82 Search Results

June 18, 2019 |
Four Gibson Dunn Partners Recognized in Who’s Who Legal 2019 in Tax, Life Sciences and Insurance

Four Gibson Dunn partners were recognized by Who’s Who Legal in their respective fields. In Who’s Who Legal Thought Leaders – Tax 2019, two partners were recognized: London partner Sandy Bhogal and New York partner Eric Sloan. Orange County partner William Rooklidge was recognized in the 2019 edition of Who’s Who Legal Life Sciences. In the 2019 edition of Who’s Who Legal Insurance and Reinsurance Los Angeles partner Dean Kitchens was recognized. These guides were published in April, May and June of 2019.

May 20, 2019 |
Supreme Court Holds That Courts, Not Juries, Must Decide Whether The FDA’s Rejection Of A Proposed Warning Label Provides “Clear Evidence” To Preempt A State-Law Failure-To-Warn Claim

Click for PDF Decided May 20, 2019 Merck Sharp & Dohme Corp. v. Albrecht, No. 17-290  Today, the Supreme Court unanimously held that courts, not juries, must decide as a matter of law whether there is “clear evidence” that the FDA would not have approved a proposed label warning about a risk of a drug, thereby preempting a state-law failure-to-warn claim based on that same risk. Background: Patients sued Merck for failing to warn that its prescription drug Fosamax is associated with “atypical femoral fractures.”  Merck moved for summary judgment, arguing that the claims were preempted because the FDA had rejected Merck’s proposed label warning about the risk of the fractures.  Specifically, Merck submitted to the FDA a “Prior Approval Supplement”—which requires the agency’s preapproval to add language to a warning label—seeking to warn about the risk of “stress fractures,” but the FDA rejected the proposal on the basis that Merck’s justification was “inadequate” because “[i]dentification of ‘stress fractures’ may not be clearly related to the atypical subtrochanteric fractures that have been reported in the literature.”  Merck argued that the FDA’s decision made it impossible for the company to comply with both state law and federal law and, therefore, the patients’ state-law failure-to-warn claims were preempted.  The district court granted summary judgment to Merck, but the U.S. Court of Appeals for the Third Circuit reversed, holding that Wyeth v. Levine, 555 U.S. 555 (2009), established an evidentiary standard of proof that required the factfinder to conclude that there is “clear evidence”—i.e., that it is highly probable—that the FDA would not have approved a change to the drug’s label to include the warning allegedly required under state law.  And because there was a genuine issue of material fact as to why the FDA rejected Merck’s proposed label, Merck was not entitled to summary judgment. Issue:  Federal law preempts a state-law failure-to-warn claim where there is “clear evidence” that the FDA would not have approved a drug manufacturer’s proposed label warning about a particular risk of using that drug.  Wyeth, 555 U.S. at 571.  “Is the question of agency disapproval primarily one of fact, normally for juries to decide, or is it a question of law, normally for a judge to decide without a jury?”  Court’s Holding:  Whether there is “clear evidence” that the FDA would have rejected a proposed label warning is a question of law for the courts to decide.  “We here decide that a judge, not the jury, must decide the pre-emption question . . . . The question often involves the use of legal skills to determine whether agency disapproval fits facts that are not in dispute.” Justice Breyer, writing for the Court What It Means: The Court preserved the ability of manufacturers to assert an impossibility preemption defense to state-law claims for failure to warn about a certain risk when the FDA has rejected a proposed label warning about the same risk. The decision clarified that the “clear evidence” phrase in Wyeth does not refer to an evidentiary standard of proof that applies to preemption questions, and reiterated that courts must answer such questions by asking whether state and federal law “irreconcilably conflict.” The Court explained that state and federal law “irreconcilably conflict” in the failure-to-warn context if (i) a manufacturer fully informed the FDA of the justifications for a drug label warning required by state law, and (ii) the FDA nevertheless disapproved of the manufacturer’s proposed change to the drug’s label to include the warning. The decision may improve the uniformity of preemption law in this area, as judges will be bound by precedent and are more familiar than lay juries with construing agency determinations. As always, Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Supreme Court.  Please feel free to contact the following practice leaders: Appellate and Constitutional Law Practice Allyson N. Ho +1 214.698.3233 aho@gibsondunn.com Mark A. Perry +1 202.887.3667 mperry@gibsondunn.com Related Practice: Life Sciences; FDA and Health Care Tracey B. Davies +1 214.698.3335 tdavies@gibsondunn.com Ryan A. Murr +1 415.393.8373 rmurr@gibsondunn.com Marian J. Lee +1 202.887.3732 mjlee@gibsondunn.com Daniel J. Thomasch +1 212.351.3800 dthomasch@gibsondunn.com © 2019 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

February 12, 2019 |
2018 Year-End FDA and Health Care Compliance and Enforcement Update – Drugs and Devices

