while Advanced APM providers must still bear responsibility for some financial downside risk, the standard for 2017 and 2018 in the final rule is three percent (down from four in the proposed rule) of the expected expenditures for which the provider is responsible under the APM itself.[196] Moreover, CMS reduced the complexity of qualifying as an Advanced APM by retracting proposals relating to marginal risk and minimum loss ratio, though these elements will apply to "Other Payer" Advanced APMs starting in 2019.[197]       2.      Mandatory Episode Payment On July 25, 2016, CMS announced the "Notice of Proposed Rulemaking for Bundled Payment Models for High-Quality, Coordinated Cardiac and Hip Fracture Care;" this proposed rule, like other recent payment model rules, is intended to move the Medicare system towards payment systems that compensate for quality rather than quantity of care.[198] In particular, the proposed rule seeks to reward hospitals that work together with physicians and other providers to avoid complications, prevent hospital readmissions, and speed recovery. CMS sought to do so by "bundling" payments around a patient’s total experience of care (i.e., medical care in and out of the hospital), so that hospitals are incentivized to work together with providers outside of the hospital setting. The proposed rule specifies that when a patient is admitted to a hospital for care for a heart attack, bypass surgery, or surgical hip/femur fracture treatment, the admitting hospital will be accountable for the cost and quality of care provided to Medicare fee-for-service beneficiaries during the inpatient stay and for ninety days after discharge.[199] Specifically, under the proposed rule, CMS would set target prices for different episodes based on hospital-specific data and regional historical data, and the actual spending for the episode would be compared to the target price.[200] If hospitals end up spending below the target price they would be paid the "savings" achieved; if they end spending more than the target price then they would be liable for the "extra" costs and will have to repay Medicare.[201]       3.      Comprehensive Primary Care PLUS (CPC+) We previously reported on CMS unveiling a new primary care payment model called Comprehensive Primary Care Plus in our 2016 Mid-Year Update. The rule includes an assortment of experimental payment types for primary providers, many of which are tied to quality of care and are intended to reduce incentives for unnecessary service. On August 1, 2016, CMS announced fourteen geographic regions[202] eligible to participate in CPC+ and opened the application period for practices within those regions to participate.[203]       B.      Developments Regarding Prescription Drug Prices While the second half of 2016 saw little activity in the area of reimbursements for prescription drugs, the first week of 2017 saw CMS’s issuance of a significant final rule regarding 340B ceiling prices.       1.      Part B Reimbursement In our 2016 Mid-Year Update, we summarized the proposed rule by CMS that would implement tests of new payment models under Medicare Part B for prescription drugs administered in a physician’s office or hospital outpatient department (as well as drugs administered by a covered item of durable medical equipment). The proposed rule resulted in considerable backlash from members of the medical community, including pharmaceutical companies and oncology providers. CMS announced on December 16, 2016, that it would not finalize the Medicare Part B drug payment model by the end of President Obama’s administration.       2.      Issuance of 340B Final Rule On January 5, 2017, the Health Resources and Services Administration ("HRSA") issued its long-awaited final rule regarding 340B drug pricing, entitled "340B Drug Pricing Program Ceiling Price and Manufacturer Civil Monetary Penalties Regulation." As detailed in our 2014 and 2015 Year-End Updates, the 340B program imposes ceilings on prices that drug manufacturers may charge for medications sold to specified health facilities. Effective as of March 6, 2017, this final rule modifies, amends, and confirms a variety of elements concerning the 340B program. First, the final rule finalizes the rules related to calculating the 340B ceiling prices. As background, the formula for calculating the ceiling price is average manufacturer price ("AMP") minus unit rebate amount ("URA").[204] The final rule includes some important clarifications regarding this pricing scheme. For instance, it clarifies that drugs reimbursed under bundled payment methodologies (i.e., drugs reimbursed as part of a service rather than directly) are not covered outpatient drugs subject to 340B ceiling prices. In addition, it formalizes the penny pricing policy that previously existed informally.[205] The penny pricing policy is a reaction to the fact that, theoretically, URA can equal or exceed AMP, such that the 340B price of a drug would be $0.00. To avoid that outcome, under the penny pricing policy, the 340B price of such a drug is set at $0.01. Second, and crucially, the final rule imposes civil monetary penalties ("CMPs") on manufacturers that overcharge 340B-covered entities.[206] Under the Final Rule, a manufacturer will be subject to a $5,000 CMP for an "instance of overcharging." An "instance" is defined as an order that involves overcharging rather than each individual unit that is overcharged within the order. Note that manufacturers are only subject to CMPs if they "knowingly" and "intentionally" charge covered entities more than the 340B ceiling price. HRSA does not clearly define those terms in the final rule; instead, the act empowers HHS OIG to make those determinations on a case-by-case basis. Finally, the final rule institutes a refund process under which manufacturers are obligated to refund overcharges under particular circumstances. Specifically, manufacturers must repay the difference between the estimated 340B price and the actual 340B ceiling price.[207] The final rule requires manufacturers to establish an estimated 340B price for new covered outpatient drugs until there is AMP data available to calculate an actual ceiling price. The estimated price is tallied by taking the wholesale acquisition cost and reducing that by a prescribed Medicaid rebate percentage. If the actual ceiling price based on the AMP data ends up being less than the estimated ceiling price, then the manufacturer will have to refund the difference. If a manufacturer fails to refund the difference within 120 days, it will be subject to CMPs as described in the preceding paragraph.       3.      Updates on 340B Mega-Guidance The much-anticipated 340B Program Omnibus Guidance ("Mega-Guidance") was withdrawn by HHS at the end of January.[208] As we described in our 2015 Year-End Update, the Mega-Guidance would have clarified a number of issues regarding 340B covered entities and program compliance requirements.  In light of the new administration’s executive order limiting the issuance of new guidance and regulations by federal agencies, it seems unlikely that the Mega-Guidance will be resurrected under this administration. However, we will continue to monitor 340B developments. VI.      Conclusion This new year brings with it a new administration and a new Congress, both poised to pursue agendas that may reshape the health care industry. For all of 2016’s critical developments, it may well be that the past year will pale in comparison to 2017. As always, we will continue to track the regulatory and enforcement issues most likely to have an impact on health care providers and report back in July. [1] Tenet Healthcare Corp., Current Report (Form 8-K), at 2 (Sept. 30, 2016). [2] Id. [3] Id. [4] Id. at 3. [5] Id. [6] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Life Care Centers of America Inc. Agrees to Pay $145 Million to Resolve False Claims Act Allegations Relating to the Provision of Medically Unnecessary Rehabilitation Therapy Services (Oct. 24, 2016), https://www.justice.gov/opa/pr/life-care-centers-america-inc-agrees-pay-145-million-resolve-false-claims-act-allegations. [7] United States ex rel. Martin v. Life Care Ctrs. of Am., Inc., 114 F. Supp. 3d 549, 565–70 (E.D. Tenn. Sept. 29, 2014). [8] United States ex rel. Martin v. Life Care Ctrs. Of Am., Inc., No. 1:12-cv-0064, 2014 WL 4816006, at *1 (E.D. Tenn. Sept. 29, 2014). [9] For a robust discussion of the DOJ policy set out in the Yates Memorandum, please see our September 11, 2015 Client Alert on the subject. [10] Order, United States ex rel. Martin v. Life Care Ctrs. of Am., Inc., No. 1:12-cv-0064 (E.D. Tenn. Oct. 14, 2014), ECF No. 141. [11] Complaint, United States v. Preston, No. 1:16-cv-00113 (E.D. Tenn. May 3, 2016), ECF No. 1. [12] Settlement Agreement, United States v. Preston, No. 1:16-cv-00113 (E.D. Tenn. Oct. 27, 2016), ECF No. 13. [13] United States ex rel. Karin Berntsen v. Prime Healthcare Servs., Inc., No. 11-cv-08214 (C.D. Cal. Sept. 1, 2016), ECF No. 141. [14] Prime Healthcare Servs., No. 11-cv-08214 (C.D. Cal. Jan. 13, 2017), ECF No. 174. [15] Id. [16] Universal Health Servs., Inc. v. United States ex rel. Escobar, 136 S. Ct. 1989, 2001 (2016) (emphasis added). [17] Id. at 1999–2001. [18] See, e.g., United States ex rel. Tessler v. City of New York, 14-cv-6455, 2016 WL 7335654, at *4 (S.D.N.Y. Dec. 16, 2016); United States v. Crumb, No. 15-cv-0655, 2016 WL 4480690, at *12 (S.D. Ala. Aug. 24, 2016); United States ex rel. Beauchamp v. Academi Training Ctr., Inc., No. 1:11-cv-371, 2016 WL 7030433, at *3 (E.D. Va. Nov. 30, 2016). [19] Tessler, 2016 WL 7335654, at *4 (quoting Escobar, 136 S. Ct. at 2004). [20] Rose v. Stephens Inst., No. 09-cv-05966, 2016 WL 5076214, at *5 (N.D. Cal. Sept. 20, 2016). [21] Id. (quoting Escobar, 136 S. Ct. at 2000). [22] United States ex rel. Brown v. Celgene Corp., No. 10-cv-03165, 2016 WL 7626222, at *8 (C.D. Cal. Dec. 28, 2016). [23] United States v. Sanford-Brown, Ltd., 840 F.3d 445, 447 (7th Cir. 2016). [24] Rose v. Stephens Inst., No. 09-cv-05966, 2016 WL 6393513, at *1, *4 (N.D. Cal. Oct. 28, 2016). [25] Report and Recommendation, United States ex rel. Panarello v. Kaplan Early Learning Co., No.11-cv-353S, at 9 (W.D.N.Y. Nov. 14, 2016), ECF No. 96. [26] Escobar, 136 S. Ct. at 1996. [27] Id. at 2001. [28] Id. at 2003–04 n.6. [29] See, e.g., United States ex rel. Se. Carpenters Reg’l Council v. Fulton County, Georgia, No. 1:14-cv-4071, 2016 WL 4158392, at *8 (N.D. Ga. Aug. 5, 2016); Knudsen v. Sprint Commc’ns Co., No. 13-cv-04476, 2016 WL 4548924, at *14 (N.D. Cal. Sept. 1, 2016); United States ex rel. Lee v. N. Adult Daily Health Care Ctr., No. 13-cv-4933, 2016 WL 4703653, at *12 (E.D.N.Y. Sep. 7, 2016). [30] Sanford-Brown, Ltd., 840 F.3d at 447. [31] Id. at 447–48 (internal citation and quotation marks omitted). [32] United States ex rel. D’Agostino v. ev3, Inc., No. 16-1126, 845 F.3d 1, 7 (1st Cir. Dec. 23, 2016). [33] Id. at 7–8. [34] Escobar, 136 S. Ct. at 2003. [35] United States ex. rel. Dresser v. Qualium Corp., No. 5:12-CV-01745-BLF, 2016 WL 3880763, at *6 (N.D. Cal. July 18, 2016) (explaining that "payment being conditioned on compliance with regulations" does "not necessarily make a misrepresentation material"). [36] City of Chicago v. Purdue Pharma L.P., No. 14 CV 4361, 2016 WL 5477522, at *15 (N.D. Ill. Sept. 29, 2016) (dismissing complaint in which "the City represents that is [sic] still paying for claims based on defendants’ alleged misrepresentations"). [37] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, National Health Care Fraud Takedown Results in Charges Against 301 Individuals for Approximately $900 Million in False Billing (June 22, 2016), https://www.justice.gov/opa/pr/national-health-care-fraud-takedown-results-charges-against-301-individuals-approximately-900. [38] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Three Individuals Charged in $1 Billion Medicare Fraud and Money Laundering Scheme (July 22, 2016), https://www.justice.gov/opa/pr/three-individuals-charged-1-billion-medicare-fraud-and-money-laundering-scheme. [39] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Home Health Agency Administrator Pleads Guilty in $7.8 Million Medicaid Fraud (Jan. 12, 2017), https://www.justice.gov/opa/pr/home-health-agency-administrator-pleads-guilty-78-million-medicaid-fraud. [40] Id. [41] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Administrator of Miami-Area Home Health Agency Convicted of Conspiracy to Commit $2.5 Million Medicare Fraud Scheme (Dec. 15, 2016), https://www.justice.gov/opa/pr/administrator-miami-area-home-health-agency-convicted-conspiracy-commit-25-million-medicare. [42] See U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Semiannual Report to Congress (Apr. 1 to Sept. 30, 2016), at iv, https://oig.hhs.gov/reports-and-publications/archives/semiannual/2016/sar-fall-2016.pdf [hereinafter 2016 SA Report]. [43] See U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Semiannual Report to Congress (Apr. 1 to Sept. 30, 2015), at i, https://oig.hhs.gov/reports-and-publications/archives/semiannual/2015/sar-fall15.pdf [hereinafter 2015 SA Report]. [44] 2016 SA Report, supra note 42, at iv. [45] Id. [46] Id.; 2015 SA Report, supra note 43, at iii. [47] See Medicaid; Revisions to State Medicaid Fraud Control Unit Rules, 81 Fed. Reg. 64,383 (Sept. 20, 2016), https://www.federalregister.gov/documents/2016/09/20/2016-22269/medicaid-revisions-to-state-medicaid-fraud-control-unit-rules. [48] Id. at 64,384. [49] Id. [50] Id. at 64,384–85. [51] Id. at 64,384. [52] Id. at 64,385–86. [53] Id. [54] Id. [55] Id. at 64,386. [56] Id. at 64,386–87. [57] U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., Medicaid Fraud Control Units Fiscal Year 2015 Annual Report (Sept. 2016), available at https://oig.hhs.gov/oei/reports/oei-07-16-00050.pdf [hereinafter MFCU Fiscal Year 2015 Annual Report]. [58] Id. at 3. [59] Id. at 6–7. [60] Id. at 7. [61] See id. at 9. [62] Id. at 5. [63] Id. [64] U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., Nationwide Analysis of Common Characteristics in OIG Home Health Fraud Cases (June 2016), available at https://oig.hhs.gov/oei/reports/oei-05-16-00031.pdf. [65] Id. at 2. [66] Id. [67] U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., Work Plan Fiscal Year 2017, at 3, 5, 7, available at https://oig.hhs.gov/reports-and-publications/archives/workplan/2017/HHS%20OIG%20Work%20Plan%202017.pdf. [68] Id. at 8–9. [69] Id. at 4. [70] 42 U.S.C. § 1320a-7a. [71] See MFCU Fiscal Year 2015 Annual Report, supra note 57, at 7. [72] U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., Semiannual Report to Congress (April 1 to Sept. 30, 2016), at iv, available at https://oig.hhs.gov/reports-and-publications/archives/semiannual/2016/sar-fall-2016.pdf [hereinafter 2016 Fall SA Report]. [73] U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., LEIE Downloadable Databases, https://oig.hhs.gov/exclusions/exclusions_list.asp (last visited Jan. 31, 2017). [74] See id. [75] See id. [76] Data gathered through HHS OIG press releases and publicly available information. See generally U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., Civil Monetary Penalties and Affirmative Exclusions, https://oig.hhs.gov/fraud/enforcement/cmp/index.asp (last visited Jan. 30, 2017) [hereinafter CMP Assessments]; U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., Provider Self-Disclosure Settlements, https://oig.hhs.gov/fraud/enforcement/cmp/psds.asp (last visited Jan. 30, 2017) [hereinafter Provider Self-Disclosure Settlements]. [77] See CMP Assessments, supra note 76. [78] See id. [79] See Provider Self-Disclosure Settlements, supra note 76. [80] Id. [81] See CMP Assessments, supra note 76. [82] See Provider Self-Disclosure Settlements, supra note 76. [83] See U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., Corporate Integrity Agreement Documents, https://oig.hhs.gov/compliance/corporate-integrity-agreements/cia-documents.asp (last visited Jan. 30, 2017). [84] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, North American Health Care Inc. to Pay $28.5 Million to Settle Claims for Medically Unnecessary Rehabilitation Therapy Services (Sept. 19, 2016), https://www.justice.gov/opa/pr/north-american-health-care-inc-pay-285-million-settle-claims-medically-unnecessary. [85] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Vibra Healthcare to Pay $32.7 Million to Resolve Claims for Medically Unnecessary Services (Sept. 28, 2016), https://www.justice.gov/opa/pr/vibra-healthcare-pay-327-million-resolve-claims-medically-unnecessary-services. [86] See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, South Carolina Hospital to Pay $17 Million to Resolve False Claims Act and Stark Law Allegations (July 28, 2016), https://www.justice.gov/opa/pr/south-carolina-hospital-pay-17-million-resolve-false-claims-act-and-stark-law-allegations. [87] See Press Release, Mylan Inc., Mylan Agrees to Settlement on Medicaid Rebate Classification for EpiPen® Auto-Injector (Oct. 7, 2016), http://newsroom.mylan.com/2016-10-07-Mylan-Agrees-to-Settlement-on-Medicaid-Rebate-Classification-for-EpiPen-Auto-Injector. [88] See U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., Corporate Integrity Agreement Enforcement, http://oig.hhs.gov/fraud/enforcement/ciae/ (last visited Jan. 30, 2017); Press Release, U.S. Dep’t of Health & Human Servs., HHS’s Office of Inspector General Levies Largest Penalty Under a Corporate Integrity Agreement Against Nation’s Biggest Provider of Post-Acute Care (Sept. 20, 2016), https://oig.hhs.gov/newsroom/news-releases/2016/kindred.asp. [89] U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., OIG Guidance on IRO Independence and Objectivity (Aug. 22, 2016), https://oig.hhs.gov/fraud/cia/docs/iro-guidance-2016.pdf. [90] Id. at 2. [91] Id. at 2–3. [92] Id. at 5. [93] Press Release, Ctrs. for Medicare & Medicaid Servs., New Proposal to Give Providers and Employers Access to Information to Drive Quality and Patient Care Improvement (Jan. 29, 2016), https://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2016-Press-releases-items/2016-01-29.html. [94] Press Release, Ctrs. for Medicare & Medicaid Servs., CMS Finalizes Rule Giving Providers and Employers Improved Access to Information for Better Patient Care (July 1, 2016), https://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2016-Press-releases-items/2016-07-01.html. [95] Ctrs. for Medicare & Medicaid Servs., Qualified Entity Program, https://www.cms.gov/Research-Statistics-Data-and-Systems/Monitoring-Programs/QEMedicareData/index.html?redirect=/qemedicaredata/ (last updated Nov. 3, 2016). [96] Press Release, Ctrs. for Medicare & Medicaid Servs., CMS Finalizes Rule Giving Providers and Employers Improved Access to Information for Better Patient Care (July 1, 2016), https://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2016-Press-releases-items/2016-07-01.html. [97] See Press Release, Ctrs. for Medicare & Medicaid Servs., CMS’ Open Payments Program Posts 2015 Financial Data (June 30, 2016), https://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2016-Press-releases-items/2016-06-30.html. [98] E.g., Press Release, Ctrs. for Medicare & Medicaid Servs., Hospital Compare is Updated with Veterans Health Administration (VHA) Hospital Data (Oct. 21, 2016), https://www.cms.gov/Newsroom/MediaReleaseDatabase/ Press-releases/2016-Press-releases-items/2016-10-21.html; see also Press Release, Ctrs. for Medicare & Medicaid Servs., First Release of the Overall Hospital Quality Star Rating on Hospital Compare (July 27, 2016), https://www.cms.gov/Newsroom/MediaReleaseDatabase/Fact-sheets/2016-Fact-sheets-items/2016-07-27.html. [99] Press Release, Ctrs. for Medicare & Medicaid Servs., CMS Releases Skilled Nursing Facility Utilization and Payment Data (Mar. 9, 2016), https://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2016-Press-releases-items/2016-03-09.html; see also 2016 Mid-Year Update. [100] Press Release, Ctrs. for Medicare & Medicaid Servs., CMS Releases New Prescription Drug Cost Data (Aug. 18, 2016), https://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2016-Press-releases-items/2016-08-18.html. [101] Press Release, Ctrs. for Medicare & Medicaid Servs., CMS Releases New Data to Increase Transparency on Medicare Hospice Payments and the Third Release of the Market Saturation and Utilization Data Tool (Oct. 6, 2016), https://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2016-Press-releases-items/2016-10-06.html. [102] Id. [103] The Patient Protection and Affordable Care Act of 2010, Pub. L. No. 111-148, § 6401(a). [104] See 42 C.F.R. § 424.570(a)(2)(iv), (b) (2017) (setting forth these procedures for Medicare moratoria); id. § 455.470(a)(1) (requiring that Medicaid moratoria be imposed "in accordance with" regulations governing Medicare moratoria); id. § 455.470(c) (requiring that Medicaid moratoria be imposed and extended, as necessary, in six-month increments). [105] See Press Release, Ctrs. for Medicare & Medicaid Servs., CMS Imposes First Affordable Care Act Enrollment Moratorium to Combat Fraud (July 26, 2013), https://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2013-Press-releases-items/2013-07-26.html; Press Release, Ctrs. for Medicare & Medicaid Servs., Second Wave of CMS’ Enrollment Moratoria Extended for Home Health and Ground Ambulance Suppliers; Four New Geographic Areas Added (Jan. 30, 2014), https://www.cms.gov/newsroom/mediareleasedatabase/press-releases/2014-press-releases-items/2014-01-30-2.html. [106] See Press Release, Ctrs. for Medicare & Medicaid Servs., CMS extends, expands fraud-fighting enrollment moratoria efforts in six states (July 29, 2016), https://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2016-Press-releases-items/2016-07-29-2.html. [107] See Press Release, Ctrs. for Medicare & Medicaid Servs., CMS Imposes First Affordable Care Act Enrollment Moratoria to Combat Fraud (July 26, 2013), https://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2013-Press-releases-items/2013-07-26.html; Press Release, Ctrs. for Medicare & Medicaid Servs., Second Wave of CMS’ Enrollment Moratoria Extended for Home Health and Ground Ambulance Suppliers; Four New Geographic Areas Added (Jan. 30, 2014), https://www.cms.gov/newsroom/mediareleasedatabase/press-releases/2014-press-releases-items/2014-01-30-2.html. [108] Press Release, Ctrs. for Medicare & Medicaid Servs., CMS Extends, Expands Fraud-Fighting Enrollment Moratoria Efforts in Six States (July 29, 2016), https://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2016-Press-releases-items/2016-07-29-2.html. [109] U.S. Dep’t of Health & Human Servs., Health Information Privacy, Enforcement Highlights, Numbers at a Glance (Oct. 31, 2016), https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/data/enforcement-highlights/index.html. [110] Data gathered through HHS press releases and other publicly available information. See generally U.S. Dep’t of Health & Human Servs., Health Information Privacy, Resolution Agreements, http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/index.html (last visited Feb. 6, 2017). [111] See generally id. [112] U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., OCR Should Strengthen Its Oversight of Covered Entities’ Compliance with the HIPAA Privacy Standards, at app. C (Sept. 2015), http://oig.hhs.gov/oei/reports/oei-09-10-00510.pdf. [113] U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., HIPAA Privacy, Security, and Breach Notification Audit Program, https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/ (last visited Feb. 6, 2017). [114] A covered entity is a health plan, a health care clearinghouse, or a health care provider who conducts certain billing- and payment-related transactions electronically. A business associate is an entity or person, other than a member of the workforce of a covered entity, that performs functions or activities on behalf of, or provides certain services to, a covered entity that involve creating, receiving, maintaining, or transmitting PHI. A business associate also is any subcontractor that creates, receives, maintains, or transmits PHI on behalf of another business associate. See U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., Guidance on HIPAA & Cloud Computing (Oct. 6, 2016), https://www.hhs.gov/hipaa/for-professionals/special-topics/cloud-computing/index.html?language=es. [115] U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., OCR Launches Phase 2 of HIPAA Audit Program (Mar. 21, 2016), https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/phase2announcement/. [116] U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., Guidance on HIPAA & Cloud Computing (Oct. 6, 2016), https://www.hhs.gov/hipaa/for-professionals/special-topics/cloud-computing/index.html?language=es. [117] Id. [118] Id. [119] Id. [120] Id. [121] Id. [122] Id. [123] See, e.g., Press Release, U.S. Dep’t of Health & Human Servs., Widespread HIPAA Vulnerabilities Result in $2.7 Million Settlement with Oregon Health & Science University (July 18, 2016), https://www.hhs.gov/about/news/2016/07/18/widespread-hipaa-vulnerabilities-result-in-settlement-with-oregon-health-science-university.html. [124] See generally U.S. Dep’t of Health & Human Servs., Health Information Privacy, Resolution Agreements, http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/index.html (last visited Jan. 30, 2017). [125] Jocelyn Samuels, Health Information Privacy in the Digital Age: Where to Focus Enforcement Efforts, U.S. Dep’t of Health & Human Servs. (Oct. 13, 2016), https://www.hhs.gov/blog/2016/10/13/health-information-privacy-digital-age-where-focus-enforcement-efforts.html. [126] Press Release, U.S. Dep’t of Health & Human Servs., Advocate Health Care Settles Potential HIPAA Penalties for $5.55 Million (Aug. 4, 2016), https://www.hhs.gov/about/news/2016/08/04/advocate-health-care-settles-potential-hipaa-penalties-555-million.html. [127] See id. [128] Id. [129] Id. [130] Press Release, U.S. Dep’t of Health & Human Servs., Widespread HIPAA vulnerabilities result in $2.7 million settlement with Oregon Health & Science University (July 18, 2016), http://www.hhs.gov/about/news/2016/07/18/widespread-hipaa-vulnerabilities-result-in-settlement-with-oregon-health-science-university.html. [131] Id. [132] Id. [133] Press Release, U.S. Dep’t of Health & Human Servs., HIPAA Settlement Illustrates the Importance of Reviewing and Updating, As Necessary, Business Associate Agreements (Sept. 23, 2016), https://www.hhs.gov/about/news/2016/09/23/hipaa-settlement-illustrates-importance-of-reviewing-updating-business-associate-agreements.html. [134] Id. [135] Id. [136] Press Release, U.S. Dep’t of Health & Human Servs., HIPAA settlement illustrates the importance of reviewing and updating, as necessary, business associate agreements (Sept. 23, 2016), https://www.hhs.gov/about/news/2016/09/23/hipaa-settlement-illustrates-importance-of-reviewing-updating-business-associate-agreements.html. [137] Press Release, U.S. Dep’t of Health & Human Servs., Multiple Alleged HIPAA Violations Result in $2.75 Million Settlement with the University of Mississippi Medical Center (UMMC) (July 21, 2016), http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/UMMC/. [138] Id. [139] Id. [140] Id. [141] Press Release, U.S. Dep’t of Health & Human Servs., $2.14 Million HIPAA Settlement Underscores Importance of Managing Security Risk (Oct. 18, 2016), https://www.hhs.gov/about/news/2016/10/18/214-million-hipaa-settlement-underscores-importance-managing-security-risk.html. [142] Id. [143] Id. [144] Press Release, U.S. Dep’t of Health & Human Servs., UMass Settles Potential HIPAA Violations Following Malware Infection (Nov. 22, 2016), https://www.hhs.gov/about/news/2016/11/22/umass-settles-potential-hipaa-violations-following-malware-infection.html. [145] Id. [146] Id. [147] 2016 WL 6407128, *4 (5th Cir., Oct. 28, 2016); cf. U.S. v. McClatchey, 217 F.3d 823, 834 (10th Cir. 2000). [148]Id. [149] Id. [150]Id. [151] 81 Fed. Reg. 88,368 (Dec. 7, 2016). [152] Id. [153] See 81 Fed. Reg. 88,370 (Dec. 7, 2016). [154] See 81 Fed. Reg. 88,368 (Dec. 7, 2016). [155] See 81 Fed. Reg. 88,381 (Dec. 7, 2016). [156] See 81 Fed. Reg. 88,385 – 87 (Dec. 7, 2016). [157] See 81 Fed. Reg. 88,375 (Dec. 7, 2016). [158] See 81 Fed. Reg. 88,375-77 (Dec. 7, 2016). [159] Id. [160] See 81 Fed. Reg. 88,377 (Dec. 7, 2016). [161] See 81 Fed. Reg. 88,378 (Dec. 7, 2016). [162] See 81 Fed. Reg. 88,371 (Dec. 7, 2016) (emphasis in original). [163] Id. [164] 42 U.S.C. § 1320a-7a(a)(5). [165] 81 Fed. Reg. 88,398 (Dec. 7, 2016). [166] Tenet Healthcare Corp., Current Report (Form 8-K), at 3 (Sept. 30, 2016). [167] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Nation’s Largest Nursing Home Pharmacy to Pay Over $28 Million to Settle Kickback Allegations (Oct. 17, 2016), https://www.justice.gov/opa/pr/nation-s-largest-nursing-home-pharmacy-pay-over-28-million-settle-kickback-allegations. [168] See Complaint of the United States, United States ex rel. McCoyd v. Abbott Labs., et al., No. 1:07-cv-00081 (W.D. Va. Feb. 4, 2011); United States ex rel. Spetter v. Abbott Labs., et al., No. 1:10-cv-00006, at 1–2 (W.D. Va. Dec. 22, 2014). [169] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Nation’s Largest Nursing Home Pharmacy to Pay Over $28 Million to Settle Kickback Allegations (Oct. 17, 2016), https://www.justice.gov/opa/pr/nation-s-largest-nursing-home-pharmacy-pay-over-28-million-settle-kickback-allegations. [170] Press Release, U.S. Atty’s Office for the Middle Dist. of Fl., U.S. Dep’t of Justice, United States Settles False Claims Act Allegations Against Compound Pharmacy Owners For $7.75 Million (Sept. 14, 2016), https://www.justice.gov/usao-mdfl/pr/united-states-settles-false-claims-act-allegations-against-compound-pharmacy-owners-775; Press Release, U.S. Atty’s Office for the Middle Dist. of Fl., U.S. Dep’t of Justice, United States Settles False Claims Act Allegations Against Compound Pharmacy Owner For $4.25 Million (Oct. 21, 2016), https://www.justice.gov/usao-mdfl/pr/united-states-settles-false-claims-act-allegations-against-compound-pharmacy-owner-425. [171] Press Release, U.S. Atty’s Office for the Middle Dist. of Fl., U.S. Attorney’s Office Collects More Than $136 Million For U.S. Taxpayers In Fiscal Year 2015 (Dec. 4, 2015), https://www.justice.gov/usao-mdfl/pr/us-attorney-s-office-collects-more-136-million-us-taxpayers-fiscal-year-2015. [172] See Stark Administrative Simplification Act of 2015, H.R. 776, 114th Cong. (2015), available at https://www.congress.gov/bill/114th-congress/house-bill/776/all-info; Medicaid Physician Self-Referral Act of 2015, H.R. 1083, 114th Cong. (2015), available at https://www.congress.gov/bill/114th-congress/house-bill/1083/all-actions?q=%7B%22search%22%3A%5B%22%5C%22hr1083%5C%22%22%5D%7D&resultIndex=1; Promoting Integrity in Medicare Act of 2016, H.R. 5088, 114th Cong. (2016), available at https://www.congress.gov/bill/114th-congress/house-bill/5088/text?q=%7B%22search%22%3A%5B%22%5C%22stark+law%5C%22%22%5D%7D&resultIndex=2. [173] S. Comm. on Finance, Majority Staff Report, Why Stark, Why Now? Suggestions to Improve the Stark Law to Encourage Innovative Payment Models (June 13, 2016), http://www.finance.senate.gov/imo/media/doc/Stark%20White%20Paper,%20SFC%20Majority%20Staff.pdf. [174] Id. at 2. [175] Hearing, S. Comm. on Finance, Examining the Stark Law: Current Issues and Opportunities (July 12, 2016), http://www.finance.senate.gov/hearings/examining-the-stark-law-current-issues-and-opportunities. [176] Hearing, S. Comm. on Finance, Examining the Stark Law: Current Issues and Opportunities (July 12, 2016), http://www.finance.senate.gov/imo/media/doc/7.12.16%20Hatch%20Statement%20at%20Stark%20Law%20Hearing.pdf (statement of Sen. Orrin Hatch, Chairman, S. Comm. on Finance). [177] Hearing, S. Comm. on Finance, Examining the Stark Law: Current Issues and Opportunities (July 12, 2016), http://www.finance.senate.gov/imo/media/doc/071216%20Wyden%20Statement%20SFC%20Hearing%20on%20Stark%20Law.pdf (statement of Sen. Ron Wyden, Member, S. Comm. on Finance). [178] Medicare Program; Revisions to Payment Policies under the Physician Fee Schedule and Other Revisions to Part B for CY 2017; Medicare Advantage Pricing Data Release; Medicare Advantage and Part D Medical Low Ratio Data Release; Medicare Advantage Provider, 81 Fed. Reg. 80170, 80524–32 (Nov. 15, 2016). [179] Council for Urological Interests v. Burwell, 790 F.3d 212, 221-22 (D.C. Cir. 2015). [180] Medicare Program; Revisions to Payment Policies under the Physician Fee Schedule and Other Revisions to Part B for CY 2017; Medicare Advantage Pricing Data Release; Medicare Advantage and Part D Medical Low Ratio Data Release; Medicare Advantage Provider, 81 Fed. Reg. 80,170, 80,525 (Nov. 15, 2016). [181] Id. at 80,534–35. [182] Id. at 80,534. [183] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, South Carolina Hospital to Pay $17 Million to Resolve False Claims Act and Stark Law Allegations (July 28, 2016), https://www.justice.gov/opa/pr/south-carolina-hospital-pay-17-million-resolve-false-claims-act-and-stark-law-allegations. [184] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Former Chief Executive of South Carolina Hospital Pays $1 Million and Agrees to Exclusion to Settle Claims Related to Illegal Payments to Referring Physicians (Sept. 27, 2016), https://www.justice.gov/opa/pr/former-chief-executive-south-carolina-hospital-pays-1-million-and-agrees-exclusion-settle. [185] Medicare Program; Merit-Based Incentive Payment System (MIPS) and Alternative Payment Model (APM) Incentive Under the Physician Fee Schedule, and Criteria for Physician-Focused Payment Models, 81 Fed. Reg. 77008–10 ((Nov. 4, 2016) (codified at 42 CFR §§ 414, 495). [186] Id. at 77009–77010. [187] Id. at 77012–77013. [188] Id. at 77013. [189] Id. at 77011. [190] Id. [191] Id. [192] Id. at 77012. [193] Id. [194] Id. [195] Id. at 77013. [196] Id. at 77426. [197] Id. at 77408. [198] See Medicare Program; Advancing Care Coordination Through Episode Payment Models (EPMs; Cardiac Rehabilitation Incentive Payment Model; and Changes to the Comprehensive Care for Joint Replacement Model (CJR), 81 Fed. Reg. 50,794 (Aug. 2, 2016) (to be codified at 42 C.F.R. §§ 510, 512). [199] Id. [200] Id. at 50,855. [201] Id. at 50,801. [202] Statewide regions announced are: Arkansas, Colorado, Hawaii, Michigan, Montana, New Jersey, Ohio, Oklahoma, Oregon, Rhode Island, and Tennessee. Additional regions are: the Greater Kansas City Region of Kansas and Missouri; the North Hudson-Capital Region of New York; Northern Kentucky; and the Greater Philadelphia Region in Pennsylvania. [203] See Press Release, Ctrs. for Medicare & Medicaid Servs., CMS Announces Next Phase in Largest-Ever Initiative to Improve Primary Care in America (Aug. 1, 2016), https://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2016-Press-releases-items/2016-08-01.html. [204] 340B Drug Pricing Program Ceiling Price and Manufacturer Civil Monetary Penalties, 82 Fed. Reg. 1210 (Jan. 5, 2017) (codified at 42 C.F.R. Part 10). [205] Id. at 1215. [206] Id. at 1223. [207] Id. at 1218. [208] Office for Mgmt. & Budget, OIRA Conclusion of EO 12866 Regulatory Review,   https://www.reginfo.gov/public/do/eoDetails?rrid=126712 (last visited Feb. 7, 2017). The following Gibson Dunn lawyers assisted in the preparation of this client update:  Steve Payne, John Partridge, Jonathan Phillips, Laura Cole, Reid Rector, Julie Rapoport Schenker, Naomi Takagi, Yamini Grema, Allison Chapin, Carolyn Small, Coreen Mao, Eva Michaels, Michael Dziuban and Jacob Rierson.  Gibson Dunn lawyers are available to assist in addressing any questions you may have regarding these developments.  Please contact the Gibson Dunn lawyer with whom you usually work or any of the following:  Washington, D.C.Stephen C. Payne, Co-Chair, FDA and Health Care Practice Group (202-887-3693, spayne@gibsondunn.com)F. Joseph Warin (202-887-3609, fwarin@gibsondunn.com)Marian J. Lee (202-887-3732, mjlee@gibsondunn.com)Daniel P. Chung (202-887-3729, dchung@gibsondunn.com)Jonathan M. Phillips (202-887-3546, jphillips@gibsondunn.com) Los AngelesDebra Wong Yang (213-229-7472, dwongyang@gibsondunn.com) San FranciscoCharles J. Stevens (415-393-8391, cstevens@gibsondunn.com)Winston Y. Chan (415-393-8362, wchan@gibsondunn.com) Orange CountyNicola T. Hanna (949-451-4270, nhanna@gibsondunn.com) New YorkAlexander H. Southwell (212-351-3981, asouthwell@gibsondunn.com) DenverRobert C. Blume (303-298-5758, rblume@gibsondunn.com)John D.W. Partridge (303-298-5931, jpartridge@gibsondunn.com)        © 2017 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

January 26, 2017 |
Federal Circuit Update (January 2017)

This January 2017 edition of Gibson Dunn’s Federal Circuit Update discusses current news and pending Federal Circuit cases before the Supreme Court and provides an overview of the oral argument process and panel assignment at the Federal Circuit.  Also included are summaries of the two pending en banc cases involving motions to amend claims during inter partes review and judicial review of timeliness determinations in inter partes review as well as a series of key recent decisions relating to the requirements for standing when appealing a decision of the Patent Trial & Appeal Board ("PTAB"), divided infringement, and indefiniteness of claims using terms of degree.  Federal Circuit News Former Chief Judge Rader is reportedly in consideration for leadership of the U.S. Patent and Trademark Office, should current director Michelle Lee be replaced (covered by law.com).  The Supreme Court has granted certiorari on seven cases from the Federal Circuit.  Below is a table summarizing the status of those cases.    Case Status Issue Amgen Inc. v. Sandoz Inc., No. 15-1195 Cert. granted Requirements under the BPCIA to provide sponsor a copy of the biologics license application and the sponsor’s recourse for failure to provide that information Impression Prods., Inc. v. Lexmark Int’l, Inc., No. 15-1189 Cert. granted Patent exhaustion due to conditional sales and authorized sales outside the United States Lee v. Tam, No. 15-1293 Argued Constitutionality of disparaging marks provision of the Lanham Act Life Techs. Corp. v. Promega Corp., No. 14-1538 Argued Infringement liability for worldwide sales under 35 U.S.C. § 271(f)(1) for supplying a single commodity component of a multi-component invention from the United States Sandoz Inc. v. Amgen Inc., No. 15-1039 Cert. granted Commercial marketing notice under the BPCIA SCA Hygiene Prods. Aktiebolag v. First Quality Baby Prods., LLC, No. 15-927 Argued Availability of laches in patent infringement actions TC Heartland LLC v. Kraft Foods Group Brands LLC, No. 16-341 Cert. granted Patent venue   Upcoming En Banc Federal Circuit Cases In re Aqua Prods., Inc., No. 15-1177 (Fed. Cir.):  Allocations of the burdens of persuasion and production when a patent owner moves to amend in an inter partes review proceeding. The PTAB instituted an inter partes review proceeding against Aqua’s patent, which relates to automated swimming pool cleaners.  Aqua moved to amend the challenged claims to distinguish the cited prior art.  The PTAB, however, denied Aqua’s motion, determining that Aqua failed to carry its burden of showing patentability of the proposed substitute claims over the prior art of record.  On appeal, the PTO intervened to defend the PTAB’s decision.  The Federal Circuit affirmed, holding that the PTAB properly considered all of the arguments that Aqua had raised and that precedent upheld the PTAB’s approach of allocating to the patentee the burden of showing that the proposed amendments would overcome the prior art of record (decision available here).  Eight amicus briefs have been filed: three in favor of neither party (American Intellectual Property Law Association, Intellectual Property Owners Association, and Houston Intellectual Property Law Association), three in favor of Aqua Products (Case Western Reserve University School of Law Intellectual Property Venture Clinic and Ohio Venture Association, Pharmaceutical Research and Manufacturers of America, and Biotechnology Innovation Organization), and two in favor of the PTO (Askeladden, L.L.C. and Internet Association et al.).  Oral argument was heard on December 9, 2016. Questions Presented: When the patent owner moves to amend its claims under 35 U.S.C. § 316(d), may the PTO require the patent owner to bear the burden of persuasion, or a burden of production, regarding patentability of the amended claims as a condition of allowing them?  Which burdens are permitted under 35 U.S.C. § 316(e)? When the petitioner does not challenge the patentability of a proposed amended claim, or the PTAB thinks the challenge is inadequate, may the PTAB sua sponte raise patentability challenges to such a claim?  If so, where would the burden of persuasion, or a burden of production, lie? Wi-Fi One, LLC v. Broadcom Corp., No. 15-1944 (Fed. Cir.):  The Federal Circuit’s jurisdiction to review the PTAB’s determination that a petitioner is not time-barred under 35 U.S.C. § 315(b).  The PTAB instituted an inter partes review proceeding against Wi-Fi One’s patent, which is directed to a method for improving the efficiency by which messages are sent in a telecommunications system.  