Click for PDF Last January, we observed that the new administration had yet to upend pre-existing enforcement and regulatory trends in the pharmaceutical and medical device industries.  But in the past 12 months several Trump administration priorities began to coalesce.  From initiatives to address the opioid epidemic, to efforts to police patient assistance programs, to attempts to depress pharmaceutical prices, 2018 saw significant governmental attention to drug and device companies. Not all of the administration’s attention is unwanted.  Notably, there have been a few signs of scaled-back executive enforcement and regulatory activity impacting drug and device companies.  For example, in December, the Department of Justice (“DOJ”) moved to dismiss nearly a dozen qui tam suits brought against pharmaceutical companies under the False Claims Act (“FCA”), carrying into action recent, well-publicized policy shifts at DOJ with regard to FCA actions.  In moving to dismiss those suits, DOJ observed that the relator’s theories threatened to “undermine common industry practices [that] the federal government has determined are . . . appropriate and beneficial to federal healthcare programs and their beneficiaries.”[1]  Meanwhile, the U.S. Food and Drug Administration (“FDA”) clearly has recalibrated its enforcement efforts with respect to promotional activities by drug and device companies.  While Congress failed to make any significant progress toward implementing long-promised legislation regarding off-label promotion, FDA finally issued two pertinent guidance documents on that issue in June. On the other hand, although financial recoveries from actions or investigations involving drug and device makers initiated by DOJ, the Department of Health and Human Services, Office of Inspector General (“HHS OIG”), and FDA started slowly in 2018, the latter half of the year saw several large settlements.  DOJ employed aggressive law enforcement tactics to combat opioid abuse, targeting a range of individuals and entities.  Notably, DOJ leveraged the FCA and the Anti-Kickback Statute to investigate and bring suits against opioid manufacturers and distributors.  Further, DOJ did not pull any punches with respect to drug companies’ patient assistance programs.  FDA enforcement actions relating to promotional activity remained relatively consistent with past years, focusing on only the most flagrant cases of deceptive advertising.  But FDA continued to crack down on issues related to current good manufacturing practices and focused, in particular, on concerns with quality and data integrity issues.  We anticipate that these 2018 priorities will continue to drive DOJ and FDA activity in 2019. In the new year, we anticipate that the new majority in the House of Representatives will amp up the pressure on pharmaceutical companies, in particular.  According to the House Committee on Oversight and Reform, the Committee already has “launched one of the most wide-ranging investigations in decades into the prescription drug industry’s pricing practices,” beginning with requests for detailed information and documents regarding pricing practices from 12 drug companies.[2]  But other regulatory tea leaves for 2019 are more difficult to read because of the government shutdown, which forced FDA to furlough approximately 40% of its employees at the time.  Although the agency publicly announced it would continue “vital activities . . . that are critical to ensuing public health and safety,” such as screening imported products, recalls, and pursuit of civil and criminal investigations where “public health is imminently at risk,” the shutdown halted FDA’s more routine enforcement actions and regulatory activity (e.g., issuing guidance documents) during that period.[3] We address each of these important enforcement and regulatory developments in the drug and device space below, beginning with an overview of recent government enforcement efforts and FCA jurisprudence, then moving to relevant regulatory guidance and activity regarding promotional activities, manufacturing practices, and the AKS, and concluding with notable developments on drug pricing and for device manufacturers. As always, we would welcome the opportunity to discuss the impact of these developments with you in more detail.  Additional presentations and publications on regulatory and enforcement issues impacting drug and device makers are available on our website, including industry-specific webcasts with more in-depth discussions of the FCA and practical guidance to help companies avoid or limit legal exposure. I.    DOJ ENFORCEMENT IN THE PHARMACEUTICAL AND MEDICAL DEVICE INDUSTRIES FCA resolutions delivered the bulk of financial recoveries against drug and device companies in 2018.  DOJ also brought several federal Food, Drug, and Cosmetic Act (“FDCA”) enforcement actions, but Foreign Corrupt Practices Act (“FCPA”) activity in the drug and device space remained relatively quiet this past year. As the new year progresses, we expect to see the continued impact of two memoranda on DOJ enforcement efforts issued last January by the then-Associate Attorney General, Rachel Brand, (the so-called “Brand Memo”) and the Director of DOJ’s Civil Division’s Fraud Section, Michael Granston (the “Granston Memo”).  As we detailed in our client alert, DOJ Policy Statements Signal Changes in False Claims Act Enforcement, the Brand Memo bars DOJ attorneys from using guidance documents to “create binding requirements that do not already exist by statute or regulation,” and from using DOJ’s “enforcement authority to effectively convert agency guidance documents into binding rules.”[4]  But the Brand Memo acknowledges that federal prosecutors may use such guidance as evidence of scienter (e.g., as proof that a defendant knew of obligations under the law).[5] Many agencies, including FDA (in the off-label and quality and manufacturing space) and HHS OIG (in the application of the AKS), routinely issue guidance documents interpreting relevant legislation and regulations.  DOJ historically relied on these guidance documents to bolster claims that the actions of a drug or device maker violated a particular statute or regulation and thus resulted in “false” claims under the FCA.  Under the Brand Memo, DOJ will have to identify other means to support its allegations, and this may well constrain enforcement activity. The Granston Memo directs government lawyers evaluating whether to decline to intervene in a qui tam FCA action to “consider whether the government’s interests are served” by dismissal of the underlying qui tam claims pursuant to 31 U.S.C. § 3730(c)(2)(A) based on seven enumerated factors.[6]  DOJ’s rollout of an updated United States Attorneys’ Manual—now entitled the Justice Manual—builds on that initiative.  Indeed, the Justice Manual appears to incorporate the Granston Memo’s rubric by encouraging government lawyers to evaluate a non-exhaustive list of factors (any one of which may support dismissal) when assessing whether to intervene.[7] Taken together, these policy statements indicate that DOJ intends to hew more closely to constitutionally defined bounds for the executive branch and to employ more judicious enforcement of the FCA—both welcome developments for drug and device manufacturers.  As detailed further below, DOJ sought to dismiss a dozen qui tam suits in this past year, thereby executing on the policies embodied by the Granston Memo and the revisions to the Justice Manual. One additional DOJ policy development merits attention.  In September 2015, then-Deputy Attorney General Sally Yates issued a memorandum (the so-called “Yates Memo”) stating that corporations must provide “all relevant facts” about individuals involved in misconduct.[8]  Unlike the Granston Memo, which has had a quick impact on multiple qui tam suits, the Yates Memo had a less evident impact on drug and device companies.  Nevertheless, the requirement that a company identify and provide evidence on all potentially culpable individuals struck many as a significant burden.  In a speech in November 2018, Deputy Attorney General Rod Rosenstein announced a fine-tuning of the Yates Memo’s requirements.  Under the new DOJ policy, companies seeking cooperation credit must only identify individuals who were “substantially involved in or responsible for the criminal conduct” under investigation in white-collar investigations.[9] A.    False Claims Act This year, DOJ recovered more than $1.1 billion from 19 FCA-related settlements with companies in the drug and device industries.  Although DOJ’s civil recoveries through the first half of 2018 were less than a quarter of what they were at the same time last year, two large-scale settlements with pharmaceutical companies in the second half of the year pushed the total recoveries from resolutions with drug and device manufacturers closer to last year’s total of approximately $1.4 billion. As illustrated below, DOJ settled 13 matters with device manufacturers (including two with AngioDynamics) and only six with pharmaceutical companies.  Despite this disparity, the vast majority of DOJ’s settlement recoveries, roughly 90%, resulted from the investigations involving pharmaceutical companies.  Recoveries in 2018 (like 2017) came almost exclusively from actions pursued under improper billing and AKS theories.[10] 1.    Settlements in FCA Matters Relating to Patient Assistance Programs The second largest settlement in 2018 resulted from a DOJ investigation into a pharmaceutical company’s financial ties to nonprofit patient assistance programs, which help needy patients access free or low-cost medications.  Further, over the past year, a second pharmaceutical company disclosed a resolution tied to a similar investigation, and two other companies disclosed resolutions in principle.  These resolutions follow United Therapeutics Corp.’s $210 million settlement in December 2017, discussed in our 2017 Year-End Update. As we reported last year, government scrutiny of patient assistance programs is a relatively recent development in the enforcement arena.  Companies have supported patient assistance programs directly and indirectly for years, and the government generally has approved of such arrangements.  For example, in a Special Advisory Bulletin in 2005, HHS OIG explained that certain cost-sharing assistance through “bona fide, independent charities unaffiliated with pharmaceutical manufacturers should not raise [AKS] concerns, even if the charities receive manufacturer contributions.”[11]  In recent years, however, HHS OIG has determined that aspects of patient assistance programs can be problematic and raise AKS concerns.[12]  Carrying on the trend we observed in our 2017 Year-End Update, several of the settlements announced this year began with investigations launched by the U.S. Attorney’s Office for the District of Massachusetts. In December, DOJ announced its most recent resolution in this arena, which happens to be the largest to date.  According to the government, Actelion Pharmaceuticals has agreed to pay $360 million to resolve claims that it used a charitable foundation to cover the copays of patients taking its pulmonary arterial hypertension drugs.[13]  The government claimed that Actelion obtained data from the foundation regarding the payments the foundation made on behalf of patients taking the drugs and used that data to contribute amounts sufficient to cover the copays of only those patients, thereby purportedly violating the AKS.[14]  The government further alleged that Actelion referred Medicare patients to the foundation rather than allowing them to participate in the company’s free drug program in order to generate revenue.[15] The first half of the year saw several other similar matters reach the resolution stage: In May, Pfizer, Inc. announced it had agreed to pay $23.85 million to resolve allegations that it violated the AKS by paying patients’ copay obligations with funds purportedly channeled through a foundation.[16]  According to the government, Pfizer donated money to the foundation for the purpose of covering copays for two of its drugs used to treat renal cell carcinoma, which could have been provided at no cost to patients who qualified for Pfizer’s existing free drug program.[17]  The government claimed that paying patients’ copay obligations constituted remuneration designed to induce patients to use Pfizer’s drugs.[18]  Further, according to the government, Pfizer worked with the foundation to create and finance a fund for patients suffering from the heart condition treated by its drug Tikosyn.[19]  Pfizer allegedly referred patients to the fund and timed the creation of the fund to coincide with Pfizer’s increase in the price of the drug.[20]  The government asserted that these actions allowed Pfizer to generate more revenue, while masking the effect of its price increases.[21]As part of the resolution, Pfizer entered into a five-year corporate integrity agreement (“CIA”) with HHS OIG, in which Pfizer agreed to ensure legally compliant interactions with third-party patient assistance programs.[22]  Intended to “promote[] independence” between the company and any such programs to which it donates, the agreement requires review by an independent organization, compliance-rated certifications, and the implementation of a risk assessment and mitigation process.[23] Also in May, Dublin-based Jazz Pharmaceuticals PLC announced in an SEC filing that it had agreed in principle to pay $57 million to resolve similar allegations.[24]  Neither Jazz nor the government has disclosed the government’s allegations in public sources, but the company’s SEC filings indicate that the allegations generally concern Jazz’s financial support of patient assistance nonprofits that help cover copays.[25]  The company had not finalized the settlement with DOJ at the time of its most recent quarterly filing.[26] In early June, Denmark-based H. Lundbeck A/S announced that its U.S. subsidiary, Lundbeck LLC, had reached an agreement in principle with DOJ to pay $52.6 million to resolve DOJ’s investigation into the company’s ties to patient assistance charities.[27]  Although the final terms of the agreement remain subject to negotiation and few details are publicly available,[28] Lundbeck previously disclosed that its subsidiary, Lundbeck NA Ltd., received a subpoena from the U.S. Attorney’s Office for the District of Massachusetts in 2016, relating to its “payments to charitable organizations providing financial assistance to patients taking Lundbeck products” and to sales and marketing practices.[29] These patient assistance investigations raise a host of legal and policy questions, ranging from the appropriate reach of the AKS to the impact on bona fide corporate charitable contributions to the First Amendment implications of the government’s theories.  In light of these key questions, it came as no surprise that a charity, Patient Services Inc., filed a First Amendment lawsuit in the U.S. District Court for the Eastern District of Virginia in January challenging the constitutionality of HHS OIG’s restrictions on the charity’s communications with donors.[30]  Despite the thorny legal and policy questions, it appears DOJ will continue pursuing claims tied to patient assistance programs. 2.    Settlements in AKS-Related FCA Matters In addition to its activity relating to patient assistance programs, DOJ reached a number of other notable AKS-related settlements in 2018. In August, Insys Therapeutics reached an agreement in principle with the government to pay at least $150 million, and potentially an additional $75 million depending on certain events, to resolve a DOJ investigation into claims that the drug maker paid kickbacks to doctors to induce them to prescribe Subsys, an opioid medication.[31]  According to the government’s complaint in intervention, Insys allegedly paid doctors sham speaker fees, hired doctors’ friends and relatives, and provided doctors with lavish meals and entertainment to encourage more Subsys prescriptions.[32]  The government further asserted that Insys caused federal health care programs to pay for uses of Subsys that are not covered by the programs; for example, the government contended that Insys encouraged doctors to prescribe Subsys even when it was not medically necessary and also misrepresented patients’ medical diagnoses to federal program sponsors.[33]  A number of former Insys employees and doctors previously pled guilty to criminal charges relating to alleged kickbacks for Subsys prescriptions,[34] and the company’s former Vice President of Sales pled guilty to one count of racketeering conspiracy in November 2018.[35]  The company’s former CEO also pled guilty to conspiracy and mail fraud charges in January 2019,[36] and the trial of several other former executives is currently underway. The government announced in October that Abbott Laboratories and AbbVie Inc. agreed to pay $25 million to settle claims that Abbott sales representatives provided doctors with gift baskets, gift cards, and other items in exchange for prescriptions of the drug TriCor.[37]  The settlement also resolved claims that Abbott marketed and promoted TriCor for unapproved uses, including treatment of diabetic patients and the reduction of cardiac health risks.[38] In December, the government announced that Covidien (which Medtronic acquired in 2015), agreed to pay $13 million to resolve claims under the FCA stemming from efforts to collect data regarding user experiences with its device.[39]  Additionally, Medtronic will pay another $20 million to resolve other DOJ claims “concerning various market-development and physician engagement activities” conducted by Covidien and ev3, which Covidien acquired in 2010.[40] In addition to the actions above, DOJ announced settlements of several other AKS-related cases with drug and device makers throughout the year: In March, Abiomed, Inc. agreed to a $3.1 million settlement to resolve claims that it paid for expensive meals to induce physicians to use the company’s line of heart pumps.[41]  The government claimed that Abiomed managers approved expenses for meals even though the cost-per-attendee far exceeded internal company expense guidelines, the company purportedly misrepresented the number of attendees and/or listed fictitious names to make costs appear lower, and attendees ordered alcohol in amounts inconsistent with legitimate scientific discussion.[42]  This resolution continues a line of matters in which DOJ has pointed to meal expenses that surpassed company limits as evidence of improper remuneration.[43] In May, the government intervened to take part in a $1.9 million settlement with medical equipment supplier Precision Medical Products, Inc. (“PMP”).[44]  Between January 2011 and 2017, PMP allegedly based its independent contractor sales representatives’ commissions on the amount of federal health program reimbursements they could obtain.[45]  (Notably, HHS OIG rejected expanding the bona fide employee safe harbor to this contract sales force.)  The complaint alleged that these acts were illegal kickbacks because they incentivized referrals of patients and patient orders to PMP that may be covered by government-funded programs.[46]  PMP also allegedly forged documents to obtain approvals and the related reimbursements for its durable medical equipment (“DME”) products in violation of federal program requirements,[47] including through techniques dubbed “magic time” (i.e., tracing a physician’s signature onto other documents) and “ninja drive” (i.e., using a presigned form).[48]  The complaint further asserts that PMP violated federal rules by waiving co-insurance payments and then billing the government.[49] In August, Trinity Medical Pharmacy and several of its principals agreed to pay more than $2.24 million to resolve allegations that it knowingly billed government programs for claims driven by kickbacks and omitted its COO’s previous felony conviction from its application to become a certified provider with Express Scripts, the pharmacy benefit manager for TRICARE and several other carriers.[50] Also in August, Florida-based provider of oxygen and respiratory therapy services Lincare paid $5.25 million to settle claims that it improperly waived or reduced co-insurance, co-payments, and deductibles for beneficiaries of a Medicare Advantage Plan and caused the submission of false claims for payments to Medicare.[51] In December, medical device company LivaNova USA agreed to pay $1.87 million to resolve allegations that it knowingly paid kickbacks in the form of speaking fees to Georgia physicians to induce them to refer its devices for treatment of refractory epilepsy.[52] 3.    Other Settlements in FCA Matters The remainder of the government’s settlement recoveries during 2018 came from alleged violations of government health program requirements or restrictions on off-label promotion. In October, the government announced the largest FCA enforcement settlement of the year, with AmerisourceBergen Corporation and four of its subsidiaries (“ABC”).[53]  ABC agreed to pay $625 million to resolve allegations that a facility it operated repackaged oncology-supportive drugs into pre-filled syringes and distributed those syringes to doctors to provide to cancer patients.[54]  The government alleged that ABC sought to profit from the operation by purchasing the syringes from manufacturers, pooling their contents, repackaging the drugs, and harvesting the overfill to create more doses than it originally purchased.[55]  The government further claimed that ABC was able to bill multiple health care providers for the same syringe and increase its market share by offering discounts.[56]  This settlement follows a 2017 settlement in which one of ABC’s subsidiaries pled guilty to illegally distributing misbranded drugs and agreed to pay $260 million to resolve criminal claims that it distributed the drugs from a facility that was not registered with FDA.[57] Although the ABC resolution dwarfs DOJ’s other settlements in this space, the past year saw multiple additional enforcement actions involving purported violations of federal program requirements and/or off-label promotion: In March, Alere Inc. and its subsidiary, Alere San Diego, agreed to pay $33.2 million to resolve allegations related to sales of purportedly unreliable diagnostic devices.[58]  According to the government, Alere received customer complaints that put it on notice that certain of its devices used to diagnose serious heart conditions potentially transmitted false positives and false negatives; nevertheless, the government alleged, the company did not take appropriate corrective actions until government inspections resulted in a nationwide recall.[59]  Of the settlement, more than $4.8 million will be returned to individual states.[60] In April, Allergan, Inc. settled claims involving allegations that the company sold purportedly defective weight loss devices, marketed the device for use in surgical procedures that were not described in the product’s approved labeling, and made inappropriate payment to physicians.[61]  Allergan agreed to pay $3.5 million in connection with the resolution, nearly $200,000 of which will be split among impacted states.[62] In July, medical device manufacturer AngioDynamics agreed to pay $11.5 million to resolve allegations that it marketed a product for unapproved uses and instructed health care providers to use incorrect billing codes to submit claims for those uses.[63]  It also agreed to pay an additional $1 million to settle claims that certain AngioDynamics employees represented to health care providers that federal health care programs would cover an unapproved use of a recalled and re-issued product previously used to treat perforator veins, thus causing false claims to be submitted to the programs.[64] In September, the government announced that now-defunct compounding pharmacy RS Compounding and its owner agreed to pay $1.2 million to resolve allegations that it charged federal health care programs a higher price for its drugs (in some cases, over 10,000 percent higher) than it charged the public.[65] In October, Cooley Medical Equipment agreed to pay more than $5.25 million to settle claims that it falsely stated that certain of its compounded medical creams used cream-based ingredients rather than bulk powder, to avoid prior authorization requirements for bulk powder ingredients or limited reimbursement from federal health care programs.[66]  Cooley self-disclosed the conduct and will be allowed to pay the settlement amount—which, according to the government, is 1.5 times the amount of monetary loss caused by the false claims—over a period of six years.[67]  Because the government typically insists on doubling purported damages in settlement discussions, it appears that the government underscored the loss calculation so as to encourage other entities to self-disclose and cooperate. B.    Developments in Enforcement Actions Against Opioid Manufacturers and Distributors As reported in our 2017 Mid-Year and Year-End updates, DOJ has made criminal and civil enforcement related to the opioid epidemic a top priority.  Reflecting on developments in 2018, it is clear that DOJ is following through on its commitment to target aggressively the opioid epidemic, and all signs indicate that these efforts are likely to persist for the foreseeable future. Numerous comments by DOJ officials suggest that DOJ is prepared to pursue litigation against manufacturers in conjunction with the Department’s efforts to stem the tide of opioid misuse, overdoses, and deaths.  On February 27, 2018, DOJ announced the creation of the Prescription Interdiction & Litigation (“PIL”) Task Force, which “will aggressively deploy and coordinate all available criminal and civil law enforcement tools” to curb the opioid epidemic, “with a particular focus on opioid manufacturers and distributors.”[68]  In remarks delivered the following day, Deputy Assistant Attorney General Stephen Cox specifically stated that DOJ would be using the FCA as a tool to address the opioid epidemic.[69]  Just last month, Deputy Assistant General James Burnham also commented that the FCA and FDCA “are squarely implicated” should a pharmaceutical company misrepresent opioid-related risks; he cited potential enforcement avenues against pharmaceutical companies, including actions under the Controlled Substances Act (“CSA”) for failure to report suspicious orders of controlled substances and misbranding-related actions under the FDCA for failure to communicate adequate risk information in accordance with FDA-required Risk Evaluation and Mitigation Strategies.[70] DOJ also announced a program this year to target suppliers and wholesale distribution networks responsible for distributing fentanyl and other synthetic opioids, which will focus on ten districts with high rates of deadly drug overdoses.[71]  In support of these enforcement efforts, DOJ is utilizing a new data analytics program focusing specifically on opioid-related health care fraud, which enables DOJ officials to pinpoint areas with high rates of prescription, dispensing, and overdoses.[72] In some cases, DOJ’s heated rhetoric has previewed hard-hitting acts.  In April, DOJ intervened in now-consolidated suits alleging AKS-related violations against Insys Therapeutics, Inc., the manufacturer of a sublingual fentanyl spray approved for the treatment of breakthrough pain in adult cancer patients already on opioid therapy.  In addition to the AKS-related claims noted above, the complaint alleged that the manufacturer encouraged off-label use of the product in situations where the use was “not medically reasonable and necessary” and misrepresented patient diagnoses to secure reimbursement for the company’s product.[73]  As discussed above, Insys Therapeutics reached an agreement in principle with the government to pay at least $150 million and potentially up to $225 million to resolve the claims.[74]  Several former Insys employees and doctors previously pled guilty to criminal charges relating to alleged kickbacks for Subsys prescriptions,[75] the company’s former Vice President of Sales pled guilty to one count of racketeering conspiracy in November 2018,[76] and the company’s former CEO recently pled guilty to conspiracy and mail fraud charges in January 2019.[77] Further underscoring the government’s ongoing scrutiny of the industry, other manufacturers also have disclosed that they are in receipt of subpoenas related to the manufacture, distribution, and marketing of opioids, including three manufacturers that received subpoenas from the U.S. Attorney’s Office for the Southern District of Florida related to generic opioid products.[78] In April, DOJ also filed a “friend of the court” motion in ongoing multidistrict litigation against opioid manufacturers and distributors to enable it to participate in settlement negotiations.[79]  Before filing its motion, DOJ announced that it would seek reimbursement from the defendants for the costs that the federal government has incurred as a result of the opioid epidemic, such as costs borne by federal health care programs and the expenses associated with law enforcement initiatives.[80]  And, in August, DOJ announced the unsealing of an indictment charging two Chinese citizens with operating a conspiracy through numerous companies (including companies within the United States) to manufacture and ship fentanyl analogues and other drugs illegally to the United States.[81] Of note, DOJ has taken steps to address the opioid epidemic from a regulatory perspective as well.  Observing that the United States is an outlier in the number of opioids prescribed each year, former Attorney General Jeff Sessions issued a memo directing the U.S. Drug Enforcement Administration (“DEA”) to evaluate whether to amend regulations addressing the aggregate production quota, which sets the quantity of opioids that manufacturers are permitted to produce each year.[82]  In response, the DEA issued a proposed rule that would limit opioid production in some instances and strengthen controls to prevent diversion of controlled substances.[83]  Later in the year, in an effort to “encourage vigilance on the part of opioid manufacturers,” DOJ and the DEA proposed an average ten percent reduction in 2019 manufacturing quotas for the six most frequently misused opioids.[84] On October 24, 2018, President Trump also signed into law The Substance Use – Disorder Prevention that Promotes Opioid Recovery and Treatment for Patients and Communities Act (the “SUPPORT for Patients and Communities Act”), which seeks to “reduc[e] access to the supply of opioids by expanding access to prevention, treatment, and recovery services.”[85]  Among other items, the bipartisan legislation bolsters requirements for CSA registrants to design and operate systems to identify suspicious orders and report those orders to the DEA,[86] requires drug manufacturers and distributors to review quarterly DEA reports showing the total number of registrants distributing controlled substances as well as the total quantity and type of opioids distributed to pharmacies and practitioners,[87] requires HHS to support state efforts to develop their own prescription drug monitoring programs, and allows FDA to recall a controlled substance if it determines there is a “reasonable probability” that the controlled substance “would cause serious adverse health consequences or death.”[88] C.    Notable Developments in FDCA Enforcement In 2018, DOJ obtained a number of injunctions against and resolutions with manufacturers and distributors to prevent the sale and distribution of allegedly unapproved, adulterated, and misbranded drugs or devices. In December, DOJ secured guilty pleas—and a significant fine—in an FDCA case alleging that Tokyo-based Olympus Medical Systems Corporation and a former senior executive distributed misbranded medical devices in interstate commerce.[89]  According to the government (and the plea documents), Olympus failed to file adverse event reports, known as Medical Device Reports (“MDRs”), with FDA in 2012 and 2013 after learning that certain patients using its duodenscopes contracted infections.[90]  Olympus allegedly also received an independent expert report in 2012 that identified the possibility of bacteria in the duodenscopes and recommended further investigation and updated cleaning instructions.[91]  Under the FDCA, devices with required but unfiled MDRs or supplemental MDRs are deemed misbranded.[92]  Pursuant to the plea deal, the U.S. District Court for the District of New Jersey fined Olympus $80 million and ordered $5 million in criminal forfeiture.  Olympus also agreed to implement a number of compliance measures, including the retention of an MDR expert who will review Olympus’s compliance with the FDCA’s MDR requirements, as well as periodic review by the company’s president and board of directors.[93]  The sentencing of the former executive is set for March 2019.[94] DOJ also pursued several drug and device makers for alleged promotion of unsupported therapeutic claims and other unapproved uses. In March, for example, DOJ announced that the U.S. District Court for the Middle District of Florida permanently enjoined a Florida company, MyNicNaxs LLC, and two associated individuals from selling sexual enhancement and weight loss products until the company institutes specific remedial measures and obtains written approval from FDA.[95]  According to the complaint, the products contained undisclosed ingredients, some of which have been shown to increase the risk of heart attacks and strokes.  Further, the government alleged that no scientific evidence supported the company’s claims that the products cured or prevented serious diseases.[96] The U.S. District Court for the District of New Jersey in August similarly enjoined two companies—S Hackett Marketing LLC d/b/a Just Enhance of Trenton, New Jersey and R Thomas Marketing LLC of Bronx, New York—and related individuals from selling unapproved sexual enhancement products that the government claimed contained an undisclosed ingredient and also lacked labels revealing potentially adverse consequences of using the products.[97] In July, three related Chicago companies, their owner, and their operations manager also agreed to settle claims that they were manufacturing, selling, and distributing adulterated and misbranded dietary supplements and unapproved drugs and to be bound by a consent decree of permanent injunction.[98]  The government’s complaint alleged that the companies’ claims that their products could help prevent or treat diseases such as Alzheimer’s, diabetes, HIV, and Parkinson’s were unsupported by credible scientific evidence, labels were deficient, and FDA inspections revealed failures to comply with current good manufacturing practice regulations, including failure to establish written sanitation procedures.[99] In early December, Minnesota-based medical device manufacturer ev3 Inc. agreed to plead guilty to a misdemeanor charge in connection with distribution of its liquid embolization device, Onyx.[100]  The government alleged that, although FDA approved Onyx only for use inside the brain, ev3 sales representatives encouraged surgeons to use Onyx for other, unapproved uses from 2005 to 2009.[101]  The government further claimed that ev3’s management designed sales quotas and bonuses that incentivized sales of Onyx for such uses.[102]  As part of the resolution, ev3 will pay a fine of $11.9 million, and it will forfeit $6 million.[103]  Medtronic, ev3’s current parent company, also has agreed to implement new compensation structures and conduct compliance monitoring relating to Onyx sales and marketing.[104]  As noted above, DOJ separately entered into a civil settlement with Covidien related to allegations brought under the FCA. DOJ also took action against several companies in connection with purported current good manufacturing practice (“cGMP”) violations: As described in more detail below, DOJ announced consent decrees permanently preventing distribution of adulterated drugs by two compounding pharmacies, Cantrell Drug Company and Delta Pharma, Inc., and related individuals.[105]  DOJ alleged that the drugs were adulterated because the companies failed to comply with cGMP requirements and because the drugs may have been contaminated as a result of insanitary conditions. In October, DOJ also announced consent decrees of permanent injunctions to prevent distribution of misbranded drugs against Keystone Laboratories, Inc. and its owner and operator.[106]  DOJ alleged that Keystone distributed hair and skin care products that failed to comply with FDA’s cGMPs due to potential bacterial contamination from insanitary conditions.[107]  The company cannot begin manufacturing again unless it complies with specific remedial measures, and the injunction provides for safeguards if the defendants work with third parties to manufacture their products.[108] D.    FCPA Investigations Although multiple DOJ and SEC investigations into the foreign sales practices of many drug and device companies remain ongoing, DOJ did not announce any FCPA settlements with drug and device companies in 2018.  This quiet may not last long: DOJ previously signaled that it plans to ramp up its FCPA enforcement in the health care space, as discussed in our 2017 Year-End Update.  In a speech delivered in 2017, Sandra Moser, then-Acting Chief of DOJ’s Fraud Section, announced that prosecutors from DOJ’s FCPA unit would begin “working hand in hand” with the Corporate Strike Force of DOJ’s Healthcare Fraud Unit to “investigate and prosecute matters relating to healthcare bribery schemes, both domestic and abroad.”[109] For its part, the SEC announced two FCPA settlements with drug and device companies in 2018. On September 4, a Paris-based pharmaceutical company agreed to pay more than $25 million in disgorgement, prejudgment interest, and penalties to resolve FCPA-related charges by the SEC regarding alleged corrupt payments to government procurement officials and health care providers in Kazakhstan and the Middle East.  The company also agreed as part of the resolution to self-report about anti-corruption compliance to the SEC for a two-year period.[110] On September 28, a Michigan-based medical device company settled FCPA-related charges by the SEC.  According to the SEC, the company violated the books and records and internal accounting controls provisions of the FCPA.  The company agreed to pay a $7.8 million penalty, and the settlement was the SEC’s second FCPA action against the company.  The company did not admit or deny the SEC’s charges, but consented to a cease-and-desist order and the penalty.[111] II.    FCA JURISPRUDENCE DEVELOPMENTS RELEVANT TO DRUG AND DEVICE COMPANIES A.    Developments in the Implied Certification Theory’s Materiality Requirement As detailed in our 2017 Mid-Year and Year-End False Claims Act Updates, the federal courts continue to grapple with the implications of the Supreme Court’s decision in Universal Health Servs., Inc. v. United States ex rel. Escobar (“Escobar”).  Under the theory of falsity addressed in Escobar, a company impliedly certifies compliance with all conditions of payment when it submits a claim to the government and, if that claim fails to disclose the violation of a material statutory, regulatory, or contractual requirement, the omission renders the claim false in violation of the FCA.  In Escobar, the Supreme Court held that the implied false certification theory can be a basis for FCA liability if two conditions are met: “[F]irst, the claim does not merely request payment, but also makes specific representations about the goods or services provided; and [S]econd, the defendant’s failure to disclose noncompliance with material statutory, regulatory, or contractual requirements makes those representations misleading half-truths.”[112] One area of focus in post-Escobar cases involving companies in the health care industry has been the question of what, if any, impact the government’s continued payment of claims should have on the materiality analysis. In June, for instance, the U.S. District Court for the Northern District of Illinois allowed an FCA claim by the government to proceed against Snap Diagnostics, the manufacturer of a home sleep apnea test.[113]  The government alleged that the company encouraged unnecessary tests to be billed to Medicare where only a single test was required.  According to the government, the company, in lobbying the government for Medicare coverage of its testing, advised that it was routine to conduct only one night of sleep apnea testing, and the company’s promotional materials stated that a diagnosis can almost always be made in a single night of testing.  But the company’s alleged procedure was to bill for multiple nights of testing only when the patient was Medicare-covered or self-pay, but not when the patient had private insurance.  Further, the government asserted that the decision was not based on a clinical determination of medical necessity.  Additionally, the government pointed to Medicare guidance stating that Medicare will cover a second or third night of sleep apnea testing only when it is medically necessary. Addressing materiality at the motion-to-dismiss stage, the court rejected the argument that the government’s routine payment of multiple claims served as evidence that the requirements were not material.  The court not only concluded that this argument was premature at the pleading phase, but also described this argument as a “logical falsity” that misstates the Supreme Court’s position in Escobar.[114]  Relying on the Seventh Circuit’s decision in United States v. Sanford-Brown, Ltd.,[115] the court ruled that the government met its burden in showing materiality.  Because Medicare guidance provided for reimbursement of a second or third night of sleep apnea testing only when medically necessary, the court found that the company’s submission of claims for subsequent nights of testing could constitute a misleading representation that those nights had been determined to be medically necessary and permitted the claim to go forward. In another matter implicating the materiality analysis post-Escobar, the Supreme Court recently denied certiorari in a case in which Gilead Sciences, Inc. sought review of a Ninth Circuit decision allowing a qui tam suit to continue past the motion to dismiss stage (United States ex rel. Campie v. Gilead Sciences, Inc.).[116]  The Ninth Circuit held that the relators adequately alleged that Gilead fraudulently obtained FDA approval for certain of its drugs by making purportedly false statements to FDA about the source of the drugs’ active ingredient and the ingredient’s compliance with FDA regulatory requirements.  Because Medicare and Medicaid reimbursement for drugs is contingent upon FDA approval, which Gilead allegedly obtained fraudulently, the Ninth Circuit concluded that Gilead’s submission of claims for payment for “FDA approved” drugs amounted to a material misrepresentation that could serve as a basis for liability under the FCA.  The Ninth Circuit rejected Gilead’s argument that, because FDA did not rescind approval of the drug after learning of the violations and the Centers for Medicare and Medicaid Services continued to pay for the drug, the violations were not material to the government’s payment decision.  Instead, the court reasoned that Gilead ultimately stopped using the active ingredient from the unapproved manufacturer, and “[o]nce the unapproved and contaminated drugs were no longer being used, the government’s decision to keep paying for compliant drugs does not have the same significance as if the government continued to pay despite continued noncompliance.”[117] Gilead’s petition for certiorari presented the question of whether the government’s decision to continue reimbursement after learning of alleged regulatory infractions should presumptively defeat a relator’s claim that the regulatory infractions were material to the government’s payment decision.[118]  Gilead maintained that the Ninth Circuit’s treatment of this issue clashes with the Supreme Court’s instruction in Escobar that “if the Government pays a particular claim in full despite its actual knowledge that certain requirements were violated, that is very strong evidence that those requirements are not material.”[119] As discussed in our prior updates, the Supreme Court invited the Solicitor General to present the government’s position on the case, thereby signaling interest in the impact of government acquiescence on efforts by the government or relators to establish materiality.  In response, the Solicitor General argued strongly that the Court should not grant certiorari and indicated that it would move to dismiss the case if it were sent back to the district court.[120]  Arguing that the case is “not in the public interest,” DOJ explained that its position was based on a “thorough investigation” of the merits of the case, as well as concerns about the “burdensome” discovery requests that the parties would direct at FDA if the case were to move forward.[121]  With the Supreme Court’s denial of certiorari, the case has returned to the district court in accordance with the Ninth Circuit’s previous decision, and DOJ has not yet moved to dismiss the case at the district court level. Whether or not DOJ’s seemingly abrupt move before the Supreme Court reveals any deeper concerns within DOJ around potentially adverse post-Escobar rulings, it is a marked example of DOJ’s purported commitment under the Justice Manual and Granston Memo to dismissing at least some of the unmeritorious cases brought forth by qui tam relators.  In the meantime, the question of government acquiescence in the context of materiality remains open for courts’ consideration. B.    Scienter under Escobar The Supreme Court in Escobar expressed confidence that robust enforcement of the FCA’s scienter and materiality elements would prevent a broad view of falsity from subsuming the purposes of the Act.  One (albeit unpublished) appellate decision this past year provides at least some support for this perspective. In United States ex rel. Streck v. Allergan, Inc., the Third Circuit held that an FCA relator fails to plead scienter where the defendant acted based on a reasonable, albeit incorrect, interpretation of relevant statutory and regulatory guidance.[122]  The relator in Streck based his FCA claims on allegations that the defendant pharmaceutical companies failed to account for “price-appreciation credits” in submitting Average Manufacturer Prices (“AMPs”) for certain drugs when calculating rebates owed by those companies to Medicaid under the Medicaid Drug Rebate Program.[123]  In assessing the relator’s claims, the court first considered “whether the relevant statute was ambiguous,” then evaluated “whether [the] defendant’s interpretation of that ambiguity was objectively reasonable,” and, finally, assessed “whether [the] defendant was ‘warned away’ from that interpretation by available administrative and judicial guidance.”[124]  The Third Circuit observed that the statutory definition of “price paid to the manufacturer” for AMP purposes was unclear because it did not specify whether it was the “initial” price (which would have excluded subsequent price-appreciation credits) or “cumulative” price (which would have included them).[125]  Even though the defendants’ interpretation that the statute and the associated guidance excluded price-appreciation credits may not have been “the best interpretation,” the Third Circuit nonetheless concluded that the interpretation was reasonable, that there was no guidance “warn[ing] away” from that interpretation, and that holding defendants liable for a “reasonable interpretation of an ambiguous statute was inconsistent with the reckless disregard [relator] was required to allege at this stage of the litigation.”[126] C.    Rule 9(b) Particularity Federal Rule of Civil Procedure 9(b) requires FCA plaintiffs to plead allegations of fraud with particularity.  In cases brought against companies, such as drug and device manufacturers, that do not typically submit claims to government payors directly, Rule 9(b) requires an FCA complaint to adequately plead facts establishing a link between the defendant’s challenged conduct and claims for reimbursement submitted by third-party physicians or pharmacies to the government.  As discussed in our 2017 Mid-Year and Year-End updates, courts have diverged over the question of what allegations suffice to survive a Rule 9(b) challenge on a motion to dismiss. In United States ex rel. Solis v. Millennium Pharmaceuticals, Inc., the Ninth Circuit added to the body of precedent holding that FCA claims that fail to allege particularized facts linking the alleged scheme to at least one specific claim submitted to the government cannot survive a Rule 9(b) motion to dismiss.[127]  The relator, a pharmaceutical sales representative, brought a qui tam FCA action against his former employer alleging, among other things, that the company paid kickbacks to physicians to prescribe the antibiotic drug Avelox.  The district court dismissed all of the relator’s claims, holding that they were foreclosed by the public disclosure bar. On appeal, the Ninth Circuit held that the district court had erred in holding that the public disclosure bar foreclosed the relator’s claim relating to Avelox because none of the public disclosures at issue mentioned this claim.  Noting that it could affirm on any ground supported by the record, the Ninth Circuit nevertheless affirmed the district court’s dismissal of this claim, holding that it failed to satisfy Rule 9(b) particularity requirements.  The relator’s “only particularized allegations” showed efforts by the defendant “to get Avelox placed ‘on formulary’ at two hospitals,” which “merely means the drug is available to be used or prescribed.”[128]  “Even assuming these efforts established a scheme to submit false claims,” the relator neither “identif[ied] a single claim submitted pursuant to the scheme” nor provided “reliable indicia supporting a strong inference that such claims were submitted.”[129]  Indeed, the Ninth Circuit noted that the relator did not even “allege that being ‘on formulary’ meant such claims would be submitted,” or that “being on formulary meant Avelox would be prescribed.”[130]  Because the complaint did not contain “other details linking the alleged scheme to any claim submitted to a federal healthcare program,” the relator failed to “plead[] with the particularity required by Rule 9(b).”[131] The Eleventh Circuit reached a similar conclusion in Carrel v. AIDS Healthcare Foundation, Inc.[132]  There, the relators alleged that the foundation violated the AKS and thus the FCA by paying bonuses to its employees for referring patients with HIV/AIDS to other services provided by the foundation and for which the foundation sought federal reimbursement.  In addition to rejecting the relators’ AKS theory (as described below), the Eleventh Circuit also rebuffed relators’ assertion that the district court erred in dismissing a host of relators’ claims for lack of particularity. Long-standing Eleventh Circuit requires relators to plead the “actual ‘submission of a [false] claim’” with some “indicia of reliability”; assertions that a “claims requesting illegal payment must have been submitted, were likely submitted[,] or should have been submitted” do not suffice.[133]  Applying that precedent in Carrel, the Eleventh Circuit observed that although relators “allege[d] a mosaic of circumstances that are perhaps consistent with their accusations that the Foundation made false claims . . . [they] fail[ed] to allege with particularity that these background factors ever converged and produced an actual false claim.”[134]  Notably, the court batted aside relators’ efforts to rely on “mathematical probability” and their insider knowledge of the foundation’s operations, explaining that relators’ “access to possibly relevant information” did not “translate[] to knowledge of actual tainted claims presented to the government.”[135] D.    Retaliation The FCA provides remedies to employees if they are “discharged, demoted, suspended, threatened, harassed, or in any other manner discriminated against in the terms and conditions of employment because of lawful acts” conducted in furtherance of an FCA claim.[136] In DiFiore v. CSL Behring, LLC, the Third Circuit recently addressed the standard for showing causation in an FCA retaliation claim brought against a biopharmaceutical company.  The plaintiff appealed the district court’s jury instruction requiring the plaintiff to show “protected activity was the ‘but-for’ cause of an adverse action.”[137]  On appeal, the plaintiff argued that the FCA only requires proof that the protected activity was a “motivating factor” in the adverse action. In rejecting this argument and affirming the district court, the Third Circuit relied on the Supreme Court’s analysis in Gross v. FBL Financial Services, Inc.[138] and University of Texas Southwestern Medical Center v. Nassar,[139] both of which concerned the causation standard in the discrimination context.  The court observed that the statutory text “because of” was identical in the FCA to the language used in the Age Discrimination in Employment Act and Title VII’s anti-retaliation provision, and in those contexts the Supreme Court held that this language requires proof that the protected status or activity was the “but-for causation” for the employer’s adverse employment action.  The court contrasted this “because of” language with the text of the anti-retaliation regulation under the Family Medical Leave Act (“FMLA”), which required the protected activity to be a “negative factor” in an employment decision.  Because the FCA included the same “because of” language at issue in Gross and Nassar, rather than the “negative factor” language used in the FMLA regulation, the court held that the “but-for” standard adopted in Gross and Nassar governed its interpretation of causation under the FCA.[140] E.    Public Disclosure Bar As amended by the Affordable Care Act in 2010, the FCA’s public disclosure bar provides that a court “shall dismiss” an FCA action if “substantially the same allegations or transactions . . . were publicly disclosed” through listed sources, as long as the relator does not qualify as an “original source.”[141]  A relator is an “original source” when he or she either “prior to a public disclosure . . . voluntarily disclosed to the Government the information on which allegations or transactions in a claim are based,” or “has knowledge that is independent of and materially adds to the publicly disclosed allegations or transactions.”[142]  Courts have adopted differing interpretations of this statutory language, including as to what standard to apply in determining whether information “materially adds” to publicly disclosed allegations. In United States ex rel. Forney v. Medtronic, Inc., the Third Circuit was called upon, in the context of a qui tam action, to determine whether Escobar’s interpretation of “materiality” as an element of a fraud claim should govern the analysis of whether information “materially adds” to the allegations for purposes of the public disclosure bar.[143]  In United States ex rel. Moore & Co., P.A. v. Majestic Blue Fisheries, LLC,[144] which preceded Escobar, the Third Circuit adopted a broad definition of materiality, holding that the relevant standard in this context is “whether the relator ‘contributes information—distinct from what was publicly disclosed—that adds in a significant way to the essential factual background: the who, what, when, where and how of the events at issue.’”[145]  By contrast, the First Circuit in United States ex rel. Winkelman v. CVS Caremark Corp.[146] applied the more “rigorous requirement” for materiality adopted in Escobar, which requires that, “for something to be material, it must be of such importance that it influences the decision maker.”[147] In Forney, the Third Circuit concluded that the Supreme Court’s interpretation of “materiality” as an element in a fraud claim in Escobar had “little bearing” on the concept of materiality in the entirely different context of the public disclosure bar.[148]  Thus, because Escobar did not compel a different interpretation of materiality in this context, the court concluded that it continued to be bound by the Third Circuit’s more lenient standard in Moore.[149]  Applying this standard, the court held that the relator qualified as an original source.  The relator’s documents included records documenting Medtronic representatives engaging in the challenged activity, including “the names” of individuals involved as well as the “places and times” of the activity.[150]  The court rejected the argument that this information was encompassed in the broader and more general allegations in prior public disclosures, holding that the information the relator provided was “detailed, specific, and helpful,” and thus “meaningfully add[ed] to the prior public disclosures.”[151] F.    First-to-File Bar The FCA’s first-to-file bar “prohibits a person from bringing a ‘related action’ when an FCA suit is pending.”[152]  Despite the deceptively simple language, circuits have begun to diverge on how to enforce the bar when the court has already dismissed the earlier, “pending” action. In United States ex rel. Wood v. Allergan, Inc.,[153] the Second Circuit joined the D.C. Circuit in holding that a relator may not proceed based on an amended complaint if the same relator’s original complaint otherwise would fail under the first-to-file bar.  Below, the district court held that, although at least one related complaint against Allergan already existed when the relator filed suit, amending his complaint after the court had dismissed the other, related complaint was sufficient to overcome the bar, because “there were no pending related actions when the complaint was amended.”[154]  Focusing on the plain language of the statute, which requires dismissal when a relator “brings” an action while a related action is pending, the Second Circuit disagreed with the district court’s analysis and held that the relator’s action “was incurably flawed from the moment he filed it.”[155]  The Second Circuit confirmed, however, that dismissal based on the first-to-file bar should be without prejudice,[156] and that “absent a statute of limitations issue, the relator will be able to re-file her action, without violating the first-to-file bar.”[157] In the opinion, the Second Circuit also weighed in on another developing circuit split regarding whether a complaint that falls short under Rule 9(b)’s particularity requirement can bar a later-filed complaint under the first-to-file rule.  Again agreeing with the D.C. Circuit, the Wood court found no basis to incorporate Rule 9(b)’s particularity requirement into the statute.[158]  That a subsequent complaint might be “more detailed” has no bearing on the application of the first-to-file bar under the Second Circuit’s interpretation, and the court thus found that the relator’s allegations were sufficiently related to those in the other, earlier complaint to trigger the bar, even if his allegations were “more detailed” than those previously asserted.[159] Should the circuit courts continue to diverge on these issues, the resulting split may present opportunities for the Supreme Court to grant certiorari and weigh in on the proper application of the bar.  The Court has demonstrated some willingness to address FCA-related issues in recent months when it granted certiorari in United States ex rel. Hunt v. Cochise Consultancy, Inc., 887 F.3d 1081, 1083 (11th Cir. 2018), to address questions regarding the FCA’s statute of limitations provision. III.    PROMOTIONAL ISSUES This past year saw relatively few developments in the regulation of drug and device promotional activity compared to prior years.  Most notably, FDA issued two guidance documents in June 2018 that signaled greater flexibility in FDA’s approach to promotional communications; the guidance greenlighted the transmission of certain information that is not included in FDA-required labels (so long as it is consistent with those labels), as well as economic information about drugs and devices.  In a statement about the guidance documents, FDA Commissioner Dr. Scott Gottlieb explained that the guidance is intended to help market participants develop contracts that better reflect the full value of products in the marketplace.[160] In the meantime, Congress failed to make significant progress toward implementing off-label promotion legislation, and the federal courts did not issue any notable opinions clarifying how drug manufacturers should convey promotional information about their products.  FDA enforcement activity increased only slightly relative to last year’s drop in enforcement. Considering the current administration’s deregulatory position, FDA is likely to continue its scaled back approach to off-label promotion.  If the past two years are any indicator, the agency will remain focused on the most flagrant cases of deceptive advertising or when there is a risk to public health, leaving manufacturers some leeway for more expansive promotional activity. A.    FDA Enforcement Activity – Drug Promotion In 2018, the Office of Prescription Drug Promotion (“OPDP”) issued only two Warning Letters and five Untitled Letters.[161]  While this number represents a small uptick from 2017, it still falls far short of the statistics from the years of more aggressive enforcement that preceded the First Amendment litigation.[162]  The downward trend may be an indicator that the current administration’s priorities lie elsewhere—at least for the foreseeable future. Of the seven letters, four involve the omission or minimization of risk information, two concern inaccurate information regarding an unapproved use or product, and one objects to false or misleading claims about efficacy.[163]  All of the approved products relate to products with boxed warnings.  The letters encompass a range of communications, including conference exhibitions, oral statements by a sales rep, print materials, websites and online vides, and social media. In a February 9, 2018 Untitled Letter to Collegium Pharmaceutical, Inc., OPDP asserted that the company’s exhibit booth at an annual pharmacist exhibition made false or misleading representations about an opioid pain reliever because the exhibit failed to communicate accurately the drug’s risks.[164]  The letter noted that the exhibit did not include any information regarding the drug’s limitations of use, namely that the drug should be used only as a last resort for treating pain because of its high addiction risks.[165]  The letter also emphasized that the omission was particularly concerning considering the severe impact of opioid addiction.[166]  Although the exhibit had included a side panel that conveyed some warning information, OPDP noted the small font and found this disclosure to be inadequate.[167] Similarly, in a June 19, 2018 Untitled Letter to Pfizer Inc., OPDP objected to a direct-to-consumer promotional video for failing to include any risk information regarding the product, a vaginal ring.[168]  OPDP also objected to the testimony of the video’s featured spokesperson, who stated that the drug had worked instantaneously and had not resulted in any side effects in her case.[169]  OPDP found that the spokesperson’s claims, even if accurate, misleadingly suggested that other patients would experience similar results.[170] In a June 28, 2018 Untitled Letter to Arog Pharmaceuticals, Inc., OPDP asserted that the company violated the FDCA by misbranding an investigational acute myeloid leukemia drug both on the company’s website and at its booth display at an annual hematology meeting.[171]  According to FDA, both promotions suggested that the drug was safe and effective, even though FDA had yet to approve the drug for commercial purposes.[172] In an August 16, 2018 Untitled Letter to ASCEND Therapeutics US, LLC, OPDP objected to a sell sheet that allegedly made false and misleading claims about the efficacy of ASCEND’s hormonal drug, EstroGel.[173]  The sell sheet asserted that EstroGel provides the lowest effective dose of estrogen for treatment of certain moderate to severe menopausal-related symptoms, yet OPDP concluded such claims were not supported by the literature cited because it did not rely on studies comparing the drug to other FDA-approved formulations of estrogen.[174] In an October 5, 2018 Warning Letter to MannKind Corporation, OPDP asserted that the company’s Facebook post describing its inhalation powder, Afrezza, as helping “your body work its best and protection from health complications” with “no drama” misleadingly suggested an absence of safety concerns, because it omitted information about potentially life-threatening risks.[175]  Although the post contained a small pop-up box with information about the risk of acute bronchospasm in patients with chronic lung disease, OPDP concluded that this did not mitigate the deficiencies of the post.[176] In an October 11, 2018 Untitled Letter to Eisai Inc., OPDP objected to oral statements that an Eisai sales representative made to health care professionals at a lunch presentation regarding its Fycompa drug for treatment of partial-onset seizures in epileptic patients 12 years and older.[177]  The sales representative purportedly mischaracterized the scope of the new indication for which the company sought FDA-approval in a pending new drug application for pediatric patients and minimized the serious boxed warning risks of behavioral side effects.[178] Finally, in an October 22, 2018 Warning Letter to Vanda Pharmaceuticals Inc., OPDP objected to Vanda’s webpage, which it claimed lacked appropriate risk information about its drugs.[179]  While the letter acknowledged that the webpage referred visitors to another site that provided the box warnings and safety information, OPDP concluded that this did not mitigate the complete omission of any risk information from the webpage itself.[180] B.    FDA Enforcement Activity – Device Promotion Enforcement relating to medical device promotion remained quiet as well, with only one Warning Letter to a medical device manufacturer.  In addition, CDRH issued seven “It Has Come to Our Attention” Letters, questioning whether marketing claims about certain 510(k)-cleared devices were covered by existing clearances and whether products were being promoted for medical device uses without a required premarket clearance or approval. RADLogics, Inc Warning Letter.[181]  In its Warning Letter to RADLogics, FDA asserted that the company’s marketing claims exceeded those supported by the 510(k) clearance for the company’s radiological image analysis software application.  Citing claims on the company’s website and YouTube video, FDA concluded that the device had been cleared for displaying radiological images for analysis by physicians, but the device was promoted as a “Virtual Resident” that could provide computer-assisted detection and marking of abnormalities in images. Letters Regarding Vaginal Treatments.  In addition, CDRH issued seven “It Has Come to Our Attention” Letters relating to the promotion of products for vaginal treatments in July, questioning whether marketing claims about the 510(k)-cleared devices were covered by existing clearances and whether products were being promoted for medical device uses without a required premarket clearance or approval.  Five of the letters related to laser, radiofrequency, and similar devices that had 510(k) clearances for general uses in dermatologic and surgical applications such as ablation of soft tissue.  For example, Cynosure,’s DEKA SmartXide2 Laser System had a 510(k) clearance for incision, excision, ablation, vaporization, and coagulation of body soft tissues in a variety of medical specialties, but FDA objected to the promotion of the device as a “clinically proven laser treatment for the painful symptoms of menopause, including intimacy.”  Similarly, FDA objected to  “vaginal health restoration” and similar claims for products marketed by Inmode MD Ltd. and Venus Concept, Ltd., noting that these products lacked any device premarket clearance or approval. In addition to these enforcement letters, in May 2018, FDA filed civil complaints in Florida and California alleging that two stem cell clinics were experimenting on patients with adulterated, misbranded, and unapproved drugs.[182]  The first complaint targeted U.S. Stem Cell Clinic LLC of Sunrise, Florida, U.S. Stem Cell, Inc., its Chief Scientific Officer, and its co-owner and Managing Officer.  The second was brought against California Stem Cell Treatment Center Inc., Cell Surgical Network Corporation of Rancho Mirage, and two doctors.  Despite arguments that FDA approval was not needed because patients receive treatment with their own cells, FDA sought to enjoin these clinics from marketing stem cell therapies that do not have FDA approval.  The complaints allege that defendants manufactured unapproved stromal vascular faction (“SVF”) products from patient adipose (fat) tissue.  U.S. Stem Cell, Inc. previously faced scrutiny from FDA in August 2017 after several patients reported vision loss after SVF treatments; in a statement, the agency said it was acting because the U.S. Stem Cell Clinic did not address violations outlined in a Warning Letter from August 2017.[183]  Finally, the complaints state that recent FDA inspections showed the clinics violated cGMP requirements, including some that could impact the sterility of their products.[184] Notably, therapies in this space have drawn attention from Commissioner Gottlieb, who has vowed that FDA will crack down on clinics marketing questionable or unsafe treatments.  That said, Commissioner Gottlieb also has pledged to ease the path to approval for researchers and companies marketing stem cell therapies and regenerative medicine where treatments are legitimate.[185] C.    FDA’s Promotional Guidance – Drugs & Devices In keeping with its promise to provide more direction regarding the off-label promotion of drugs and devices, FDA issued two useful guidance documents in June 2018.[186]  According to FDA Commissioner Gottlieb, the agency aims to spur a “shift toward innovative, value-based payment arrangements” for medical products.[187]  To that end, FDA promulgated guidance to provide clarity to drug manufacturers as they develop communications about their medical products, which in turn will ensure that patients, providers, and insurers have access to a wide range of data that they can harness to negotiate prices.[188] Communications with Payors.  In the first guidance document, FDA authorized companies to share certain information with payors about unapproved products and unapproved uses of approved drugs and devices.[189]  The guidance assured drug manufacturers that they will not be subject to FDA enforcement for promoting truthful and non-misleading information that is consistent with FDA-required labeling.[190]  According to the guidance, FDA will analyze three factors in determining whether promotional information is consistent with the labeling. First, FDA will evaluate whether communications about the product conflict with particular conditions of use in FDA-required labeling.[191] Second, FDA will assess whether the promotional information increases the product’s potential for harm to health, relative to the product’s FDA-required labeling information.[192] Finally, FDA will consider whether the product’s label enables patients to use the product safely and effectively under the conditions suggested in the product communications.[193] The guidance provides examples of the kinds of information that FDA would and would not consider consistent.[194]  For instance, communications providing context about adverse reactions associated with the product’s use would be consistent with FDA-required labeling.[195]  By contrast, information about a product’s use to treat a different disease than indicated in the label would not be consistent.[196]  The guidance further states that promotional representations must be “grounded in fact and science and presented with appropriate context.”[197] Despite these requirements, the guidance still relaxes restrictions on off-label promotion somewhat.  While insisting that promotional information have some supporting evidence, the guidance permits drug and device companies to utilize evidence that is insufficient to satisfy FDA approval standards.[198]  The guidance also does not explicitly bar inconsistent promotional communications but instead deems them outside the scope of the recommendations.[199]  This perhaps suggests that FDA may be marginally more lenient in its assessment of inconsistent promotional information. Communication of Health Care Economic Information.  FDA’s second guidance document also provides drug companies with significant leeway.[200]  The guidance concerns the sharing of Health Care Economic Information (“HCEI”) with insurance companies and other payors.[201]  HCEI is “any analysis . . . that identifies, measures, or describes the economic consequences . . . of the use of the drug.”[202]  In the guidance, FDA authorizes drug manufacturers to disseminate HCEI as long as the information relates to the disease being treated or to a condition in the patient population that the drug’s label indicates can be treated by the drug.[203] Like the first guidance document, the second explains that FDA will not object to certain communications of information about unapproved products and unapproved uses of approved products.[204]  FDA provides several examples, including the information about the anticipated timeline for possible FDA approval, product pricing information, and factual presentations of results from studies.[205]  In allowing these communications regarding off-label uses of a product, the guidance emphasizes that payors do not need protection in these exchanges because they are sophisticated audiences that can closely scrutinize a range of HCEI.[206] Draft Guidance on Presentation of Efficacy Data.  Citing research that suggests consumers have improved comprehension and recall of efficacy and risk information when it is presented quantitatively, FDA also issued draft guidance on the presentation of quantitative efficacy and information in direct-to-consumer promotional labeling and advertisements.[207]  FDA’s guidance provided recommendations in four categories: presenting probability information, formatting quantitative efficacy or risk information, using visual aids, and providing quantitative efficacy or risk information for treatment and control groups.[208] In the first category, FDA recommended expressing efficacy and risk probabilities in terms of absolute frequencies (such as 57 in 100 or 57%) versus relative frequencies (i.e. 33% reduction in risk) to improve consumer comprehension.[209]  As to the second, FDA recommended presenting information in consistent numerical formats and probabilities using whole numbers.[210]  Third, FDA endorsed the use of visual aids as a way to help consumers understand efficacy and risk probabilities, so long as they clearly explain the information displayed, are proportionate to the numbers that they are representing, and include representations of both numerators and denominators for numerical ratios.[211]  Finally, FDA recommended providing quantitative information for both treatment and control groups to improve consumer understanding of efficacy.[212] D.    Legislative Developments Pertaining to Promotional Issues There was little to report in the realm of legislative activity relating to drug and device promotional activity in 2018.  Federal legislation we have discussed previously in these pages, for example, remained stagnant.  The Pharmaceutical Information Exchange Act, which would effectively codify FDA guidance on HCEI by giving drug and device manufacturers greater freedom to share economic information regarding unapproved products, remains a draft bill stalled in the House Energy and Commerce Committee.[213]  After holding a consideration and mark-up session, the Subcommittee on Health forwarded the bill to the full House Energy and Commerce committee on January 17, 2018.  Since then, the bill has not advanced.[214]  Similarly, the draft bill of the Medical Product Communications Act of 2017, which would enable manufacturers to discuss certain off-label information with health care providers, remains in the House Energy and Commerce Subcommittee on Health.[215] E.    Litigation Relating to Promotional Issues In May 2018, the United States Supreme Court considered two recent FCA off-label promotion cases but ultimately denied certiorari.[216]  In 2017, the Fifth and Sixth Circuits had dismissed the cases, United States ex rel. King v. Solvay Pharmaceuticals, Inc. and United States ex rel. Ibanez v. Bristol-Myers Squibb Co., in part, in the former case, because the plaintiffs failed to demonstrate at the summary judgment stage that off-label promotion caused physicians and pharmacies to make false claim submissions to the government.[217]  With the Supreme Court refusing to hear either case, for the time being plaintiffs will continue to face challenges in pleading and proving causation in FCA off-label promotion cases. IV.    DEVELOPMENTS IN CGMP REGULATIONS, QUALITY SYSTEM REGULATIONS, AND OTHER MANUFACTURING ISSUES During 2018, we saw robust enforcement efforts relating to purported cGMP and Quality System regulation (“QSR”) violations.  In particular, FDA continues to crack down on manufacturing, quality, and data integrity issues and this year issued a number of notable Warning Letters.  These developments, as well as final guidance related to data integrity and compounding pharmacies, among other issues, are discussed below. A.    Notable cGMP Enforcement Activity In 2018, DOJ announced two notable consent decrees of permanent injunction entered by federal district courts against drug manufacturers to stop the distribution of unapproved, misbranded, and adulterated drugs.  This is consistent with DOJ’s publicized enforcement priorities.  Notably, in December, Deputy Assistant Attorney General James Burnham gave a speech where he explained that compounding pharmacies “are an increasing focus of enforcement efforts” and “a major enforcement priority” for DOJ and FDA, and highlighted the potential of enforcing cGMP violations as FCA cases.[218]  These comments highlight the importance of this recent guidance from FDA for compounding pharmacies. In April, the U.S. District Court for the Eastern District of Arkansas enjoined Cantrell Drug Company and its co-owner and CEO from distributing adulterated drugs.  According to the government’s complaint, the defendants’ drugs were prepared, packed, or held under insanitary conditions and may have been contaminated or rendered injurious to health.  By way of background, Cantrell initiated two voluntary recalls of its drug products in 2016 and 2017, both due to a lack of sterility assurance.  In addition, during a 2017 inspection, FDA observed that the pharmacy’s own documents memorialized that it had found several types of microorganisms in the air and on surfaces used for sterile processing.  The pharmacy then failed to conduct adequate investigations of this microbial contamination.  As part of the injunction, the defendants cannot resume manufacturing, processing, or distributing drugs until they submit a remedial plan to FDA providing an independent expert to conduct inspections and ensure the defendants’ compliance with current good manufacturing practice.  In reference to this ruling, FDA Commissioner Gottlieb said, “FDA is committed to taking action against compounders who do not comply” with federal requirements.[219] In June, the U.S. District Court for the Northern District of Mississippi entered an injunction against Delta Pharma, Inc., its President, and its Vice President and Pharmacist in Charge to enjoin further distribution of adulterated drugs.  The complaint alleged that during a 2017 inspection, FDA documented the defendants’ failure to establish and follow appropriate written procedures designed to prevent microbiological contamination of sterile drug products.  It also noted that the defendants failed to establish an adequate quality control unit with the responsibility to approve or reject all components and investigate any errors that may occur.  As part of the permanent injunction, the defendants cannot manufacture, hold, or distribute any drugs until they report to FDA the actions they have taken to correct all deviations from cGMPs.[220] B.    cGMP-Based Warning Letters FDA’s Office of Manufacturing Quality in the Center for Drug Evaluation and Research (“CDER”) issued 53 Warning Letters in 2018, just off the pace it set in 2017 with 61 Warning Letters.  As in 2016 and 2017, FDA continued to focus on issues identified during foreign inspections, sending Warning Letters to companies in China and India, as well as Australia, North and South Korea, and Taiwan.  Also consistent with FDA’s activity in 2017, CDER’s 2018 Warning Letters underscore a focus on data integrity (which was also the subject of guidance, discussed below).  Data integrity citations and recommendations for “Data Integrity Remediation” cropped up in more than a dozen of the Warning Letters issued by CDER in 2018.  CDER most often found these violations in manufacturing facilities in China and India.[221] We have summarized a few notable Warning Letters below: Alchymars ICM SM Private Limited.[222]  After a 2017 inspection of the company’s facility in India, FDA issued a February 2018 Warning Letter to Alchymars listing cGMP violations.  The alleged violations included data integrity deficiencies; for example, FDA investigators found that Alchymars’s analysts were falsifying laboratory data and neglecting to keep complete records of major equipment maintenance.  To address these issues, FDA recommended a comprehensive data integrity remediation.  In the Warning Letter, FDA also asserted that Alchymars failed to investigate quality-related complaints, maintain manufacturing buildings and facilities, and provide personnel with adequate clean washing and toilet facilities.  Notably, FDA pointed out that it had found similar violations at the company’s facility in 2015, which also resulted in a Warning Letter.  FDA admonished Alchymars that the “repeated deficiencies demonstrate that your facility’s oversight and control over the manufacture of drugs is inadequate” and called for a cGMP consultant, a comprehensive investigation into Alchymars’s inaccurate data records, and a current risk assessment. Lijiang Yinghua Biochemical and Pharmaceutical Co., Ltd.[223]  In April, a Chinese manufacturer received a Warning Letter that cited, among other things, the lack of controls in place to keep staff from altering or deleting electronic data.  FDA noted that lab equipment used to generate analytical data had a single username to which all users had access, making it impossible to trace individuals who may have created, modified, or deleted data.  FDA also cited the company for failure to maintain complete data from all lab tests, noting that, in response to an FDA request for electronic data, Lijiang answered it had been deleted by accident and was no longer available.  Finally, FDA cited the company for failure of its quality unit to wait until testing was complete before approving the release of an active pharmaceutical ingredient (“API”) batch and for failure to adequately investigate deviations, atypical events, complaints, and out-of-specification results.  To address these issues, FDA recommended a comprehensive data integrity remediation, including data inaccuracy investigation, a risk assessment, and management strategy.  It also noted that many of these violations were repeated after a 2015 FDA inspection and Warning Letter. Zhuhai United Laboratories Co., Ltd.[224]  In June 2018, FDA cited Zhuhai, a Chinese pharmaceutical company, for multiple violations including quality and data integrity deficiencies.  FDA cited Zhuhai’s failure to adequately investigate and document out-of-specification results and to ensure that critical deviations were resolved.  For example, in response to below-specification results, Zhuhai simply re-tested and resumed manufacturing after receiving passing results without identifying a laboratory error or otherwise investigating the root cause of the initial results.  Its policies stated that using an outlier test (a statistical analysis showing a significant difference between the original value and retest results) could waive the requirement for investigating the cause of atypical results.  FDA stated this policy did not comply with good manufacturing practice, as outlier tests may be used only for auxiliary, informational purposes.  In addition, FDA noted that Zhuhai did not expand the scope of its review to a larger data set after discovering these significant data lapses.  In addition to a data remediation plan, FDA recommended that the company hire a cGMP consultant to correct deviations. Boule Medical AB.[225]  In October 2018, FDA issued a Warning Letter to a Swedish-based medical device manufacturer of the “Medonic M-Series Hematology Analyzer.”  According to the letter, the company failed to meet requirements of the Quality System regulations, which govern quality and consistency in manufacturing of medical devices.  FDA cited the company for six separate violations, principally related to failures to maintain effective policies, procedures, and processes. StemGenex Biologic Laboratories, LLC.[226]  Also in October 2018, FDA issued a Warning Letter to StemGenex, a San Diego–based stem cell company, for a litany of alleged cGMP violations (as well as promotional issues).  Given that many of FDA’s cGMP actions originate overseas, the letter targeting a U.S.-based facility is comparatively rare, although FDA scrutiny of companies exploring stem cell technology is not uncommon in recent history.  FDA cited StemGenex for “unvalidated manufacturing processes, uncontrolled environment, lack of control of components used in production, [] and lack of sufficient and validated product testing.”  According to FDA, these shortcomings posed “a significant risk that [the company’s] product may be contaminated with microorganisms or have other serious product quality defects.” C.    Quality System Regulation FDA pursued QSR violations aggressively in 2018, including against foreign companies.  Of the 25 device-related Warning Letters, 19 were issued for QSR violations.  A few representative Warning Letters are summarized below: Dexcowin Co., Ltd.[227]  After a 2017 inspection of the company’s facility in South Korea, FDA issues a February 2018 Warning Letter to Dexcowin, a portable dental diagnostic X-ray device manufacturer, listing QSR violations.  The alleged violations included a failure to establish and maintain adequate procedures for implementing corrective and preventive action (“CAPA”), as required by 21 CFR 820.100(a), failure to maintain required data, and training procedure deficiencies.  FDA noted that “[g]iven the serious nature of the violations,” FDA was taking steps to refuse entry of these devices into the United States “until these violations are corrected.” US Vascular, LLC.[228]  In June, FDA issued a Warning Letter to the manufacturer of Class II devices used in vascular pathology for alleged QSR violations—including failure to establish required procedures for design control and change; receiving, reviewing, and evaluating complaints; CAPA; and document and product control.  FDA also alleged MDR violations in its Warning Letter  FDA admonished the company for its repeat violations, noting that 11 of 12 citations “were repeat citations from the April 2017 inspection,” and 8 citations “were also repeated from the March 2016 inspection.”  FDA informed the company that because it had “not provided any objective evidence of corrections to date,” the adequacy of the company’s response with respect to several of the violations could not be determined. Anigan, Inc.[229]  In a July Warning Letter to a manufacturer of reusable menstrual cups, FDA alleged several QSR violations, such as inadequate procedures for design control and validation, finished device acceptance, and quality audits.  FDA admonished the company for failing to conduct risk analysis for either model of the company’s menstrual cups.  FDA also alleged that management with executive responsibility at the company had “not reviewed the suitability and effectiveness of the quality system.”  FDA recommended that the company review the relevant regulatory requirements and promptly correct its violations. Becton Dickinson Medical Systems.[230]   In September, FDA issued a Warning Letter to a manufacturer of lock flush syringes for alleged QSR violations.  FDA cited the company for five separate violations, principally related to failures to maintain effective procedures and processes.  Among the issues, FDA alleged that the company failed to adequately establish procedures “to control environmental conditions” and “to prevent contamination of equipment or product.”  Although FDA determined that the company’s response “appear[ed] to be adequate,” a follow-up inspection would be required to assess the ongoing corrective actions.  D.    cGMP Rulemaking and Guidance Activity In 2018, FDA also issued several notable guidance documents related to cGMP issues, including the following: Repackaging Biologics.  In January, FDA issued final guidance related to cGMP compliance; the document is entitled Mixing, Diluting, or Repackaging Biological Products Outside the Scope of an Approved Biologics License Application.[231]  It replaces (and largely replicates) 2017 draft guidance of the same name.  The guidance document details the conditions under which state-licensed pharmacies, federal facilities, or outsourcing facilities can mix, dilute, and repackage biologics.  According to FDA, “diluting or mixing a biological product with other components, or repackaging a biological product by removing it from its approved container-closure system and transferring it to another container-closure system, is, in the absence of manufacturing controls, highly likely to affect the safety and/or effectiveness of the biological product.”[232]  FDA recognized, however, that in certain circumstances, it is appropriate to mix, dilute, or repackage a biological product to meet the needs of a specific patient (e.g., in the pediatric care context).[233]  Although any biological product that is mixed, diluted, or repackaged such that it falls outside the scope of an approved biologics license application is an “unlicensed biological product,” this guidance details the appropriate conditions under which these steps can be taken without risk of FDA action.  Notably, this document contains additional requirements for outsourcing facilities to pass certain tests and to notify customers of any failing results in order to avoid FDA action.[234] Compounding Pharmacies.  In December, FDA issued revised, draft guidance for compounding pharmacies:  Current Good Manufacturing Practice—Guidance for Human Drug Compounding Outsourcing Facilities Under Section 503B of the FD&C Act.[235]  The draft guidance, which revises 2014 guidance, is specific to outsourcing facilities and is intended to fill a gap until FDA “promulgate[s] more specific cGMP regulations for outsourcing facilities.”  In that context, the draft guidance focuses on cGMP requirements intended to ensure sterility of the drug manufacturing process, and safety issues that pose the “highest risk,” including ensuring the appropriate potency and labeling for compounded drugs.  The draft guidance makes specific recommendations for quality assurance, facility design, manufacturing controls, and other topics. Data Integrity.  FDA also issued final guidance related to Data Integrity and Compliance With Drug CGMP.[236]  The guidance emphasizes the importance of “reliable and accurate” data, but allows for “flexible and risk-based strategies to prevent and detect data integrity issues.”  Notably, the guidance suggests that “management with executive responsibility” must “create a quality culture where employees understand that data integrity is an organizational core value and employees are encouraged to identify and promptly report data integrity issues,” and warns that data integrity issues in manufacturing processes can lead to Warning Letters, import alerts, and consent decrees.  FDA Commissioner Gottlieb described the guidance as “one part of [FDA’s] multi-layered approach to ensuring the integrity of data,” which also includes the “pre-approval inspection process” and “thorough assessments of applications prior to approval and when companies submit information about changes to their manufacturing processes.”[237] V.    ANTI-KICKBACK STATUTE As outlined above in the summary of recent DOJ enforcement activity, DOJ routinely invokes the AKS in bringing FCA claims against health care companies and drug and device makers in particular.  Below, we outline several notable developments in AKS-related case law and guidance.  We also address a developing story regarding the administration’s interest in rolling back safe harbor protection for drug rebates, one prong of its “Blueprint” to decrease drug prices in the United States. A.    AKS-Related Case Law Although relatively quiet, 2018 delivered several notable cases involving pharmaceutical companies and medical device makers. Causation in AKS-Premised FCA Cases.  In January, the Third Circuit affirmed the grant of summary judgment in favor of a pharmaceutical company accused of FCA and AKS violations in connection with its charitable donations.[238]  In United States ex rel. Greenfield v. Medco Health Solutions, Inc., the relator alleged that a specialty pharmacy, Accredo Health Group, which delivered clotting medication to patients at home and provided nursing assistance for patients with hemophilia, made donations to two charities that then recommended the company to hemophilia patients.  The U.S. District Court for the District of New Jersey denied the relator’s motion for summary judgment and granted the company’s, finding that the relator was unable to show that the charities’ referral of several federally insured patients resulted from the pharmaceutical company’s charitable contributions. On appeal, the relator argued that the district court erred in requiring a direct link between the contributions and the referrals, and the government filed an amicus brief in support of neither party contending that the Court erred in requiring the relator to prove that patients chose the company because of the charities’ recommendations.  The government also asserted that, for purposes of establishing an FCA violation, the relator need only demonstrate that a claim that sought reimbursement for medical care was provided in violation of the AKS.  For its part, the specialty pharmacy maintained that the district court correctly framed the relator’s burden of establishing an FCA breach in requiring the relator to point to some evidence that the pharmacy received referrals for federally insured patients “because of” its allegedly improper donations. Applying the post-Patient Protection and Affordable Care Act (“PPACA”) version of the AKS, which provides that “a claim that includes items or services resulting from a violation of [the AKS] constitutes a false or fraudulent claim for purposes of [the FCA],”[239] the Third Circuit ultimately affirmed the district court’s grant of summary judgment in favor of the specialty pharmacy.  The Third Circuit held that a relator, at minimum, must show that at least one of the patients for whom the company submitted reimbursement claims was exposed to a referral from a charity that received a donation.  Of note, the Third Circuit disagreed with both parties as to the necessary standard, concluding that there must be “some connection between a kickback and a subsequent reimbursement claim.”  The Third Circuit explained further that “[i]t is not enough . . . to show temporal proximity between [the company’s] alleged kickback plot and the submission of claims for reimbursement[,]” but it also is “too exacting to . . . require[] a relator to prove that federal beneficiaries would not have used the relevant services absent the alleged kickback scheme.”[240] Escobar and AKS-Based FCA Cases.  In United States ex rel. Medrano et al. v. Diabetic Care RX, LLC, a magistrate judge for the U.S. District Court for the Southern District of Florida recommended dismissal of the government’s FCA claims against compounding pharmacy, Diabetic Care RX d/b/a Patient Care America (“PCA”), and its private equity fund owner, Riordan, Lewis & Haden, Inc., for alleged AKS violations.[241]  After intervening in the case, the government alleged that PCA paid kickbacks to marketers through profit-sharing arrangements in exchange for prescription referrals, and that the marketers covered patients’ copayments to induce those patients to accept the defendant’s compounded medications.