Wi-Fi One argued that Broadcom was time-barred under § 315(b) from seeking review because Broadcom was in privity with time-barred district court litigants.  The PTAB disagreed, finding that Wi-Fi One did not establish that Broadcom had sufficient control over district court litigation to support a privity finding.  On appeal, the Federal Circuit held that it does not have jurisdiction to review the PTAB’s determination that Broadcom was not time-barred, holding that the Supreme Court’s decision in Cuozzo Speed Technologies, LLC v. Lee, 136 S. Ct. 2131 (2016), did not implicitly overrule prior Federal Circuit precedent on the issue (decision available here).  No amicus briefs have been filed to date.  Amicus briefs in support of neither party or in support of Wi-Fi One must be filed by February 23, 2017, and amicus briefs in support of Broadcom must be filed by March 27, 2017.  Oral argument has not yet been scheduled.  Question Presented: Should this court overrule Achates Reference Publishing, Inc. v. Apple Inc., 803 F.3d 652 (Fed. Cir. 2015) and hold that judicial review is available for a patent owner to challenge the PTO’s determination that the petitioner satisfied the timeliness requirement of 35 U.S.C. § 315(b) governing the filing of petitions for inter partes review? Federal Circuit Practice Update Oral arguments in the Federal Circuit are held in every case where the parties are represented by counsel, subject to the exceptions provided in Federal Rule of Appellate Procedure 34.  Generally, when all briefs and the joint appendix have been filed, the clerk will enter an order instructing the parties to advise the court of any scheduling conflicts in the next three court sessions (or thereafter).  See Practice Note to Rule 34.  A computer program then assigns the case to a panel on one of the available dates.  See IOP #3.  The Federal Circuit’s practice notes state that cases are usually calendared for oral argument within two months after the briefs and joint appendix are filed, see Practice Note to Rule 34, but it is not uncommon to receive a later calendar date, particularly if there are scheduling conflicts.  The parties are informed of the date for oral argument approximately 30 days in advance of the argument, but do not learn who the panel members are until the morning of the argument.  At the argument, each side receives 15 minutes, some of which the appellant may reserve for rebuttal.  The presiding judge may allocate more time to either side (or both sides) depending on the nature of the case and the flow of the argument.  Oral arguments are open to the public and are recorded (audio only), and the audio files are generally available on the Federal Circuit’s website very shortly after the court session is concluded for the day (audio files available here). Key Case Summaries (Dec. 2016 – Jan. 2017) Phigenix, Inc. v. ImmunoGen, Inc., No. 16-1544 (Fed. Cir. Jan. 9, 2017): Competing licensing entity lacked standing to appeal inter partes review decision. Phigenix, Inc. is the assignee and owner of U.S. Patent No. 8,080,534, which relates generally to compositions used to treat certain cancers.  ImmunoGen, Inc. is the assignee and owner of U.S. Patent No. 8,337,856, which also relates generally to compositions used to treat certain cancers.  ImmunoGen licensed its technology to Genentech Inc., which used the technology to produce and sell a drug.  Phigenix also attempted to license its patent to Genentech, but Genentech refused.  Phigenix thereafter sued Genentech for patent infringement and initiated an inter partes review proceeding against ImmunoGen and the ‘856 patent.  The PTAB ultimately held that the ‘856 patent was not invalid over Phigenix’s identified references.  Phigenix appealed that decision to the Federal Circuit. The Federal Circuit (Wallach, J.) dismissed the appeal for lack of injury-in-fact to support standing.  The Federal Circuit held that even if Article III standing is not always required to appear before an administrative agency, it is required to appeal a decision by that agency to an Article III court, such as the Federal Circuit.  Because standing will not always come up before the administrative agency, appellants may supplement the record on appeal by, for example, filing declarations and affidavits demonstrating standing.  While Phigenix did submit declarations purporting to identify injury-in-fact (for example, by alleging that the existence and licensing of the ‘856 patent necessarily decreased the available money left to be licensed to the ‘534 patent), the court was unconvinced.  Phigenix’s evidence was too hypothetical–it failed to submit any evidence that it ever licensed the ‘534 patent at all, much less to an entity that had previously obtained a license to the ‘856 patent.  The court also rejected Phigenix’s argument that the statutory right to appeal and inter partes review conferred standing.  While denial of a statutory right can confer standing, Phigenix had been deprived of no such right here because it exercised its right to appeal. Eli Lilly & Co. v. Teva Parenteral Medicines, Inc., No. 15-2067 (Fed. Cir. Jan. 12, 2017): Doctor’s instructions can satisfy the direction or control test for divided direct infringement. Eli Lilly & Co. owns U.S. Patent No. 7,772,209, which relates to methods for administering a chemotherapy drug by pre-treating patients with certain vitamins to reduce toxicity of the chemotherapy drug.  Teva Parenteral Medicines, Inc. and others notified Eli Lilly that they had filed abbreviated new drug applications seeking approval to market generic versions of a drug allegedly practicing the ‘209 patent.  Eli Lilly sued; the district court held that the patent claims infringed and were not invalid.  Defendants appealed. On appeal, the Federal Circuit (Prost, J.) addressed whether there was direct infringement of the method steps.  The parties agreed that no single actor performed all steps of the asserted claims.  Rather, the doctors performed some steps, and the patients performed other steps.  The court held that the acts of the patients were "directed and controlled" by the doctors, and thus attributable to the doctors.  The doctors conditioned a benefit (receiving the chemotherapy drug) on performance of certain of the claimed method steps (taking the pre-treatment vitamins).  And the doctors established the manner or timing of that performance by, for example, setting patients’ dosage levels that fell within the range of the patented claims. Sonix Tech. Co. v. Publications Int’l, Ltd., No. 16-1449 (Fed. Cir. Jan. 5, 2017): Indefiniteness of patent claims with terms of degree. Sonix Technology Co. owns U.S. Patent No. 7,328,845, which is directed to a system and method for using a "graphical indicator" (e.g., a matrix of small dots) to encode information on the surface of an object.  The patent purports to improve on conventional techniques (e.g., a bar code) by rendering the graphical indicator "visually negligible."  The defendants moved for summary judgment that the term "visually negligible" was indefinite because it was purely subjective and neither the claim language nor the specification provided adequate guidance on the scope of the claims.  The district court granted the motion, which Sonix appealed. On appeal, the Federal Circuit (Lourie, J.) reversed the district court’s finding of indefiniteness.  The Federal Circuit first reiterated that it "review[s] a district court’s determination that a claim is invalid as indefinite under 35 U.S.C. § 112 ¶ 2 de novo, although . . . any factual findings by the district court based on extrinsic evidence are reviewed for clear error."  Here, however, even though the court received expert opinions on indefiniteness, "the district court’s conclusions of subjectivity and lack of an objective standard are not findings subject to clear error review."  The district court even explained that extrinsic evidence was not necessary for its consideration of the issue.  The Federal Circuit’s review was thus de novo in its entirety.  On the merits, the court reversed, finding that the term "visually negligible" was not purely subjective, such as the term "aesthetically pleasing" (see Datamize, LLC v. Plumtree Software, Inc., 417 F.3d 1342 (Fed. Cir. 2005)) or the phrase "in an unobtrusive manner that does not distract a user" (see Interval Licensing LLC v. AOL, Inc., 766 F.3d 1364 (Fed. Cir. 2014)) from its prior decisions.  Whether something is "visually negligible," according to the court, involves what can be seen by the normal human eye, which provides an objective baseline through which to interpret the claim.  The court then turned to the specification, which "is key to determining whether a term of degree is indefinite."  Here, the specification provided guidance on how to create visually negligible indicators, and specific examples that provide points of comparison for the result.  The court further found that the prosecution history made reversal compelling because no one involved in either the first or second reexamination had any apparent difficulty in determining the scope of "visually negligible."  Finally, the court noted that the defendants apparently understood the meaning of "visually negligible" from the beginning of the litigation because neither their initial nor final invalidity contentions argued that the term was indefinite.  Upcoming Oral Argument Calendar For a list of upcoming arguments at the Federal Circuit, please click here.  Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Federal Circuit.  Please contact the Gibson Dunn lawyer with whom you usually work or the authors of this alert: Blaine H. Evanson – Los Angeles (213-229-7228, bevanson@gibsondunn.com)Blair A. Silver – Washington, D.C. (202-955-8690, bsilver@gibsondunn.com) Please also feel free to contact any of the following practice group co-chairs or any member of the firm’s Appellate and Constitutional Law or Intellectual Property practice groups:  Appellate and Constitutional Law Group:Mark A. Perry – Washington, D.C. (202-887-3667, mperry@gibsondunn.com)James C. Ho – Dallas (214-698-3264, jho@gibsondunn.com) Caitlin J. Halligan – New York (212-351-4000, challigan@gibsondunn.com) Intellectual Property Group:Josh Krevitt – New York (212-351-4000, jkrevitt@gibsondunn.com)Wayne Barsky - Los Angeles (310-552-8500, wbarsky@gibsondunn.com)Mark Reiter – Dallas (214-698-3100, mreiter@gibsondunn.com) © 2017 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

January 12, 2017 |
2016 Year-End FDA and Health Care Compliance and Enforcement Update – Drugs and Devices

This January more than most, it is tempting to focus on questions regarding what is to come. Aside from the uncertainties associated with a new administration, two key pieces of legislation seem to be heading in opposite directions. In the coming year, the 21st Century Cures Act will take effect, ushering in new rules to streamline drug approvals and move more products to the market faster. In the meantime, key provisions of the Affordable Care Act–if not the entire law–may be scrapped and, perhaps, replaced. But there are many lessons to learn from the past year’s enforcement and regulation impacting pharmaceutical and medical device manufacturers. There is little question, for example, that the U.S. Department of Justice ("DOJ"), the U.S. Department of Health and Human Services, Office of Inspector General ("HHS OIG"), and private whistleblowers will continue to pursue a significant number of enforcement actions against drug and device makers. On the margins, there may well be change in the administration’s enforcement priorities–however, because these investigations usually take years to complete, there likely will be "residual" settlements from ongoing investigations spearheaded by President Obama’s administration that will carry over into the next administration. And in any event, whistleblowers under the False Claims Act ("FCA") and, in the foreign corruption context, the Dodd-Frank Act, will likely fill any vacuum created by reduced government-led enforcement efforts. Indeed, relators and their counsel are becoming increasingly sophisticated and increasingly comfortable pursuing cases on their own, as evidenced by the substantial Atrium settlement in a non-intervened FCA case described in detail below. On the regulatory front, the main take-away from this year is that regulatory change–including deregulation–comes slowly. Although there were some developments (primarily in the form of guidance), FDA largely continued the controversial practice of effectively regulating through enforcement actions (mainly Untitled and Warning Letters). While many agencies entered 2016 with grand plans to issue final guidance and implement regulatory changes, they ultimately took little formal action.   Below, we discuss the past six months’ most notable regulatory and enforcement developments affecting drug and device manufacturers. As in past updates, we begin with an overview of government enforcement efforts against drug and device companies under the FCA, the Federal Food, Drug, and Cosmetic Act ("FDCA"), and other laws. We then address evolving regulatory guidance and action on topics of note to drug and device companies: promotional activities, manufacturing practices, and the Anti-Kickback Statute ("AKS"). We also detail certain developments of particular note to device manufacturers, before concluding with a summary of the 21st Century Cures Act provisions that will impact product development in a variety of areas. I.     DOJ Enforcement in the Pharmaceutical and Medical Device Industries As Principal Deputy Assistant Attorney General Benjamin Mizer recently stated, the DOJ remains "fervently committed" to enforcement in the pharmaceutical and device industries and will "vigorously pursue fraud" on federal health programs.[1] In 2016, the DOJ’s commitment to this enforcement agenda led to plenty of notable headlines that served as important reminders for the industry that the DOJ’s investigative and enforcement activity is very unlikely to subside any time soon, even with the upcoming change in administration. DOJ enforcement actions in the drug and device industries resulted in more than $1.4 billion in government recoveries during the 2016 calendar year. Three massive settlements of $200 million or more, including one for more than $700 million, buttressed the government’s haul. In pursuit of these recoveries, the DOJ employed its standard statutory arsenal (the FCA, the FDCA, and the Foreign Corrupt Practices Act ("FCPA")) to pursue drug and device defendants in both civil and criminal enforcement actions. This year, as usual, FCA and FCPA allegations drove the large-value civil settlements, but there were several notable developments related to FDCA criminal enforcement as well. A.     False Claims Act The federal government recovered more than $4.7 billion in civil settlements and judgments under the FCA during the 2016 fiscal year, the third-highest amount on record.[2] There were also more than 800 new FCA cases filed in 2016, the second-highest number of FCA cases in any single year on record.[3] As in past years, drug and device companies contributed a large share of these historic totals: more than $1.4 billion of recoveries announced in 2016 came from these entities. As shown below, the DOJ’s theories fell into the three well-traveled categories of recent years: illegal kickbacks under the AKS, off-label promotion, and various types of alleged fraudulent billing in violation of federal health program rules.   1.      Settlements in FCA Matters Relating to Federal Health Program Rules In 2016, FCA matters predicated on purported violations of Medicare or Medicaid requirements comprised the largest portion of the government’s recoveries from drug and device makers, accounting for nearly $800 million of the $1.4 billion. That sum resulted almost exclusively from the biggest FCA settlement of the year: drug manufacturers Wyeth and Pfizer Inc. agreed to pay $784.6 million to resolve federal and state claims alleging that Wyeth reported false prices for two acid reflux drugs.[4] As reported in our Mid-Year Update, Wyeth allegedly reported inaccurate prices to the government from 2001 to 2006, in violation of Medicaid regulations that require drug companies both to report the "Best Price" given to commercial customers and to pay rebates to state Medicaid programs calculated based in part on that Best Price. The Wyeth and Pfizer settlement is one of the ten largest FCA settlements of all time, in any industry. Although dwarfed by the Wyeth and Pfizer settlement, the second half of 2016 also saw a notable settlement for allegedly improper billing by two durable medical equipment companies that supply products for diabetic patients, US Healthcare Supply and Oxford Diabetic Supply. On September 7, 2016, the companies, along with their owners and presidents (in their individual capacities), agreed to pay more than $12.2 million to resolve allegations that they used a fictitious entity to make unsolicited calls to Medicare beneficiaries to sell them medical equipment. The companies’ scheme allegedly violated the Medicare Anti-Solicitation Statute, which prohibits submitting claims to Medicare for equipment sold based on unsolicited cold-calls.[5] 2.     Settlements in AKS-Related FCA Matters In 2016, purported violations of the AKS remained the DOJ’s most frequently pursued category of misconduct. FCA claims based on alleged AKS violations accounted for the largest number of settled matters, netting the government nearly $500 million. The largest AKS settlement of the year was the DOJ’s settlement with Olympus Corporation, which resulted in Olympus paying $646 million–$623.2 million to resolve AKS claims under the FCA and $22.8 million to resolve FCPA allegations. As reported in our Mid-Year Update, DOJ alleged that Olympus, the largest distributor of endoscopes in the United States, paid kickbacks to doctors and hospitals in the United States and Latin America. Not only was the Olympus settlement one of the ten largest FCA settlements of all time, it was also the largest AKS-based FCA settlement and the largest settlement by a medical device company in U.S. history. Several other AKS settlements from the latter half of 2016 merit attention. These AKS settlements spanned a variety of financial relationships, illustrating the expansive theories pursued by both the DOJ and private whistleblowers:  In late June 2016, Minneapolis-based Cardiovascular Systems, Inc. agreed to pay $8 million to resolve allegations that it provided illegal kickbacks to physicians through marketing and other practice development services to promote the use of its devices in atherectomies, a procedure that clears artery blockages.[6] Based on the allegations of a qui tam relator, the government contended that Cardiovascular Systems, Inc., inter alia, coordinated meetings between utilizing and referring physicians and created and implemented business expansion plans for physicians that used the company’s devices. The company also entered into a five-year Corporate Integrity Agreement that includes reviews by an independent organization.[7] In July 2016, Atrium Medical Corp. agreed to pay $11.5 million to settle allegations that it paid kickbacks to physicians through "give away" programs providing (among other benefits) free devices, preceptorships, speaker fees, referral dinners, and financial grants in exchange for promoting unapproved uses of the company’s medical stents in arteries.[8] The whistleblower, a former sales representative and territory business manager for the company, continued with the suit after the DOJ declined to intervene in 2014. In December 2016, Forest Laboratories and its subsidiary, Forest Pharmaceuticals, agreed to pay $38 million to resolve allegations that the companies paid kickbacks to induce physicians to prescribe their drugs between January 2008 and December 2011.[9] The DOJ alleged that Forest Laboratories and Forest Pharmaceuticals provided meals and payments to various physicians in connection with the companies’ drug-related speaker programs even when the programs were cancelled, when no licensed health care professionals attended the programs, or when the same physicians attended multiple programs over a short period of time.[10] 3.     