[242]  The government also alleged that PCA hid its contribution to some of the prescription copayments through a “sham charitable organization.”[243] The magistrate judge held that the argument that PCA’s reimbursement claims were “tainted” by the alleged kickbacks failed to state a valid FCA claim under either the express or implied certification theory.  In so holding, the magistrate judge explained that the representative claims cited in the complaint failed to identify any “specific representations” made to Tricare when submitting those claims,[244] and that the complaint only cited certifications related to a provider agreement between PCA and the Tricare pharmacy benefits manager that pre-dated submission of the allegedly false claims.[245]  The district court has yet to weigh in on the magistrate judge’s recommendations. The AKS’s Exemption for Payments to Employees.  In deciding Carrel v. AIDS Healthcare Foundation, Inc. this past August, the Eleventh Circuit examined the AKS provision exempting payments to employees from the statute’s reach.[246]  As noted above, the relators claimed that the foundation improperly paid bonuses to its employees for referring patients with HIV/AIDS to other services provided by the foundation.  But the Eleventh Circuit concluded that the AKS employee exemption provision—which immunizes payments from employers to their employees “for employment in the provision of covered items or services”[247]—applied to the referral payments.[248]  The court reasoned that the plain language of the Ryan White Act, 42 U.S.C. § 300ff-51(e)(2), classifies the referral of patients with HIV/AIDS to entities funded under the Act as “a standalone compensable ‘service,’” and thus the payments were tied to employment in the provision of a covered service.[249]  Emphasizing that the “relevant statutes say nothing to forbid payment on a per-capita basis or to require nondiscriminatory referrals to any available healthcare provider,”[250] the court found that the referrals to the foundation thus qualified as a “covered . . . service[]” under the statutory exemption, and that the foundation’s payments to its own employees for those referrals did not violate the AKS.[251] The One Purpose Test.  In United States ex rel. Derrick v. Roche Diagnostics Corp., the U.S. District Court for the Northern District of Illinois allowed a relator’s AKS-based FCA claims to move forward after deciding that the complaint sufficiently alleged that the payment claims were “tainted” by underlying AKS violations.[252]  According to the complaint, Roche contracted with the insurance company, Humana, to list its glucose monitoring products on Humana’s Medicare formularies but later discovered that it had overpaid certain rebates to Humana.[253]  The relator alleged that, after Humana notified Roche that it would be removing Roche’s products from the formularies, Roche forgave the majority of that debt in exchange for remaining on Humana’s formularies and excluding competing brand products from those formularies.[254]  In denying the defendants’ motions to dismiss, the district court explained that the relator need not identify a specific claim for payment that “included items or services resulting from an AKS violation,” as Humana’s Medicare contracts required monthly payment claims covering the products at issue, and the allegations “necessarily le[d] to the conclusion that Humana presented claims to CMS that were tainted by the alleged fraud.”[255]  The court further explained that, even if the debt forgiveness arrangement “had a legitimate business purpose,” it could constitute “illegal remuneration for AKS purposes if one reason for it was to compensate[] past or induce[] future referrals.”[256] Addressing the Remuneration Element.  In State v. MedImmune, Inc.,[257] the U.S. District Court for the Southern District of New York held that the State of New York adequately pled that “the sharing of [personal health information (“PHI”)] with specialty pharmacies could plausibly constitute ‘remuneration’ in violation of the federal anti-kickback statute” so as to support the State’s claim that MedImmune caused a specialty pharmacy to submit false billing certifications in violation of the New York State False Claims Act.[258]  Although the State alleged that MedImmune sales personnel would “curry favor” with hospital administrators in exchange for access to confidential PHI, the crux of the State’s claims centered on whether MedImmune violated the AKS by passing that PHI on to the specialty pharmacy as “leads” to use in pursuing prime candidates for MedImmune’s neonatal respiratory drug.[259]  The ruling joins the growing number of district courts taking a broad approach to the definition of “remuneration” under the AKS at the motion-to-dismiss stage. B.    Legal Challenges to AKS-Based Theories In December, DOJ moved to dismiss 11 qui tam FCA actions brought by Health Choice Group, LLC against multiple pharmaceutical companies.[260]  Rejecting allegations that the defendants violated the AKS by providing prior authorization assistance and arranging for nurses to educate patients on proper administration of newly prescribed medicines, the government argued that the relators’ allegations “lack[ed] sufficient factual and legal support” and would be contrary to previous guidance issued by HHS OIG on the provision of patient educational materials and informational programs.[261] The government emphasized that the right for a qui tam plaintiff to proceed in the absence of government intervention “is not absolute,” and it moved for dismissal given the need to “preserv[e] scarce government resources and protect[] important policy prerogatives of the federal government’s healthcare programs.”[262]  Specifically, the government maintained that the “relators should not be permitted to indiscriminately advance claims on behalf of the government against an entire industry that would undermine common industry practices the federal government has determined are . . . appropriate and beneficial to federal healthcare programs and their beneficiaries,” including the “provision of educational information and instruction to patients” once a physician “has appropriately prescribed a medication.”[263]  Although the fact that the relator was an entity created to bring FCA qui tam suits may have impacted DOJ’s approach to these cases, the government’s effort to dismiss these actions—like the Campie case discussed above—may signal a potential shift in enforcement policy under the parameters outlined in the updated Justice Manual and Granston Memo. Whereas DOJ opted to challenge Health Choice Group’s AKS theories, both DOJ and HHS OIG have challenged patient assistance programs under kickback-based theories over the past few years.  Indeed, in our 2017 Year-End Update, we discussed HHS OIG’s increased scrutiny of patient assistance programs, including the unprecedented rescission of guidance previously issued to an industry-funded charity that operated a patient assistance program due to alleged breaches of two commitments related to donor independence.[264]  We also discussed the $210 million settlement in December with another patient assistance charity for similar violations.[265] In response to this enforcement and regulatory environment, a patient assistance charity filed a lawsuit in January challenging HHS OIG advisory opinions regarding interactions with pharmaceutical industry donors on First Amendment grounds.[266]  The charity’s complaint alleges that recent revisions to an advisory opinion infringe on the charity’s freedom of speech.  According to the charity, it had relied on the advisory opinion since 2002, and the revisions came after a three-year negotiation period with HHS OIG following its release of a special bulletin in 2014 that warned about the risk of fraud and abuse at patient assistance charities.  Among the revisions are required commitments not to solicit donor suggestions as to the selection of which diseases to address through funding decisions, not to let donors influence the distribution of funding, and not to fund disease therapies at the request of donors that sell treatments for those diseases.  At its core, the complaint alleges that these required commitments amount to “new and oppressive restrictions that cripple [the charity’s] ability to carry out its charitable efforts.”[267] The court recently granted the government’s motion for limited discovery into whether the charity waived its First Amendment rights by agreeing to the advisory opinion’s terms and “whether the interests promoted by enforcement of the speech-related provisions of OIG’s advisory opinion outweigh any public policy harms that would result from enforcement.”[268]  As the lawsuit progresses, it could develop into a case with serious implications for the government’s ability to control truthful speech regarding federally reimbursable drugs. C.    Rulemaking HHS made headlines in 2018 with a proposed rule that would roll back a significant AKS safe harbor.  In mid-July, HHS submitted a proposed rule for review and clearance to the Office of Management and Budget (“OMB”) titled “Removal Of Safe Harbor Protection for Rebates to Plans or PBMs Involving Prescription Pharmaceuticals and Creation of New Safe Harbor Protection.”[269]  Although the substance of the rule was not publicly available, the title made clear that HHS was considering potentially allowing AKS enforcement actions against either drug manufacturers, Pharmacy Benefit Managers (“PBMs”), or both, when manufacturers pay PBMs rebates for services such as exclusively covering a manufacturer’s products or favoring such products through a prescription benefit plan.  On January 31, 2019, HHS ultimately issued a proposed rule that would amend the definition of “discount” to eliminate the safe harbor covering rebates paid to Part D insurers, Medicaid managed care organizations, and PBMs.[270]  The rule change would not impact discounts to distributors, providers, and pharmacies.  With a proposed effective date of January 1, 2020, the rule also would add two new safe harbors protecting discounts provided directly to patients “at the point of sale,” if those discounts meet certain criteria, as well as “low risk” fixed fee arrangements for services provided by PBMs to manufacturers, if pursuant to written agreements that reflect fair market value and are not tied to the volume or value of generated business. Such a shift in safe harbor policy would be consistent with the administration’s “American Patients First: The Trump Administration Blueprint to Lower Drug Prices and Reduce Out-of-Pocket Costs” initiative discussed below.  HHS Secretary Alex Azar also has hailed the proposal as having “the potential to be the most significant change in how Americans’ drugs are priced at the pharmacy counter, ever,” and has praised its potential impact on transparency in the drug markets.[271] In August, HHS also sought comments on the proposal to expand certain safe harbors and exceptions to the Civil Monetary Penalty’s (“CMP”) definition of “remuneration” in an effort to “foster arrangements that would promote care coordination and advance the delivery of value-based care.”[272]  Recognizing the “broad reach of the [AKS] and beneficiary inducements CMP as a potential impediment to beneficial arrangements that would advance coordinated care,”[273] HHS solicited feedback on potential “care coordination,” “value-based arrangements,” “alternative payment models,” “innovative technology” arrangements, and “other novel financial arrangements,” as well as “the types of incentives providers, suppliers, and others are interested in providing to beneficiaries” to improve quality of care, care coordination, and patient engagement.[274]  HHS also sought input on the benefits and risks of “relieving or eliminating beneficiary cost-sharing obligations,” proposals for donated or subsidized “cybersecurity-related items and services” for providers, and implementation of other recently passed legislation.[275]  HHS received over 350 comments before the end of the comment period in October.  The AKS consistently has faced industry critique that its provisions are outdated and unable to keep pace with innovative technologies and shifting reimbursement trends that have moved from fee-for-service systems to more outcome- and value-based models.  The allowance for new value-based pricing, collaboration, and risk-sharing arrangements may provide opportunities to align incentives among providers and market participants, as well as opportunities to leverage the specialized knowledge and experience of drug and device manufacturers to identify potential avenues for coordinating and optimizing care in a more cost-effective and patient-friendly manner. Whether HHS incorporates the industry’s feedback remains to be seen, but we will keep you apprised of any developments related to these proposed policy changes in future updates. D.    Legislative Developments Under the Physician Payments Sunshine Act provisions of the PPACA, drug and device manufacturers must report annually payments made to physicians and teaching hospitals.[276]  To increase transparency and accountability, the “Open Payments” database catalogues information about those payments in a searchable online repository available to the public.  One legislative development in 2018 will impact such future reporting requirements. The SUPPORT for Patients and Communities Act noted above expanded these reporting requirements for pharmaceutical and medical device manufacturers.  As of January 1, 2022, manufacturers also must report through the Open Payments system any transfer of value to physician assistants, nurse practitioners, clinical nurse specialists, certified registered nurse anesthetists, and certified nurse midwives.[277] E.    HHS OIG Guidance HHS OIG issued a number of advisory opinions discussing the AKS in 2018, although only three pertained to drug and device manufacturers. In May, HHS OIG endorsed an arrangement under which a company that manufactures and distributes medical devices and pharmaceutical products provides free samples of ostomy products to patients and then contracts with a third party to conduct customer satisfaction surveys regarding the sample products.[278]  HHS OIG gave significant weight to the fact that the company informs patients that they are not permitted to bill third-party payors for sample products, meaning federal health care programs should not incur any costs associated with the arrangement.[279]  Further, HHS OIG noted that the contractor conducting the surveys does not sell the medical device company’s products and is not compensated in connection with future sales of such products.[280] On September 10, HHS OIG evaluated a surgical device and wound care product manufacturer’s proposed warranty program for a suite of three products used in joint replacements.[281]  Under the program, the manufacturer would refund hospitals for the aggregate purchase price of the product suite without regard to insurance status or payor if (1) an inpatient received all three products within the “suite,” (2) the patient was readmitted to the same hospital as an inpatient within 90 days due to a surgical site infection or for a revision to the implanted system, and (3) each of the manufacturer’s products was used in accordance with its instructions for use and other labeling, and the hospital certifies that the readmission was due to a failure of the product “to perform as expected.”[282]  Although HHS OIG concluded that the safe harbor for warranties, 42 C.F.R. § 1001.952(g), does not apply to bundled items, it concluded that the proposed arrangement “pose[d] a sufficiently low risk of fraud and abuse under the [AKS].”[283] Specifically, because none of the products in the suite is separately reimbursable, HHS OIG found that the risk of “overutilization,” “inappropriate” product use, and increased Medicare costs was low given the incentive for hospitals to choose the best product.[284]  HHS OIG also emphasized the increased transparency and oversight stemming from required cost reporting and the manufacturer’s commitment to meet all seller obligations under the warranties safe harbor, which would “put hospitals on notice of their obligation to appropriately report any refund they obtained.”[285]  Beyond recognizing the “innovative and potentially beneficial” qualities of the warranty program in reducing readmission through encouraged use of the product suite, HHS OIG also cited proposed hospital certifications certifying that physicians would remain responsible for medical decisions, as well as the lack of exclusivity requirements or other quotas, minimums, and volume- or referral-based eligibility criteria.[286] On November 13, HHS OIG concluded that a drug company’s proposal to provide free doses of its drug to hospitals to treat inpatients with a particular condition could constitute improper remuneration under the AKS.[287]  The company proposed to stock the drug at participating hospitals on a consignment basis, under which physicians seeking to prescribe the drug would submit a referral to the drug’s reimbursement hub and initiate therapy using the free vial.[288]  The reimbursement hub would provide additional free vials if needed for inpatient use and would provide the same for outpatients unable to secure insurance coverage for the drug.[289] Considering publicly available information outside of the materials submitted by the drug company, HHS OIG provided several reasons for its decision, including that: the proposed arrangement “would relieve a hospital of a significant financial obligation that [it] otherwise would incur” in light of the “substantial price increases” for the drug in recent years; “no portion of the significant savings [to the hospital] . . . would be passed on to the Federal health care programs” since the drug is not separately reimbursable in the inpatient setting; the proposal “could function as a seeding arrangement,” because insurers (including federal health care programs) may end up paying for the drug when insured patients need to finish the treatment on an outpatient basis, and because providing the free drug to inpatients “facilitates [the] high price for the [d]rug’s other indications”; it “could result in steering or unfair competition” by “influenc[ing] prescribers to consider the [d]rug as a first option”; providing the drug on the proposed consignment basis actually would eliminate two of the barriers cited by the drug company (i.e., immediate access and unwillingness to bear excess inventory risks); and certifications that the free vials would not be contingent on future purchases “ring[] hollow,” as “receipt of the free vial would be contingent on future purchases of the [d]rug” for any outpatients who have insurance coverage and must purchase the drug to avoid potential adverse medical consequences from halting the treatment they began for free on an inpatient basis.[290] VI.    DRUG PRICING Signaling a reinvigorated focus on drug pricing, the Trump Administration announced the “American Patients First: The Trump Administration Blueprint to Lower Drug Prices and Reduce Out-of-Pocket Costs” initiative (the “Blueprint”) in May 2018, which aims to lower prices for consumers through a combination of increasing competition among drug manufacturers, strengthening Medicare’s negotiating power, and lowering Medicare and Medicaid list prices.[291] The announcement of the Blueprint spurred several related HHS and FDA initiatives throughout 2018, and the administration’s focus on drug pricing shows no signs of abating as we transition into 2019.  Further, the House Committee on Oversight and Reform already has “launched one of the most wide-ranging investigations in decades into the prescription drug industry’s pricing practices” with the goal of “determin[ing] why drug companies are increasing prices so dramatically, how drug companies are using the proceeds, and what steps can be taken to reduce prescription drug prices.”[292]  The investigation will begin with requests for detailed information and documents regarding pricing practices from 12 drug companies, and the Committee has pledged to “hold its first of several hearings in the coming weeks.”[293] Below, we address several other notable moves by HHS and FDA on the drug pricing front. A.    Rulemaking In support of the Blueprint’s efforts to increase pricing competition and negotiations and lower list prices, CMS proposed several rules in the latter half of the year that could impact drug pricing in the future. In October, CMS proposed a rule that would require direct-to-consumer (“DTC”) television ads for certain Medicare- and Medicaid-reimbursable prescription drugs and biological products to display the list price of the drug or product.[294]  Although CMS touted the ability of consumers to “price shop” based on the pricing information that would be included in the ads,[295] it is unclear how the market would react to such pricing information, as most customers do not pay list prices for prescription drugs or biological products.  The proposed rule also clarifies that the Secretary of HHS would maintain an annual “public list” of all drugs and biological products that it identifies as “in violation of th[e] rule” but indicates that the “primary enforcement mechanism” would be “the threat of private actions” under the Lanham Act’s prohibitions on false or misleading advertising.[296]  The comment period ended on December 17, 2018.  If the proposed rule moves forward, it may trigger challenges to CMS’s rulemaking authority and First Amendment objections. Also in October, CMS issued an advanced notice of proposed rulemaking to solicit public comments on a new “International Pricing Index” payment model, which aims to “phas[e] down” the prices that Medicare Part B pays for “selected” physician-administered drugs to align more closely with international prices in “economically-similar countries.”[297]  The notice highlights several shortcomings with the current system, including the use of a six percent add-on payment keyed to the price of the drug rather than a “set payment reflecting the service being performed,” as well as the financial risk placed on providers under the traditional “buy-and-bill system.”[298]  In addition to phasing down the Medicare payment amount for selected Part B drugs, the proposed model would “[a]llow [approved] private-sector vendors to negotiate prices for drugs, take title to drugs, and compete for physician and hospital business” and would “[p]ay physicians and hospitals [outpatient departments] the add-on based on a set payment amount structure.”[299]  The comments period for the proposed rule closed on December 31, 2018. In November, CMS also proposed a rule that would introduce changes to Medicare Part D and Medicare Advantage drug plans in an effort to support drug price negotiations and reduce out-of-pocket costs.[300]  The rule proposes to revise certain protections that currently require Medicare Part D plans to cover every FDA-approved drug in six specially designated therapy classes.  The new rule would create certain exceptions to the protected class policy, under which Part D sponsors could use prior authorization and step therapy for protected class drugs, exclude any protected class drugs that are updated formulations of existing protected drugs (even if the old formulation is no longer available), and exclude a protected class drug from its formulary when the price for that drug rises faster than inflation over a designated period.[301]  Consistent with FDA guidance described below on non-protected class drugs, the proposed rule also would allow Part D sponsors to introduce “indication-based formulary design and utilization management” for protected class drugs, allowing them to create drug formularies based on self-chosen disease indications.[302]  Under the proposal, Part D sponsors also must implement a Real-Time Benefit Tool by January 1, 2020, alerting prescribers to lower-cost therapy alternatives under the patient’s plan benefits,[303] and the plans’ Explanation of Benefits must include information about negotiated price changes and lower-cost therapeutic alternatives for beneficiaries.[304] B.    Related Guidance In August, CMS issued two guidance documents with potential implications for drug pricing.  Rescinding previous guidance, CMS issued a memorandum on August 7, 2018, permitting Medicare Advantage (“MA”) plans to use step therapy for Part B drugs as of January 1, 2019, “as part of a patient-centered care coordination program.”[305]  Step therapy is a form of prior authorization that begins patients on medication “with the most preferred drug therapy” for a particular medical condition and “progresses to other therapies only if necessary,” allowing some patients to begin treatment with a more cost-effective medication before moving to more expensive options if the first proves ineffective.[306]  In issuing the guidance, CMS emphasized that allowing step therapy for Part B drugs “will help achieve the goal of lower drug prices while maintaining access to covered services and drugs for beneficiaries,”[307] and it clarified that an MA plan opting for step therapy Part B drugs must “offer beneficiaries an opportunity to participate in drug management care coordination activities”[308] and should pass on savings and encourage enrollees to participate in such programs by “offering rewards in exchange for enrollee participation” in accordance with applicable laws.[309]  MA plans that choose to offer Part B step therapy programs also must adhere to certain disclosure and reporting obligations outlined in the guidance. In another reversal, CMS issued a memorandum on August 29, 2018, allowing Medicare Part D plans to tailor on-formulary coverage by drug indication.[310]  Such “indication-based formulary design” is allowed in the private sector, but Part D plans currently must cover every FDA-approved indication for drugs included on their formularies, which can limit their ability to negotiate discounts.[311]  CMS hopes that the flexibility of including different drugs for different indications will “provide additional negotiating leverage” on drug prices and lead to greater diversity of drug choices and coverage plans.[312]  The memorandum also clarifies that Part D sponsors must include a “therapeutically similar drug on formulary” for any indications for which it plans to limit coverage of a particular drug.[313]  In addition, Part D plan sponsors must update beneficiary materials to communicate any indication limitations.[314] FDA also took action aimed at increasing the availability of nonprescription drugs and lowering drug prices, including through issuing draft guidance that outlines potential approaches to consider when demonstrating safety and effectiveness for nonprescription drug products,[315] issuing 63 product-specific guidances to promote generic drug access and drug price competition,[316] establishing a working group to examine the possibility of “import[ing] prescription drugs from other countries in the event of a dramatic price increase” for drugs with only one manufacturer and without patents or exclusivities,[317] and releasing a Biosimilar Action Plan to improve the development and approval process and “encourag[e] innovation and competition among biologics and the development of biosimilars.”[318] VII.    MEDICAL DEVICES In 2018, FDA published multiple guidance documents and rulemakings aimed at making device clearance approval processes more efficient, fostering innovation, and promoting cybersecurity and device safety.  In this section, we provide an overview of CDRH’s strategic priorities, the significant reforms of the device premarket review programs, the Medical Device Safety Action Plan, other guidance developments, and device-related enforcement activity. A.    CDRH Strategic Priorities for 2018 to 2020 CDRH’s strategic priorities for 2018 to 2020 aim to ensure that patients in the United States are the first in the world to have access to cutting-edge, safe, and effective devices.[319]  CDRH’s ultimate goal is for more than 50% of manufacturers of novel technologies to “intend to bring their devices to the U.S. first or in parallel with other major markets by December 31, 2020.”[320]  In order to achieve this broad goal, CDRH will focus on three strategic priorities, namely (1) improving employee engagement, (2) increasing simplicity, and (3) building collaborative communities.[321]  The report suggests FDA’s awareness that the regulatory process must be made less burdensome in order to ensure that the United States remains a country that fosters innovation. Finding that “[its] issues are often complex,” and “[its] solutions and processes do not necessarily have to be,”[322] CDRH is making it a priority to promote simplicity by streamlining its policies, processes, and programs to more quickly and efficiently achieve CDRH’s goal and vision.  As stated in the report, this may involve “removing unnecessary burdens [CDRH] impose[s] on [itself], such as through cumbersome processes, vague policies, and out of date information technology systems.”[323] With respect to collaborative communities, CDRH states that the American public is best served when stakeholders, including CDRH, work together to proactively solve problems.  To that end, CDRH aims to establish at least ten new Collaborative Communities by December 31, 2020, which will allow consumers to take a more active role in “the advancement of smart regulation.”[324]  One example proposed by CDRH included collaborative forums for next generation sequencing tests, in which clinicians, test developers, patients, and other professionals would work together to assess the evolving science and recommend when there is adequate evidence supporting the association between particular genetic variants and specific diseases or conditions.[325] B.    Reforms of FDA’s Premarket Review Program In 2018, FDA focused on reinvigorating and streamlining the premarket review of medical devices, particularly the 510(k) program, which remains the most common premarket pathway for devices.  Eighty-two percent of the devices cleared or approved in 2017 were through a 510(k).  These activities followed FDA Commissioner Gottlieb’s ongoing goals to modernize 510(k) review, permitting increased flexibility and facilitating a streamlined process that could potentially accelerate the rate at which new innovations are brought to market.[326] Older Predicate Devices.  On November 26, 2018, FDA announced that it would seek to reduce the reliance on older predicate devices (e.g., predicates that are less than ten years old) and “to drive innovators toward reliance on more modern predicate devices or objective performance criteria.”[327]  FDA also is considering making public those 510(k)-cleared devices that demonstrated substantial equivalence to older predicates.  While emphasizing that the agency did not believe that devices that rely on older predicates are unsafe, FDA’s view is “that encouraging product developers to use more modern predicates would give patients and their doctors a choice among older and newer versions of a type of device, promote greater competition to adopt modern features that improve safety and performance, and help make sure that newer devices reflect more modern technology and standards that can improve patient care and outcomes.”[328] New Safety and Performance Based Pathway.  Last month, FDA finalized guidance on the new “Safety and Performance Based Pathway,” which expands on the concepts underlying the Abbreviated 510(k) pathway. The new pathway relies on modern performance-based criteria and current technological principles to demonstrate substantial equivalence, replacing the direct, head-to-head comparisons to older predicates that have been a feature of traditional 510(k)s.[329]  Devices eligible for this pathway must satisfy all of the following factors:  they have indications for use and technological characteristics that do not raise different questions of safety and effectiveness than the identified predicate, and the predicate is within the scope of the list of eligible device types; the performance criteria align with the performance of one or more legally marketed devices of the same type as the new device; and the new device meets all the FDA-identified performance criteria.  All performance criteria will be published in FDA guidance, and FDA intends to publish guidance on the performance criteria for each device type and recommended testing methods. Expanded Special 510(k) Program.  FDA has initiated a pilot program to expand the scope of the Special 510(k) Program, as described in draft guidance issued on September 28, 2018.[330]  The Special 510(k) Program is a streamlined review process for minor, well-defined changes made to already cleared devices.  Originally, the program did not include changes affecting a device’s intended use or fundamental scientific technology, but the draft guidance makes these changes potentially eligible for this faster review. Improvements for the De Novo Classification Process.  FDA anticipates that the reforms to the 510(k) pathway may result in an uptick in De Novo classifications.  In December 2018, FDA proposed a new rule establishing detailed procedures and criteria for the De Novo classification process to expand the use of the De Novo pathway by providing structure and clarity to applicants seeking this classification for novel, low to moderate risk devices under the FDCA, 21 U.S.C. 360c(f)(2).[331]  If finalized, the rule would become part of the Medical Device Classification Procedures under 21 C.F.R. Part 860.[332] The proposed rule defines the term “De Novo request” and includes guidance on requirements related to the format and content of De Novo requests, as well as procedures for review and criteria for accepting, granting, declining, and withdrawing them.  It reiterates that an applicant may submit a De Novo request after submitting a 510(k) and receiving a not substantially equivalent (“NSE”) determination, or before submitting the 510(k) if the applicant “determines that there is no legally marketed device upon which to base a determination of substantial equivalence.”[333]  The proposed rule specifies that requests must include “administrative information, regulatory history, device description, classification summary information, benefits and risks of device use, and performance data to demonstrate reasonable assurance of safety and effectiveness.”[334]  FDA may refuse to accept or decline a De Novo request if the request is incomplete or the device is ineligible for such a classification.[335] Other Notable Guidance Relating to Device Premarket Review. The Q-Submission Program – draft guidance.  The Q-Submission Program includes pre-submission interactions between developers and FDA as well as additional early opportunities to engage with the agency.[336]  The draft guidance provides an overview of all available mechanisms through which an applicant can request feedback or a meeting with FDA regarding potential or planned device applications.[337] Refuse to Accept Policy for 510(k)s.  The guidance document updates the procedures and criteria FDA intends to use in assessing whether a 510(k) submission meets a minimum threshold of acceptability and therefore should be accepted for substantive review to account for combination drug/device products.[338] Acceptance of Clinical Data to Support Medical Device Applications and Submissions.  The guidance helps manufacturers understand requirements for data submitted from clinical investigations conducted outside the United States, which must be from investigations conducted in accordance with good clinical practice, including review and approval by an independent ethics committee (IEC) and informed consent from subjects.[339] Determination of Substantial Equivalence for 510(k)s.  This guidance helps 510(k) submitters demonstrate substantial equivalence and is aimed at improving the predictability, consistency, and transparency of the 510(k) premarket review process, and serves as an aid for evaluating the benefit-risk profile of a new device in comparison to the predicate device.[340] 510(k) Third-Party Review Program – draft guidance.  This draft guidance describes the factors FDA will use in determining which types of devices are eligible for third-party review, outlines the process for the recognition and suspension of third-party review organizations, and aims to ensure consistent quality of work among approved third-party review organizations.[341] Multiple Function Device Products – draft guidance.  The draft guidance explains FDA’s proposed regulatory approach and policy for all multiple function device products and clarifies when and how FDA intends to assess the impact of other functions not subject to premarket review.[342]   Acceptance and Filing Reviews for Premarket Approval Applications.  This guidance updates prior PMA filing guidance to clarify requirements for combination drug/device products.[343] C.    Medical Device Safety Action Plan In April, FDA released the Medical Device Safety Action Plan, outlining its vision for how FDA will encourage innovation that spurs the development of safer devices, promotes earlier detection of risks, and facilitates communication of risk information to physicians and patients.[344]  To realize this objective, the plan sets out five areas of focus: Establish a robust medical device patient safety net in the United States; Explore regulatory options to streamline and modernize timely implementation of post-market mitigations; Spur innovation towards safer medical devices; Advance medical device cybersecurity; and Integrate the CDRH premarket and post-market offices and activities to advance the use of a Total Product Life Cycle (“TPLC”) approach to device safety.[345] Of particular interest is FDA’s proposal to address the threat of security breaches or other cybersecurity vulnerabilities that could harm patients who are using devices with advanced interconnected technologies, such as implantable cardiac pacemakers.  FDA’s plan will consider new requirements for developers, including built-in update mechanisms in medical devices and the development of a “Software Bill of Materials,” which would be used by health care providers and consumers to determine how the device functions, what software is required, and the technology upon which the device relies.[346]  FDA also is exploring the creation of a public-private partnership called the CyberMed Safety (Expert) Analysis Board, the primary role of which would be to assess vulnerability, evaluate risks, and investigate suspected or confirmed device compromises at the request of FDA or manufacturers.[347] The plan emphasizes continuing FDA’s work to establish the National Evaluation System for Health Technology (“NEST”), an active surveillance and evaluation system, developed via a public-private partnership, which would complement existing device vulnerability coordination and response mechanisms.[348]  NEST’s capabilities will “help improve the quality of real-world evidence that FDA can use to detect emerging safety signals quickly and take appropriate actions.”[349]  FDA also intends to consider whether it has the authority to impose special controls to address new or increased risks of devices, more quickly than through rulemaking.[350] D.    FDA Guidance on Devices with Cybersecurity Risk In October 2018, FDA published draft guidance containing recommendations to help ensure that device manufacturers are adequately addressing evolving cybersecurity threats.  This draft guidance builds on the premarket cybersecurity guidance FDA issued in 2014, and is aimed to ensure that marketed medical devices are sufficiently resilient to evolving cybersecurity threats.[351]  The draft guidance provides recommendations regarding device design, labeling, and the documentation that should be included in premarket submissions for devices with cybersecurity risk.[352] The guidance aims to assist manufacturers to: (1) “employ a risk-based approach to the design and development of medical devices with appropriate cybersecurity protections”; (2) “take a holistic approach to device cybersecurity by assessing risks and mitigations throughout the product’s lifecycle”; (3) “ensure maintenance and continuity of critical device safety and essential performance”; and (4) “promote the development of trustworthy devices to help ensure the continued safety and effectiveness of the devices.”[353] Also in October 2018, FDA became party to a multi-agency agreement that includes the Department of Homeland Security (“DHS”) implementing a framework for greater coordination and information-sharing about medical device cybersecurity vulnerabilities and threats.[354]  FDA also supported the development of a Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook.[355]  The playbook provides tools and resources to enable health care delivery organizations to prepare for and respond to medical device cybersecurity incidents, including a standardized approach to response efforts.[356] E.    Drug-Use-Related Software On November 20, FDA began soliciting public comment on its proposed framework for regulating prescription-drug-use-related software “disseminated by or on behalf of a sponsor that accompanies one or more of the sponsor’s prescription drugs or biologics,” intended to provide clarity to stakeholders and promote innovation.[357]  Under this framework, FDA anticipated that in most instances, the prescription-drug-use-related software would not require FDA review before being disseminated.  FDA would regulate the output of the software (such as screen displays or audio messages) as promotional drug labeling subject to post-marketing requirements.  Prior FDA approval would be required in certain circumstances, such as “when a sponsor seeks to demonstrate that software has an effect on a clinically meaningful outcome and seeks to include information about the software in the FDA-required drug labeling.”[358]  The framework would not apply to software independently developed by a third party for use with prescription drugs, unless the drug sponsor licenses the software and disseminates it for use with its drug.[359] F.    Delayed Enforcement Requirements FDA has issued two guidance documents delaying implementation deadlines, thus giving manufacturers additional time to comply with the requirements at certain UDI and postmarket safety reporting requirements. On November 5, 2018, FDA informed device manufacturers that it was pushing back enforcement of unique device identification (“UDI”) compliance deadlines for at least two years for some Class I and unclassified medical devices, as well as certain other non-sterile devices requiring direct marking.[360]  For Class I and certain unclassified medical devices manufactured and labeled on or after September 24, 2018, UDI labeling, standard date format, and Global Unique Device Identification Database data submission requirements will not be enforced until Sept. 24, 2020.  FDA also is delaying the direct mark requirement for these devices, which requires devices to bear a UDI on the device itself if the device is reusable and must be reprocessed between uses, by two years until September 24, 2022.  Further, FDA will not enforce UDI direct mark requirements for Class III, life-supporting or life-sustaining, and Class II non-sterile devices that were manufactured and labeled prior to their UDI direct mark compliance deadline and remain in inventory, if the UDI “can be derived from other information directly marked on the device.” The enforcement delays came as a response to FDA’s experience thus far implementing UDI requirements for Class II, Class III, and implantable, life-supporting, or life-sustaining devices.[361]  Because FDA expects a similarly high volume of issues and questions from labelers of Class I and unclassified devices, FDA opted to focus on “addressing existing implementation challenges and optimizing the quality and utility of UDI data for higher-risk devices before focusing on UDI implementation issues for lower-risk devices.”[362] FDA also chose to delay reporting requirements for Combination Product Applicants, subject to the Combination Product Post-marketing Safety Reporting (“PMSR”) Final Rule.[363]  The decision to delay enforcement was intended to ensure that applicants have sufficient time to: (1) update reporting and recordkeeping systems and procedures, including information technology systems; (2) comply with the requirements; and (3) consider the recommendations and technical specifications that FDA intends to provide through guidance to support compliance.  In addition to the final guidance delaying the PMSR requirements, FDA also issued draft guidance that provides additional details on PMSR compliance.[364] G.    Device-Related Enforcement Letters In addition to the enforcement letters related to promotional issues and QSR/cGMP issues noted above, FDA also issued several Warning Letters for other device-related violations, such as violations of submissions, reporting, and postmarket surveillance requirements.[365] Becton Dickinson & Company.[366]  In January, the manufacturer of blood collection tubes was admonished for numerous alleged violations, including failure to file a 510(k) following significant changes to its products and failure to submit medical device reports to FDA. Fujifilm, Olympus Medical Systems Corp., Hoya Corp.[367]  In March, FDA issued Warning Letters to the three duodenoscope manufacturers in the United States for failure to comply with requested post-market surveillance studies to assess contamination risk. SynCardia Systems LLC.[368]  In early April, FDA criticized the manufacturer of a temporary artificial heart system for allegedly violating Medical Device Reporting requirements after failing to report information about a death possibly associated with use of the device. VIII.    CONCLUSION With drug pricing, patient assistance, and the opioid epidemic in the news frequently, we anticipate that 2019 will see some noteworthy developments for drug and device companies.  We will track those events and report back in our next alert.  In the meantime, if you have questions regarding the matters addressed above, we would welcome the opportunity to speak with you. [1] United States’ Mot. to Dismiss Relator’s Second Am. Compl., United States ex rel. Health Choice Grp., LLC v. Bayer Corp., Onyx Pharm., Inc., Amerisourcebergen Corp., & Lash Grp., No. 5:17-CV-126-RWS-CMC (E.D. Tex. Dec. 17, 2018). [2] Press Release, House Comm. on Oversight & Reform, Oversight Committee Launches Sweeping Drug Price Investigation (Jan. 14, 2019), https://oversight.house.gov/news/press-releases/oversight-committee-launches-sweeping-drug-price-investigation. [3] U.S. Food & Drug Admin., FDA 2019 Lapse in Funding Information, https://www.fda.gov/AboutFDA/WorkingatFDA/ucm629100.htm (last updated Jan. 18, 2019). (archived here) [4] See U.S. Dep’t of Justice, Associate Attorney General Rachel Brand, Limiting Use of Agency Guidance Documents In Affirmative Civil Enforcement Cases (Jan. 25, 2018), https://www.justice.gov/file/1028756/download. [5] See id. [6] See Memorandum, U.S. Dep’t of Justice, Factors for Evaluating Dismissal Pursuant to 31 U.S.C. 3730(c)(2)(A) (Jan. 10, 2018), https://assets.documentcloud.org/documents/4358602/Memo-for-Evaluating-Dismissal-Pursuant-to-31-U-S.pdf. [7] U.S. Dep’t of Justice, Justice Manual, Section 4-4.111, U.S. Dep’t of Justice, https://www.justice.gov/jm/jm-4-4000-commercial-litigation#4-4.111. [8] See Memorandum, U.S. Dep’t of Justice, Individual Accountability for Corporate Wrongdoing (Sept. 9, 2015), https://www.justice.gov/archives/dag/file/769036/download. [9] Rod J. Rosenstein, U.S. Deputy Attorney General, Remarks at the American Conference Institute’s 35th International Conference on the Foreign Corrupt Practices Act (Nov. 29, 2018), https://www.justice.gov/opa/speech/deputy-attorney-general-rod-j-rosenstein-delivers-remarks-american-conference-institute-0 (emphasis added). [10] Certain settlements involving multiple FCA-related theories may appear twice in case totals and recovery amounts. [11] Publication of OIG Special Advisory Bulletin on Patient Assistance Programs for Medicare Part D Enrollees, 70 Fed. Reg. 70623, 70624 (Nov. 22, 2005), https://oig.hhs.gov/fraud/docs/alertsandbulletins/2005/2005papspecialadvisorybulletin.pdf. [12] See, e.g., U.S. Dep’t of Health and Human Servs., Office of Inspector Gen., Notice of Modification of OIG Advisory Opinion No. 02-01 at 1 (Mar. 3, 2017), https://oig.hhs.gov/fraud/docs/advisoryopinions/2017/AdvOpn02-1-mod.pdf. [13] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Drug Maker Actelion Agrees to Pay $360 Million to Resolve False Claims Act Liability for Paying Kickbacks (Dec. 6, 2018), https://www.justice.gov/opa/pr/drug-maker-actelion-agrees-pay-360-million-resolve-false-claims-act-liability-paying. [14] Id. [15] Id. [16] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Drug Maker Pfizer Agrees to Pay $23.85 Million to Resolve False Claims Act Liability for Paying Kickbacks (May 24, 2018), https://www.justice.gov/opa/pr/drug-maker-pfizer-agrees-pay-2385-million-resolve-false-claims-act-liability-paying-kickbacks. [17] Id. [18] Id. [19] Id. [20] Id. [21] Id. [22] Id. [23] Id. [24] See Jazz Pharmaceuticals Public Limited Company, Form 10-Q, at 70 (filed May 8, 2018), http://services.corporate-ir.net/SEC.Enhanced/SecCapsule.aspx?c=210227&fid=15625057. [25] See id. [26] See Jazz Pharmaceuticals Public Limited Company, Form 10-Q, at 21 (filed Nov. 6, 2018), http://services.corporate-ir.net/SEC.Enhanced/SecCapsule.aspx?c=210227&fid=15903029. [27] Press Release, Lundbeck, Lundbeck reaches voluntary agreement in principle with U.S. Department of Justice (June 6, 2018), https://investor.lundbeck.com/news-releases/news-release-details/lundbeck-reaches-voluntary-agreement-principle-us-department. [28] Id. [29] Corp. Governance, Lundbeck, http://www.lundbeck.com/global/about-us/corporate-governance/risk-management (last modified Feb. 7, 2018). [30] Press Release, Patient Services Inc., PSI Files Lawsuit Against U.S. Department of Health and Human Services (Jan. 9, 2018), https://www.patientservicesinc.org/news/psi-files-lawsuit-against-u-s-department-of-health-and-human-services-for-violating-its-free-speech-rights. [31] See Insys Therapeutics, Inc., Form 10-Q, at 17–18 (filed Nov. 9, 2018), https://insysrx.gcs-web.com/static-files/9a1a1a6e-3e61-4ab0-9826-f238f3a0d930; United States’ Compl. in Intervention at 4–5, U.S. ex rel. Maria Guzman v. Insys Therapeutic, Inc., No. 2:13-CV-05861-JLS-AJW (C.D. Cal. Apr. 13, 2018). [32] United States’ Compl. in Intervention at 4–5, U.S. ex rel. Maria Guzman v. Insys Therapeutic, Inc., No. 2:13-CV-05861-JLS-AJW (C.D. Cal. Apr. 13, 2018). [33] Id. at 5. [34] Id. at 13–33. [35] Press Release, U.S. Dep’t of Justice, U.S. Attorney’s Office, D. of Mass., Former Vice President of Insys Pharmaceuticals Pleads Guilty to Racketeering Scheme (Nov. 28, 2018), https://www.justice.gov/usao-ma/pr/former-vice-president-insys-pharmaceuticals-pleads-guilty-racketeering-scheme. [36] See Information, United States v. Babich, No. 1:16-cr-10343-ADB, No. 652 (D. Mass. Jan. 3, 2019); Parties’ Agreed Statement of Facts, United States v. Babich, No. 1:16-cr-10343-ADB, ECF No. 668 (D. Mass. Jan. 10, 2019). [37] Press Release, U.S. Dep’t of Justice, U.S. Attorney’s Office, E. Dist. of Pa., Abbott Laboratories and AbbVie Inc. to Pay $25 Million to Resolve False Claims Act Allegations of Kickbacks and Off-Label Marketing of the Drug TriCor® (Oct. 26, 2018), https://www.justice.gov/usao-edpa/pr/abbott-laboratories-and-abbvie-inc-pay-25-million-resolve-false-claims-act-allegations. [38] Id. [39] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Medical Device Maker ev3 to Plead Guilty and Pay $17.9 Million for Distributing Adulterated Device; Covidien Paid $13 Million to Resolve Civil Liability for Second Device (Dec. 4, 2018), https://www.justice.gov/opa/pr/medical-device-maker-ev3-plead-guilty-and-pay-179-million-distributing-adulterated-device. [40] Press Release, Medtronic, Medtronic Statement Regarding Recent DOJ Announcement (Dec. 4, 2018), https://www.medtronic.com/us-en/about/news/media-resources/medtronic-statement-regarding-doj.html. [41] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Abiomed, Inc. Agrees to Pay $3.1 Million to Resolve Kickback Allegations (Mar. 8, 2018), https://www.justice.gov/usao-ma/pr/abiomed-inc-agrees-pay-31-million-resolve-kickback-allegations. [42] Id. [43] For example, in 2015 Daiichi Sankyo Inc. paid $39 million to resolve allegations that it made improper payments to physicians for “speaking” on duplicative topics at Daiichi-paid dinners and for lavish dinners that exceeded the company’s own internal cost limitations.  See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Daiichi Sankyo Inc. Agrees to Pay $39 Million to Settle Kickback Allegations Under the False Claims Act (Jan. 9, 2015), https://www.justice.gov/opa/pr/daiichi-sankyo-inc-agrees-pay-39-million-settle-kickback-allegations-under-false-claims-act.  Forest Laboratories LLC and its subsidiary likewise paid $38 million in December 2016 to resolve allegations of improper kickbacks, including allegations that meals with physicians surpassed company cost limitations.  See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Forest Laboratories and Forest Pharmaceuticals to Pay $38 million to Resolve Kickback Allegations Under the False Claims Act (Dec. 15, 2016), https://www.justice.gov/opa/pr/forest-laboratories-and-forest-pharmaceuticals-pay-38-million-resolve-kickback-allegations. [44] See Notice of Intervention for Settlement at 1, U.S. ex rel. Gant Van Der Boom v. Precision Medical Products, Inc., No. 2:15-CV-0428 MCE KJN (E.D. Cal. May 18, 2018). [45] See Second Amended Complaint at 13–18, Precision Medical Products, No. 2:15-CV-0428 MCE KJN (E.D. Cal. Apr. 7, 2017). [46] Id. at 17–18. [47] Id. at 21–24. [48] Id. at 21–23. [49] Id. at 25–30. [50] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, United States Settles False Claims Act Allegations Against Trinity Medical Pharmacy And Principals For More Than $2.2 Million (Aug. 10, 2018), https://www.justice.gov/usao-mdfl/pr/united-states-settles-false-claims-act-allegations-against-trinity-medical-pharmacy-and. [51] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Durable Medical Equipment Provider Lincare Pays $5.25 Million to Resolve False Claims Act Allegations (Aug. 16, 2018), https://www.justice.gov/usao-sdil/pr/durable-medical-equipment-provider-lincare-pays-525-million-resolve-false-claims-act. [52] Press Release, U.S. Dep’t of Justice, U.S. Attorney’s Office, N. Dist. of Ga., LivaNova agrees to pay $1.87 Million to resolve False Claims Act allegations arising from improper kickback payments (Dec. 4, 2018), https://www.justice.gov/usao-ndga/pr/livanova-agrees-pay-187-million-resolve-false-claims-act-allegations-arising-improper. [53] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, AmerisourceBergen Corporation Agrees to Pay $625 Million to Resolve Allegations That it Illegally Repackaged Cancer–Supportive Injectable Drugs to Profit From Overfill (Oct. 1, 2018), https://www.justice.gov/opa/pr/amerisourcebergen-corporation-agrees-pay-625-million-resolve-allegations-it-illegally. [54] Id. [55] Id. [56] Id. [57] Id. [58] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Alere to Pay U.S. $33.2 Million to Settle False Claims Act Allegations Relating to Unreliable Diagnostic Testing Devices (Mar. 23, 2018), https://www.justice.gov/opa/pr/alere-pay-us-332-million-settle-false-claims-act-allegations-relating-unreliable-diagnostic. [59] Id. [60] Id. [61] Press Release, U.S. Dep’t of Justice, U.S. Attorney’s Office, Dist. of Md., Allergan to Pay $3.5 Million to Settle False Claims Act Allegations Relating to LAP-BAND Bariatric Medical Device (Apr. 16, 2018), https://www.justice.gov/usao-md/pr/allergan-pay-35-million-settle-false-claims-act-allegations-relating-lap-band-bariatric. [62] Id. [63] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Medical Device Maker AngioDynamics Agrees to Pay $12.5 Million to Resolve False Claims Act Allegations (July 18, 2018), https://www.justice.gov/opa/pr/medical-device-maker-angiodynamics-agrees-pay-125-million-resolve-false-claims-act. [64] Id. [65] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Government Settles $1.2 Million Lawsuit Against Florida Compounding Pharmacy And Its Owner For Excessive Charges To TRICARE (Sept. 28, 2018), https://www.justice.gov/usao-mdfl/pr/government-settles-12-million-lawsuit-against-florida-compounding-pharmacy-and-its. [66] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Medical Equipment Company Agrees to Pay $5.25 Million to Resolve Allegations of Fraudulent Claims for Compounded Medical Creams (Oct. 22, 2018), https://www.justice.gov/usao-edky/pr/medical-equipment-company-agrees-pay-525-million-resolve-allegations-fraudulent-claims. [67] Id. [68] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Attorney General Sessions Announces New Prescription Interdiction & Litigation Task Force (Feb. 27, 2018), https://www.justice.gov/opa/pr/attorney-general-sessions-announces-new-prescription-interdiction-litigation-task-force. [69] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Deputy Associate Attorney General Stephen Cox Delivers Remarks at the Federal Bar Association Qui Tam Conference (Feb. 28, 2018), https://www.justice.gov/opa/speech/deputy-associate-attorney-general-stephen-cox-delivers-remarks-federal-bar-association. [70] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Deputy Assistant Attorney General James M. Burnham Delivers Remarks to the 2018 Food and Drug Law Institute Conference (Dec. 13, 2018), https://www.justice.gov/opa/speech/deputy-assistant-attorney-general-james-m-burnham-delivers-remarks-2018-food-and-drug-law. [71] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Attorney General Jeff Sessions Announces the Formation of Operation Synthetic Opioid Surge (S.O.S.) (July 12, 2018), https://www.justice.gov/opa/pr/attorney-general-jeff-sessions-announces-formation-operation-synthetic-opioid-surge-sos. [72] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Attorney General Sessions Announces Opioid Fraud and Abuse Detection Unit (Aug. 2, 2017), https://www.justice.gov/opa/pr/attorney-general-sessions-announces-opioid-fraud-and-abuse-detection-unit. [73] Compl. in Intervention ¶ 4, United States v. Insys Therapeutics, Inc., No. CV 13-5861 JLS (AJWx) (C.D. Cal. Apr. 13, 2018). [74] See Insys Therapeutics, Inc., Quarterly Report (Form 10-Q), at 17–18 (Nov. 9, 2018); Third Amended Complaint at 7, U.S. ex rel. Maria Guzman v. Insys Therapeutic, Inc., No. 2:13-CV-05861-JLS-AJW (C.D. Cal., Aug. 13, 2018). [75] Id. at 13–33. [76] Press Release, U.S. Dep’t of Justice, Former Vice President of Insys Pharmaceuticals Pleads Guilty to Racketeering Scheme (Nov. 28, 2018), https://www.justice.gov/usao-ma/pr/former-vice-president-insys-pharmaceuticals-pleads-guilty-racketeering-scheme. [77] See Information, United States v. Babich, No. 1:16-cr-10343-ADB (D. Mass, Jan. 3, 2019); Parties’ Agreed Statement of Facts, Babich, No. 1:16-cr-10343-ADB (D. Mass, Jan. 10, 2019). [78] Mallinckrodt PLC, Annual Report (Form 10-K), at 125 (Feb. 27, 2018); Endo International PLC, Current Report (Form 8-K), at 8.01 (Jan. 11, 2018); Allergan plc, Annual Report (Form 10-K), at F-107 (Feb. 16, 2018). [79] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Department of Justice Files Motion in Multi-District Opioid Case (Apr. 2, 2018), https://www.justice.gov/opa/pr/department-justice-files-motion-multi-district-opioid-case. [80] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Justice Department to File Statement of Interest in Opioid Case (Feb. 27, 2018), https://www.justice.gov/opa/pr/justice-department-file-statement-interest-opioid-case. [81] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Two Chinese Nationals Charged with Operating Global Opioid and Drug Manufacturing Conspiracy Resulting in Deaths (Aug. 22, 2018), https://www.justice.gov/opa/pr/two-chinese-nationals-charged-operating-global-opioid-and-drug-manufacturing-conspiracy. [82] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Attorney General Sessions Takes Further Action to Combat Opioid Crisis – Directs the DEA to Evaluate Aggregate Production Quotas (Mar. 1, 2018), https://www.justice.gov/opa/pr/attorney-general-sessions-takes-further-action-combat-opioid-crisis-directs-dea-evaluate. [83] Controlled Substances Quotas, 83 Fed. Reg. 17329 (proposed Apr. 19, 2018) (to be codified at 21 C.F.R. pt. 1303). [84] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Justice Department, DEA Propose Significant Opioid Manufacturing Reduction in 2019 (Aug. 16, 2018), https://www.justice.gov/usao-edtn/pr/justice-department-dea-propose-significant-opioid-manufacturing-reduction-2019. [85] Press Release, The White House, President Donald J. Trump Signed H.R. 6 into Law (Oct. 24, 2018), https://www.whitehouse.gov/briefings-statements/president-donald-j-trump-signed-h-r-6-law/. [86] SUPPORT for Patients and Communities Act, Public Law No: 115-271, H.R. 6, 115th Cong., § 3292 (2017-2018). [87] Id. § 3273. [88] Id. § 3012. [89] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Olympus Medical Systems Corporation, Former Senior Executive Admit Distributing Endoscopes after Failing to File FDA-Required Adverse Event Reports of Serious Infections (Dec. 10, 2018), https://www.justice.gov/usao-nj/pr/olympus-medical-systems-corporation-former-senior-executive-admit-distributing-endoscopes. [90] Id. [91] Id. [92] Id. [93] Id. [94] Id. [95] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, District Court Orders Florida Company to Stop Distributing Adulterated and Misbranded Drugs (Mar. 28, 2018), https://www.justice.gov/opa/pr/district-court-orders-florida-company-stop-distributing-adulterated-and-misbranded-drugs. [96] Id. [97] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, District Court Enters Permanent Injunction to Stop New Jersey and New York Companies and Executives From Distributing Unapproved and Misbranded Drugs (Aug. 31, 2018), https://www.justice.gov/opa/pr/district-court-enters-permanent-injunction-stop-new-jersey-and-new-york-companies-and. [98] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, District Court Enters Permanent Injunction Against Chicago Companies to Stop Distribution of Adulterated and Misbranded Dietary Supplements and Unapproved and Misbranded Drugs (July 27, 2018), https://www.justice.gov/opa/pr/district-court-enters-permanent-injunction-against-chicago-companies-stop-distribution. [99] Id. [100] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Medical Device Maker ev3 to Plead Guilty and Pay $17.9 Million for Distributing Adulterated Device; Covidien Paid $13 Million to Resolve Civil Liability for Second Device (Dec. 4, 2018), https://www.justice.gov/opa/pr/medical-device-maker-ev3-plead-guilty-and-pay-179-million-distributing-adulterated-device. [101] Id. [102] Id. [103] Id. [104] Id. [105] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, District Court Enters Permanent Injunction Against Arkansas Compounding Pharmacy and its CEO to Prevent Distribution of Adulterated Drugs (Apr. 19, 2018), https://www.justice.gov/opa/pr/district-court-enters-permanent-injunction-against-arkansas-compounding-pharmacy-and-its-ceo; Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, District Court Enters Permanent Injunction Against Mississippi Compounding Pharmacy and Two of its Officers to Prevent Distribution of Adulterated Drugs (June 11, 2018), https://www.justice.gov/opa/pr/district-court-enters-permanent-injunction-against-mississippi-compounding-pharmacy-and-two. [106] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, District Court Orders Tennessee Personal Care Products Manufacturer to Comply With Drug Safety Requirements (Oct. 23, 2018), https://www.justice.gov/opa/pr/district-court-orders-tennessee-personal-care-products-manufacturer-comply-drug-safety. [107] Id. [108] Id. [109] Sandra Moser, Remarks at the American Conference Institute’s 8th Global Forum on Anti-Corruption in High Risk Markets (July 25, 2017). [110] Press Release, U.S. Sec. and Exch. Comm’n, Sanofi Charged With FCPA Violations (Sept. 4, 2018),  https://www.sec.gov/news/press-release/2018-174. [111] Press Release, U.S. Sec. and Exch. Comm’n, SEC Charges Stryker A Second Time for FCPA Violations (Sept. 28, 2018), https://www.sec.gov/news/press-release/2018-222. [112] 136 S. Ct. 1989, 2001 (2016) (emphasis added). [113] United States v. Snap Diagnostics, LLC, No. 1:14-CV-3988, 2018 WL 2689270 (N.D. Ill. June 5, 2018). [114] Id. at *4. [115] 840 F.3d 445 (7th Cir. 2016). [116] 862 F.3d 890 (9th Cir. 2017). [117] Id. at 906. [118] Petition for Writ of Certiorari, Gilead, 862 F.3d 890 (No. 17-936). [119] Id. at *i (No. 17-936) (quoting Escobar, 136 S. Ct. at 2003). [120] Brief for the United States as Amicus Curiae, Gilead, 862 F.3d 890 (No. 17-936). [121] Id. at *15. [122] No. 17-1014, 2018 WL 3949031 (3d Cir. 2018) (unpublished). [123] Id. at *1. [124] Id. at *3. [125] Id. at *4–5. [126] Id. at *6. [127] United States ex rel. Solis v. Millennium Pharm., Inc., 885 F.3d 623 (9th Cir. 2018). [128] Id. at 629. [129] Id. [130] Id. [131] Id. [132] 898 F.3d 1267, 1273–75 (11th Cir. 2018). [133] Id. at 1275 (quoting United States ex rel. Clausen v. Lab. Corp. of Am., 290 F.3d 1301, 1311 (11th Cir. 2002)). [134] Id. at 1277. [135] Id. at 1277–78. [136] 31 U.S.C. § 3730(h)(1). [137] 879 F.3d 71, 73 (3d Cir. 2018). [138] 129 S. Ct. 2343 (2009). [139] 133 S. Ct. 2517 (2013). [140] DiFiore, 879 F.3d at 78. [141] 31 U.S.C. § 3730(e)(4) (2010). [142] Id. § 3730(e)(4)(B). [143] United States ex rel. Forney v. Medtronic, Inc., No. CV 15-6264, 2018 WL 2688424 (E.D. Pa. June 4, 2018). [144] U.S. ex rel. Moore & Co., P.A. v. Majestic Blue Fisheries, LLC, 812 F.3d 294 (3d Cir. 2016). [145] Forney, 2018 WL 2688424, at *15 (quoting Moore, 812 F.3d at 306). [146] United States ex rel. Winkelman v. CVS Caremark Corp., 827 F.3d 201 (1st Cir. 2016). [147] Forney, 2018 WL 2688424, at *14. [148] Id. at *15. [149] Id. [150] Id. at *16. [151] Id. [152] United States ex rel. Wood v. Allergan, Inc., 899 F.3d 163, 165 (2d Cir. 2018) (citing 31 U.S.C. §3730(b)(5)). [153] Id. [154] Id. at 167–68. [155] Id. at 171 (internal citation and quotation marks omitted). [156] Id. at 175. [157] Id. at 174. [158] Id. at 169–70. [159] Id. at 169. [160] Scott Gottlieb, U.S. Food & Drug Admin., Statement from FDA Commissioner Scott Gottlieb, M.D., on new efforts to advance medical product communications to support drug competition and value-based health care (June 12, 2018), https://www.fda.gov/newsevents/newsroom/pressannouncements/ucm610415.htm. [161] Warning Letters 2018: Office of Prescription Drug Promotion, U.S. Food & Drug Admin., https://www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/EnforcementActivitiesbyFDA/WarningLettersandNoticeofViolationLetterstoPharmaceuticalCompanies/ucm594437.htm#OPDP (last viewed Jan. 23, 2019). [162] See Warning Letters 2017: Office of Prescription Drug Promotion, U.S. Food & Drug Admin., https://www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/EnforcementActivitiesbyFDA/WarningLettersandNoticeofViolationLetterstoPharmaceuticalCompanies/ucm538552.htm#OPDP (last viewed Jan. 23, 2019); see also United States v. Caronia, 703 F.3d 149 (2d Cir. 2012); Amarin Pharma, Inc. v. U.S. Food & Drug Admin., 119 F. Supp. 3d 196 (S.D.N.Y. 2015). [163] Warning Letters 2018: Office of Prescription Drug Promotion, U.S. Food & Drug Admin., https://www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/EnforcementActivitiesbyFDA/WarningLettersandNoticeofViolationLetterstoPharmaceuticalCompanies/ucm594437.htm#OPDP (last viewed Jan. 23, 2019). [164] Warning Letter from Koung Lee, RPh, MSHS, Office of Prescription Drug Promotion, U.S. Food & Drug Admin., to Dr. John F. Weet, PhD, Vice President, Collegium Pharmaceutical, Inc. (Feb. 9, 2018), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/EnforcementActivitiesbyFDA/WarningLettersandNoticeofViolationLetterstoPharmaceuticalCompanies/UCM597584.pdf. [165] Id. at 3. [166] Id. at 1. [167] Id. at 3. [168] Warning Letter from Lynn Panholzer, PharmD, Office of Prescription Drug Promotion, U.S. Food & Drug Admin., to Dr. Peter Honig, MD, MPH, Senior Vice President, Pfizer Inc. (June 19, 2018), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/EnforcementActivitiesbyFDA/WarningLettersandNoticeofViolationLetterstoPharmaceuticalCompanies/UCM612143.pdf. [169] Id. at 2, 3. [170] Id. at 3. [171] Warning Letter from Rachael Conklin, MS, RN, Office of Prescription Drug Promotion, U.S. Food & Drug Admin., to Dr. Mamta Puri-Lechner, PhD, Associate Director, Arog Pharmaceuticals, Inc. (June 28, 2018), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/EnforcementActivitiesbyFDA/WarningLettersandNoticeofViolationLetterstoPharmaceuticalCompanies/UCM612977.pdf. [172] Id. at 1, 2. [173] Warning Letter from Lynn Panholzer, PharmD, Office of Prescription Drug Promotion, U.S. Food & Drug Admin., to Dr. Suzanne Strang, PhD, Executive Director, ASCEND Pharmaceuticals US, LLC (Aug. 16, 2018), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/EnforcementActivitiesbyFDA/WarningLettersandNoticeofViolationLetterstoPharmaceuticalCompanies/UCM618659.pdf. [174] Id. at 3. [175] Letter from Robert Dean, Office of Prescription Drug Promotion, U.S. Food & Drug Admin., to Dr. Michael Castagna, PharmD, Chief Executive Officer, MannKind Corporation (Oct. 5, 2018), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/EnforcementActivitiesbyFDA/WarningLettersandNoticeofViolationLetterstoPharmaceuticalCompanies/UCM623557.pdf. [176] Id. at 3. [177] Letter from Dhara Shah, PharmD, Office of Prescription Drug Promotion, U.S. Food & Drug Admin., to Nada Glavan, Senior Director, Eisai Inc. (Oct. 11, 2018), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/EnforcementActivitiesbyFDA/WarningLettersandNoticeofViolationLetterstoPharmaceuticalCompanies/UCM623636.pdf. [178] Id. at 2, 3. [179] Letter from Andrew S.T. Haffer, Pharm.D., Office of Prescription Drug Promotion, U.S. Food & Drug Admin., to Dr. Polymeropolous, President and Chief Executive Officer, Vanda Pharmaceuticals Inc. (Oct. 22, 2018), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/EnforcementActivitiesbyFDA/WarningLettersandNoticeofViolationLetterstoPharmaceuticalCompanies/UCM624666.pdf. [180] Id. at 2, 3. [181] Warning Letter from Donald J. St. Pierre, Acting Dir., Office of In Vitro Diagnostics & Radiological Health, Ctr. for Devices & Radiological Health, U.S. Food & Drug Admin. to Moshe Becker, Executive Chairman, RADlogics, Inc. (Apr. 5, 2018), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/ucm606208.htm. [182] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Department of Justice Files Complaints Against Florida and California Companies to Stop Use of Experimental Stem Cell Drugs on Patients (May 9, 2018), https://www.justice.gov/opa/pr/department-justice-files-complaints-against-florida-and-california-companies-stop-use. [183] U.S. Food & Drug Admin., FDA Seeks Permanent Injunctions Against Two Stem Cell Clinics (May 9, 2018), https://www.fda.gov/newsevents/newsroom/pressannouncements/ucm607257.htm. [184] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Department of Justice Files Complaints Against Florida and California Companies to Stop Use of Experimental Stem Cell Drugs on Patients (May 9, 2018), https://www.justice.gov/opa/pr/department-justice-files-complaints-against-florida-and-california-companies-stop-use. [185] U.S. Food & Drug Admin., Statement from FDA Commissioner Scott Gottlieb, M.D. on the FDA’s New Policy Steps and Enforcement Efforts to Ensure Proper Oversight of Stem Cell Therapies and Regenerative Medicine (Aug. 28, 2017), https://www.fda.gov/NewsEvents/Newsroom/PressAnnouncements/ucm573443.htm. [186] Warning Letters 2018: Office of Prescription Drug Promotion, U.S. Food & Drug Admin, https://www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/EnforcementActivitiesbyFDA/WarningLettersandNoticeofViolationLetterstoPharmaceuticalCompanies/ucm594437.htm#OPDP (last viewed July 20, 2018). [187] U.S. Food & Drug Admin., Statement from FDA Commissioner Scott Gottlieb, M.D., on New Efforts to Advance Medical Product Communications to Support Drug Competition and Value-Based Health Care (June 12, 2018), https://www.fda.gov/newsevents/newsroom/pressannouncements/ucm610415.htm. [188] Id. [189]  U.S. Food & Drug Admin., Guidance for Industry: Medical Product Communications That Are Consistent With the FDA-Required Labeling – Questions and Answers. (June 2018), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM537130.pdf. [190] Id. at 3. [191] Id. at 4. [192] Id. at 5. [193] Id. at 5, 6. [194] Id. at 5. [195] Id. at 8. [196] Id. at 10. [197] Id. at 11. [198] Id. at 12. [199] Id. at 3. [200] U.S. Food & Drug Admin., Guidance for Industry: Drug and Device Manufacturer Communications With Payors, Formulary Committees, and Similar Entities – Questions and Answers (June 2018), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM537347.pdf. [201] Id. at 1. [202] Id. at 4. [203] Id. at 7. [204] Id. at 18. [205] Id. at 18, 19. [206] Id. at 22. [207] U.S. Food & Drug Admin., Guidance for Industry: Presenting Quantitative Efficacy and Risk Information in Direct-to-Consumer Promotional Labeling and Advertisements (Oct. 2018), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM623515.pdf. [208] Id. at 2. [209] Id. at 4. [210] Id. at 5. [211] Id. at 6, 7. [212] Id. at 7, 8. [213] Pharmaceutical Information Exchange Act, H.R. 2026, 115th Cong. (2017), https://www.congress.gov/bill/115th-congress/house-bill/2026. [214] Id. [215] Medical Product Communications Act of 2017, H.R. 1703, 115th Cong. (2017), https://www.congress.gov/bill/115th-congress/house-bill/1703/text. [216] United States ex rel. Ibanez v. Bristol-Myers Squibb Co., 138 S. Ct. 2582 (Mem) (2018); United States ex rel. King v. Solvay Pharm., Inc., 138 S. Ct. 2030 (Mem) (2018). [217] United States ex rel. Ibanez, 874 F.3d 905, 915 (6th Cir. 2017); United States ex rel King v. Solvay Pharm., Inc., 871 F.3d 318, 329 (5th Cir. 2017) (per curiam). [218] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Deputy Assistant Attorney General James M. Burnham Delivers Remarks to the 2018 Food and Drug Law Institute Conference (Dec. 13, 2018), https://www.justice.gov/opa/speech/deputy-assistant-attorney-general-james-m-burnham-delivers-remarks-2018-food-and-drug-law. [219] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, District Court Enters Permanent Injunction Against Arkansas Compounding Pharmacy and its CEO to Prevent Distribution of Adulterated Drugs (Apr. 19, 2018), https://www.justice.gov/opa/pr/district-court-enters-permanent-injunction-against-arkansas-compounding-pharmacy-and-its-ceo; see also Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, United States Files Civil Enforcement Action to Stop Arkansas Compounding Pharmacy and CEO from Manufacturing and Distributing Adulterated Drugs (Mar. 1, 2018), https://www.justice.gov/opa/pr/united-states-files-civil-enforcement-action-stop-arkansas-compounding-pharmacy-and-ceo. [220] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, District Court Enters Permanent Injunction Against Mississippi Compounding Pharmacy and Two of its Officers to Prevent Distribution of Adulterated Drugs (June 11, 2018), https://www.justice.gov/opa/pr/district-court-enters-permanent-injunction-against-mississippi-compounding-pharmacy-and-two. [221] See U.S. Food & Drug Admin., Warning Letters 2017 (Mar. 14, 2018), https://www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/EnforcementActivitiesbyFDA/WarningLettersandNoticeofViolationLetterstoPharmaceuticalCompanies/ucm538552.htm; see also U.S. Food & Drug Admin., Warning Letters 2018 (Dec. 18, 2018), https://www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/EnforcementActivitiesbyFDA/WarningLettersandNoticeofViolationLetterstoPharmaceuticalCompanies/ucm594437.htm. [222] Warning Letter from Francis Godwin, Acting Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Mr. T.G. Velumani, Chief Executive Officer, Alchymars ICM SM Private Limited (Feb. 16, 2018).   [223] Warning Letter from Francis Godwin, Acting Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Mr. Yinghua Liu, President, Lijian Yinghua Biochemical and Pharmaceutical Co., Ltd. (Apr. 19, 2018). [224] Warning Letter from Francis Godwin, Acting Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Ms. Shirley Cai, Chief Executive Officer, Zhuhai United Laboratories Co., Ltd. (June 27, 2018).   [225] Warning Letter from Timothy Stenzel, Dir. Office of In Vitro Diagnostics & Radiological Health, U.S. Food & Drug Admin. to Fredrik O. Dalborg, CEO and Group President, Boule Medical AB (Oct. 2, 2018). [226] Warning Letter from Karlton T. Watson, Program Division Dir., Office of Biological Prods. Ops. – Div. 2, U.S. Food & Drug Admin. to Rita F. Alexander, Owner/Manager and Jenny R. Galloway, Laboratory & Medical Director, StemGenex Biologic Laboratories, LLC (Oct. 31, 2018). [227] Warning Letter from Donald St. Pierre, Acting Dir., Office of In Vitro Diagnostics & Radiological Health, Ctr. for Devices & Radiological Health, U.S. Food & Drug Admin. to Raymond Ryu, CEO, Dexcowin Co., Ltd. (Feb. 20, 2018), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/ucm599697.htm. [228] Warning Letter from Shari J. Shambaugh, Program Div. Dir., Div. 3/West, Office of Med. Device & Radiological Health Operations, U.S. Food & Drug Admin. to Galen T. Spooner, Owner, US Vascular, LLC (June 7, 2018), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/ucm625034.htm. [229] Warning Letter from Shari J. Shambaugh, Program Div. Dir., Div. 3/West, Office of Med. Device a& Radiological Health Operations, U.S. Food & Drug Admin. to Ai Chen Teo, President & Gen. Manager, Anigan, Inc. (July 25, 2018), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/ucm615066.htm. [230] Warning Letter from Blake Bevill, Program Div. Dir., Div. 2-Central, Office of Med. Device & Radiological Health Operations, U.S. Food & Drug Admin. to Vincent Forlenza, Chairman & CEO, Becton, Dickinson & Co. (Sept. 14, 2018), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/ucm622651.htm. [231] U.S. Food & Drug Admin., Guidance for Industry: Mixing, Diluting, or Repackaging Biological Products Outside the Scope of an Approved Biologics License Application (Jan. 18, 2018), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM434176.pdf.   [232] Id. at 4. [233] Id. [234] Id. at 19–22. [235] U.S. Food & Drug Admin., Draft Guidance for Industry: Current Good Manufacturing Practice—Guidance for Human Drug Compounding Outsourcing Facilities Under Section 503B of the FD&C Act (Dec. 2018), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM403496.pdf. [236] U.S. Good & Drug Admin., Questions and Answers and Guidance for Industry: Data Integrity and Compliance with Drug CGMP (Dec. 2018), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM495891.pdf. [237] Press Release, U.S. Food & Drug Admin, Statement from FDA Commissioner Scott Gottlieb, M.D., on the agency’s efforts to improve drug quality through vigilant oversight of data integrity and good manufacturing practice (Dec. 12, 2018), https://www.fda.gov/NewsEvents/Newsroom/PressAnnouncements/ucm628244.htm. [238] United States ex rel. Greenfield v. Medco Health Sols., Inc., 880 F.3d 89 (3d Cir. 2018). [239] 42 U.S.C. § 1320a-7b(b)(g). [240] Greenfield, 880 F.3d at 100. [241] Report and Recommendation to District Judge, United States ex rel. Medrano et al. v. Diabetic Care RX, LLC, et al., No. 15-cv-62617, ECF No. 100 (S.D. Fla. Nov. 30, 2018). [242] Id. at 6–7. [243] Id. at 8–9. [244] Id. at 20–21. [245] Id. at 17–18. [246] 898 F.3d 1267, 1273–75 (11th Cir. 2018). [247] 42 U.S.C. §1320a-7b(b)(3)(B). [248] Carrel, 898 F.3d at 1273. [249] Id. at 1273. [250] Id. at 1274. [251] Id. [252] 318 F. Supp. 3d 1106 (N.D. Ill. 2018). [253] Id. at 1110. [254] Id. at 1110–11. [255] Id. at 1112–13 (emphasis added). [256] Id. at 1114 (internal quotation and citation marks omitted). [257] 342 F. Supp. 3d 544, 2018 WL 6567648 (S.D.N.Y Sept. 28, 2018). [258] Id. at *5. [259] Id. at *2. [260] See United States’ Mot. to Dismiss Relator’s Second Am. Compl., United States ex rel. Health Choice Grp., LLC v. Bayer Corp., Onyx Pharm., Inc., Amerisourcebergen Corp., & Lash Grp., No. 5:17-CV-126-RWS-CMC (E.D. Tex. Dec. 17, 2018). [261] Id. at 3, 14. [262] Id. at 8, 14. [263] Id. at 16. [264] U.S. Dep’t of Health and Human Servs., Office of Inspector Gen., Redacted Final Notice of Rescission 06-04 at 1 (Nov. 28, 2017), https://oig.hhs.gov/fraud/docs/advisoryopinions/2017/AdvOpnRescission06-04.pdf. [265] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Drug Maker United Therapeutics Agrees to Pay $210 Million to Resolve False Claims Act Liability for Paying Kickbacks (Dec. 20, 2017), https://www.justice.gov/opa/pr/drug-maker-united-therapeutics-agrees-pay-210-million-resolve-false-claims-act-liability. [266] Complaint, Patient Servs., Inc. v. United States, No. 3:18-cv-00016 (E. D. Va., Jan. 8, 2018). [267] Id. at 4. [268] Memorandum In Support Of Defendants’ Mot. For Leave To Take Discovery, Patient Servs., Inc. v. United States, No. 3:18-cv-00016, ECF No. 36 (E.D. Va., July 18, 2018); Order, Patient Servs., Inc. v. United States, No. 3:18-cv-00016, ECF No. 40 (E.D. Va., Jan. 18, 2019). [269] U.S. Office of Mgmt. & Budget, Exec. Office of the President, RIN No. 0936-AA08, Removal of Safe Harbor Protection for Rebates to Plans or PBMs involving Prescription Pharmaceuticals and Creation of New Safe Harbor Protection (July 18, 2018), https://www.reginfo.gov/public/do/eoDetails?rrid=128288. [270] Fraud and Abuse; Removal of Safe Harbor Protection for Rebates Involving Prescription Pharmaceuticals and Creation of New Safe Harbor Protection for Certain Point-of-Sale Reductions in Price on Prescription Pharmaceuticals and Certain Pharmacy Benefit Manager Service Fees, 84 Fed. Reg. 2340 (Feb. 6, 2019). [271] U.S. Dep’t of Health and Human Servs., Trump Administration Proposes to Lower Drug Costs by Targeting Backdoor Rebates and Encouraging Direct Discounts to Patients (Jan. 31, 2019), https://www.hhs.gov/about/news/2019/01/31/trump-administration-proposes-to-lower-drug-costs-by-targeting-backdoor-rebates-and-encouraging-direct-discounts-to-patients.html. [272] Medicare and State Health Care Programs: Fraud and Abuse; Request for Information Regarding the Anti-Kickback Statute and Beneficiary Inducements CMP, 83 Fed. Reg. 43607 (Aug. 27, 2018). [273] Id. [274] Id. at 43609. [275] Id. at 43609–10. [276] See 42 C.F.R. § 403.900 et seq. [277] H.R. 6, 115th Cong., § 6111 (2017-2018). [278] U.S. Dep’t of Health and Human Servs., Office of Inspector Gen., OIG Advisory Op. 18-02 at 2 (Apr. 30, 2018), https://oig.hhs.gov/fraud/docs/advisoryopinions/2018/AdvOpn18-02.pdf. [279] Id. at 7. [280] Id. at 8. [281] U.S. Dep’t of Health and Human Servs., Office of Inspector Gen., OIG Advisory Op. 18-10 (Sept. 10, 2018), https://oig.hhs.gov/fraud/docs/advisoryopinions/2018/AdvOpn18-10.pdf. [282] Id. at 2–3. [283] Id. at 8. [284] Id. at 8–9. [285] Id. at 9. [286] Id. at 9–10. [287] U.S. Dep’t of Health and Human Servs., Office of Inspector Gen., OIG Advisory Op. 18-14, at 1–2 (Nov. 13, 2018), https://oig.hhs.gov/fraud/docs/advisoryopinions/2018/AdvOpn18-14.pdf. [288] Id. at 4. [289] Id. [290] Id. at 10–12. [291] U.S. Dept. of Health and Human Servs., American Patients First: The Trump Administration Blueprint to Lower Drug Prices and Reduce Out-of-Pocket Costs (May 11, 2018), https://www.hhs.gov/sites/default/files/AmericanPatientsFirst.pdf. [292] Press Release, U.S. House of Reps. Committee on Oversight and Reform, Oversight Committee Launches Sweeping Drug Price Investigation (Jan. 14, 2019), https://oversight.house.gov/news/press-releases/oversight-committee-launches-sweeping-drug-price-investigation [293] Id. [294] Centers for Medicare & Medicaid Servs.; Proposed Rule, 83 Fed. Reg. 52789 (Oct. 18, 2018). [295] Id. at 52789–90. [296] Id. at 52794. [297] Centers for Medicare & Medicaid Servs.; Advance Notice of Proposed Rulemaking with Comment, 83 Fed. Reg. 54546 (Oct. 30, 2018). [298] Id. at 54547. [299] Id. [300] Centers for Medicare & Medicaid Servs.; Proposed Rule, 83 Fed. Reg. 62152 (Nov. 30, 2018). [301] Id. at 62152. [302] Id. at 62158. [303] Id. at 62153. [304] Id. at 62168. [305] Memorandum, U.S. Dept. of Health and Human Servs., Centers for Medicare & Medicaid Servs., Prior Authorization and Step Therapy for Part B Drugs in Medicare Advantage (Aug. 7, 2018), https://www.cms.gov/Medicare/Health-Plans/HealthPlansGenInfo/Downloads/MA_Step_Therapy_HPMS_Memo_8_7_2018.pdf. [306] Id. at 1. [307] Id. [308] Id. at 1–2. [309] Id. at 3. [310] Memorandum, U.S. Dept. of Health and Human Servs., Centers for Medicare & Medicaid Servs., Indication-Based Formulary Design Beginning in Contract Year (CY) 2020 (Aug. 29, 2018), https://www.cms.gov/Research-Statistics-Data-and-Systems/Computer-Data-and-Systems/HPMS/Downloads/HPMS-Memos/Weekly/SysHPMS-Memo-2018-Aug-29th.pdf. [311] Id. at 2. [312] Id. [313] Id. [314] Id. at 2–3. [315] U.S. Food & Drug Admin., Draft Guidance for Industry: Innovative Approaches for Nonprescription Drug Products (July 2018), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM613666.pdf. [316] U.S. Food & Drug Admin., FDA In Brief: FDA issues 63 product-specific guidances to promote generic drug access and drug price competition (Nov. 28, 2018), https://www.fda.gov/NewsEvents/Newsroom/FDAInBrief/ucm626952.htm. [317] U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., HHS Secretary Azar Directs FDA to Establish Working Group on Drug Importation to Address Price Spikes (July 19, 2018), https://www.hhs.gov/about/news/2018/07/19/hhs-secretary-azar-directs-fda-establish-working-group-drug-importation-address-price-spikes.html. [318] U.S. Food & Drug Admin., Biosimilars Action Plan: Balancing Innovation and Competition (July 2018), https://www.fda.gov/downloads/Drugs/DevelopmentApprovalProcess/HowDrugsareDevelopedandApproved/ApprovalApplications/TherapeuticBiologicApplications/Biosimilars/UCM613761.pdf. [319] U.S. Food & Drug Admin., Ctr. for Device & Radiological Health, 2018-2020 Strategic Priorities (Jan. 2018), https://www.fda.gov/downloads/AboutFDA/CentersOffices/OfficeofMedicalProductsandTobacco/CDRH/CDRHVisionandMission/UCM592693.pdf. [320] Jeff Shuren, Charting Our Course for 2018-2020, FDA Voice (Jan. 17, 2018) https://blogs.fda.gov/fdavoice/index.php/2018/01/charting-our-course-for-2018-2020/. [321] U.S. Food & Drug Admin., Ctr. for Device & Radiological Health, 2018-2020 Strategic Priorities 7 (Jan. 2018), https://www.fda.gov/downloads/AboutFDA/CentersOffices/OfficeofMedicalProductsandTobacco/CDRH/CDRHVisionandMission/UCM592693.pdf. [322] Id. [323] Id. at 12. [324] Id. at 17. [325] Id. at 18. [326] U.S. Food & Drug Admin. Commissioner Scott Gottlieb, Advancing Policies to Promote Safe, Effective MedTech Innovation, FDA Voice (Dec. 11, 2017), https://blogs.fda.gov/fdavoice/index.php/2017/12/advancing-policies-to-promote-safe-effective-medtech-innovation/. [327] Statement from FDA Commissioner Scott Gottlieb, M.D. and Jeff Shuren, M.D., Director of the Center for Devices and Radiological Health, on transformative new steps to modernize FDA’s 510(k) program to advance the review of the safety and effectiveness of medical devices (Nov. 26, 2018), https://www.fda.gov/NewsEvents/Newsroom/PressAnnouncements/ucm626572.htm. [328] Statement from FDA Commissioner Scott Gottlieb, M.D. and Jeff Shuren, M.D., Director of the Center for Devices and Radiological Health, on transformative new steps to modernize FDA’s 510(k) program to advance the review of the safety and effectiveness of medical devices (Nov. 26, 2018), https://www.fda.gov/NewsEvents/Newsroom/PressAnnouncements/ucm626572.htm. [329] Safety and Performance Based Pathway; Guidance for Industry and Food and Drug Administration (Feb. 1, 2019). [330] U.S. Food & Drug Admin., Draft Guidance for Industry and Food and Drug Administration Staff: The Special 510(k) Program (Sept. 28, 2018), https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm621682.pdf. [331] U.S. Food & Drug Admin., FDA In Brief: FDA proposes improvements to the De Novo pathway for novel medical devices to advance safe, effective, and innovative treatments for patients (Dec. 4, 2018), https://www.fda.gov/NewsEvents/Newsroom/FDAInBrief/ucm627522.htm; U.S. Food & Drug Admin., Medical Device De Novo Classification Process, 83 Fed. Reg. 63127 (Dec. 7, 2018). [332] Id. [333] 83 Fed. Reg. 63127, 63128. [334] Id. [335] Id. [336] U.S. Food & Drug Admin., Draft Guidance for Industry and Food and Drug Administration Staff: Requests for Feedback and Meetings for Medical Device Submissions: The Q-Submission Program (June 7, 2018), https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm609753.pdf. [337] Id. at 1. [338] U.S. Food & Drug Admin., Guidance for Industry and Food and Drug Administration Staff: Refuse to Accept Policy for 510(k)s (Jan. 30, 2018), https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm315014.pdf. [339] U.S. Food & Drug Admin., Guidance for Industry and Food and Drug Administration Staff: Acceptance of Clinical Data to Support Medical Device Applications and Submissions (Feb. 21, 2018), https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm597273.pdf. [340] U.S. Food & Drug Admin., Draft Guidance for Industry and Food and Drug Administration Staff: Benefit -Risk Factors to Consider When Determining Substantial Equivalence in Premarket Notifications (510(k)) With Different Technological Characteristics (Sept. 25, 2018), https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm404773.pdf. [341] U.S. Food & Drug Admin., Draft Guidance for Industry and Food and Drug Administration Staff, and Third Party Review Organizations: 510(k) Third Party Review Program (Sept. 14, 2018), https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm339697.pdf. [342] U.S. Food & Drug Admin., Draft Guidance for Industry and Food and Drug Administration Staff: Multiple Function Device Products: Policy and Considerations (Apr. 27, 2018), https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm605683.pdf. [343] U.S. Food & Drug Admin., Guidance for Industry and Food and Drug Administration Staff: Acceptance and Filing Reviews for Premarket Approval Applications (PMAs) (Jan. 30, 2018), https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm313368.pdf. [344] U.S. Food & Drug Admin., Medical Device Safety Action Plan: Protecting Patients, Promoting Public Health (Apr. 17, 2018), https://www.fda.gov/downloads/AboutFDA/CentersOffices/OfficeofMedicalProductsandTobacco/CDRH/CDRHReports/UCM604690.pdf. [345] Id.at 2. [346] Id. at 13. [347] Id. [348] Id. at 6. [349] Id. at 10. [350] Id. at 11. [351] U.S. Food & Drug Admin., FDA In Brief: FDA proposes updated cybersecurity recommendations to help ensure device manufacturers are adequately addressing evolving cybersecurity threats (Oct. 17, 2018), https://www.fda.gov/NewsEvents/Newsroom/FDAInBrief/ucm623624.htm [352] U.S. Food & Drug Admin., Draft Guidance for Industry and Food & Drug Administration Staff: Content of Premarket Submissions for Management of Cybersecurity in Medical Devices (Oct. 18, 2018), https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM623529.pdf. [353] Id. at 9. [354] U.S. Food & Drug Admin., DHS-FDA Medical Device Cybersecurity Collaboration: Memorandum of Agreement between the Department of Homeland Security, National Protection and Programs Directorate and the Department of Health and Human Services, Food and Drug Administration, Relating to Medical Device Cybersecurity Collaboration (last updated Oct. 17, 2018), https://www.fda.gov/AboutFDA/PartnershipsCollaborations/MemorandaofUnderstandingMOUs/DomesticMOUs/ucm623568.htm. [355] The MITRE Corp., Medical Device Cybersecurity: Regional Incident Preparedness and Response Playbook (Oct. 2018), https://www.mitre.org/sites/default/files/publications/pr-18-1550-Medical-Device-Cybersecurity-Playbook.pdf. [356] Id. [357] U.S. Food & Drug Admin., FDA In Brief: FDA takes steps to advance a new framework to promote development of digital tools that can inform the safe and effective use of prescription drugs (Nov. 19, 2018), https://www.fda.gov/NewsEvents/Newsroom/FDAInBrief/ucm626166.htm?utm_campaign=Federal+Register+Notice+on+Prescription+Drug+Use&utm_medium=email&utm_source=Eloqua. [358] Id. [359] U.S. Food & Drug Admin., Prescription Drug-Use-Related Software; Establishment of a Public Docket; Request for Comments, 83 Fed. Reg. 58574 (Nov. 20, 2018), https://www.federalregister.gov/documents/2018/11/20/2018-25206/prescription-drug-use-related-software-establishment-of-a-public-docket-request-for-comments. [360] U.S. Food & Drug Admin., Immediately in Effect Guidance for Industry and FDA Staff: Unique Device Identification: Policy Regarding Compliance Dates for Class I and Unclassified Devices and Certain Devices Requiring Direct Marking (Nov. 5, 2018), https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm592340.pdf [361] Id. at 4. [362] Id. [363] U.S. Food & Drug Admin., Immediately in Effect Guidance for Industry and Food and Drug Administration Staff: Compliance Policy for Combination Product Postmarketing Safety Reporting (Mar. 21, 2018), https://www.fda.gov/downloads/RegulatoryInformation/Guidances/UCM601461.pdf. [364] U.S. Food & Drug Admin., Draft Guidance for Industry and Food and Drug Administration Staff: Postmarketing Safety Reporting for Combination Products (Mar. 2018), https://www.fda.gov/downloads/RegulatoryInformation/Guidances/UCM601454.pdf. [365] FDA issued 25 device-related Warning Letters, nine of which were written by CDRH.  This marks a decrease in activity compared to 2017, when nearly the same number of Warning Letters were issued to device manufacturers in just the second half of the year.  Unlike in prior periods, foreign manufacturers marketing their products in the United States were not a common focus; only five such entities received a Warning Letter. [366] Warning Letter from Joseph Matrisciano, Jr., District Dir., Div. 1/East, N.E. District, Office of Med. Device & Radiological Health Operations, U.S. Food & Drug Admin. to Elizabeth Gaipa, VP Quality Management, Becton Dickinson & Co. (Jan. 11, 2018), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/ucm592062.htm. [367] Warning Letter from William H. Maisel, Acting Dir., Office of Compliance, Ctr. for Devices & Radiological Health, U.S. Food & Drug Admin. to Takaaki Ueda, President & CEO, Fujifilm Med. Systems U.S.A., Inc. (Mar. 9, 2018), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/ucm600340.htm; Warning Letter from William H. Maisel, Acting Dir., Office of Compliance, Ctr. for Devices & Radiological Health, U.S. Food & Drug Admin. to Nacho Abia, President & CEO, Olympus Corp. of the Americas (Mar. 9, 2018), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/ucm600330.htm; Warning Letter from William H. Maisel, Acting Dir., Office of Compliance, Ctr. for Devices & Radiological Health, U.S. Food & Drug Admin. to David G. Woods, President & CEO, Pentax of America, Inc. (Mar. 9, 2018), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/ucm600342.htm. [368] Warning Letter from Shari J. Shambaugh, Program Div. Dir., Div. 3/West, Office of Med. Device & Radiological Health Operations, U.S. Food & Drug Admin. to Michael P. Garippa, President & CEO, SynCardia Systems, LLC (Apr. 3, 2018), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/ucm604278.htm. The following Gibson Dunn lawyers assisted in the preparation of this client update:  Stephen Payne, Marian Lee, John Partridge, Jonathan Phillips, Sean Twomey, Reid Rector, Sarah Erickson-Muschko, Allison Chapin, Yamini Grema, Claudia Kraft, Eva Michaels, Stevie Pearl, Julie Hamilton, Jacob Rierson, Emily Riff, Peter Baumann, and Craig Streit. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments.  Please contact the Gibson Dunn lawyer with whom you usually work or any of the following: Washington, D.C. Stephen C. Payne, Chair, FDA and Health Care Practice Group (+1 202-887-3693, spayne@gibsondunn.com) F. Joseph Warin (+1 202-887-3609, fwarin@gibsondunn.com) Marian J. Lee (+1 202-887-3732, mjlee@gibsondunn.com) Daniel P. Chung (+1 202-887-3729, dchung@gibsondunn.com) Jonathan M. Phillips (+1 202-887-3546, jphillips@gibsondunn.com) Los Angeles Debra Wong Yang (+1 213-229-7472, dwongyang@gibsondunn.com) San Francisco Charles J. Stevens (+1 415-393-8391, cstevens@gibsondunn.com) Winston Y. Chan (+1 415-393-8362, wchan@gibsondunn.com) New York Alexander H. Southwell (+1 212-351-3981, asouthwell@gibsondunn.com) Denver Robert C. Blume (+1 303-298-5758, rblume@gibsondunn.com) John D. W. Partridge (+1 303-298-5931, jpartridge@gibsondunn.com) © 2019 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