Resolution of Off-Label Promotion Investigations As we have reported in recent years, several obstacles have arisen to the government’s off-label promotion theories as courts and juries have demonstrated their skepticism, especially in light of recognized First Amendment protections. Therefore, it is notable that in the second half of 2016, the government announced several recoveries in off-label cases, totaling nearly $150 million. On October 5, 2016, Novartis Pharmaceuticals Corp. agreed to pay $35 million to resolve allegations that it promoted its eczema cream Elidel for use on children, despite the fact that it was only FDA-approved for use in older patients.[11] And on November 7, 2016, medical device maker Biocompatibles Inc., a subsidiary of BTG plc, agreed to pay $25 million to resolve allegations that it violated the FCA by causing false claims to be submitted to government health care programs.[12] The company allegedly promoted its embolization device–designed to be inserted into blood vessels to block the flow of blood to tumors–for off-label use as a "drug-delivery" device, which was not an FDA-approved use and purportedly was not supported by substantial clinical evidence. The company also agreed to pay an additional $11 million in criminal fines and forfeitures. 4.     The Supreme Court’s Escobar Decision This past year was notable not only because of blockbuster settlements, but also because of critical developments in FCA jurisprudence. As we reported in our 2016 Mid-Year Update, the Supreme Court’s landmark Escobar decision in June reshaped the legal landscape in FCA cases. The Court affirmed the viability of the "implied false certification" theory of liability under certain circumstances (and recast it in common-law terms) and sharpened the FCA’s "demanding" materiality standard. For complete coverage of post-Escobar developments, please refer to our 2016 Year-End FCA Update. Many theories of liability that the government and relators have pursued against drug and device companies have hinged on implied false certification theories. Thus, Escobar is particularly important to drug and device companies because it opened the door to arguments that may provide additional support for cabining nebulous implied false certification theories. Since the Supreme Court decided Escobar in June 2016, FCA defendants have started to press some of those arguments. Two hotly litigated issues regarding Escobar‘s meaning have come to the forefront: (1) the requirements a plaintiff must meet to advance a viable "implied false certification" theory and (2) the proper application of Escobar‘s clarification of the FCA’s materiality standard.                         a.     Defining the Boundaries of an "Implied False Certification" Claim The Supreme Court stated in Escobar that an "the implied certification theory can be a basis for [FCA] liability, at least where two conditions" are met: (1) "the claim does not merely request payment, but also makes specific representations about the goods or services provided," and (2) "the defendant’s failure to disclose noncompliance with material statutory, regulatory, or contractual requirements makes those representations misleading half-truths."[13] In reaching that conclusion, the Court explained that the phrase "false or fraudulent" under the FCA should be interpreted in accordance with the meaning of those terms at common law.[14]  Since Escobar, the lower courts have reached different conclusions as to the precise requirements for showing liability based on an implied certification. A number of courts have taken Escobar at face value, requiring the FCA plaintiff to show both of Escobar‘s conditions, including that the defendant made "specific" misleading representations about the goods or services provided, to be liable based on an implied certification theory.[15] One of these courts observed that imposing liability in the absence of a sufficiently "specific" misrepresentation about the goods or services provided "would result in an ‘extraordinarily expansive view of liability’ under the FCA, a view that the Supreme Court rejected in Escobar."[16]  But some courts have asserted that they are not bound by Escobar‘s "specific representation" requirement. For example, in Rose v. Stephens Institute, the Northern District of California rejected the argument "that Escobar establishes a rigid" test for falsity "that applies to every single implied false certification claim."[17] Reasoning that the Supreme Court left the door open by limiting its holding to "at least" the circumstances before it in Escobar and by expressly declining to "resolve whether all claims for payment implicitly represent that the billing party is legally entitled to payment," the court held that a relator can state an implied false certification claim without necessarily identifying a "specific" representation that was a "misleading half-truth" in any claim.[18] In United States ex rel. Brown v. Celgene Corp., one of the first cases against a pharmaceutical or device company to test this theory, the Central District of California followed Rose and held that a relator’s implied false certification allegations against the pharmaceutical company Celgene Corp.–based on off-label promotion and alleged kickbacks–could survive despite the fact that the relator failed to identify any "specific misrepresentation" made in a claim for payment.[19] Federal appellate courts have not yet had the opportunity to fully develop their take on the scope of Escobar‘s "two conditions," including whether a "specific representation" is required. The Seventh Circuit has recently signaled that it will enforce a strict reading of Escobar‘s requirements. In United States v. Sanford-Brown Ltd., for example, the Seventh Circuit affirmed summary judgment in favor of a defendant where the relator offered no evidence that the defendant had made "any representations at all," explaining that "bare speculation that [a defendant] made misleading representations is insufficient."[20] Other federal appellate courts are likely to begin to address the "two conditions" this year. Indeed, the Rose court subsequently certified its decision embracing a less restrictive reading for interlocutory appeal to the Ninth Circuit.[21] And in United States ex rel. Panarello v. Kaplan Early Learning Co., a magistrate judge in the Western District of New York similarly declined to require an FCA plaintiff to show "specific representations," but recommended that the question be certified for interlocutory appeal to the Second Circuit.[22] As appellate courts take their turns at addressing this issue, we will watch carefully for any emerging circuit split that could send this issue back to the Supreme Court sooner rather than later.                         b.     Application of Escobar‘s "Demanding" Materiality Standard In Escobar, the Supreme Court not only specified the requirements for the implied false certification theory, but also reframed the FCA’s materiality standard as a question of whether a violation of the specific statute, regulation, or requirement at issue would actually have affected the government’s decision to pay for a claim had the government known of the alleged noncompliance.[23] In so doing, the Court made clear that materiality does not exist merely because the government may have the option not to pay a claim due to the alleged wrongdoing. The Court also explained that whether the particular statutory, regulatory, or contractual requirement at issue is specifically labeled a condition of payment remains relevant to materiality, but it is not dispositive.[24] The Court also stated that the FCA’s materiality requirement, which is an important bulwark against plaintiffs looking to bootstrap garden-variety regulatory violations or breach of contract claims into FCA liability, is "demanding" and "rigorous"–and that courts must ensure FCA plaintiffs satisfy this "rigorous" requirement by pleading facts showing materiality "with plausibility and particularity under Federal Rules of Civil Procedure 8 and 9(b)."[25] Since Escobar, several courts have seized on the Court’s command to rigorously review a complaints’ materiality allegations at the motion to dismiss stage–and have demanded that complaints include plausible, more-than-conclusory allegations showing that (1) the government either actually does not pay claims involving violations of the statute, rule, or regulation at issue, or (2) the government was unaware of the violation but "would not have paid" the claims at issue "had it known of" the alleged violations.[26]  In Sanford-Brown, one of the first appellate court decisions on the issue, the Seventh Circuit held that a relator must provide "evidence that the government’s decision to pay" a claim "would likely or actually have been different had it known of [the defendant’s] alleged noncompliance" with the statute, rule, or regulation at issue.[27] The court affirmed summary judgment for the defendant, concluding the alleged noncompliance was not material to the government’s decision to pay claims because the government had "already examined" the alleged misconduct "multiple times over and concluded that neither administrative penalties nor termination was warranted."[28] Similarly, in United States ex rel. D’Agostino v. ev3, Inc., which is discussed in further detail below, the First Circuit concluded that allegations a defendant’s purported misconduct–i.e., misstatements to FDA during the drug approval process–"could have" influenced "the government’s payment decision" failed to satisfy the "demanding" materiality standard set by Escobar.[29] In holding the relator had not adequately alleged materiality, the First Circuit also relied on the fact that the government neither "denied reimbursement" for the claims at issue nor took any other regulatory actions despite having been made aware of the allegations of the defendant’s fraudulent conduct six years earlier.[30] In line with Escobar‘s statement that identifying a provision as a condition of payment is "not automatically dispositive" of materiality, some courts have also dismissed complaints that merely allege payment "was conditioned on the claim being compliant" with the allegedly violated laws.[31] Similarly, nakedly alleging that the government "has a practice of not paying claims" involving the alleged violations is not enough to survive the rigorous pleading requirements reiterated in Escobar–especially when the government has actually paid claims after learning of the alleged violations.[32] Of particular note for drug and device companies, however, in Brown, the court explored how Escobar‘s materiality standard might be applied to pharmaceutical companies accused of off-label promotion. The court suggested that even under Escobar‘s demanding materiality requirement, allegations of off-label promotion may be "material" for purposes of government payment because, inter alia, "Medicare Part D may only reimburse ‘covered part D drugs’ . . . ‘used for a medically accepted indication.’"[33] In the court’s view, this at the very least created a genuine issue of disputed fact that foreclosed summary judgment for the defendants.                         c.      The First Circuit Cabins FCA Liability Based on Alleged Fraud on FDA The First Circuit’s decision in D’Agostino, discussed above, is also notable because it forecloses alleged fraud perpetrated on FDA as a basis for FCA liability, with the potential exception of situations where FDA has actually withdrawn approval or clearance of a medical device based on such fraud.[34] The relator in D’Agostino alleged the defendants made fraudulent misstatements to FDA in seeking approval of defendants’ medical devices. According to the relator, defendants allegedly disclaimed uses for the devices they later advocated in promotional activity, overstated the training that they would provide for the device, and omitted critical safety information from the information provided to FDA.[35] The relator alleged that FDA would not have approved the device had it known of the fraudulent statements, and thus these fraudulent statements ultimately led the Centers for Medicare & Medicaid Services ("CMS") to pay claims for use of that device (which CMS would not have done but for FDA’s pre-market approval).[36] The First Circuit rejected the relator’s fraud theory and affirmed the District Court’s dismissal of the relator’s complaint. First, the court reasoned that the relator did not allege that the purported misrepresentations "actually cause[d] the FDA to grant approval it otherwise would not have granted"; therefore, the relator did not plead the required causation between the alleged false statements and disbursement of government funds for the device.[37] The court observed that FDA did not withdraw its approval of the device and did not take any other action (such as imposing post-approval requirements or suspending approval), despite having been aware of the alleged fraudulent statements for six years.[38] By focusing on FDA’s knowledge of the fraudulent statements and its decision not to withdraw its approval, the court arguably required that, going forward, plaintiffs plead either that FDA would have withdrawn its approval if it had knowledge of the fraudulent statements, or that FDA did not have such knowledge. Second, the Court invoked important policy justifications for its holding, recognizing that "[t]o rule otherwise would be to turn the FCA into a tool with which a jury of six people could retroactively eliminate the value of FDA approval and effectively require that a product largely be withdrawn from the market even when FDA itself sees no reason to do so."[39] In addition to unjustifiably allowing private parties (or juries) to override FDA rulings, the relator’s theory would have prompted several practical problems, such as deterring new device approval applications, and requiring courts to attempt to determine whether or not "FDA would not have granted approval but for the fraudulent representations" made by the applicant.[40] Third, the court also rejected the relator’s argument that subsequent modifications and improvements to a device show that earlier versions were defective, explaining by analogy that if that were enough to show falsity then "most every car sold to the government would be per se defective."[41] Although the First Circuit’s decision reins in future use of the fraud-on-FDA theory in the FCA context, the decision leaves open the possibility that such a theory could potentially support a viable FCA claim where FDA had, in fact, made the decision to withdraw its approval of a device after discovering fraud perpetrated during the pre-market approval process. The court, however, expressly declined to resolve whether a relator would be able to state a viable FCA theory under those circumstances.[42]  B.     FDCA Enforcement Actions and Developments The second half of 2016 saw one particularly notable enforcement action under the FDCA. As noted above, in November 2016, Biocompatibles Inc. agreed to resolve the DOJ’s criminal (FDCA) and civil (FCA) allegations. Under the terms of its plea agreement, the company agreed to pay an $8.75 million criminal fine for misbranding its device and a criminal forfeiture of $2.25 million. The settlement is noteworthy for two primary reasons. First, the government asserted that Biocompatibles provided FDA assurances that its embolic device, "LC Bead," would not be used as a drug-eluting device while approval for the device’s use for that purpose was still pending. According to the government, just two years later–while the approval process was still underway–the company began promoting the device for drug delivery. It appears that the government sought to punish the company for "circumvent[ing]" the FDA approval process (as Principal Deputy Assistant Attorney General Mizer put it)–a theory in the same vein as the fraud-on-the-FDA theory occasionally advanced by FCA plaintiffs.[43] Second, the government alleged Biocompatibles contracted with a distribution sales force, and that those sales representatives marketed the device off-label. This is a valuable reminder that manufacturers may, in certain circumstances, be held liable for the conduct of their third-party business partners, including contract sales organizations or distributors. Several decisions from appellate courts in 2016 explored key facets of criminal liability under the FDCA. In United States v. DeCoster, a panel of the Eighth Circuit, over a dissenting opinion, upheld the misdemeanor convictions of two owners and operators of an egg-production company for introducing eggs into interstate commerce that had been adulterated with salmonella enteritidis.[44] Even though the defendants lacked any mens rea, the court held that corporate officers could be criminally liable under the FDCA for their failure to prevent or remedy conditions that gave rise to the FDCA violations, and that "[t]he elimination of a mens rea requirement does not violate the Due Process Clause for a public welfare offense where the penalty is ‘relatively small,’" (here, three months in prison).[45] The court explained that the defendants did not claim they were "powerless" to prevent the adulterated eggs from being introduced into commerce, and emphasized that they knew or should have known of the risks–even if they did not know of any actual problem–posed by unsanitary conditions at their egg barns.[46] In so holding, the Eighth Circuit refused to undercut the so-called Park doctrine, which–based on the Supreme Court’s 1975 decision in United States v. Park–imposes potential criminal liability on responsible corporate officers even absent any mens rea.[47] In United States v. Kaplan, the Ninth Circuit held, in a matter of first impression, that the FDCA’s anti-adulteration provision, 21 U.S.C. § 331(k), could support a criminal conviction for a physician’s reuse of consumable, single-use devices in connection with biopsies performed on patients.[48] That provision prohibits holding "for sale" any adulterated device. According to the government, the physician decided to reuse needle "guides" during biopsies to save on cost. Even though the device was never transferred to the patient, the court held it was effectively "sold" to the patient as part of the payment for the procedure.[49] C.     FCPA Investigations In addition to the many FCA resolutions, the DOJ and the U.S. Securities and Exchange Commission ("SEC"), which is responsible for civil enforcement of the FCPA against issuers, also resolved several high-profile FCPA enforcement actions involving drug or device companies during the last six months of 2016. On December 22, 2016, Teva Pharmaceutical Industries Ltd., the world’s largest manufacturer of generic pharmaceutical products, agreed to pay more than $519 million–the fourth-largest FCPA resolution ever (and the largest ever involving a pharmaceutical company)–to resolve FCPA allegations leveled by the DOJ and the SEC. The settlement arose from alleged corrupt payments made between 2002 and 2012 to high-ranking ministry-of-health officials in Russia and Ukraine to influence the approval of drug registrations and to state-employed physicians in Mexico to influence prescribing decisions.[50] On the civil side, Teva agreed to pay more than $236 million in disgorged profits and prejudgment interest to the SEC to resolve alleged violations of the FCPA’s anti-bribery, books-and-records, and internal-controls provisions. To resolve criminal charges, Teva entered into a deferred prosecution agreement charging FCPA anti-bribery and internal-controls violations, and its Russian subsidiary pleaded guilty to a one-count criminal information charging conspiracy to violate the FCPA’s anti-bribery provision, with a combined criminal penalty of $283.18 million. Teva also will retain a corporate-compliance monitor for a three-year term. The settlement is a wake-up call for those in the generic-drug market–even absent robust promotional sales and marketing activity, generic-drug makers frequently interact with government officials worldwide. On August 30, 2016, AstraZeneca PLC, the U.K.-based biopharmaceutical company, agreed to resolve FCPA charges with the SEC arising from alleged misconduct in China and Russia between 2005 and 2010.[51] According to the charging document, employees of AstraZeneca’s Chinese subsidiary provided cash, gifts, speakers’ fees, and other items of value to public health care providers in China as incentives to prescribe or purchase the company’s products. The SEC also alleged that AstraZeneca paid public officials to reduce or dismiss financial penalties proposed against the company’s subsidiary. Further, employees of AstraZeneca’s Russian subsidiary also purportedly made improper payments to incentivize public-sector pharmaceutical sales in Russia. Without admitting or denying the allegations, AstraZeneca consented to the entry of an administrative order finding violations of the FCPA’s books-and-records and internal-controls provisions and paid $5,147,000 in disgorgement and prejudgment interest, as well as a $375,000 civil penalty. AstraZeneca announced that the DOJ closed its investigation of the company without filing charges. II.     