October 31, 2018 |
LMG Life Sciences Recognizes Gibson Dunn in Six Practices and Names 11 Lawyers Stars

The 2018 edition of LMG Life Sciences highlighted six Gibson Dunn practices – Corporate, Mergers & Acquisitions, Intellectual property, Antitrust, Product Liability and White-Collar/Government Investigation – in the area of Life Sciences. Additionally the guide noted 11 Gibson Dunn lawyers as “Life Science Stars” including Palo Alto partner Joseph Barbeau and San Francisco partner Ryan Murr for Finance & Transactional; Century City partner Wayne Barsky, Dallas partner Tracey Davies and New York partner Jane Love for Intellectual Property; Dallas partners William Dawson and Sean Royall, New York partner Reed Brodsky, Orange County partner Jeffrey Thomas, and Washington, D.C. partner Stephen Payne for Non-IP Litigation; and New York partner Daniel Thomasch for Product Liability.

October 17, 2018 |
SEC Warns Public Companies on Cyber-Fraud Controls

Click for PDF On October 16, 2018, the Securities and Exchange Commission issued a report warning public companies about the importance of internal controls to prevent cyber fraud.  The report described the SEC Division of Enforcement’s investigation of multiple public companies which had collectively lost nearly $100 million in a range of cyber-scams typically involving phony emails requesting payments to vendors or corporate executives.[1] Although these types of cyber-crimes are common, the Enforcement Division notably investigated whether the failure of the companies’ internal accounting controls to prevent unauthorized payments violated the federal securities laws.  The SEC ultimately declined to pursue enforcement actions, but nonetheless issued a report cautioning public companies about the importance of devising and maintaining a system of internal accounting controls sufficient to protect company assets. While the SEC has previously addressed the need for public companies to promptly disclose cybersecurity incidents, the new report sees the agency wading into corporate controls designed to mitigate such risks.  The report encourages companies to calibrate existing internal controls, and related personnel training, to ensure they are responsive to emerging cyber threats.  The report (issued to coincide with National Cybersecurity Awareness Month) clearly intends to warn public companies that future investigations may result in enforcement action. The Report of Investigation Section 21(a) of the Securities Exchange Act of 1934 empowers the SEC to issue a public Report of Investigation where deemed appropriate.  While SEC investigations are confidential unless and until the SEC files an enforcement action alleging that an individual or entity has violated the federal securities laws, Section 21(a) reports provide a vehicle to publicize investigative findings even where no enforcement action is pursued.  Such reports are used sparingly, perhaps every few years, typically to address emerging issues where the interpretation of the federal securities laws may be uncertain.  (For instance, recent Section 21(a) reports have addressed the treatment of digital tokens as securities and the use of social media to disseminate material corporate information.) The October 16 report details the Enforcement Division’s investigations into the internal accounting controls of nine issuers, across multiple industries, that were victims of cyber-scams. The Division identified two specific types of cyber-fraud – typically referred to as business email compromises or “BECs” – that had been perpetrated.  The first involved emails from persons claiming to be unaffiliated corporate executives, typically sent to finance personnel directing them to wire large sums of money to a foreign bank account for time-sensitive deals. These were often unsophisticated operations, textbook fakes that included urgent, secret requests, unusual foreign transactions, and spelling and grammatical errors. The second type of business email compromises were harder to detect. Perpetrators hacked real vendors’ accounts and sent invoices and requests for payments that appeared to be for otherwise legitimate transactions. As a result, issuers made payments on outstanding invoices to foreign accounts controlled by impersonators rather than their real vendors, often learning of the scam only when the legitimate vendor inquired into delinquent bills. According to the SEC, both types of frauds often succeeded, at least in part, because responsible personnel failed to understand their company’s existing cybersecurity controls or to appropriately question the veracity of the emails.  The SEC explained that the frauds themselves were not sophisticated in design or in their use of technology; rather, they relied on “weaknesses in policies and procedures and human vulnerabilities that rendered the control environment ineffective.” SEC Cyber-Fraud Guidance Cybersecurity has been a high priority for the SEC dating back several years. The SEC has pursued a number of enforcement actions against registered securities firms arising out of data breaches or deficient controls.  For example, just last month the SEC brought a settled action against a broker-dealer/investment-adviser which suffered a cyber-intrusion that had allegedly compromised the personal information of thousands of customers.  The SEC alleged that the firm had failed to comply with securities regulations governing the safeguarding of customer information, including the Identity Theft Red Flags Rule.[2] The SEC has been less aggressive in pursuing cybersecurity-related actions against public companies.  However, earlier this year, the SEC brought its first enforcement action against a public company for alleged delays in its disclosure of a large-scale data breach.[3] But such enforcement actions put the SEC in the difficult position of weighing charges against companies which are themselves victims of a crime.  The SEC has thus tried to be measured in its approach to such actions, turning to speeches and public guidance rather than a large number of enforcement actions.  (Indeed, the SEC has had to make the embarrassing disclosure that its own EDGAR online filing system had been hacked and sensitive information compromised.[4]) Hence, in February 2018, the SEC issued interpretive guidance for public companies regarding the disclosure of cybersecurity risks and incidents.[5]  Among other things, the guidance counseled the timely public disclosure of material data breaches, recognizing that such disclosures need not compromise the company’s cybersecurity efforts.  The guidance further discussed the need to maintain effective disclosure controls and procedures.  However, the February guidance did not address specific controls to prevent cyber incidents in the first place. The new Report of Investigation takes the additional step of addressing not just corporate disclosures of cyber incidents, but the procedures companies are expected to maintain in order to prevent these breaches from occurring.  The SEC noted that the internal controls provisions of the federal securities laws are not new, and based its report largely on the controls set forth in Section 13(b)(2)(B) of the Exchange Act.  But the SEC emphasized that such controls must be “attuned to this kind of cyber-related fraud, as well as the critical role training plays in implementing controls that serve their purpose and protect assets in compliance with the federal securities laws.”  The report noted that the issuers under investigation had procedures in place to authorize and process payment requests, yet were still victimized, at least in part “because the responsible personnel did not sufficiently understand the company’s existing controls or did not recognize indications in the emailed instructions that those communications lacked reliability.” The SEC concluded that public companies’ “internal accounting controls may need to be reassessed in light of emerging risks, including risks arising from cyber-related frauds” and “must calibrate their internal accounting controls to the current risk environment.” Unfortunately, the vagueness of such guidance leaves the burden on companies to determine how best to address emerging risks.  Whether a company’s controls are adequate may be judged in hindsight by the Enforcement Division; not surprisingly, companies and individuals under investigation often find the staff asserting that, if the controls did not prevent the misconduct, they were by definition inadequate.  Here, the SEC took a cautious approach in issuing a Section 21(a) report highlighting the risk rather than publicly identifying and penalizing the companies which had already been victimized by these scams. However, companies and their advisors should assume that, with this warning shot across the bow, the next investigation of a similar incident may result in more serious action.  Persons responsible for designing and maintaining the company’s internal controls should consider whether improvements (such as enhanced trainings) are warranted; having now spoken on the issue, the Enforcement Division is likely to view corporate inaction as a factor in how it assesses the company’s liability for future data breaches and cyber-frauds.    [1]   SEC Press Release (Oct. 16, 2018), available at www.sec.gov/news/press-release/2018-236; the underlying report may be found at www.sec.gov/litigation/investreport/34-84429.pdf.    [2]   SEC Press Release (Sept. 16, 2018), available at www.sec.gov/news/press-release/2018-213.  This enforcement action was particularly notable as the first occasion the SEC relied upon the rules requiring financial advisory firms to maintain a robust program for preventing identify theft, thus emphasizing the significance of those rules.    [3]   SEC Press Release (Apr. 24, 2018), available at www.sec.gov/news/press-release/2018-71.    [4]   SEC Press Release (Oct. 2, 2017), available at www.sec.gov/news/press-release/2017-186.    [5]   SEC Press Release (Feb. 21, 2018), available at www.sec.gov/news/press-release/2018-22; the guidance itself can be found at www.sec.gov/rules/interp/2018/33-10459.pdf.  The SEC provided in-depth guidance in this release on disclosure processes and considerations related to cybersecurity risks and incidents, and complements some of the points highlighted in the Section 21A report. Gibson Dunn’s lawyers are available to assist with any questions you may have regarding these issues.  For further information, please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Securities Enforcement or Privacy, Cybersecurity and Consumer Protection practice groups, or the following authors: Marc J. Fagel – San Francisco (+1 415-393-8332, mfagel@gibsondunn.com) Alexander H. Southwell – New York (+1 212-351-3981, asouthwell@gibsondunn.com) Please also feel free to contact the following practice leaders and members: Securities Enforcement Group: New York Barry R. Goldsmith – Co-Chair (+1 212-351-2440, bgoldsmith@gibsondunn.com) Mark K. Schonfeld – Co-Chair (+1 212-351-2433, mschonfeld@gibsondunn.com) Reed Brodsky (+1 212-351-5334, rbrodsky@gibsondunn.com) Joel M. Cohen (+1 212-351-2664, jcohen@gibsondunn.com) Lee G. Dunst (+1 212-351-3824, ldunst@gibsondunn.com) Laura Kathryn O’Boyle (+1 212-351-2304, loboyle@gibsondunn.com) Alexander H. Southwell (+1 212-351-3981, asouthwell@gibsondunn.com) Avi Weitzman (+1 212-351-2465, aweitzman@gibsondunn.com) Lawrence J. Zweifach (+1 212-351-2625, lzweifach@gibsondunn.com) Washington, D.C. Richard W. Grime – Co-Chair (+1 202-955-8219, rgrime@gibsondunn.com) Stephanie L. Brooker  (+1 202-887-3502, sbrooker@gibsondunn.com) Daniel P. Chung (+1 202-887-3729, dchung@gibsondunn.com) Stuart F. Delery (+1 202-887-3650, sdelery@gibsondunn.com) Patrick F. Stokes (+1 202-955-8504, pstokes@gibsondunn.com) F. Joseph Warin (+1 202-887-3609, fwarin@gibsondunn.com) San Francisco Marc J. Fagel – Co-Chair (+1 415-393-8332, mfagel@gibsondunn.com) Winston Y. Chan (+1 415-393-8362, wchan@gibsondunn.com) Thad A. Davis (+1 415-393-8251, tdavis@gibsondunn.com) Charles J. Stevens (+1 415-393-8391, cstevens@gibsondunn.com) Michael Li-Ming Wong (+1 415-393-8234, mwong@gibsondunn.com) Palo Alto Paul J. Collins (+1 650-849-5309, pcollins@gibsondunn.com) Benjamin B. Wagner (+1 650-849-5395, bwagner@gibsondunn.com) Denver Robert C. Blume (+1 303-298-5758, rblume@gibsondunn.com) Monica K. Loseman (+1 303-298-5784, mloseman@gibsondunn.com) Los Angeles Michael M. Farhang (+1 213-229-7005, mfarhang@gibsondunn.com) Douglas M. Fuchs (+1 213-229-7605, dfuchs@gibsondunn.com) Privacy, Cybersecurity and Consumer Protection Group: Alexander H. Southwell – Co-Chair, New York (+1 212-351-3981, asouthwell@gibsondunn.com) M. Sean Royall – Dallas (+1 214-698-3256, sroyall@gibsondunn.com) Debra Wong Yang – Los Angeles (+1 213-229-7472, dwongyang@gibsondunn.com) Christopher Chorba – Los Angeles (+1 213-229-7396, cchorba@gibsondunn.com) Richard H. Cunningham – Denver (+1 303-298-5752, rhcunningham@gibsondunn.com) Howard S. Hogan – Washington, D.C. (+1 202-887-3640, hhogan@gibsondunn.com) Joshua A. Jessen – Orange County/Palo Alto (+1 949-451-4114/+1 650-849-5375, jjessen@gibsondunn.com) Kristin A. Linsley – San Francisco (+1 415-393-8395, klinsley@gibsondunn.com) H. Mark Lyon – Palo Alto (+1 650-849-5307, mlyon@gibsondunn.com) Shaalu Mehra – Palo Alto (+1 650-849-5282, smehra@gibsondunn.com) Karl G. Nelson – Dallas (+1 214-698-3203, knelson@gibsondunn.com) Eric D. Vandevelde – Los Angeles (+1 213-229-7186, evandevelde@gibsondunn.com) Benjamin B. Wagner – Palo Alto (+1 650-849-5395, bwagner@gibsondunn.com) Michael Li-Ming Wong – San Francisco/Palo Alto (+1 415-393-8333/+1 650-849-5393, mwong@gibsondunn.com) Ryan T. Bergsieker – Denver (+1 303-298-5774, rbergsieker@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

October 1, 2018 |
Federal Circuit Update (October 2018)

Click for PDF This edition of Gibson Dunn’s Federal Circuit Update offers a reminder of the upcoming American Intellectual Property Law Association (AIPLA) Annual Meeting and of Supreme Court’s upcoming review of decisions coming up from the Federal Circuit.  We also briefly recap the rules for obtaining a stay of an order pending Federal Circuit appeal.  The Update also summarizes recent Federal Circuit decisions limiting the scope of fee awards, narrowing the window for IPR petitions, clarifying standing requirements for IPR appeals, and providing for the separate patentability for engineering mammalian versus bacterial genomes. Federal Circuit News The AIPLA’s Annual Meeting will take place at the Marriott Wardman Park Hotel in Washington, D.C. from October 25–27, 2018.  Keynote speakers at this meeting will include the Honorable Raymond T. Chen and the Honorable Kara F. Stoll of the Federal Circuit, as well as Andrei Iancu of the U.S. Patent and Trademark Office. Supreme Court:  Thus far, the only case from the Federal Circuit scheduled to be heard in the OT2018 Term is Helsinn Healthcare S.A. v. Teva Phar. USA Inc.  Twenty-three amicus briefs have been filed in that case, reflecting the high interest in the case: Case Status Issue Helsinn Healthcare S.A. v. Teva Pharm. USA Inc., No. 17-1229 Petition for writ of certiorari granted on June 25, 2018 Whether the sale of a patented invention by the inventor to a third party that is obligated to keep the invention confidential constitutes prior art for determining patentability Federal Circuit Practice Update This month, we highlight the Federal Rules of Appellate Procedure and the Federal Circuit Rules of Practice governing requests to stay lower court or agency orders pending appeal.  Stay requests in appeals from a district court are governed by Federal Rule of Appellate Procedure 8 and Federal Circuit Rule 8, with stays from PTAB proceedings governed by parallel Rules 18. Proceed Below First:  FRAP 8(a)(1) and 18(a)(1) provide that “ordinarily” a party must first move in the district court or PTAB for the stay pending appeal. Stay from Federal Circuit:  Under FRAP 8(a)(2) and 18(a)(2), if the party did not move for relief below, the party must include in its motion a showing that it would have been impractical to do so.  Alternatively, if the party did make a request below, the party must explain why the district court or PTAB denied the motion or otherwise failed to provide the requested relief.  Given these requirements, a stay from the Federal Circuit should not be viewed as an alternative to moving below but rather as a second chance if prior efforts failed. Evidentiary Support Required:  FRAP 8(a)(2)(B) and 18(a)(2)(b) also require that “affidavits or other sworn statements” accompany a motion for a stay to support the need for the relief sought.  Lawyer’s argument is generally deemed insufficient. Bond May be Required:  The Federal Circuit “may condition relief on the filing of a bond or other appropriate security.”  FRAP 8(a)(2)(E) and 18(b). Formal Requirements:  Federal Circuit Rules 8 and 18 provide further procedural guidelines.  The motion and opposition to stay may not exceed 5,200 words, and the reply may not exceed 2,600 words.  A list of exhibits required for stay motions is also provided.  The Federal Circuit also mandates that, if a motion to stay remains pending below, the moving party must include an explanation as to when it filed the motion and why it is not practical to await a ruling below. Key Case Summaries (August – September 2018) In Re: Rembrandt Techs. LP Patent Litigation, No. 17-1784 (Fed. Cir. Aug. 15, 2018 (Public Opinion)):  Attorneys’ fees awarded under § 285 must have a “causal connection” to the misconduct that rendered the case exceptional. Section 285 provides that “[t]he court in exceptional cases may award reasonable attorney fees to the prevailing party.”  The statute, however, does not expressly state whether, in exceptional cases, the award must be apportioned between the exceptional and nonexceptional aspects of the case.  In Rembrandt the Federal Circuit suggests that only fees related to the exceptional aspects of the case should be shifted, which may portend a trend to narrower fee awards in the future. In a multidistrict litigation, Rembrandt asserted nine patents against dozens of parties.  After the Markman hearing, the court issued claim construction, which was adverse to Rembrandt for all patents.  The parties then agreed to covenants not to sue on eight of the patents and stipulated to non-infringement for the ninth.  After the Federal Circuit affirmed the claim construction for the ninth patent, the district court considered the defendants’ motion for fees.  The court found that Rembrandt had improperly revived two of the patents, allowed spoliation of evidence, and had improperly given fact witnesses interests contingent on the case’s outcome.  The court found these facts supported that the case was exceptional and awarded $51 million in fees. The Federal Circuit (O’Malley, J.) affirmed the court’s determination that the case is exceptional based on the above findings, but vacated the award of attorneys’ fees.  The panel held that, although the amount of a fee award is a matter of the district court’s discretion, the amount must bear a “causal connection” to the misconduct that makes the case exceptional.  The panel noted that, in less complicated or sprawling litigation, a “finding of pervasive misbehavior or inequitable conduct that affects all of the patents in suit may justify an award of all of the fees incurred.”  But here the district court awarded the entirety of the fees without making findings that, for example, spoliation affected every issue in the suit.  Likewise, the court did not explain why there was misconduct with respect to patents that were not improperly revived.  The panel thus remanded for a fee determination causally linked to the misconduct. Click-to-Call Techs., LP v. Ingenio, Inc., No. 15-1242 (Fed. Cir. Aug. 16, 2018) (key holding en banc): IPR one-year time bar under § 315(b) runs from when a complaint is served even if that complaint is then voluntarily dismissed without prejudice. In 2001, Inforocket sued Ingenio (then operating under a different name) for patent infringement.  After the complaint was served, the case was dismissed.  Click-to-Call (“CTC”) later acquired the patent and sued Ingenio a second time.  Ingenio filed an IPR petition, which CTC argued was time barred because the earlier complaint had been served well more than one year prior to the petition.  The PTAB rejected CTC’s § 315(b) argument and found the claims unpatentable. The Federal Circuit (O’Malley, J.) disagreed and vacated the ruling.  In a rare procedural move, a majority of the en banc court joined the panel’s holding that § 315(b)’s time bar runs from when a petitioner is served with an infringement complaint even if the complaint is dismissed.  The court explained that § 315(b) focuses on whether a petitioner “is served with a complaint alleging infringement.”  While the court recognized precedent stating that dismissals without prejudice leave the parties “as though the action had never been brought,” the panel also noted that the language of § 315(b) offers no exceptions.  The panel and en banc majority thus held that dismissal of a complaint does not negate the time bar triggered by service of that complaint. Regents of the Univ. of Calif. v. Broad Institute, Inc., No. 17-1907 (Fed Cir. Sept. 10, 2018):  Genetic engineering methods in mammalian cells are patentably distinct from those applied to bacterial cells. The University of California (UC) and the Broad Institute (along with their respective research partners) both claimed inventorship over CRISPR (Clustered Regularly Interspaced Short Palindromic Repeats) genomic editing using the Cas9 nuclease enzyme.  CRISPR-Cas9, which enables fast and precise genomic editing, is recognized as a potentially revolutionary next-generation tool in biomedical research and therapy development. The UC researchers reduced to practice (and published) using CRISPR-Cas9 in vitro in a non-cellular environment, and their patent application did not limit claims to any particular cell type.  The Broad team later reduced to practice in eukaryotic cells (specifically, human and mouse cells), filing claims covering CRISPR-Cas9 in eukaryotic cells.  The Patent Trial and Appeal Board issued an interference.  The Broad asserted that its later application was non-obvious and patentably distinct because a person of ordinary skill in the art would not have had a reasonable expectation of success in eukaryotic cells based on the UC’s research.  The PTAB agreed, citing differences between eukaryotic (e.g., plant or animal) and prokaryotic (e.g., bacterial) systems. The Federal Circuit affirmed.  The panel (Moore, J., joined by Schall, J. and Prost, C.J.) considered evidence of the unpredictability, more complicated protein folding, and greater genomic length and complexity of eukaryotic cells, as well as other prior art prokaryotic research that did not work fully in eukaryotic systems.  Although a motivation to combine was evidenced by multiple research groups succeeding in applying the CRISPR-Cas9 in eukaryotic cells shortly after the UC published its initial research, this did not necessarily indicate an expectation of success.  The panel thus found “substantial evidence” that “applying similar prokaryotic systems in eukaryotes was unpredictable” and that methods in eukaryotic cells were patentably distinct. While the panel cautioned that it was not “ruling on the validity of either set of claims,” its decision provides precedent that foundational research in bacterial systems and the same method applied to eukaryotic cells may be patentably distinct.  CRISPR-Cas9 and other biotechnologies stemming from prokaryotic research may now be subject to multiple patent estates, potentially subjecting industry participants to overlapping licensing obligations for the same technology.  From the perspective of foundational noneukaryotic-based research, such the UC’s work here, this decision may suggest future § 112 challenges for claims extending to eukaryotic systems or lead to narrower claiming to exclude such scope. JTEKT Corp. v. GKN Automotive, Ltd., No. 17-1828 (Fed. Cir. Aug. 3, 2018): Status as a competitor with potentially infringing product in development is insufficient to confer standing to appeal an adverse IPR decision Under § 311(a), any person or entity may petition to institute an IPR—there is no requirement of Article III standing.  But to appeal to the Federal Circuit, the petitioner must satisfy Article III, establishing an injury that is both concrete and particularized and not conjectural or hypothetical. GKN’s patent recites claims to vehicle drivetrains.  JTEKT was developing a competing drivetrain and initiated an IPR against GKN’s patent.  JTEKT sought to appeal the Board’s adverse decisions on several claims, but the Federal Circuit (Dyk, J., joined by O’Malley, J., and Prost, C.J.) held that the appellant lacked standing.  As the panel noted that, “[t]he fact that JTEKT has no product on the market at the present time does not preclude Article III standing.”  But, as the party seeking review, JTEKT had the burden to show the requisite injury.  The Federal Circuit noted that JTEKT was “currently validating its design” which could “continue to evolve and may change” before being finalized.  As such, the panel held that JTEKT failed to “establish that its planned product would create a substantial risk of infringing claims.” E.I. DuPont de Nemours & Co. v. Synvina C.V., No. 17-1977 (Fed. Cir. Sept. 17, 2018): Operating a factory capable of infringing a method of manufacturing is sufficient to confer standing to appeal an adverse IPR decision. DuPont petitioned for IPR of its competitor’s (Synvina’s) patent to methods of manufacturing FDCA.  On appeal, Synvina challenged DuPont’s standing to maintain the appeal, arguing that DuPont had not suffered an actual or imminent injury in fact.  The Federal Circuit (Lourie, J., joined by O’Malley, J. and Chen, J.) rejected the challenge.  The court held that, on appeal from an adverse IPR decision, “the petitioner must generally show a controversy of sufficient immediacy and reality to warrant the requested judicial relief.”  The court found this standard met because DuPont—a competitor of the patent owner—operates a plant capable of infringing the challenged patent, with the claimed reaction conditions.  Thus, “DuPont is engaged or will likely engage in an activity that would give rise to a possible infringement suit.”  Taken with JTEKT above, this illustrates the fact dependent and uncertain nature of the standing inquiry. Upcoming Oral Argument Calendar For a list of upcoming arguments at the Federal Circuit, please click here. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Federal Circuit.  Please contact the Gibson Dunn lawyer with whom you usually work or the authors of this alert: Blaine H. Evanson – Orange County (+1 949-451-3805, bevanson@gibsondunn.com) Raymond A. LaMagna – Los Angeles (+1 213-229-7101, rlamagna@gibsondunn.com) Please also feel free to contact any of the following practice group co-chairs or any member of the firm’s Appellate and Constitutional Law or Intellectual Property practice groups: Appellate and Constitutional Law Group: Mark A. Perry – Washington, D.C. (+1 202-887-3667, mperry@gibsondunn.com) Caitlin J. Halligan – New York (+1 212-351-4000, challigan@gibsondunn.com) Nicole A. Saharsky – Washington, D.C. (+1 202-887-3669, nsaharsky@gibsondunn.com) Intellectual Property Group: Josh Krevitt – New York (+1 212-351-4000, jkrevitt@gibsondunn.com) Wayne Barsky – Los Angeles (+1 310-552-8500, wbarsky@gibsondunn.com) Mark Reiter – Dallas (+1 214-698-3100, mreiter@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

September 27, 2018 |
Three Gibson Dunn Partners Recognized Among Americas Rising Stars

Euromoney Legal Media Group recognized three Gibson Dunn partners among its inaugural list of Americas Rising Stars. Blaine Evanson was named Best in Litigation: Appellate; Stacie Fletcher was named Best in Environment; and John Partridge was named Best in Life Sciences. Stacie Fletcher was also recognized for her work on behalf of International Paper in an Alabama Environmental Suit, which was named as one of the Matters of the Year. The winners were announced on September 27, 2018.  

September 12, 2018 |
Gibson Dunn Win Recognized at LMG Life Sciences Awards

Gibson Dunn was recognized at the annual LMG Life Sciences Awards, where the firm’s win in Biogen IDEC MA v. EMD Serono et al. was named a Patent Impact Case of the Year.  The awards were presented on September 12, 2018.  

July 31, 2018 |
Federal Circuit Update (July 2018)

Click for PDF This July 2018 edition of Gibson Dunn’s Federal Circuit Update discusses the recent Federal Circuit Bar Association Bench and Bar Conference, provides a summary of the pending Helsinn Healthcare case before the Supreme Court regarding the on-sale bar, and briefly summarizes the joint appendix procedure at the Federal Circuit.  This Update also provides a summary of the recent en banc case involving attorneys’ fees for litigation involving the PTO.  Also included are summaries of recent decisions regarding means-plus-function terms, the entire market value rule, the interplay between software patents and section 101, and tribal sovereign immunity before the Patent Trial & Appeal Board. Federal Circuit News The annual Federal Circuit Bench and Bar Conference was held this year in Coronado, CA, from June 20 to June 23, 2018.  Nicole Saharsky, co-chair of Gibson Dunn’s Appellate and Constitutional Law practice, presented on the Supreme Court Term in Review panel, and Kate Dominguez, a partner in the firm’s New York office, participated in the conference’s first-ever moot oral argument. Supreme Court.  The Supreme Court decided three cases from the Federal Circuit in the recently concluded OT2017 Term (Oil States v. Greene’s Energy; SAS v. Iancu; WesternGeco v. ION Geophysical).  The Court also granted certiorari recently in a new case to be heard next Term: Case Status Issue Helsinn Healthcare S.A. v. Teva Pharm. USA Inc., No. 17-1229 Petition granted on June 25, 2018 Whether the sale of a patented invention by the inventor to a third party that is obligated to keep the invention confidential constitutes prior art for determining patentability Recent En Banc Federal Circuit Cases NantKwest, Inc. v. Matal, No. 16-1794 (Fed. Cir.) (July 27, 2018) (en banc):  The PTO cannot recover attorneys’ fees in litigation pursuant to 35 U.S.C. § 145. After the PTAB affirmed the rejection of NantKwest’s patent application, NantKwest appealed to the district court under Section 145.  The PTO prevailed and moved to recover both its attorneys’ fees and expert fees pursuant to section 145, which states that “[a]ll the expenses of the proceedings shall be paid by the applicant.”  Applying this statutory provision, the district court granted the expert fees, but rejected the request for attorneys’ fees.  On appeal, a Federal Circuit panel (Prost, CJ) reversed the award of attorneys’ fees, holding that the “[a]ll expenses” provision of section 145 authorizes attorneys’ fees.  Judge Stoll dissented.  The Federal Circuit sua sponte ordered that the panel decision be vacated and that the case be reheard en banc. The en banc majority (Stoll, J.) noted that the American Rule—where each litigant pays its own attorneys’ fees—is a “bedrock principle” of U.S. jurisprudence and prohibits courts from shifting attorneys’ fees from one party to the other absent a “specific and explicit directive from Congress.”  The en banc majority held that the phrase “all the expenses of the proceedings” falls short of this “stringent standard,” and thus affirmed the district court’s denial of the request for attorneys’ fees.  Chief Judge Prost dissented, joined by Judges Dyk, Reyna, and Hughes. Federal Circuit Practice Update This month, we are highlighting the difference between the Federal Rules of Appellate Procedure and the Federal Circuit Rules of Practice as relating to the content of the appendix to the briefs.  As the Federal Circuit explains in its practice notes, an appendix prepared without careful attention to Federal Circuit Rule 30 may be rejected and could result in dismissal. Contents:  In addition to the documents required by FRAP 30(a)(1)(A)-(C), Federal Circuit Rule 30(a)(2) requires that each appendix include: (1) the entire docket sheet from the proceedings below; (2) the judge’s charge to the jury, the jury’s verdict, and the jury’s responses to questions; (3) the patent-in-suit in its entirety; and (4) any nonprecedential opinion or order cited in the briefs.  Rule 30(a)(2) further explains that parties should not include other parts of the record unless they are “actually referenced in the briefs,” and the briefs should not contain “indiscriminate referencing” to blocks of pages.  To the extent the parties wish to include briefs and memoranda from the trial court in the appendix, the parties must obtain leave of the court to file the briefs or memoranda in their entirety; otherwise, the parties should include only excerpts of the documents cited in the briefs. Determination of Contents:  The Federal Circuit Rules do not follow FRAP 30(b)’s instructions for determining the contents of the appendix, but the Rules lay out a similar process.  In the absence of an agreement on the contents of the appendix, the appellant must serve on the appellee a designation of materials for the appendix within 14 days after docketing of the appeal from a court or the service of the certified list or index in an appeal from an agency.  The appellee then has 14 days to provide the appellant with a counter-designation that identifies additional parts to include.  The appellant then has 14 days to serve on all parties a table that designates the page numbers for the appendix.  The parties can agree to an extension of these time limits without leave of the court as long as it does not require an extension of the time required for filing the appellant’s brief. Format of the Appendix:  FRAP 30(d) governs the arrangement of the appendix except that the appellant must place the judgment or order from which it appeals, plus any opinion, memorandum, or findings and conclusions supporting it, as the first documents. Timing:  The Federal Circuit Rules disregard many of the FRAP 30(c) provisions relating to deferred appendices.  The Rules explain that the appellant must serve and file an appendix within seven days of the filing of the last reply brief.  If the appellant does not file a reply brief, the appellant must file the appendix within the time period for filing the reply brief. Key Case Summaries (June – July 2018) ZeroClick, LLC v. Apple Inc., No. 17-1267 (Fed. Cir. June 1, 2018):  Claim limitations without the word “means” require intrinsic or extrinsic evidence to support a finding that they are governed by § 112, ¶ 6. ZeroClick asserted patent infringement claims for patents related to modifications to a graphical user interface that allow the interface to be controlled using a pre-defined pointer or touch movements instead of a mouse.  The district court found that two claim limitations recite means-plus-function limitations:  (1) “program that can operate the movement of the pointer” and (2) “user interface code being configured to detect one or more locations touched by a movement of the user’s finger on the screen without requiring the exertion of pressure and determine therefrom a selected operation.”  After determining that these limitations were subject to § 112, ¶ 6, the district court found that the claims were invalid because the specifications do not disclose sufficient structure. The Federal Circuit (Hughes, J.) vacated the district court’s findings, explaining that, because the two limitations did not include the word “means,” the presumption is that § 112, ¶ 6 does not apply and the presumption had not been rebutted.  The court explained that the determination as to whether § 112, ¶ 6 applies must be made under the traditional claim construction principles, on an element-by-element basis, and in light of the intrinsic and extrinsic evidence.  The Federal Circuit reasoned that the district court improperly treated “program” and “user interface code” as nonce words that could substitute for “means” and presumptively bring the limitations within the ambit of § 112, ¶ 6.  The court therefore vacated the court’s invalidity finding and remanded for further proceedings. Power Integrations, Inc. v. Fairchild Semiconductor Int’l, Inc., Nos. 2016-2691, -1875 (Fed. Cir. July 3, 2018):  The entire market value rule for damages calculations is a narrow exception that a patentee can invoke only if it shows that the patented feature alone motivated consumers to buy the accused products. Power Integrations sued Fairchild for infringement of two patents.  In two separate trials, the first jury found that Fairchild infringed various claims of the asserted patents, and a second jury awarded damages of $140 million based on expert testimony from Power Integrations that relied solely on applying the entire market value rule.  The district court denied Fairchild’s post-trial motions, and Fairchild appealed. The Federal Circuit (Dyk, J.) affirmed the jury’s infringement finding but vacated and remanded the damages award.  The court reiterated that a patentee damages calculations must include apportionment so that royalties cover only the value that the infringing features contribute to the value of the accused product.  The court explained that the entire market value rule is “a demanding alternative to our general rule of apportionment,” and that it is appropriate “only when the patented feature is the sole driver of customer demand or substantially creates the value of the component parts.”  When the accused product “contains multiple valuable features, it is not enough to merely show that the patented feature is viewed as essential, that a product would not be commercially viable without the patented feature, or that consumers would not purchase the product without the patented feature.”  Instead, “the patentee must prove that those other features did not influence purchasing decisions.”  Because the patentee had failed to meet its burden showing that the patented feature “alone motivated consumers to buy the accused products,” the patentee could not invoke the entire market value rule.  The court accordingly vacated the damages award and remanded for a new damages trial. Interval Licensing LLC v. AOL, Inc., Nos. 2016-2502, -2505, -2506, -2507 (Fed. Cir. July 20, 2018):  Application of section 101 to software patents. After remand from an initial appeal to the Federal Circuit addressing claim construction issues, defendants moved for judgment on the pleadings, arguing that the claims were ineligible under 35 U.S.C. § 101.  The district court concluded that the claims were directed to the abstract idea and contained no inventive concept because the elements of the claims were “purely conventional” and did nothing more than apply the abstract idea in the environment of networked computers without any explanation as to how the claim elements solved technical issues. The Federal Circuit (Chen, J.) affirmed.  The majority explained that computer software inventions, due to their “intangible nature,” “can be particularly difficult to assess under the abstract idea exception.”  Although the court has found some software-based claims eligible for patentability, other claims “failed to pass section 101 muster” because they did not recite any “inventive technology for improving computers as tools” or “because the elements of the asserted invention were so result-based that they amounted to patenting the patent-ineligible concept itself.”  The majority concluded that the claims in this case were abstract because they were directed to “broad, result-oriented” terms that simply demanded “the production of a desired result” without “a solution for producing that result”; i.e., the claims never addressed how to reach the claimed result. Judge Plager concurred with the court’s opinion based on the “current state of the law” but wrote separately to “highlight the number of unsettled matters as well as the fundamental problems that inhere in this formulation of ‘abstract ideas.'”  In addressing the “almost universal criticism” of the application of “abstract idea” jurisprudence, he joined with Judge Lourie’s concurrence from Berkheimer v. HP Inc. in encouraging Congress to clarify § 101 law, and he also encouraged district courts to consider withholding judgment on § 101 motions until after addressing §§ 102, 103, and 112 defenses. Saint Regis Mohawk Tribe v. Mylan Pharm. Inc., Nos. 2018-1638, -1639, -1640, -1641, -1642, -1643 (Fed. Cir. July 20, 2018):  Tribal immunity does not apply in IPR proceedings. Mylan petitioned the Board to institute IPR proceedings on various patents owned by Allergan, Inc.  While the IPR was pending, Allergan transferred title of the patents to Saint Regis Mohawk Tribe, which in turn asserted sovereign immunity.  The Board denied the Tribe’s motion to terminate on the basis of sovereign immunity and Allergan’s related motion to withdraw from the proceedings.  The Tribe and Allergan appealed. The Federal Circuit (Moore, J.) held that tribal immunity does not apply in IPR proceedings.  The court explained that Indian tribes possess “inherent sovereign immunity” but that this immunity does not extend to actions brought by the federal government, including where the federal government, acting through an agency, engaged in an investigative action or pursued adjudicatory agency action.  The court concluded that IPR proceedings are hybrid proceedings, with elements of both judicial proceedings and specialized agency proceedings, but that they are more akin to specialized agency proceedings because the Director has full discretion whether to institute review of a petition, the Board can choose to continue review even if the petitioner chooses not to participate, and PTO procedures do not mirror the Federal Rules of Civil Procedure.  Because the court concluded that IPR proceedings are more akin to specialized agency proceedings, tribal sovereign immunity does not apply. Upcoming Oral Argument Calendar For a list of upcoming arguments at the Federal Circuit, please click here. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Federal Circuit.  Please contact the Gibson Dunn lawyer with whom you usually work or the authors of this alert: Blaine H. Evanson – Orange County (+1 949-451-3805, bevanson@gibsondunn.com) Blair A. Silver – Washington, D.C. (+1 202-955-8690, bsilver@gibsondunn.com) Please also feel free to contact any of the following practice group co-chairs or any member of the firm’s Appellate and Constitutional Law or Intellectual Property practice groups: Appellate and Constitutional Law Group: Mark A. Perry – Washington, D.C. (+1 202-887-3667, mperry@gibsondunn.com) Caitlin J. Halligan – New York (+1 212-351-4000, challigan@gibsondunn.com) Nicole A. Saharsky – Washington, D.C. (+1 202-887-3669, nsaharsky@gibsondunn.com) Intellectual Property Group: Josh Krevitt – New York (+1 212-351-4000, jkrevitt@gibsondunn.com) Wayne Barsky – Los Angeles (+1 310-552-8500, wbarsky@gibsondunn.com) Mark Reiter – Dallas (+1 214-698-3100, mreiter@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