Promotional Issues Compared to recent years, 2016 saw relatively few developments in First Amendment jurisprudence regarding FDA’s authority to regulate off-label promotional speech. The past year also featured minimal progress in FDA’s long-awaited overhaul of its regulatory policies regarding truthful and non-misleading promotional speech. It remains to be seen whether the new administration changes the hand at the helm of FDA immediately. Regardless, it is likely that the slow march toward greater freedom from regulation of truthful promotional information will continue (and perhaps even move along more briskly). Below, we address several developments in this area, including updates on FDA’s regulatory overhaul and enforcement and guidance activity, as well as on pending legal challenges and legislative changes. A.     FDA Enforcement Activity – Advertising and Promotion FDA letters relating to advertising and promotional issues in 2016 rose slightly as compared to the previous two years. FDA’s Office of Prescription Drug Promotion ("OPDP") issued eleven total letters this year–eight Untitled Letters and three Warning Letters–which combined are two more than its total in 2015.[52] The latter half of the year saw a flurry of activity, with OPDP issuing nine letters within just the last four months, and six in December alone. As in recent years, FDA continued to target its enforcement towards various forms of electronic advertising, with two OPDP letters pertaining to traditional websites,[53] two pertaining to YouTube videos,[54] and one regarding e-mail communication.[55] As we reported in our 2015 Year-End Update, Congress has criticized FDA’s practice of enforcement by Untitled Letter. But OPDP’s eight Untitled Letters this year–representing two-thirds of its entire enforcement activity for the year–suggest the agency does not intend to slow its use of Untitled Letters despite past criticism from Congress on the practice. In 2017 and beyond, under a new administration that is politically aligned with Congress, FDA’s use of enforcement by Untitled Letter could certainly change. The vast majority of OPDP’s letters this year concerned the omission and/or minimization of risk information. Two OPDP letters, however, were notable in that FDA had no objections to the substance of the risk information, but instead took issue with the presentation of that information. December 12, 2016, Untitled Letters to Celgene and Sanofi-Aventis regarding Television Advertisements:[56] In a pair of December Untitled Letters, OPDP objected to two companies’ presentations of risk information in television advertisements. Specifically, FDA took issue with the use of fast-moving visuals, frequent scene changes, and background musical interjections that the agency concluded were overly distracting. As a result of these attention-grabbing elements, FDA determined it was too difficult for consumers to adequately process the risk information presented simultaneously in the advertisements. These letters serve as an important reminder that the method of communication of risk information can be just as important, from a compliance perspective, as the content of that information. For those drug and device makers that promote their products using social media and Internet-based advertisements, two OPDP letters were particularly noteworthy:  December 21, 2016 Untitled Letters to Zydus Discovery DMCC and Chiasma Inc. regarding YouTube Advertisements:[57] In another pair of December Untitled Letters, OPDP took issue with two companies’ use of videos posted both on YouTube.com and on other websites (including websites controlled by each company). The videos advertised each company’s product as safe and effective, even though neither had received FDA approval. OPDP chastised Zydus for misleadingly suggesting its product was recognized as safe and effective "worldwide" including in the United States, when, in fact, the drug had only been approved for use in other countries. In the case of Chiasma, the agency asserted that the video misleadingly made safety and efficacy claims throughout a video that was more than three minutes long. FDA concluded that a brief (eight-second) disclaimer at the end of the video did not effectively mitigate the claims, warning that "no disclaimer" would "sufficiently mitigate the extensive claims" permeating the video. B.     FDA’s Promotional Guidance We are still waiting for the new guidance regarding off-label promotion for drugs and devices that FDA pledged to issue more than two years ago. In November 2016, however, FDA held a public, two-day meeting to accept commentary and feedback as the next step in the process.[58] In what could be a positive sign for the industry, FDA recognized the benefits of communicating "relevant, truthful and non-misleading scientific or medical information regarding unapproved uses of approved medical products," which it conceded "may help health care professionals make better individual patient decisions."[59] Yet even as FDA acknowledged the value of information regarding unapproved uses, it was quick to caution that diminished regulation could lead to communications not based on sound science and to fewer scientific studies of new and investigational uses.[60] FDA has solicited further commentary on its regulation of "communications about unapproved uses" until early 2017 from a wide range of stakeholders, including health care professionals, industry groups, health care organizations, "payors and insurers, academic institutions, public[-]interest groups, and the general public."[61] Accordingly, questions regarding industry guidance or policy changes that will result from FDA’s efforts will likely remain unanswered until at least well into 2017. This past year, as FDA continued to grapple with the evolving legal landscape in the area of drug and device promotion, the pace of its advertising and promotional-guidance activity slowed compared to years past. As we reported in our Mid-Year Update, FDA’s Guidance Agenda for 2016 indicated the agency’s intent to publish four draft guidance documents in 2016 regarding advertising: (1) Health Care Economic Information in Promotional Labeling and Advertising for Prescription Drugs Under Section 114 of the Food and Drug Administration Modernization Act; (2) Internet/Social Media Advertising and Promotional Labeling of Prescription Drugs and Medical Devices – Use of Links to Third-Party Sites; (3) Manufacturer Communications Regarding Unapproved, Unlicensed, or Uncleared Uses of Approved, Licensed, or Cleared Human Drugs, Biologics, Animal Drugs and Medical Devices; and (4) Presenting Risk Information in Prescription Drugs and Medical Devices Promotion (Revised Draft). FDA never issued any of these draft guidance documents in 2016.[62] FDA’s 2017 Guidance Agenda entirely removes these four topics, and promises instead just one draft guidance document relating to advertising: Drug and Device Manufacturer Communications with Payors, Formulary Committees and Similar Entities.[63] Whether this broad topic covers all of the promotional advertising issues FDA signaled in 2016 will be an interesting issue in 2017. We will continue to track FDA’s work in this area, and report back when–or rather, if–FDA issues the promised guidance this time around.  While FDA stood on the sidelines in 2016, industry groups took their own initiative by issuing principles intended to guide off-label communications with health care providers, entitled "Principles on Responsible Sharing of Truthful and Non-Misleading Information about Medicines with Health Care Professionals and Payers."[64] Intended to serve as "responsible, science-based parameters for accurate and trusted information sharing" regarding unapproved uses with health care providers, the Principles center around three key concepts: (1) use of "science-based" communications, (2) provision of "appropriate contextual information" to ensure the recipient better understands issues of safety, effectiveness, and value of the medicines, and (3) tailoring communications to the intended audience in light of the recipient’s existing knowledge base.[65] It will be interesting to see whether FDA takes heed of these concepts as part of its own regulatory overhaul and whether, under the new administration, self-regulatory activity of this sort provides a basis for further inaction, if not deregulation. C.     Off-Label Promotion and the First Amendment Although the second half of 2016 turned up little activity in the courts relating to promotional issues, one criminal prosecution under the FDCA stood out as what may prove to be the next significant test of the First Amendment precedent set by United States v. Caronia[66] and Amarin Pharma, Inc.[67] In United States v. Facteau,[68] a jury convicted a pair of former executives of a medical device manufacturer on ten misdemeanor counts for promotion of a device for off-label use as a steroid delivery system, although the jury acquitted the defendants on all felony counts under the FDCA. Notably, the court allowed the jury to consider true statements that the company made relating to the off-label use of the device as evidence of guilt (i.e., evidence that the "intended use" of the device was not approved and thus that the executive unlawfully marketed a misbranded and adulterated device).[69] In the aftermath of the trial, the defendants moved the court to enter a judgment of acquittal, invoking Caronia and Amarin and arguing that the government’s reliance on truthful, non-misleading speech to prosecute the defendants violates the First Amendment.[70] The court has yet to rule on the defendants’ motion, but the court’s resolution of this First Amendment challenge could set the stage for the next legal showdown in this arena. D.     Legislative Developments On December 13, 2016, the President signed into law the 21st Century Cures Act, after Congress passed the bill several days earlier with broad bipartisan support.[71] As we reported in our Mid-Year Update, Congress had been considering a version of the bill containing a provision that would have required FDA to draft guidance on "facilitating the responsible dissemination of truthful and nonmisleading scientific and medical information not included in the approved labeling of drugs and devices."[72] However, the version of the bill ultimately enacted into law dropped this requirement. But even in what some would call a watered-down form, the Act took some steps to facilitate greater freedom for companies in communications regarding off-label uses. First, the Act provides greater latitude for use of off-label information in the drug and device approval process by amending the FDCA to mandate that FDA draft guidance on how "real-world evidence" (i.e., information on off-label usage) can be used to support approval of new indications for products already approved by FDA.[73] Second, the Act amends the FDCA to broaden the scope of information drug manufacturers can disseminate about off-label uses of their products to include greater information regarding the "economic consequences . . . of the use of a drug" even where the information is "related," but not necessarily "directly related," to an FDA-approved indication.[74] This same amendment to the FDCA broadens the scope of entities who can receive such economic information to include payors.[75] In sum, while modest compared to the legislation that the drug industry desired, these changes represent a step in the right direction towards allowing more room for dissemination of information relating to off-label uses. In closing, it is worth noting that, as we observed in our Mid-Year Update, members of Congress have continued to criticize FDA’s policies regarding off-label promotion, which a politically unified 115th Congress may be poised to address by further legislative action. Indeed, in the face of FDA’s slow progress in issuing revised guidance regarding off-label promotion, a legislative solution may be on the horizon as early as this calendar year. III.     Developments in cGMP Regulations and Other Manufacturing Issues FDA continued to scrutinize closely companies’ current good manufacturing practice ("cGMP") and quality systems regulation ("QSR") compliance in 2016, with significant activity in both areas. We address these enforcement actions and other key developments in cGMP and QSR regulation from 2016 below. A.     2016 cGMP and QSR Compliance and Enforcement Trends 1.      cGMP- and QSR-Based Warning Letters: Overview   2.     FDA Continues Crackdown on Data Integrity Compliance Issues In the latter half of 2016, FDA continued to focus on the types of data integrity compliance issues we previously reported for the first half of the year. FDA issued Warning Letters regarding data-integrity practices that violated cGMPs to companies in China, the Czech Republic, India, Israel, and Japan (among other countries).[76] These letters highlight FDA’s increasing foreign-inspection activity (as discussed in our Mid-Year Update). In its Warning Letters, FDA noted several data-integrity issues, including: (1) failures to maintain completed data derived from all laboratory tests conducted; (2) failures to prevent unauthorized access or changes to data; and (3) failures to record activities at the time they are performed. Among other admonishments, FDA took particular issue with failures to maintain complete data (and, in certain circumstances, for manipulating or deleting data). For example, in August 2016, FDA issued a warning to Zhejiang Hisoar Pharmaceutical Co. Ltd., for "retest[ing] samples until . . . [obtaining] desirable results" and failing to "investigate, review, or report original results."[77] Also in August, FDA issued a warning letter to Zhejiang Medicine Co. Ltd. for failing to "consider the results of [its] unofficial analyses to evaluate the quality of [its active pharmaceutical ingredients] or make batch release decisions."[78] FDA also issued warning letters to other manufacturers regarding blatant attempts to delete or manipulate data–efforts FDA views as evidence of a failure to enact adequate data integrity controls in compliance with cGMPs.[79] FDA ultimately required that all companies warned of data integrity violations comply with a three-part program, requiring: (1) a comprehensive investigation into inaccuracies in data records and reporting; (2) a risk assessment of the effect of observed failures on drug quality; and (3) a management strategy detailing global corrective action and a preventive action plan.[80]  3.     FDA Warns Foreign Manufacturers Regarding Cleaning Protocols FDA continued to call out foreign manufacturers for failing to maintain sanitary manufacturing facilities and to prevent cross-contamination of drugs. For example, FDA’s discovery of "[d]irt and birds in the manufacturing area," and "a lizard" in a controlled processing area of Unimark Remedies Limited’s Indian facilities drew a Warning Letter from FDA.[81] Xiamen Origin Biotech Co. Ltd. also received a Warning Letter for "dirty warehousing spaces" and a "rodent" observed in a room adjacent to the warehouse.[82] Cheng Fong Chemical Co. officials went so far as to admit "the rooms had never been cleaned," when FDA inspectors found "filth, insects, wet layers of . . . unidentified material on the floors, and foul odors"[83]–a finding that unsurprisingly resulted in a Warning Letter.[84]   In June 2016, SmithKline Beecham Limited received a Warning Letter regarding the risk of cross-contamination in its dedicated penicillin manufacturing area in its U.K. facility.[85] FDA warned SmithKline to "commit" its facility to penicillin manufacturing only or else fully decontaminate the facility, noting its preference for the former: "It is profoundly difficult to completely decontaminate a facility of [penicillin] residues."[86] 4.     FDA Admonishes Manufacturers for Obstructing FDA Inspections In 2016, several firms received Warning Letters for attempting to avoid FDA inspections altogether, prompting FDA to proclaim that it will not tolerate stonewalling. Citing the FDA Safety and Innovation Act of 2012, which makes obstruction of an inspection grounds for deeming a drug adulterated, FDA has issued Warning Letters and barred pharmaceutical imports in response to purported efforts to duck inspections.[87] In September 2016, FDA asserted that Nippon Fine Chemical took several steps to bar FDA inspection of its Japanese plant. First (according to FDA), the quality-control manager "directed employees to stand shoulder-to-shoulder," blocking an FDA investigator’s access to the "laboratory and the equipment used to analyze drugs for U.S. distribution."[88] The firm then purportedly refused to provide FDA with copies of complaint records, including records indicating that its drugs contained "glass, hair, cardboard, metal, product discoloration, and a black spider."[89] Finally, a firm manager allegedly "impeded the inspection by preventing [the FDA] investigator from photographing" manufacturing equipment.[90] In response, FDA issued a Warning Letter and an import alert against the company’s products. Beijing Taiyang Pharmaceutical Industry Co. similarly barred FDA investigators from entering a warehouse, in which the investigators observed "drums bearing [the] company’s label."[91] When investigators returned and were allowed access the following day, they noticed that a significant number of drums observed the day before had been removed without explanation.[92] In response, FDA issued a Warning Letter and an import alert, making clear how the agency will deal with such companies that attempt to obstruct FDA inspections. 5.     FDA Takes Issue with Device Manufacturers’ Complaint Handling In 2016, FDA issued dozens of Warning Letters to device manufacturers for inadequate complaint handling, making it clear that companies must properly manage complaints. For example, in May 2016, a company that "manufactures laser[-]powered surgical instruments" received a Warning Letter regarding its handling of complaints from patients burned by its device.[93] Of the eight complaints sampled by FDA investigators, none included medical device report ("MDR") evaluations.[94] One month later, FDA issued a Warning Letter to a U.S.-based device manufacturer for failing to investigate any of the 136 complaints reviewed by FDA investigators.[95] FDA has also been on the lookout for manufacturers that fail to report serious adverse events.[96] To avoid similar enforcement actions, device manufacturers should ensure that complaint systems are compliant with QSRs. B.     cGMP Rulemaking and Guidance Activity In November 2016, FDA issued several guidance documents pertaining to manufacturing and quality issues. Notably, FDA released its final guidance outlining recommendations regarding quality agreements between drug manufacturers and contracted facilities and its draft guidance regarding submission of quality metrics data by drug manufacturers. FDA also provided updated guidance on medical device reporting. 1.      Quality Agreements On November 23, 2016, FDA released its final FDA guidance regarding quality agreements between product "owners" and "contracted facilities."[104] Although such agreements are not required by law, the FDCA prohibits any person from introducing an adulterated drug into interstate commerce.[105] The FDCA further provides that drugs not manufactured in compliance with cGMPs–which require "the implementation of oversight and controls over the manufacture of drugs"–will be deemed adulterated.[106] Accordingly, FDA’s recent guidance "recommends that owners and contract facilities establish a written quality agreement to describe their respective CGMP-related roles, responsibilities, and activities in drug manufacturing."[107] 2.     Quality Metrics On November 25, 2016, FDA released a revised version of its draft guidance titled "Submission of Quality Metrics Data."[108] As the draft guidance observes, various quality metrics are used by the pharmaceutical industry to monitor quality control processes and "drive continuous improvement in drug manufacturing."[109] FDA intends to use these metrics to develop compliance and inspection policies, improve FDA’s ability to predict future drug shortages, and encourage the industry to develop quality management systems for pharmaceutical manufacturing. Accordingly, FDA is initiating a quality metrics program that will begin with a voluntary reporting phase during which FDA will accept data submissions from drug manufacturers.[110] FDA will then "initiate notice and comment rulemaking under existing statutory authority to develop a mandatory quality metrics reporting program."[111] 3.     Medical Device Reporting On November 9, 2016, FDA finalized its guidance on "Medical Device Reporting for Manufacturers."[112] Significantly, this guidance reintroduces a two-year presumption that once a malfunction has caused or contributed to a death or serious injury, the malfunction is likely to do so again if it recurs.[113] As such, "once a malfunction causes or contributes to a death or serious injury, [manufacturers] have an obligation to file MDRs for additional reports of that malfunction."[114] The presumption was originally included in FDA’s 1997 guidance on reporting but was omitted from its 2013 draft guidance on the same topic. The recent final guidance states that the "presumption will continue until either the malfunction has caused or contributed to no further deaths or serious injuries for two years, or the manufacturer can show through valid data that the likelihood of another death or serious injury as a result of the malfunction is remote."[115] FDA further "recommends that [manufacturers] submit a notification to FDA with a summary of the data and the rationale for [the] decision to cease reporting at the end of two years."[116] IV.     Medical Devices A.     FDA Guidance As in the first half of the year, CDRH issued a significant number of important draft and final guidance documents on a wide range of issues in the second half of 2016. On July 27, 2016, recognizing that adaptive designs for medical device clinical trials can conserve resources, shorten study completion time, and increase the chance for study success, FDA finalized guidance outlining how to structure medical device trials to allow for adaptation based on the accumulation of study data.[117] On August 5, 2016, FDA issued draft guidance in the form of an International Medical Device Regulators Forum ("IMDRF") proposal, recommending clinical-evaluation methods and clinical-evidence thresholds for the submission of a Software as a Medical Device ("SaMD").[118] And on November 8, 2016, FDA finalized a lengthy question-and-answer style guidance to aid device manufacturers in complying with the Medical Device Reporting ("MDR") requirement.[119] Below we detail additional guidance issued in the second half of 2016. 1.     Developing a Medical Device National Evaluation System As we reported in our 2015 Year-End and 2016 Mid-Year Updates, the CDRH’s first strategic priority for 2016 and 2017 was the development of a National Evaluation System ("NEST") for medical devices that would capture and utilize real-world electronic health information to inform regulatory decision-making regarding devices.[120] To achieve this goal, CDRH intends to gain access to 100 million electronic patient records via device identifiers to "increase by 100 percent the number of premarket and postmarket regulatory decisions that leverage real-world evidence" compared to the "FY2015 baseline."[121] In acknowledgment of the fact that implementation of a Unique Device Identifier ("UDI") program is a prerequisite to NEST, on July 26, 2016, FDA issued draft guidance on the expected content and form of UDIs required under the 2013 UDI System rule.[122] But CMS has publicly opposed FDA’s plan to use claims data with UDIs to monitor safety, arguing that "including UDIs on claims would entail significant technological challenges, costs and risks" for Medicare.[123] Nevertheless, HHS Secretary Sylvia Burwell has publicly voiced support for the initiative, noting that the Sentinel Initiative–FDA’s program for reporting and monitoring the safety of all regulated medical products–will be improved by "incorporating UDIs into its claims data sources."[124] In finalized guidance issued on August 30, 2016, FDA indicated that it does not intend to enforce the 2013 UDI System rule’s prohibition of the inclusion of National Health Related Item Code or National Drug Code numbers on device labels or packaging for finished devices manufactured and labeled prior to September 24, 2021.[125] FDA also indicated that it does not intend to take action against a labeler for incorporating a previously assigned FDA labeler code into its UDI without requesting approval to do so if the labeler submits a compliant request by September 24, 2021. Relatedly, on July 27, 2016, FDA issued draft guidance addressing how it plans to consider "real-world evidence" derived from sources like claims data when exercising its regulatory decision-making for medical devices.[126] Through this draft guidance, FDA places important limits on what data may be used from NEST once it is implemented. Primarily, FDA emphasizes that its evidentiary standard for decision-making will not be lowered when considering real-world data–FDA intends to consider the real-world data’s quality by examining its relevance and reliability.[127] FDA also excludes "secondary uses" of real-world data, requiring "at a minimum[] a prospective analysis plan," due to concerns of inherent bias in retrospective analyses of real-world data.[128] Finally, FDA provides additional examples of actual regulatory uses of real-world evidence, including the use of a national device registry to support an application for an expanded indication for use of a product and the use of a patient registry to support postmarket surveillance studies under § 522 of the FDCA.[129] 2.     Public Notification of Emerging Signals On December 14, 2016, FDA released its final guidance regarding its policy on notifying the public regarding "emerging signals."[130] FDA defines an "emerging signal" as "new information about a marketed medical device . . . that supports a new causal association or a new aspect of a known association between a device and adverse event or set of adverse events" which "has the potential to impact patient management decisions and/or the known benefit-risk profile of the device."[131] FDA provided thirteen non-exclusive factors that it may consider in determining whether to issue a public notification regarding an emerging signal, including: the "likelihood" and "magnitude" of potential "harmful event(s)," the benefit provided by the device, potential device alternatives, and the quality and strength of the data and causal connection evidence.[132] FDA intends to conduct an initial assessment of the need to issue a public notification about an emerging signal within thirty days of receiving the relevant information.[133] FDA’s final guidance clarified that the agency will not issue a notice unless "credible scientific evidence supports a new causal relationship."[134] This standard appears to require more evidence for the issuance of a public notification than did FDA’s December 2015 draft guidance, possibly in response to several industry concerns that the policy could be more harmful than helpful by causing providers and patients to unnecessarily avoid beneficial devices.[135] 3.     510(k) Submissions for Changes to Existing Devices On August 8, 2016, FDA issued two draft guidance documents for public comment regarding when device manufacturers should submit a 510(k) for changes made to a device or its software.[136] FDA issued its existing final guidance on the topic in January 1997.[137] FDA’s first attempt to replace this guidance back in 2011 ignited industry fears that the new guidance would require 510(k)s to be submitted for substantially more modifications than required under the 1997 guidance. Given this concern, Congress ultimately ordered FDA to withdraw its 2011 draft guidance.[138] Following a public workshop held in 2013 with industry and other stakeholders, FDA issued a 2014 report to Congress, claiming that it intended to make targeted revisions to the 1997 guidance and issue a new guidance on software changes, while leaving the "overarching policy framework intact."[139] The draft guidance documents that FDA issued this year include numerous flowcharts and hypothetical scenarios to assist the industry in determining whether a proposed change is significant enough to require FDA review. Not surprisingly, changes that fall within that category include any major modification to the device that could significantly affect the safety or effectiveness of the device. It remains to be seen whether FDA’s proposed guidance will significantly increase the number of 510(k)s filed for existing devices. FDA’s pace of clearing 510(k) devices has remained fairly steady over the past years such that an uptick in 510(k) submissions could affect the timely approval of such applications unless FDA dedicates additional resources to these reviews. 4.     General Wellness and Low-Risk Devices On July 29, 2016, FDA finalized guidance on "low risk products that promote a healthy lifestyle," referred to by FDA as "general wellness products."[140] The guidance indicates that low-risk general wellness software or hardware products–like meditation, fitness, or sleep mobile applications or wearable fitness monitors–will not require FDA review or compliance with FDA’s premarket and postmarket regulatory requirements.[141] To qualify as a general wellness product, a product must not claim to diagnose or treat a particular disease or condition; it can, however, claim to improve overall general wellness.[142] Notably, these products may also qualify as general wellness products even if they reference specific diseases or conditions, if the claim relates to reducing the risk of, or "help[ing] liv[e] well with," certain diseases or conditions "as part of a healthy lifestyle."[143] Such products must also be "low risk" in order to qualify for the regulatory exception.[144] In determining whether a product is "low risk," manufacturers should consider whether CDRH actively regulates products of the same type. If the answer is yes, the product is likely not low risk. Products that are invasive, implanted, and involve a technology that may pose a risk to the safety of users or other persons (such as risks from lasers or radiation exposure) are also likely not low risk. Products that do not fall into these restrictions may qualify as "low risk" and therefore benefit from the above regulatory exception. 5.     Evaluation of Benefit-Risk Profile In August, FDA finalized two guidance documents: one on factors to consider when making benefit-risk determinations for premarket approval ("PMA") of medical devices,[145] and one regarding patient preference information that FDA staff may use to make PMA determinations.[146] Both guidance documents apply to diagnostic and therapeutic devices. In its benefit-risk guidance, FDA enumerated the categories of factors it considers in making the benefit-risk determination: (1) the extent of the probable benefit of the device considering the type, magnitude, probability, and duration of the benefit; (2) the extent of the probable risks considering the severity, type, number, and rate of harmful events, the probability and duration of harmful events, and the risk from false-positive or false-negative results; and (3) additional factors (such as patient assessments and patient-reported outcomes). Although FDA did not specify how it weighs these additional factors, FDA did provide some helpful examples of actual past benefit-risk determinations. As a companion to this guidance, FDA issued final guidance addressing how FDA might consider patient-preference information ("PPI") in reviewing premarket approval applications. Consistent with its benefit-risk guidance, FDA indicated "[p]atients provide valuable input" and "PPI may be particularly useful in evaluating a device’s benefit-risk profile when patient decisions are ‘preference sensitive.’"[147] FDA clearly indicated that the guidance does not create any extra burden on sponsors of premarket submissions. Instead, the guidance provides recommendations for "voluntary" collection of PPI.[148] This guidance demonstrates FDA’s continued focus on ensuring that patient perspectives are represented in premarket approval decisions. 6.     Postmarket Management of Cybersecurity in Medical Devices In keeping with its focus on cybersecurity issues reported in our 2014 and 2015 Year-End Updates, FDA finalized its early-2016 draft guidance regarding postmarket management of cybersecurity risks for medical devices at the end of the year.[149] The guidance re-emphasizes that manufacturers must consider cybersecurity issues throughout the life cycle of a medical device, not just during the premarket phase.[150] In doing so, FDA recommends that device manufacturers participate in an Information Sharing Analysis Organization ("ISAO") to exchange information regarding cyber-threats with other industry members and maintain "a defined [and documented] process to systematically conduct a risk evaluation and determine whether a cybersecurity vulnerability affecting a medical device presents an acceptable or unacceptable risk."[151] This process should "focus on assessing the risk of patient harm by considering: 1) The exploitability of the cybersecurity vulnerability, and 2) The severity of patient harm if the vulnerability were to be exploited."[152] By evaluating these two factors, manufacturers should determine whether a "risk of patient harm is controlled (acceptable) or uncontrolled (unacceptable)."[153] FDA’s guidance recommends ways to address controlled risks (e.g., routine cybersecurity updates and patches) but does not require concomitant reporting (except on an annual basis for premarket approval devices). Uncontrolled risks, on the other hand, must be reported to FDA under the relevant QSRs.[154] The guidance nevertheless makes clear that FDA will not enforce these reporting requirements if: (1) "there are no known serious adverse events or deaths associated with the vulnerability"; (2) the manufacturer communicates risk information to users within thirty days and "develops a remediation plan to bring the residual risk to an acceptable level"; (3) "the manufacturer fixes the vulnerability, validates the change, and distributes the deployment fix" within sixty days; and (4) the manufacturer is an active participant in an ISAO.[155] B.     Update on Regulation of Laboratory Developed Tests We have previously reported on FDA’s controversial moves toward regulation of Laboratory Developed Tests ("LDTs")–diagnostic tests designed, manufactured, and performed in clinical laboratories–including FDA’s indication that it would be finalizing its 2014 draft guidance regarding regulation of LDTs as medical devices.[156] Although FDA originally projected that it would finalize the guidance in 2016, the presidential election results appear to have stalled the agency’s plans. On November 18, 2016, FDA indicated that it would delay its final guidance on LDTs, announcing that it would instead "continue to work with stakeholders, [the] new Administration, and Congress to get [its] approach right."[157] Whether FDA continues or backs away from its efforts to regulate LDTs under the new administration is a key issue to monitor in 2017. C.     Warning Letters CDRH issued only four Warning Letters in the second half of 2016, bringing the annual total to nineteen.[158] Each of the four letters identified issues stemming from a prior FDA inspection in which FDA concluded that the methods, facilities, or controls used for product manufacturing were not in conformity with cGMP. In July, CDRH took issue with a teeth-whitening and dental-floss manufacturer for failing to provide required post-inspection documentation in English.[159] Also in July, FDA chastised a bone-implant device manufacturer for failing to correct alleged deficiencies in its evaluation of the potential risk of distribution of nonconforming products and its process for identifying and reporting adverse events to FDA.[160] In August, CDRH issued a pair of letters each identifying a host of issues: one to a manufacturer of intercranial pressure-monitoring products regarding its alleged failure to correct inadequate data processing, design validation, and corrective and preventive action ("CAPA") procedures,[161] and one to a compression-sock manufacturer regarding its alleged failure to develop adequate validation and CAPA procedures, failure to properly manage complaints, and failure to conduct appropriate audits.[162] FDA’s actions again demonstrate its willingness to exercise broad jurisdiction–each of the four letters targeted foreign companies (from China, France, Germany, and Italy) that market products in the United States. In three of the four cases, FDA also invoked its authority to refuse entry of the devices at issue into the United States until the company addressed the issues FDA raised in its letter. V.     Anti-Kickback Statute  A.     AKS-Related Case Law Federal courts issued several noteworthy decisions interpreting the AKS during the second half of 2016. In United States ex rel. Ruscher v. Omnicare, Inc. (an unpublished decision handed down in October 2016), the Fifth Circuit addressed the inducement element of an AKS violation.[163] There, a qui tam relator alleged that Omnicare, a provider of pharmacy services to long-term care facilities, improperly induced skilled nursing facilities to use its pharmacy services by writing off bad debt owed by the facilities and offering prompt-payment discounts to the facilities. According to the relator, Omnicare then falsely certified its compliance with the AKS, resulting in the submission of false or fraudulent claims. The Fifth Circuit set the table by reiterating the well-worn "one purpose" standard: "Relator need only show that one purpose of the remuneration was to induce . . . referrals."[164] But the court then picked up on a point previously emphasized by the Tenth Circuit in United States v. McClatchey, noting that "[t]here is no AKS violation . . . where the defendant merely hopes or expects referrals from benefits that were designed wholly for other purposes."[165] The Fifth Circuit then examined the District Court’s grant of summary judgment to Omnicare, and concluded that the relator’s evidence, at most, indicated that Omnicare sought to "collect verifiable debt and settle billing disputes without unnecessarily aggravating [skilled nursing facility] clients in the midst of ongoing or anticipated contract negotiations."[166] The relator offered no evidence suggesting Omnicare "designed its settlement negotiations and debt collection practices to induce" referrals.[167] And there was no evidence that Omnicare connected its collection practices to the question of referrals. As the Fifth Circuit observed, "[i]f the purported benefits were designed to encourage [skilled nursing facilities] to refer Medicare and Medicaid patients to Omnicare, one might expect to find evidence showing that the [facilities] at least knew about those benefits."[168] In sum, the Fifth Circuit refocused the inducement inquiry on the "design" of the practice that purportedly remunerated a referral source. Albeit unpublished, this decision may provide defendants in AKS-predicated FCA cases with a template for defending routine business practices that are not designed to induce referrals (even if they are arguably remunerative). A second notable decision relates to the AKS exception and safe harbor for discounts. By law, the AKS does not impose liability for remuneration that is "a discount or other reduction in price . . . if the reduction in price is properly disclosed and appropriately reflected in the costs claimed or charges made by the provider or entity under a Federal health care program."[169] The regulatory safe harbor also protects discounts "made at the time of the sale" that are "fixed and disclosed in writing . . . at the time of the initial sale," if the provider receiving the discount provides documentation of the discount and the provider’s awareness of its obligation to report the discount "upon request by the Secretary or a State agency."[170] Drug and device manufacturers often rely on this safe harbor to protect procompetitive discount arrangements that benefit patients and payors, but two recent decisions by the District of Massachusetts offer insight on how courts apply the safe harbor. In United States ex rel. Banigan v. Organon USA, Inc., the relators alleged that Omnicare, Inc. and a group of pharmacies acquired by the company violated the FCA by submitting tainted claims for payment after the pharmacies received purported kickbacks from drug maker Organon through market share rebates via group purchasing organizations ("GPOs").[171] The relators also alleged that Omnicare entered into improper direct purchasing agreements with the drug maker, under which the pharmacy accepted a volume-based discount in exchange for promoting the agreement’s potential financial benefits to its clients. Denying Omnicare’s motion for summary judgment as to its own conduct and that of two of its acquired pharmacies, the court concluded that the relators offered sufficient evidence of scienter and that Omnicare’s discount agreements did not qualify for the statutory or regulatory discount safe harbor. Although Omnicare satisfied the safe harbors’ first requirements (i.e., that the GPOs and direct purchase contracts contained and disclosed all of the agreements’ terms), the court found that Omnicare could not satisfy the second element for either the statutory or regulatory safe harbor.[172] As to the statutory safe harbor, the court cited Omnicare’s failure to offer evidence that discounts were reflected "appropriately" in charges to Medicaid.[173] As to the regulatory safe harbor, the court explained that Omnicare did not show "that it made the relevant disclosures pursuant to a governmental investigation."[174] Despite recognizing that Omnicare could not have made that showing because the government did not investigate Omnicare during the relevant period, the court defended its conclusion by emphasizing that "the statutory and regulatory safe harbors are independent affirmative defenses, and government action a necessary condition only of the latter."[175] The District of Massachusetts relied on similar reasoning in United States ex rel. Herman v. Coloplast Corp., a case involving FCA claims against CCS Medical for allegedly receiving price discounts from Coloplast, a manufacturer of continence care products, in exchange for converting patients to Coloplast products.[176] The court initially dismissed the claims after CCS argued that its discount arrangement with Coloplast fell within the protection of the discount safe harbors. On reconsideration, however, the court concluded that CCS had not met the second element of the statutory discount exception or safe harbor by showing that the discounts were "’appropriately reflected in the costs claimed or charges made’ to a federal healthcare program, or that CCS ha[d] provided certain information concerning the discounts to a governmental agency pursuant to its request."[177] The District of Massachusetts’s reasoning is opaque, which is especially unfortunate in light of the case’s potential ramifications. Indeed, conditioning availability of the safe harbor on government action (e.g., a request for information) and the provision of such information in response to the government requests may deprive drug and device makers of the ability to control whether they qualify for the discount safe harbor and statutory exceptions. Even the government has recognized this concern. After the court’s decision, the government filed a Statement of Interest in response to CCS’s motion for reconsideration, in which it disagreed with the court’s interpretation, stating that "safe harbor protection remains available if all other requirements are met" even if the Secretary or a State agency has not requested disclosure.[178] Although the court did not rely on this argument, the government also argued in a separate Statement of Interest that the discount exception is "narrow,"[179] and that "a price reduction conditioned on promotional or conversion campaign activities is not a ‘discount’ within the meaning of the discount exception at 42 U.S.C. § 1320a-7b(b)(3)."[180] Therefore, according to the government, "[r]emuneration to health care providers for switching patients from one product to another, and for other efforts to increase a product’s utilization do not qualify as protected price reductions, even if the parties label the remuneration as ‘rebates’ or ‘discounts.’"[181] Whether the government can convince courts of this argument in future proceedings remains to be seen. If the government is successful, drug and device makers may not be able to rely on the discount safe harbors and exceptions, especially for clinically focused performance-based rebates and other formulary rebates where manufacturers may condition rebates on maintaining a certain formulary status for the product.  B.     Safe Harbors As we have previously reported, HHS OIG published a proposed rule on October 3, 2014, with an eye toward creating additional safe harbors to the AKS and protecting certain payment practices and business arrangements from sanctions. After more than two years, HHS OIG finalized that rule in December 2016, formalizing a safe harbor for discounts provided by drug manufacturers on "applicable drugs" to "applicable beneficiaries" under the pre-existing Medicare Coverage Gap Discount Program.[182] Through the Medicare Coverage Gap Discount Program, prescription drug manufacturers can enter into agreements with the Secretary of HHS to provide certain beneficiaries access to drug discounts at the point of sale. To qualify for the safe harbor, manufacturers must also participate in and be "in full compliance with all requirements of[] the Medicare Coverage Gap Discount Program."[183] The impact of the change in language from "full compliance with all requirements" in the proposed rule remains to be seen, but HHS OIG explained in commentary to the final rule that "minor, technical instances of non-compliance should not preclude safe harbor protection." As an example of a minor slip-up, HHS OIG offered "missing a payment deadline by one day."[184] Manufacturers that "knowingly and willfully provided discounts without complying with the requirements of the Medicare Coverage Gap Discount Program," however, "could be subject to sanctions."[185] The territory between these bounds suggests that HHS OIG has reserved significant enforcement discretion. C.     HHS OIG Guidance HHS OIG routinely releases advisory opinions in response to inquiries submitted by companies seeking to comply with the AKS. Advisory opinions issued by HHS OIG can provide useful insight into how HHS OIG analyzes potential marketing and promotional activities. In September 2016, HHS OIG assessed and commented on a vaccine-refrigeration-system manufacturer’s proposition to provide its devices to physicians free of charge, concluding that such an arrangement would not lead to civil monetary sanctions given a "combination" of "unique factors" that mitigated concerns of fraud or abuse typically associated with providing free medical equipment to physicians.[186] Under the proposed arrangement, the manufacturer would provide free vaccine storage systems to physicians, and the physicians would enter into agreements to stock at least one "sole-source" vaccine (a vaccine manufactured by only one drug maker). The proposal also would require that all sole-source vaccines stocked in the refrigeration system be products of drug makers that have their own contracts with the manufacturer, under which those drug makers would pay a fee to the refrigeration-system manufacturer for every sole-source vaccine dispensed from the storage system. Although participating physicians would be required to store at least one sole-source vaccine, HHS OIG focused on the physicians’ ability to stock other non-sole-source vaccines and use other sole-source vaccines from companies without a fee arrangement with the manufacturer in separate storage systems. In addition, HHS OIG explained that physicians "would receive no more financial gain" for administering a vaccine from the storage unit, as physicians would not receive any part of the per-dispense fee or other remuneration under the proposed arrangement.[187] This factor further alleviated concerns that the refrigeration system would be used to induce referrals for a particular drug maker’s vaccine. In reaching its conclusion, HHS OIG also noted the importance of the Center for Disease Control’s goal of increasing vaccination rates, as well as the lack of any additional business ties between the manufacturer and the Medicare program. In June 2016, HHS OIG evaluated a drug maker’s planned discount-card program for Medicare Part D beneficiaries that would treat those beneficiaries as cash-paying customers.[188] Under the proposal, the card would provide discounts on out-of-pocket costs of up to $75 per prescription on as many as twelve prescriptions. Despite concerns that discounts or credits can lead to overutilization of a particular drug, the inability to receive reimbursement under Part D for the erectile-dysfunction drug in question mitigated any fraud concerns in the eyes of HHS OIG, especially since Medicaid and TRICARE beneficiaries (which can receive reimbursements for the drug) would be excluded from the proposed discount program. HHS OIG also noted the low likelihood that the discount program would induce Part D beneficiaries to purchase other products from the same drug manufacturer in light of the drug maker’s certification that it would not use the program to market other products. VI.     Updates in Drug Development: The 21st Century Cures Act On December 8, 2016, Congress passed the 21st Century Cures Act,[189] a law aimed primarily at encouraging innovation and bringing pharmaceutical products to market more quickly. Although some have complained that the version of the Act that ultimately passed did not do enough, the Act was passed with broad bipartisan support. The Act passed in the House by a vote of 392 to 26, and in the Senate by a vote of 94 to 5.[190] President Obama signed the bill into law soon thereafter, on December 13.[191] Among other things, the legislation will increase funding for programs like the Beau Biden Cancer Moonshot, the Brain Research through Advancing Innovative Neurotechnologies Initiative ("BRAIN Initiative"), the National Institutes of Health ("NIH"), and the Precision Medicine Initiative.[192] It also will implement mental health care reform by creating suicide-prevention programs,[193] improving pediatric mental health services,[194] funding state programs to combat the opioid abuse crisis,[195] and improving mental health care on college campuses.[196] The parts of the Act pertaining to promotional communications by drug manufacturers are discussed in Part II, above. But the Act’s main goal is to significantly expedite FDA’s approval process for new drugs and devices, which it seeks to do in several notable ways. First, the legislation allows the HHS Secretary to rely upon "qualified data summaries" to support the approval of a supplemental application for a new indication of an already-approved drug or biologic.[197] In practice, this will allow drug companies to support their applications with condensed analyses of the drug’s safety and effectiveness, rather than with individual-level safety and effectiveness data obtained through randomized clinical trials, which will enable them to circumvent the time-intensive and costly approval process currently in place for drugs that have not yet been approved for any indications.  Second, the Act directs the Secretary of HHS to evaluate the potential use of "real-world evidence," defined as "data regarding the usage, or the potential benefits or risks, of a drug derived from sources other than randomized clinical trials," to support the approval of a supplemental application for a new indication of an already-approved drug or biologic.[198] The legislation specifically lists "ongoing safety surveillance, observational studies, registries, claims, and patient-centered outcomes research activities" as potential sources of real-world evidence that may be used.[199] Regulations implemented pursuant to this provision could allow pharmaceutical companies–in at least some circumstances–to avoid conducting randomized clinical trials for drugs that have already been approved for at least one indication and instead enable them to rely on less costly and time-consuming methods of analysis. Finally, the Act creates several new programs aimed at expediting the approval process for particularly serious illnesses. For instance, it creates a "limited population pathway" for the approval of antibacterial and antifungal drugs that are intended to treat "a serious or life-threatening infection in a limited population of patients with unmet needs."[200] In addition, it expands on current FDA programs to allow a quicker path for devices that represent "breakthrough technologies" for patients with life-threatening or irreversibly debilitating diseases.[201] It also requires the Comptroller General of the United States to evaluate the effectiveness of various "priority review voucher programs," which allow companies that research drugs used in treatments for rare pediatric diseases or neglected tropical diseases to receive expedited review of applications for other drug approvals.[202] Finally, it creates an accelerated approval process for drugs designated as "regenerative advanced therapies" intended to "treat, modify, reverse, or cure a serious or life-threatening disease or condition."[203] VII.     Conclusion With a major change in the administration underway, and courts still sorting through several issues raised by Escobar, there are innumerable open questions relating to regulation and enforcement activity involving drug and device companies in 2017. The regulatory battles of recent years–such as the scope of permissible promotional communications and the extent to which LDTs are regulated under the FDCA–may well change radically under an administration that is expected to scale back regulation. What is certain is that we will continue to monitor the path of the developments discussed above, and others, and report on them in our 2017 Mid-Year Update.     [1]   Principal Deputy Assistant Attorney General Benjamin C. Mizer of the Civil Division Delivers Remarks at the Food and Drug Law Institute’s Enforcement, Litigation and Compliance Conference (Dec. 7, 2016), https://www.justice.gov/opa/speech/principal-deputy-assistant-attorney-general-benjamin-c-mizer-civil-division-delivers.    [2]   See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Justice Department Recovers Over $4.7 Billion from False Claims Act Cases in Fiscal Year 2016 (Dec. 14, 2016), https://www.justice.gov/opa/pr/justice-department-recovers-over-47-billion-false-claims-act-cases-fiscal-year-2016.    [3]   Id..; see also U.S. Dep’t of Justice, Civil Div., Fraud Statistics – Overview (Dec. 13, 2016), https://www.justice.gov/opa/press-release/file/918361/download.    [4]   Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Wyeth and Pfizer Agree to Pay $784.6 Million to Resolve Lawsuit Alleging that Wyeth Underpaid Drug Rebates to Medicaid (Apr. 27, 2016),  https://www.justice.gov/opa/pr/wyeth-and-pfizer-agree-pay-7846-million-resolve-lawsuit-alleging-wyeth-underpaid-drug-rebates.   [5]   See Press Release, Office of Public Affairs, U.S. Dep’t of Justice, Diabetic Medical Equipment Companies to Pay More Than $12 Million to Resolve False Claims Act Allegations (Sept. 7, 2016), https://www.justice.gov/opa/pr/diabetic-medical-equipment-companies-pay-more-12-million-resolve-false-claims-act-allegations.    [6]   Press Release, U.S. Atty’s Office for the Western Dist. of N.C., U.S. Dep’t of Justice, Medical Device Company Agrees To Pay $8 Million To Resolve Claims It Paid Illegal Kickbacks To Physicians (June 29, 2016), https://www.justice.gov/usao-wdnc/pr/medical-device-company-agrees-pay-8-million-resolve-claims-it-paid-illegal-kickbacks.   [7]   Corporate Integrity Agreement Between the Office of Inspector General of the Department of Health and Human Services and Cardiovascular Systems, Inc. (June 28, 2016), https://oig.hhs.gov/fraud/cia/agreements/Cardiovascular_Systems_Inc_06282016.pdf.    [8]   Liisa Rajala, Atrium Medical Corp. Agrees to $11.5 Million Settlement, N.H. Bus. Rev. (Jul. 28, 2016); Second Amended Complaint at ¶¶ 98-121, United States ex rel. Sullivan, et al. v. Atrium Med. Corp., No. 5:13-cv-00244 (W.D. Tex. July 30, 2015), ECF No. 104.   [9]   Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Forest Laboratories and Forest Pharmaceuticals to Pay $38 million to Resolve Kickback Allegations Under the False Claims Act (Dec. 15, 2016), https://www.justice.gov/opa/pr/forest-laboratories-and-forest-pharmaceuticals-pay-38-million-resolve-kickback-allegations?_ga=1.182418405.375859627.1482512127.   [10]   Id. [11]   Joint Stipulation of Dismissal, United States ex rel. Galmines v. Novartis Pharm. Corp., No. 06-cv-03213 (E.D. Pa. Oct. 05, 2016), ECF No. 143. [12]   See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Medical Device Maker Biocompatibles Pleads Guilty to Misbranding and Agrees to Pay $36 Million to Resolve Criminal Liability and False Claims Act Allegations (Nov. 7, 2016), https://www.justice.gov/opa/pr/medical-device-maker-biocompatibles-pleads-guilty-misbranding-and-agrees-pay-36-million. [13]   Universal Health Servs., Inc. v. United States ex rel. Escobar, 136 S. Ct. 1989, 2001 (2016) (emphasis added). [14]   Id. at 1999–2001. [15]   See, e.g., United States ex rel. Tessler v. City of New York, 14-cv-6455, 2016 WL 7335654, at *4 (S.D.N.Y. Dec. 16, 2016); United States v. Crumb, No. 15-cv-0655, 2016 WL 4480690, at *12 (S.D. Ala. Aug. 24, 2016); United States ex rel. Beauchamp v. Academi Training Ctr., Inc., No. 1:11-cv-371, 2016 WL 7030433, at *3 (E.D. Va. Nov. 30, 2016). [16]   Tessler, 2016 WL 7335654, at *4 (quoting Escobar, 136 S. Ct. at 2004). [17]   Rose v. Stephens Inst., No. 09-cv-05966, 2016 WL 5076214, at *5 (N.D. Cal. Sept. 20, 2016). [18]   Id. [19]   United States ex rel. Brown v. Celgene Corp., No. 10-cv-03165, 2016 WL 7626222, at *8 (C.D. Cal. Dec. 28, 2016). [20]   United States v. Sanford-Brown, Ltd., 840 F.3d 445, 446-47 (7th Cir. 2016). [21]   Rose v. Stephens Inst., No. 09-cv-05966, 2016 WL 6393513, at *1 (N.D. Cal. Oct. 28, 2016). [22]   United States ex rel. Panarello v. Kaplan Early Learning Co., No.11-cv-353S, 2016 WL 777304 (W.D.N.Y. Nov. 14, 2016). [23]   Escobar, 136 S. Ct. at 1996. [24]   Id. [25]   Id. at 2003–04 n.6. [26]   See, e.g., United States ex rel. Se. Carpenters Reg’l Council v. Fulton County, Georgia, No. 1:14-cv-4071, 2016 WL 4158392, at *8 (N.D. Ga. Aug. 5, 2016); Knudsen v. Sprint Commc’ns Co., No. 13-cv-04476, 2016 WL 4548924, at *14 (N.D. Cal. Sept. 1, 2016); United States ex rel. Lee v. N. Adult Daily Health Care Ctr., No. 13-cv-4933, 2016 WL 4703653, at *12 (E.D. N.Y. Sep. 7, 2016). [27]   Sanford-Brown, Ltd., 840 F.3d at 447. [28]   Id. at 447–48. [29]   United States ex rel. D’Agostino v. ev3, Inc., No. 16-1126, ___ F.3d ___, 2016 WL 7422943, at *5 (1st Cir. Dec. 23, 2016). [30]       Id. [31]   United States ex. rel. Dresser v. Qualium Corp., No. 5:12-CV-01745-BLF, 2016 WL 3880763, at *6 (N.D. Cal. July 18, 2016) (explaining that "payment being conditioned on compliance with regulations" does "not necessarily make a misrepresentation material"). [32]   City of Chicago v. Purdue Pharma L.P., No. 14 CV 4361, 2016 WL 5477522, at *15 (N.D. Ill. Sept. 29, 2016) (dismissing Chicago’s complaint when "the City represents that [it] is still paying for claims based on defendants’ alleged misrepresentations"). [33]   United States v. Celgene Corp. ex rel Brown, No. 10-cv-03165, 2016 WL 7626222, at *12 (C.D. Cal. Dec. 28, 2016) (quoting 42 C.F.R. § 423.100). [34]   D’Agostino, 2016 WL 7422943, at *5. [35]   Id. at *4–5. [36]   Id. at *5. [37]   Id. at *4–6. [38]   Id. at *6. [39]   Id. [40]   Id. [41]   Id. at *9 [42]   Id. [43]   See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Medical Device Maker Biocompatibles Pleads Guilty to Misbranding and Agrees to Pay $36 Million to Resolve Criminal Liability and False Claims Act Allegations (Nov. 7, 2016), https://www.justice.gov/opa/pr/medical-device-maker-biocompatibles-pleads-guilty-misbranding-and-agrees-pay-36-million. [44]   United States v. DeCoster, 828 F.3d 626 (8th Cir. 2016). [45]   Id. at 633. [46]   Id. [47]   United States v. Park, 421 U.S. 658, 673 (1975). [48]   United States v. Kaplan, 836 F.3d 1199 (9th Cir. 2016). [49]   Id. at 1209. [50]   Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Teva Pharmaceutical Industries Ltd. Agrees to Pay More Than $283 Million to Resolve Foreign Corrupt Practices Act Charges (Dec. 22, 2016), https://www.justice.gov/opa/pr/teva-pharmaceutical-industries-ltd-agrees-pay-more-283-million-resolve-foreign-corrupt. [51]   SeeIn re AstraZeneca PLC, Admin. Proc. File No. 3-17517, Order Instituting Cease-and-Desist Proceedings at 2, 6-7 (Aug. 30, 2016), https://www.sec.gov/litigation/admin/2016/34-78730.pdf. [52]   Warning Letters 2016: Office of Prescription Drug Promotion, U.S. Food & Drug Admin. [53]   SeeWarning Letter from Robert Dean, Dir., Div. of Advert. & Promotion Review, Office of Prescription Drug Promotion, U.S. Food & Drug Admin. to Firoozeh Patel, President & Chief Exec. Officer, Spriaso, LLC (Dec. 13, 2016); Untitled Letter from Koung Lee, Reg. Review Officer, Office of Prescription Drug Promotion, U.S. Food & Drug Admin. to Todd D. McIntyre, Vice President, Regulatory Affairs, DURECT Corp. (Sep. 8, 2016). [54]   SeeUntitled Letter from Charuni Shah, Regulatory Review Officer, Office of Prescription Drug Promotion, U.S. Food & Drug Admin. to Ruth E. Stevens, Exec. Vice President & Chief Sci. Officer, Chiasma, Inc. (Dec. 21, 2016); Untitled Letter from Ankur Kalola, Regulatory Review Officer, Office of Prescription Drug Promotion, U.S. Food & Drug Admin. to G. Srinivas, Head of Regulatory Affairs, Zydus Discovery DMCC (Dec. 21, 2016). [55]   SeeWarning Letter from Robert Dean, Dir., Div. of Advert. & Promotion Review, Office of Prescription Drug Promotion, U.S. Food & Drug Admin. to Kenneth H. Globus, President, United-Guardian, Inc. (Dec. 13, 2016). [56]   SeeUntitled Letter from Silvia Wanis, Regulatory Review Officer, Office of Prescription Drug Promotion, U.S. Food & Drug Admin. to Bhupesh Desai, Director, Regulatory Affairs Advert. & Promotion, Celgene Corp. (Dec. 12, 2016); Untitled Letter from Ankur Kalola, Regulatory Review Officer, Office of Prescription Drug Promotion, U.S. Food & Drug Admin. to Joanne Robinett, Assoc. Vice President, NA & Global Regulatory Affairs, Sanofi-Aventis US (Dec. 12, 2016). [57]   SeeUntitled Letter from Charuni Shah, Regulatory Review Officer, Office of Prescription Drug Promotion, U.S. Food & Drug Admin. to Ruth E. Stevens, Exec. Vice President & Chief Sci. Officer, Chiasma, Inc. (Dec. 21, 2016); Untitled Letter from Ankur Kalola, Regulatory Review Officer, Office of Prescription Drug Promotion, U.S. Food & Drug Admin. to G. Srinivas, Head of Regulatory Affairs, Zydus Discovery DMCC (Dec. 21, 2016). [58]   U.S. Food & Drug Admin, Manufacturing Communications Regarding Unapproved Uses of Approved or Cleared Medical Prods.; Public Hearing; Request for Comments, 81 Fed. Reg. 60,299 (Sep. 1, 2016), https://www.gpo.gov/fdsys/pkg/FR-2016-09-01/pdf/2016-21062.pdf. [59]   Id. at 60,301. [60]   Michael Mezher, FDA Questions Need for Looser Off-Label Promotion Restrictions, Regulatory Affairs Professionals Society (Nov. 14, 2016), http://www.raps.org/Regulatory-Focus/News/2016/11/14/26184/FDA-Questions-Need-for-Looser-Off-Label-Promotion-Restrictions/. [61]   Manufacturing Communications Regarding Unapproved Uses of Approved or Cleared Medical Prods.; Public Hearing; Request for Comments, at 60,301. [62]   U.S. Food & Drug Admin., Guidance Agenda: New & Revised Draft Guidances CDER is Planning to Publish During Calendar Year 2016 (Sept. 12, 2016). [63]   U.S. Food & Drug Admin., Guidance Agenda: New & Revised Draft Guidances CDER is Planning to Publish During Calendar Year 2017 (Jan. 11, 2017).  [64]   Principles on Responsible Sharing of Truthful and Non-Misleading Information About Medicines with Health Care Professionals and Payers, PhRMA & Biotechnology Innovation Org. (July 27, 2016), http://phrma-docs.phrma.org/sites/default/files/pdf/information-sharing-with-hcps-principles-report.pdf. [65]   Id. at 1–3. [66]   United States v. Caronia, 703 F.3d 149 (2d Cir. 2012). [67]   Amarin Pharma, Inc. v. U.S. Food & Drug Admin., 119 F. Supp. 3d 196 (S.D.N.Y. 2015). [68]   United States v. Facteau, 2016 WL 4445741 (D. Mass. Aug. 22, 2016). [69]   Id. at *2 n.1.  [70]   United States v. Facteau, No. 1:15-cr-10076, Dkt. 484 (D. Mass. Aug. 31, 2016). [71]   21st Century Cures Act, Pub. L. No. 114-255 (2016). [72]   21st Century Cures Act, H.R. 2414, 114th Cong. (2015) (earlier version of 21st Century Cures Act), https://www.congress.gov/114/bills/hr2414/BILLS-114hr2414ih.pdf. [73]   Pub. L. No. 114-255 § 3022. [74]   Id. § 3037. [75]   Id. [76]   SeeWarning Letters 2016:Office of Prescription Drug Promotion, U.S. Food & Drug Admin. [77]   Warning Letter from Francis Godwin, Acting Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Siwei Yang, President, Zhejiang Hisoar Pharm. Co., Ltd. (Aug. 11, 2016). [78]   Warning Letter from Francis Godwin, Acting Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Jiang Xiao Yue, CEO of Zhejiang Medicine Co. Ltd. (Aug. 4, 2016). [79]   E.g., Warning Letter from Francis Godwin, Acting Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Hideo Tagashira, President, Sekisui Med. Co., Ltd. (Nov. 8, 2016) (warning Sekisui Medical Co. Ltd. because an "investigator found deleted data for residual solvent testing . . . in the [computer] recycle bin"); Warning Letter from Francis Godwin, Acting Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Wang Yufeng, Chairman of the Board, Hebei Yuxing Bio-Engineering Co. Ltd. (Sept. 6, 2016) (warning Hebei Yuxin Bio-Engineering Co. Ltd. because its "laboratory analysts deleted raw chromatographic data on multiple occasions"). [80]   E.g., Warning Letter from Francis Godwin, Acting Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Srinivasan Subramaniam, Managing Dir., Srikem Labs. Pvt. Ltd. (Aug. 11, 2016). [81]   Warning Letter from Francis Godwin, Acting Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Mehul Parekh, Managing Dir., Unimark Remedies Ltd. (Aug. 12, 2016). [82]   Warning Letter from Francis Godwin, Acting Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Zhang Jian, Owner, Xiamen Origin Biotech Co., Ltd. (July 19, 2016). [83]   Warning Letter from Francis Godwin, Acting Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Hung Chih Wu, Gen. Manager, Cheng Fong Chem. Co. Ltd. (Sept. 15, 2016). [84]   Id. [85]   Warning Letter from Francis Godwin, Acting Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Sir Andrew Witty, Chief Exec. Officer, SmithKline Beecham Ltd. (June 30, 2016). [86]   Id. [87]   See List of firms and their products subject to Detention without Physical Examination (DWPE) under Import Alert 99-32 (a.k.a. Red List), http://www.accessdata.fda.gov/cms_ia/importalert_521.html. [88]   Warning Letter from Francis Godwin, Acting Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Hiromichi Kaneko, Gen. Manager, Nippon Fine Chemical Co., Ltd (Sept. 26, 2016). [89]   Id. [90]   Id. [91]   Warning Letter From Francis Godwin, Acting Dir., Office of Mfg. Quality, U.S. Food & Drug Admin to Qi Hai Lian, Vice Gen. Manager of Beijing Taiyang Pharm. Ind. Co., Ltd. (Oct. 19, 2016). [92]   Id. [93]   Warning Letter from Robin Newman, Office Dir., Office of Compliance, U.S. Food & Drug Admin. to Frederico Rubinstein, Director, F.P. Rubinstein Y Cia SRL(May 5, 2016). [94]   Id. [95]   Warning Letter from CAPT Larry Howell, Acting Dir., Compliance Branch, U.S. Food & Drug Admin. to Thomas Greany, President, Gen. Med. Co. (June 2, 2016). [96]   See e.g., Warning Letter from Robin Newman, Office Dir., Office of Compliance, U.S. Food & Drug Admin. to Su Hardy, Managing Dir., Mooncup Ltd. (May 27, 2016). [104] U.S. Food & Drug Admin., Guidance for Industry: Contract Manufacturing Arrangements for Drugs: Quality Agreements (Nov. 23, 2016), http://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM353925.pdf. [105] Section 301(a) of the FDCA, codified at 21 U.S.C. § 331(a). [106] Section 501(j) of the FDCA, codified at 21 U.S.C. § 351(j). [107] U.S. Food & Drug Admin., Guidance for Industry: Contract Manufacturing Arrangements for Drugs: Quality Agreements 5–6 (Nov. 23, 2016), http://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM353925.pdf. [108] U.S. Food & Drug Admin., Guidance for Industry: Submission of Quality Metrics Data (Nov. 25, 2016), http://www.fda.gov/downloads/drugs/guidancecomplianceregulatoryinformation/guidances/ucm455957.pdf. [109] Id. at 1. [110] Id. [111] Submission of Quality Metrics Data, 80 Fed. Reg. 85,226, 85,229 (Nov. 25, 2016). [112] U.S. Food & Drug Admin., Guidance for Industry and Food and Drug Administration Staff: Medical Device Reporting for Manufacturers, (Nov. 8, 2016), https://www.regulations.gov/contentStreamer?documentId=FDA-2013-D-0743-0031&attachmentNumber=1&disposition=attachment&contentType=pdf. [113] Id. at 13. [114] Id. at 12. [115] Id. [116] Id. [117] U.S. Food & Drug Admin., Ctr. for Devices & Radiological Health, Ctr. for Biologics Evaluation & Research, Guidance for Industry and Food and Drug Administration Staff: Adaptive Designs for Medical Device Clinical Studies (July 27, 2016). [118] U.S. Food & Drug Admin., Draft Guidance: Software as a Medical Device (SaMD): Clinical Evaluation (Aug. 5, 2016). [119] U.S. Food & Drug Admin., Ctr. for Devices & Radiological Health, Guidance for Industry and Food and Drug Administration Staff: Medical Device Reporting for Manufacturers (Nov. 8, 2016), http://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm359566.pdf. [120] U.S. Food & Drug Admin., Ctr. for Device & Radiological Health, 2016-2017 Strategic Priorities 5–6 (Jan. 2016). [121] Id. at 6. [122] U.S. Food & Drug Admin., Ctr. for Devices & Radiological Health, Ctr. for Biologics Evaluation & Research, Draft Guidance for Industry and Food and Drug Administration Staff: Unique Device Identification System: Form and Content of the Unique Device Identifier (UDI) (July 26, 2016). [123] Thomas Burton, Medical Device ID Effort Hits Snag, Wall St. J., Mar. 10, 2015, http://www.wsj.com/articles/medical-device-id-effort-is-stalled-1426027440. [124] Id. [125] U.S. Food & Drug Admin., Ctr. for Devices & Radiological Health, Ctr. for Biologics Evaluation & Research, Guidance for Industry and Food and Drug Administration Staff: Enforcement Policy on National Health Related Item Code and National Drug Code Numbers Assigned to Devices (Aug. 30, 2016).  [126] U.S. Food & Drug Admin., Ctr. for Devices & Radiological Health, Ctr. for Biologics Evaluation & Research, Draft Guidance for Industry and Food and Drug Administration Staff: Use of Real-World Evidence to Support Regulatory Decision-Making for Medical Devices (July 27, 2016).   [127] Id. at 4. [128] Id. at 8. [129] Id. at 15–19. [130] U.S. Food & Drug Admin., Ctr. for Devices & Radiological Health, Guidance for Industry and Food and Drug Administration Staff: Public Notification of Emerging Postmarket Medical Device Signals ("Emerging Signals") (Dec. 14, 2016), http://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm479248.pdf.  [131] Id. at 3 [132] Id. at 6–7. [133] Id. at 7. [134] Id. [135] See, e.g., Letter from Diane Wurzburger, Exec., Regulatory Affairs, GE Healthcare to Div. of Dockets Mgmt. (HFA-305), Food & Drug Admin. (Mar. 29, 2016), https://www.regulations.gov/document?D=FDA-2015-D-4803-0017. [136] U.S. Food & Drug Admin., Ctr. for Devices & Radiological Health, Ctr. for Biologics Evaluation & Research, Draft Guidance for Industry and Food and Drug Administration Staff: Deciding When to Submit a 510(k) for a Change to an Existing Device (Aug. 8, 2016), http://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm514771.pdf. [137] U.S. Food & Drug Admin., Office of Device Evaluation, Deciding When to Submit a 510(k) for a Change to an Existing Device (Jan. 10, 1997). [138] Food and Drug Administration Safety and Innovation Act, Pub. L. No. 112-144, § 604, 126 Stat. 993 (2012). [139] U.S. Food & Drug. Admin, Report to Congress: Report on FDA’s Policy to be Proposed Regarding Premarket Notification Requirements for Modifications to Legally Marketed Devices (Jan. 7, 2014), .  [140] U.S. Food & Drug Admin., Ctr. for Devices & Radiological Health, Guidance for Industry and Food and Drug Administration Staff: General Wellness: Policy for Low Risk Devices 1 (July 29, 2016).  [141] Id. at 2. [142] Id. at 4. [143] Id. [144] Id. at 5. [145] U.S. Food & Drug Admin., Ctr. for Devices & Radiological Health, Ctr. for Biologics Evaluation & Research, Practical Guidance for Factors to Consider when Making Benefit-Risk Determinations in Medical Device Premarket Approval and De Novo Classifications (Aug. 24, 2016).  [146] U.S. Food & Drug Admin., Ctr. for Devices & Radiological Health, Ctr. for Biologics Evaluation & Research, Patient Preference Information–Voluntary Submission, Review in Premarket Approval Applications, Humanitarian Device Exemption Applications, and De Novo Requests, and Inclusion in Decision Summaries and Device Labeling (Aug. 24, 2016). [147] Id. at 3. [148] Id. at 3–4. [149] U.S. Food & Drug Admin., Ctr. for Devices & Radiological Health, Ctr. for Biologics Evaluation & Research, Guidance for Industry and Food and Drug Administration Staff: Postmarket Management of Cybersecurity in Medical Devices (Dec. 28, 2016). [150] Id. at 13. [151] Id. at 14–15. [152] Id. at 15. [153] Id. at 17. [154] Id. at 19–21. [155] Id. at 21–23. [156] See U.S. Food & Drug Admin., Draft Guidance for Industry: FDA Notification and Medical Device Reporting for Laboratory Developed Tests (LDTs) (Oct. 3, 2014),  http://www.fda.gov/downloads/%20MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM416684.pdf; U.S. Food & Drug Admin., Draft Guidance for Industry: Framework for Regulatory Oversight of Laboratory Developed Tests (LDTs) 7 (Oct. 3, 2014). [157] Sheila Kaplan, FDA Puts Off Closing Lab-Test "Loophole," Leaving Decision to Congress and Trump, STAT (Nov. 18, 2016), https://www.statnews.com/2016/11/18/fda-lab-test-loophole/.   [158] Warning Letters 2016, U.S. Food & Drug Admin. [159] Warning Letter from Sean M. Boyd, Deputy Dir. for Regulatory Affairs, Office of Compliance, Ctr. for Devices & Radiological Health, U.S. Food & Drug Admin. to Jian Fei Tang, Beyond Technology Corp. (Jul. 19, 2016). [160] Warning Letter from Robin Newman, Office Dir., Office of Compliance, Ctr. for Devices & Radiological Health, U.S. Food & Drug Admin. to Grégory Glédel, Chief Exec. Officer and President, Novastep SAS (Jul. 28, 2016). [161] Warning Letter from Sean M. Boyd, Deputy Dir. for Regulatory Affairs, Office of Compliance, Ctr. for Devices & Radiological Health, U.S. Food & Drug Admin. to Giulio M. Cortinovis, President, A.R.C.O.S. (Aug. 3, 2016). [162] Warning Letter from Sean M. Boyd, Deputy Dir. for Regulatory Affairs, Office of Compliance, Ctr. for Devices & Radiological Health, U.S. Food & Drug Admin. to Frank Sodha, Managing Dir., Spiegelberg Gmbh & Co. KG (Aug. 3, 2016). [163] United States ex rel. Ruscher v. Omnicare, Inc. 2016 WL 6507128 (5th Cir. 2017). [164] Id. at *4. [165] Id. (citing United States v. McClatchey, 217 F.3d 823, 834 (10th Cir. 2000)). [166] Id. [167] Id. [168] Id. [169] 42 U.S.C. § 1320a-7b(b)(3)(A). [170] 42 C.F.R. § 1001.952(h)(1)(iii). [171] United States ex rel. Banigan v. Organon USA Inc., No. 1:07-cv-12153-RWZ, at 2–4 (D. Mass. Aug. 23, 2016).    [172]      Id. at 9.    [173]      Id. at 9–10.    [174]      Id. at 10. [175] Id. [176] United States ex rel. Herman v. Coloplast Corp., No. 1:11-cv-12131-RWZ, 2016 WL 4483869, at *1 (D. Mass. Aug. 24, 2016). [177] Id. (quoting 42 U.S.C. § 1320a-7b(b)(1)(B)). [178] United States’ Statement of Interest at 3–4 n.2, Coloplast Corp., No. 1:11-cv-12131-RWZ (D. Mass. Oct. 6, 2016), ECF No. 217. [179] United States’ Statement of Interest at 4, Coloplast Corp., No. 1:11-cv-12131-RWZ (D. Mass. Aug. 8, 2016), ECF No. 170. [180] Id. at 7. [181] Id. at 5. [182] 79 Fed. Reg. 59,717, 59,721 (proposed Oct. 3, 2014) (to be codified at 42 C.F.R. § 1001.952(aa)). [183] Id. [184] 81 Fed. Reg. 88,368, 88,378 (Dec. 7, 2016). [185] Id. [186] See U.S. Dep’t of Health & Human Servs. Office of the Inspector Gen., Advisory Op. 16-09 (Sept. 16, 2016), https://oig.hhs.gov/fraud/docs/advisoryopinions/2016/AdvOpn16-09.pdf.   [187] Id. [188] See U.S. Dep’t of Health & Human Servs. Office of the Inspector Gen., Advisory Op. 16-07 (June 20, 2016), https://oig.hhs.gov/fraud/docs/advisoryopinions/2016/AdvOpn16-07.pdf. [189] 21st Century Cures Act, Pub. L. No. 114-255 (2016). [190] Robert Pear, Cures Act Gains Bipartisan Support That Eluded Obama Health Law, N.Y. Times, Dec. 8, 2016, http://www.nytimes.com/2016/12/08/us/politics/cures-act-health-care-congress.html?_r=0.    [191] Juliet Eilperin & Carolyn Y. Johnson, Obama, paying tribute to Biden and bipartisanship, signs 21st Century Cures Act Tuesday, Wash. Post, Dec. 13, 2016, https://www.washingtonpost.com/news/powerpost/wp/2016/12/13/obama-paying-tribute-to-biden-and-bipartisanship-signs-21st-century-cures-act-tuesday/?utm_term=.e9f90836f9f4.   [192] 21st Century Cures Act, Pub. L. No. 114-255, § 1001 (2016). [193] Id. § 9005. [194] Id. §§ 10001–10006. [195] Id. § 1003. [196] Id. § 9031. [197] Id. § 3031(a)(5). [198] Id. § 3022. [199] Id. [200] Id. § 3042. [201] Id. § 3051. [202] Id. § 3014. [203] Id. § 3033.   The following Gibson Dunn lawyers assisted in the preparation of this client update:  Stephen Payne, Marian Lee, John Partridge, Jonathan Phillips, Sean Twomey, Reid Rector, Allison Chapin, Coreen Mao, Jennifer Gumer, Laura Musselman, Mary Kwon, Joseph Ireland, Julia Reese and Daniel Nowicki.    Gibson, Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments.  Please contact the Gibson Dunn lawyer with whom you usually work or any of the following:  Washington, D.C.Stephen C. Payne, Chair, FDA and Health Care Practice Group (202-887-3693, spayne@gibsondunn.com)F. Joseph Warin (202-887-3609, fwarin@gibsondunn.com)Marian J. Lee (202-887-3732, mjlee@gibsondunn.com)Daniel P. Chung (202-887-3729, dchung@gibsondunn.com)Jonathan M. Phillips (202-887-3546, jphillips@gibsondunn.com) Los AngelesDebra Wong Yang (213-229-7472, dwongyang@gibsondunn.com) San FranciscoCharles J. Stevens (415-393-8391, cstevens@gibsondunn.com)Winston Y. Chan (415-393-8362, wchan@gibsondunn.com) Orange CountyNicola T. Hanna (949-451-4270, nhanna@gibsondunn.com) New YorkAlexander H. Southwell (212-351-3981, asouthwell@gibsondunn.com) DenverRobert C. Blume (303-298-5758, rblume@gibsondunn.com)John D. W. Partridge (303-298-5931, jpartridge@gibsondunn.com)        © 2017 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

January 5, 2017 |
2016 Year-End False Claims Act Update

I.     INTRODUCTION What a year.  With two Supreme Court decisions and nearly $5 billion in recoveries (among other interesting entries) in 2016’s now-closed books, we can say with certainty that 2016 delivered plenty of False Claims Act ("FCA") headlines.  It is also clear that the U.S. government, state governments, and private whistleblowers (i.e., qui tam relators) continue to press new and aggressive theories of liability under the FCA–with significant success.  As recoveries remained high and fraud theories proliferated, 2016 saw the second highest number of FCA lawsuits ever brought in a single year.  Looking forward, we have little reason to believe that the government’s haul from FCA matters–or the sheer number of FCA lawsuits–will decline materially next year.    But there are several issues that will continue to be closely watched–and contested–as we head into 2017.  Foremost among them is the extent to which the Supreme Court’s 2016 decision in Universal Health Services, Inc. v. United States ex rel. Escobar, 136 S. Ct. 1989 (2016), abrogated existing FCA jurisprudence regarding the statute’s falsity, materiality, and scienter elements.  To the government and relators, the case represents a course correction that leaves intact the path to recover on expansive (and often nebulous) theories of liability.  For defendants, Escobar requires a sweeping reassessment of the theories and allegations that have allowed plaintiffs to survive the pleading stage–and even prevail–in cases where falsity, materiality, and scienter are not readily apparent.  As detailed below, the lower courts are beginning to coalesce around particular readings of Escobar; we will continue to monitor these developments throughout 2017.  Questions also linger about the incoming administration’s impact on FCA enforcement.  Many observers inside and outside government have suggested that FCA enforcement may be insulated from more dramatic shifts elsewhere at the U.S. Department of Justice ("DOJ") because of the FCA’s bipartisan appeal as a tool for returning funds to the government.  But, as described below, the incoming administration’s campaign commitment to scrap the Patient Protection and Affordable Care Act ("ACA"