July 30, 2018 |
2018 Mid-Year Government Contracts Litigation Update

Click for PDF In this mid-year analysis of government contracts litigation, Gibson Dunn examines trends and summarizes key decisions of interest to government contractors from the first half of 2018.  This publication covers the waterfront of the opinions most important to this audience issued by the U.S. Court of Appeals for the Federal Circuit, U.S. Court of Federal Claims, Armed Services Board of Contract Appeals (“ASBCA”), and Civilian Board of Contract Appeals (“CBCA”). The first six months of 2018 yielded 4 government contracts-related opinions of note from the Federal Circuit, excluding decisions related to bid protests.  From January 1 through July 30, 2018, the U.S. Court of Federal Claims issued 7 notable non-bid protest government contracts-related decisions (and one bid-protest decision with wider-reaching implications we address here), and the ASBCA and CBCA published 54 and 64 substantive government contracts decisions, respectively.  As discussed herein, these cases address a wide range of issues with which government contractors should be familiar, including matters of cost allowability, jurisdictional requirements, terminations, contract interpretation, remedies, and the various topics of federal common law that have developed in the government contracts arena.  For background on the tribunals that adjudicate government contracts disputes, please see our 2017 Year-End Update. Of 1,502 cases pending before the Federal Circuit as of June 30, 2018, 12 were appeals from the boards of contract appeals and 132 were appeals from the Court of Federal Claims (“COFC”)—cumulatively comprising just under 10% of the appellate court’s docket. Only 4% of the appeals filed at the Federal Circuit in FY 2017 were governments contracts cases, which is consistent with previous years. On May 13, 2018, Judge Lis B. Young was appointed to the ASBCA after over 25 years of public service with the Federal Government, holding various positions with the former General Services Board of Contract Appeals and  the Department of the Navy, including most recently as Associate Counsel, Navy Acquisition Integrity Office, where she worked on suspension and debarment actions. On March 28, 2018, the CBCA proposed to amend its rules of procedure for cases arising under the CDA. The Board’s current rules were issued in 2008, and were last amended in 2011. The proposed revisions establish a preference for electronic filing, are designed to “increase[e] conformity” between the Board’s rules and the Federal Rules of Civil Procedure by cross-referencing and incorporating the FRCP standards, and streamlines and clarifies the Board’s current rules and practices. Notably, a proposed change to CBCA Rule 6, which governs pleadings, would require the opposing party’s consent to amend a pleading once without permission of the Board. Comments on the Proposed Rule were due on May 29, 2018. I.    COST ALLOWABILITY & COST ACCOUNTING STANDARDS The Court of Federal Claims issued one decision during the first half of 2018 addressing the merits of cost allowability issues under the Federal Acquisition Regulation (“FAR”).  Pursuant to FAR 31.201-2, a cost is allowable only if it (1) is reasonable; (2) is allocable; (3) complies with any applicable Cost Accounting Standards, or otherwise with generally accepted accounting principles appropriate in the circumstances; (4) complies with the terms of the contract; and (5) complies with any limitations in FAR subpart 31.2. Bechtel Nat’l, Inc. v. United States, No. 17-757C (Fed. Cl. Apr. 3, 2018) In Bechtel, the Court of Federal Claims considered whether the Department of Energy’s disallowance of litigation costs breached Bechtel’s contract. Two former employees of Bechtel sued Bechtel for sexual and racial harassment and discrimination. Bechtel ultimately settled both suits and sought reimbursement of litigation costs from the government for each suit, which the contracting officer denied in a final decision. In disallowing the costs, the contracting officer relied in part on the Federal Circuit’s decision in Geren v. Tecom, Inc., 566 F.3d 1037 (Fed. Cir. 2009), which held that costs incurred in the defense of an employment discrimination suit settled before trial are unallowable unless the contracting officer determines that the plaintiff had “very little likelihood of success on the merits.” Bechtel argued that Tecom had no bearing on the allowability of its litigation costs because, unlike in Tecom, the contract here included a Department of Energy Acquisition Regulation (“DEAR”) clause that “explicitly allocat[ed] the risk of third party claims to the Government.” The Court (Kaplan, J.) rejected this argument, finding that an exception in the DEAR clause prohibiting reimbursement of liabilities “otherwise unallowable by law or the visions of this contract” applied. Employing the principles in Tecom, the COFC found the “provisions of the contract,” including the contract’s anti-discrimination provision, rendered Bechtel’s costs of defending against and settling the discrimination complaints unallowable. However, the COFC stated that the holding in Tecom “was a limited one” that did not necessarily extend to breaches of contractual obligations other than anti-discrimination provisions. Bechtel’s appeal to the Federal Circuit is pending. ___________________ The COFC also considered two questions relating to the allocation of pension assets and liabilities for the purpose of a segment closing under Cost Accounting Standard (“CAS”) 413. United States Enrichment Corp. v. United States, No. 15-68C (Fed. Cl. Jan. 16, 2018) United States Enrichment Corporation (“USEC”) became a private entity in 1998 pursuant to the 1996 USEC Privatization Act.  Post-privatization, USEC continued to operate uranium enrichment facilities for the government at Portsmouth, Ohio and Paducah, Kentucky.  In 2010, DOE wound down all enrichment work at USEC’s Portsmouth facility, and on January 1, 2011, USEC divided what had been a single cost accounting segment for Paducah and Portsmouth into two separate segments. USEC announced it would close the Portsmouth segment on September 30, 2011, which triggered its obligation to perform a segment closing adjustment under CAS 413-50(c)(12). First, rejecting USEC’s argument that CAS 413-50(c)(5) requires the use of historical “data of the segment,” the COFC (Firestone, J.) determined that USEC had applied CAS 413 incorrectly when it failed to use data from the earliest date that USEC had data for employees associated with Portsmouth to allocate pension assets and liabilities to the new segment.   Instead, the Court agreed with the Government’s argument that the allocation must be based on historic data for the workers employed at the closed segment from the earliest period when that data is available and readily determinable – including the period before USEC became a private enterprise. Second, the COFC considered whether USEC could recover any deficit for under-funded post-retirement benefit obligations (“PRB”) from the Government in the CAS 413 segment closing adjustment, or whether the PRB obligations at issue should be excluded from the closing adjustment. Applying the holding from Raytheon Co. v. United States, 92 Fed. Cl. 549 (2012), the COFC found that while some of the PRBs at issue were not vested or integral because USEC’s Plan provided that USEC could terminate or modify its obligation to pay PRBs, others were protected by the Privatization Act such that they should be factored into the segment closing adjustment, and granted-in-part and denied-in-part both parties’ cross motions for summary judgment on the issue. II.  JURISDICTIONAL ISSUES As is frequently the case, jurisdictional issues dominated the landscape of key government contracts decisions during the first half of 2018. A.  Requirement for a Valid Contract In order for there to be Contract Disputes Act jurisdiction over a claim, there must be a contract from which that claim arises.  See FAR 33.201 (defining a “claim” as “a written demand or written assertion by one of the contracting parties seeking . . . relief arising under or relating to this contract“).  The CDA applies to contracts made by an executive agency for: (1) the procurement of property, other than real property in being; (2) the procurement of services; (3) the procurement of construction, alteration, repair, or maintenance of real property; and (4) the disposal of personal property.  41 U.S.C. § 7102(a)(1)-(4). Additionally, claims under the Contract Disputes Act must be brought by a contractor in privity of contract with the government. The Federal Circuit and the ASBCA addressed these issues in the first half of 2018. Agility Logistics Servs. Co. KSC v. Mattis, No. 2015-1555 (Fed. Cir. Apr. 16, 2018) In Agility, the Federal Circuit affirmed the Armed Services Board of Contract Appeals’ dismissal for lack of jurisdiction of Agility’s claim arising from a contract originally awarded by the Coalition Provisional Authority (“CPA”) in Iraq. The COFC (Prost, C.J.) found that the CPA did not constitute an “executive agency” so as to invoke jurisdiction under the Contracts Disputes Act. The court relied primarily on the plain language of the agreement, which made clear that the CPA, which was not an executive agency, awarded the contract.  The COFC also rejected Agility’s argument that the government became the contracting party after the CPA dissolved because the Iraqi Interim Government’s Minister of Finance had properly taken responsibility for the contract after the dissolution of the CPA.  The COFC also rejected Agility’s argument that each individual task order issued was a discrete contract, finding that “even if an executive agency issued the Task Orders, it did so as a contract administrator and not as a contracting party.”  The COFC additionally found that it had no jurisdiction to review the Board’s decision regarding jurisdiction under the Board’s charter. Cooper/Ports America, LLC, ASBCA No. 61461 (May 2, 2018) After Cooper/Ports America LLC (“CPA”) entered into a novation agreement with the government and the original contractor, Shippers, CPA filed a claim for unilateral mistake based, in part, on the fact that Shippers’ bid was 63% below that of the next lowest bidder and contained mistakes that should have been apparent to the government. The government moved to dismiss, claiming that CPA lacked the required privity of contract to qualify as a “contractor” with standing to pursue a claim that accrued when it was not a party to the contract (i.e., pre-novation). More specifically, the government asserted that there must have been an express assignment of that claim to which the government consented in order for the Board to find a valid government waiver of the statutory prohibition against assignment of claims. The ASBCA (O’Sullivan, A.J.) denied the government’s motion to dismiss because the government expressly recognized CPA as the “contractor” in the novation agreement. Moreover, the novation agreement recognized CPA as “entitled to all rights, titles and interests of the Transferor in and to the contracts as if the Transferee were the original party to the contracts,” and the Board found that a narrow interpretation of the novation would fly in the face of the plain language of the agreement. B.  Adequacy of the Claim Another common issue arising before the tribunals that hear government contracts disputes is whether the contractor appealed a valid CDA claim.  FAR 33.201 defines a “claim” as “a written demand or written assertion by one of the contracting parties seeking, as a matter of right, the payment of money in a sum certain, the adjustment or interpretation of contract terms, or other relief arising under or relating to this contract.”  Under the CDA, a claim for more than $100,000 must be certified.  In the first half of 2018, the boards considered the elements of an adequate claim under the CDA. Meridian Eng’g Co. v. United States, 2017-1584 (Fed. Cir. Mar. 20, 2018) Meridian Engineering Company appealed the Court of Federal Claims’ dismissal of its claims arising from its 2007 contract to build flood control structures.  Meridian’s initial suit in the COFC alleged breach of contract, breach of the duty of good faith and fair dealing, and violation of the CDA as an independent claim. Meridian argued that the COFC erred when it “reasoned that only Meridian’s breach of contract and breach of good faith and fair dealing claims presented a viable cause of action” because its claims should have been “analyzed under the framework contemplated by the CDA, and not under the rubric of a ‘breach’ claim.” The Federal Circuit (Wallach, J.) affirmed the dismissal, finding that Meridian had not submitted a valid claim because the CDA did not itself provide a cause of action. Rather, “it is the claim asserted pursuant to the CDA that is the source of potential damages and review by the trier of fact.”  The court concluded that the COFC had not erred in finding jurisdiction under the CDA to evaluate the breach of contract claims, but found that the COFC had erred with respect to the substantive merits of certain claims. 1.  Claim Accrual Under the CDA, a claim must be submitted within six years after the claim accrues. FAR 33.201 defines accrual of a claim as the date when all events that fix alleged liability and permit assertion of the claim are known or should be known. Green Valley Co., ASBCA No. 61275 (Feb. 13, 2018) Green Valley held a blanket purchase agreement to supply life support services to the Army.  In 2006, Green Valley began invoicing the government for services it performed under the BPA, but it did not submit a certified claim for those unpaid invoices until 2017.  The contracting officer denied the claim, and Green Valley appealed.  The government sought to dismiss the claim because it had not been submitted within six years of accrual of the claim, as required by the CDA’s statute of limitations. The ASBCA (Melnick, A.J.) found that Green Valley’s claim accrued in 2006 after it submitted its invoices for payment, and that the ten-year delay in submitting the claim rendered it time-barred.  The Board explained that while an invoice is not necessarily a claim, it can be converted into one within a reasonable time if it is not acted upon or paid.  The Board considered Green Valley’s argument that the statute of limitations should be equitably tolled, noting that tolling might be appropriate if a litigant has been pursuing its rights diligently, and some extraordinary circumstance stood in its way and prevented the timely filing of the claim.  However, the Board found that Green Valley had not proven such circumstances, and dismissed the appeal as untimely. 2.  Sum Certain Fluor Fed. Sols., LLC, ASBCA No. 61353 (May 30, 2018) Fluor submitted a certified claim to the Navy for the estimated additional cost of performing work  under a unilateral modification to the contract.  The Navy argued that the claim was complex and, thus, refused to issue a final decision until it received an audit report from the Defense Contract Audit Agency (“DCAA”).  Fluor notified the Navy that it would treat the claim as a deemed denial and subsequently appealed to the ASBCA on this basis.  The Board asked the parties to respond whether the claimed amount qualified as a sum certain since it was based on estimated costs. Both parties agreed that Fluor’s claim satisfied the sum certain requirement.  The Navy argued, however, that the claim was complex and required a DCAA audit before the CO could issue a final decision. Without a final decision, the Navy argued, the claim was premature and the Board lacked jurisdiction. The Board (Clarke, A.J.) denied the Navy’s motion to dismiss for lack of jurisdiction, holding that the desired DCAA audit does not change the status of a contractor’s claim because it is not needed to assess entitlement, only quantum. The Board affirmed previous decisions that the use of estimated or approximate costs in determining the value of a claim is permissible so long as the total overall demand is for a sum certain. 3.  Claim Certification Horton Constr. Co., Inc., ASBCA No. 61085 (Feb. 14, 2018) Horton requested an equitable adjustment to its contract for the crushing of a concrete stockpile because the amount of concrete stockpile was smaller than originally anticipated. When Horton appealed from the contracting officer’s denial of its equitable adjustment claim, the government moved to dismiss for lack of jurisdiction, claiming Horton had not shown that it possessed the legal capacity to initiate or continue the appeal because the company’s status had been administratively terminated by the state of Louisiana, and that any attempt to ratify the appeal was too late. The ASBCA (Osterhout, A.J.) rejected the government’s first argument that Horton did not have the capacity to continue the appeal because Louisiana had subsequently reinstated the company.  The Board also rejected the government’s argument that the signatory to the claim was not authorized to certify the claim.  The CDA requires that a certified claim be executed by an individual authorized to bind the contractor with respect to the claim.  The test is one of authorization, and the signatory here was appointed as executrix to the estate of Mr. Horton Sr., who owned the company, and thus had power to bind the company. Moreover, the Board held, even if the executrix had not been authorized to bind the company, a defective certification under the CDA may be corrected prior to the entry of final judgment by the Board.  Accordingly, because the appeal was timely filed and the claim was properly certified and prosecuted, the Board denied the government’s motion to dismiss. Mayberry Enters., LLC v. Department of Energy, CBCA No. 5961 (Mar. 13, 2018) The Western Area Power Administration (“WAPA”), acting through the Department of Energy, filed a motion to dismiss Mayberry’s appeal from a contracting officer’s decision denying its monetary claims because Mayberry’s claim letter was uncertified. Under the CDA, while a defective certification can be corrected, a complete failure to certify may not and the Board must dismiss for lack of jurisdiction. In light of the Federal Circuit’s caution that tribunals should be wary of automatically applying claim certification to a single claim letter containing multiple claims that do not arise out of the same operative facts, Placeway Construction v. United States, 920 F.2d 903 (Fed. Cir. 1990), the CBCA reviewed the letter to determine whether the “claims” should be interpreted as a single claim or multiple claims. Because the Board (Lester, A.J.)found that each claim arose from different and unrelated problems during contract performance, each claim was analyzed for certification independently. The Board dismissed one of the three claims for lack of jurisdiction because it was in excess of $100,000 and had not been certified. Areyana Grp. of Constr. Co., ASBCA No. 60648 (May 11, 2018) Areyana Group of Construction Co. (“AGCC”) timely appealed a CO’s final decision denying a request for a time extension and the return of liquidated damages withheld by the government. The government filed a motion to dismiss, contending that AGCC failed to certify its request and that, accordingly, the ASBCA lacked jurisdiction to review its allegations. The Board (Paul, A.J.) agreed with the government and dismissed the AGCC’s claim, affirming prior holdings that absence of a certification bars the Board’s exercise of jurisdiction and is not considered a “defect.” Additionally, the Board noted that the CO’s purported issuance of a final decision does not remedy this problem. C.  Requirement for a Contracting Officer’s Final Decision A number of decisions from the tribunals that hear government contracts disputes dealt with the CDA’s requirement that a claim have been “the subject of a contracting officer’s final decision.” Hejran Hejrat Co., ASBCA No. 61234 (Apr. 23, 2018) After HHL’s contract was suspended pending a bid protest, HHL informed the contracting officer that it incurred additional costs due to the time necessary for the government’s corrective action and delay in the issuance of the notice to proceed. There was no evidence that the government considered HHL’s concerns regarding additional costs. Instead, the government issued a unilateral modification that lifted the prior award suspension; decreased the contract price; revised the performance work statement to reflect delays in government furnished equipment; and declared that an equitable adjustment due to the suspension was not required and the government was absolved of any claims due to that suspension. The ASBCA (Kinner, A.J.) dismissed HHL’s appeal for lack of jurisdiction because HHL’s purported claim was not certified and failed to request a final decision from the contracting officer.  The Board noted that the CO’s statements promising to send a final decision and, in fact, sending a document labeled final decision did not cure HHL’s failure to request a final decision.  The Board stated: “There can be no contracting officer’s final decision on a claim if the contractor has not requested that decision from the contracting officer.” H2Ll-CSC, JV, ASBCA No. 61404 (June 14, 2018) H2Ll-CSC, JV (“HCJ”) appealed a CO’s decision denying HCJ’s claim arising from an indefinite-delivery, indefinite-quantity type contract with firm-fixed-price task orders for design/build construction, and incidental service projects. The ASBCA sua sponte directed the parties to brief the issue of the Board’s jurisdiction. Specifically, the Board noted that HCJ had requested telephonically, but not in writing, that its request for an equitable adjustment be treated as a claim under the CDA. The Board (Paul, A.J.) dismissed the appeal for lack of jurisdiction, holding that a request for a final decision, like the totality of a claim submission, must be in writing and the CO cannot waive this requirement by issuing a final decision. OCCI, Inc., ASBCA No. 61279 (May 29, 2018) OCCI sought remission of liquidated damages that the government claimed for late completion of contract work, arguing that it was entitled to time extensions for government-caused and/or concurrent delay and that its failure to timely complete work under the contract was excusable. The ASBCA (Shackleford, A.J.) dismissed the appeal, holding that OCCI was precluded from raising the issue that its delay was excusable and that it was entitled to time extensions because OCCI never filed a proper CDA claim asserting entitlement to the time extensions as required by M. Maropakis Carpentry, Inc. v. United States, 609 F.3d 1323 (Fed. Cir. 2010), which held that “a contractor seeking an adjustment of contract terms [such as an extension of time] must meet the jurisdictional requirements and procedural prerequisites of the CDA, whether asserting the claim against the government as an affirmative claim or as a defense to a government action” (emphasis added). Walker Dev. & Trading Grp., Inc., CBCA No. 5907 (June 6, 2018) The Department of Veterans Affairs (“VA”) moved to strike certain counts of Walker Development & Trading Group Inc.’s complaint, asserting that the CBCA lacks jurisdiction to decide those portions of the complaint because they were not included in its claims submitted to the contracting officer. The Board (Beardsley, A.J.) observed that, while it may not consider new claims that a contractor failed to present to the contracting officer, a claim before the Board is not required to rigidly adhere to the exact language or structure of the original administrative CDA claim presented to the contracting officer.  The Board denied the motion to dismiss, finding that “the allegations in the complaint arise from the same operative facts and are not materially different.” D.  Filing Deadlines The boards of contract appeals heard cases concerning two different types of timing deadlines – the CDA’s six-year statute of limitations, and the requirement that a claim for equitable adjustment be filed before final payment is made on the contract. Khenj Logistics Grp., ASBCA No. 61178 (Feb. 15, 2018) In 2009, the government awarded KLG a contract to construct a facility in Afghanistan.  After commencing work on the contract, the government issued a stop-work order.  Shortly thereafter, the parties executed a bilateral contract modification which terminated the contract for convenience, and the government agreed to reimburse KLG for the cost of maintaining insurance, while KLG in turn released further claims against the government.  KLG finally submitted a termination claim in 2017. After KLG appealed, the government filed a motion for summary judgment based on KLG’s release and on the basis that KLG’s claim was untimely.  The ASBCA (Kinner, A.J.) held that KLG’s claim was time-barred due to the six-year CDA statute of limitations, concluding that KLG should have known that the government’s payment would not be forthcoming when the government failed to make a last payment in accordance with promises made by the contracting officer.  The Board also found there was no basis for equitable tolling because KLG had not diligently pursued its rights and there were no extraordinary circumstances that would have prevented the timely filing of the claim. Merrick Constr., LLC, ASBCA No. 60906 (Mar. 22, 2018) Merrick appealed a contracting officer’s decision denying its claim for rental costs on a bypass pumping system installed pursuant to a government change order.  The government moved for summary judgment, arguing that Merrick’s claim was precluded by the general release, and that there was an accord and satisfaction based upon a modification to the contract. The ASBCA (D’Alessandris, A.J.) explained that a release is a type of contract that grants the release of any claim or right that could be asserted against the other.  After interpreting the plain language of the release, the Board found that as a rule, a general release which is not qualified on its face bars any claims based upon events occurring before the execution of the release, and thus the government had met its burden of establishing that the general release applied.  The Board went on to note that there can be exceptions to a release, such as fraud, mutual mistake, economic duress, or consideration of a claim after release.  In this instance, the Board found that there was no mistake because Merrick’s argument was entirely speculative and no evidence was presented that would have shown that there was mistake.  The Board also held that Merrick’s claim was barred because it was submitted after final payment.  Pursuant to the Changes clause, FAR 52.243-4(f), no proposal by a contractor for an equitable adjustment can be allowed if asserted after final payment under the contract.  Because Merrick could not establish that the contracting officer knew or should have known of Merrick’s claim prior to the final payment, the Board held that Merrick’s claim was barred by final payment.  Accordingly, the Board granted the government summary judgment. Michaelson, Connor & Boul, CBCA 6021 (May 29, 2018) In February 2010, HUD awarded MCB a contract to serve as HUD’s mortgagee compliance manager to ensure lender compliance with the property conveyance requirements of HUD’s real-estate portfolio.  After the contract ended, MCB submitted a claim to the contracting officer requesting payment in the amount of $661,312.81, which MCB stated was incurred “in connection to” “extra-contractual work” allegedly requested by HUD.  The contracting officer denied MCB’s claim and MCB timely appealed to the CBCA.  HUD challenged the Board’s jurisdiction over the claim, alleging that because MCB’s claim arose after the contract ended, it did not arise out of the same operating facts as the contract and thus precluded the Board’s jurisdiction over the matter. The Board (Russell, A.J.) raised concerns about whether the claim presented to the contracting officer is the same claim that MCB presented on appeal, and ordered MCB to clarify whether it was seeking relief (1) under the contract identified in the notice of appeal, (2) under no contract, or (3) under a different contract. The Board held that it did have jurisdiction to hear MCB’s appeal because MCB’s appeal filings were “fundamentally the same” as those asserted in its claim to the contracting officer. Judge Chadwick dissented, noting that while the case presented the “closest ‘same claim/new claim’ issue” he had come across, the controlling question is whether MCB intends to litigate the operative facts of its certified claim, which according to Judge Chadwick MCB had abandoned because while the appeal sounded in contract, the certified claim was not based on any “provision, clause, or even a single word of the written contract.” E.  Amending the Complaint John C. Grimberg Co., Inc., ASBCA No. 60371 (Feb. 15, 2018) Grimberg held a contract to construct an advanced analytical chemistry wing for work with toxic agents.  After a dispute arose regarding contract terms, Grimberg filed a claim and an appeal of the contracting officer’s deemed denial when a year passed without a final decision on the claim.  Three weeks prior to the scheduled hearing date, Grimberg filed an amended complaint adding a new count based on the government’s failure to disclose superior knowledge of contract requirements.  The hearing was subsequently rescheduled by the Board to a date several months after the original hearing date.  Grimberg filed a motion for reconsideration after the Board rejected the amended complaint due to the absence of a motion for leave to amend. The ASBCA (Woodrow, A.J.) held that it had jurisdiction to hear the new count in the amended complaint because a new legal theory of recovery asserted in an amended complaint does not constitute a new claim if based upon the same operative facts as the original claim, and the new count would require review of the same evidence as the original counts.  Therefore, the Board concluded that it possessed jurisdiction to hear the new count.  The Board then determined that the proposed amendment to the complaint would be fair to both parties, as required by Board Rule 6, because the rescheduling of the hearing allowed the government additional time to address concerns raised by the new count.  Thus, the Board granted Grimberg leave to file its amended complaint. F.  Availability of Declaratory Relief The Federal Circuit and boards of contract appeals considered the availability of declaratory relief in an action brought pursuit to the CDA. Securiforce Int’l Am., LLC v. United States, Nos. 2016-2589, 2016-2633 (Fed. Cir. Jan. 17, 2018) Securiforce International America, LLC (“Securiforce”) supplied fuel to eight locations in Iraq under a contract with the Defense Logistics Agency (“DLA”). DLA partially terminated the contract for convenience with respect to two of the sites, but subsequently placed oral orders for small deliveries to those sites.  When Securiforce’s deliveries to the remaining sites were late, the government sent a show cause notice, in response to which Securiforce claimed the delays were due in part to the allegedly improper termination for convenience. The government terminated the remainder of the contract for default.  In 2012, Securiforce filed a complaint in the COFC claiming that the termination for default was improper, and then requested a final decision from the contracting officer (“CO”) that the termination for convenience had been improper. After the CO denied the request for final decision, Securiforce amended its COFC complaint to include a request for declaratory judgment that the government’s termination for convenience had been improper.  The COFC found jurisdiction over both claims and held that the partial termination for convenience of the contract had been an abuse of discretion and thus a breach of the contract, but found the termination for default proper and rejected Securiforce’s claim that its nonperformance was excused by the improper termination for convenience. On appeal, the Federal Circuit (Dyk, J.) found that the COFC lacked jurisdiction to adjudicate the declaratory relief claim regarding the validity of the government’s termination for convenience.  While contractors may seek declaratory relief in some cases, the Federal Circuit stated they may not “circumvent the general rule requiring a sum certain by reframing monetary claims as nonmonetary.”  The Federal Circuit characterized Securiforce’s declaratory relief claim as a claim for monetary relief because the default remedy for a breach of contract would be damages, and that Securiforce had failed to state a sum certain as required by the CDA.  The court further held that there would have been no jurisdictional impediment to Securiforce invoking the improper termination for convenience as an affirmative defense for its default without presenting the defense to the CO because Securiforce was neither seeking the payment of money nor attempting to change the terms of the contract.  However, under the facts at hand, the Federal Circuit concluded that the termination for convenience did not, in fact, amount to an abuse of discretion or breach of the contract.  Duke University, CBCA No. 5992 (Apr. 6, 2018) Duke University appealed a contracting officer’s final decision on what Duke referred to as a “non-monetary claim” that it had submitted to the National Institute of Allergy and Infectious Diseases (“NIAID”).  Duke did not specify a sum of monetary payment in its claim, instead seeking a declaratory judgment regarding the parties’ rights and obligations under the contract.  Applying the Federal Circuit’s recent decision in Securiforce, and upon a joint motion by the parties to dismiss the appeal without prejudice, the CBCA (Lester, A.J.) dismissed the appeal for lack of jurisdiction on the ground that Duke’s claim was one contemplated by Securiforce, requiring Duke to state a sum certain. Mare Solutions, Inc., CBCA Nos. 5540, 5541, 6037 (May 16, 2018) Mare Solutions, Inc. (“Mare”) was awarded a contract from the Department of Veterans Affairs (“VA”) for the construction of a two-story parking garage at the VA Medical Center in Erie, Pennsylvania.  When the project was nearly complete, two disputes arose – one involving bucked metal conduit on the first floor ceiling of the garage and the other regarding which party was responsible for purchasing “head-end” equipment for the video surveillance system.  Mare appealed the contracting officer’s final decisions and sought declaratory relief absolving it of liability for the buckled conduit and for the purchase of head-end equipment. At the time the appeals were filed, the ASBCA found its jurisdiction was proper because both appeals involved live performance disputes that could be resolved by declaration of the Board. At the hearing, however, the Board learned that, in addition to seeking declaratory relief, Mare had procured and installed the head-end equipment and was seeking reimbursement for those costs. Accordingly, Mare submitted a related monetary claim to the CO, which was also denied and which Mare appealed.  While there were no jurisdictional issues with the first appeal for declaratory relief relating to the metal conduit, the ASBCA (O’Rourke, A.J.) found that it no longer had jurisdiction over the head-end equipment claim for declaratory relief because the issues had been subsumed within the monetary claim.  Thus, the Board’s jurisdiction to issue declaratory relief can be obviated by the filing of a related monetary claim. Based on its interpretation of the contract, the Board ruled that Mare was not liable for the buckled conduit, but denied Mare’s monetary claim. G.  Election Doctrine A decision from the COFC highlights the issues that can arise from bringing proceedings before more than one tribunal that hear government contracts disputes. ACI-SCC JV et al v. United States, No. 17-1749C (Fed. Cl. Mar. 12, 2018) In what it described as a “conundrum of a case,” the COFC dismissed a suit against the Army Corps of Engineers brought by Plaintiff Arwand Road and Construction Company (“Arwand”), acting as Trustee for Plaintiff-Intervenors ACI-SCC JV, ACI-SCC JV LLC (together, “the JV”), and Plaintiff Advance Constructors International LLC (“ACI”). Arwand was a subcontractor to the JV, which held a number of construction contracts in Afghanistan. However, the JV did not pay Arwand on time for its work, claiming it had not yet been paid by the government. The contracting officer terminated the government’s contracts with the JV, and the JV and ACI appealed the terminations separately to the ASBCA. Both parties settled their claims and the ASBCA dismissed their appeals with prejudice. Arwand sued both the JV and ACI in the United States District Court for the District of Delaware for damages due under its subcontract with the JV, and the court awarded judgment in Arwand’s favor later that year. Arwand then filed a “petition” before the ASBCA asserting breach of contract claims against the government, which Arwand later voluntarily dismissed without prejudice. After the Delaware Court of Chancery appointed Arwand as trustee for the JV and ACI, Arwand filed suit against the Corps before the COFC in its capacity as trustee to recover unpaid fees on the JV’s contracts. The JV intervened and filed a motion to dismiss. The COFC (Wheeler, J.) dismissed the case as moot as a result of the settled ASBCA cases that had been dismissed with prejudice, at which time Arwand was merely a subcontractor with no rights, privity, or standing to sue the Government over the prime contract. Second, the COFC also held that by first filing suit at the ASBCA, Arwand lost its right to file in the COFC because courts have interpreted the CDA to impose an “either-or choice” of forum, meaning that a contractor is barred from filing in one forum if it chooses to file in the other forum first. Even though Arwand may not have had standing to file a “petition” before the ASBCA and  voluntarily dismissed the suit, he was precluded from litigating the same claim in the COFC under the CDA. III.  TERMINATIONS In two noteworthy decisions during the first half of 2018 arising from contract terminations, the ASBCA strictly construed the one-year time limit to submit a termination settlement proposal in accordance with the FAR’s termination for convenience clause. Am. Boys Constr. Co., ASBCA No. 61163 (Jan. 9, 2018) In 2013, the government awarded a contract for the construction of a prime power overhead cover to American Boys Construction Company (“American Boys”).  More than three and a half years after receiving notice of the government’s termination of the contract for convenience, American Boys submitted a termination settlement agreement proposal as a certified claim to the contracting officer.  The contracting officer denied the claim because American Boys did not file a settlement proposal within one year of the termination.  American Boys timely appealed the CO’s final decision and the government filed a motion for summary judgment requesting that the Board deny the appeal. The Board (Osterhout, A.J.) granted the government’s motion and denied the appeal because American Boys did not file its termination settlement claim until 2017 – nearly four years after the contract termination – in violation of FAR 52.249-2. Abdul Khabir Constr. Co., ASBCA No. 61155 (Apr. 6, 2018) Abdul Khabir Construction Co. appealed a contracting officer’s denial of a claim seeking settlement costs resulting from the government’s termination for convenience of its construction contract.  The government filed a motion for summary judgment, arguing that Abdul failed to submit its termination settlement proposal within a year of the effective date of termination, and did not submit its certified claim until more than seven years after termination. Abdul countered that the government never asked for a settlement proposal, and never told it where to file a claim. The Board (Osterhout, A.J.) found no evidence that the contracting officer extended the FAR’s one-year time period to file a termination claim.  Because no extension was granted and the parties did not dispute that Abdul Khabir did not submit a proposal or contact the government until over 18 months after the due date, the Board found the claim untimely and denied the appeal. IV.  CONTRACT INTERPRETATION A number of noteworthy decisions from the first half of 2018 articulate broadly applicable contract interpretation principles that should be considered by government contractors. CB&I AREVA MOX Servs., LLC v. United States, No. 16-950C, 17-2017C, 18-80C, 18-522C, 18-677C, 18-691C, 18-701C (Fed. Cl. June 11, 2018) In 1999, the Department of Energy awarded a cost reimbursement contract to the predecessor in interest of CB&I AREVA MOX Services, LLC (“MOX Services”) to construct a Mixed Oxide Fuel Fabrication Facility (“MFFF”) at a site in South Carolina. The original target completion date was in 2016, but was extended until 2029 and the estimated cost more than doubled. Under the contract, MOX Services was eligible to receive quarterly incentive fees pursuant to a vesting schedule for making progress towards completion of the construction of the MFFF beginning in 2008. Although the entire fee was provisional for at least the first year after it was invoiced, the incentive fee became 50% vested if MOX Services’ performance remained within the schedule and cost parameters for the subsequent four quarters. The government paid MOX incentive fees, of which a portion was provisional. The government suspended further incentive fee payments in 2011 when it determined that MOX Services was no longer performing within the applicable cost and schedule parameters. In 2016, MOX Services submitted a certified claim to the government for the suspended incentive fees that the company did not receive from 2011 through 2015. In response, the contracting officer not only denied the certified claim suspended payments, but also demanded that MOX Services refund the provisional incentive fee payments already made. The government argued that MOX Services has no hope of meeting the project’s parameters on cost and schedule and thus will not be entitled to retain any incentive fees at project completion. The Court of Federal Claims (Wheeler, J.) rejected this position, noting that “the contract provisions taken together unambiguously provide that the incentive fee [paid] to MOX Services is to remain in the custody of MOX Services until the MFFF construction is completed.” The court also criticized the CO’s demand for a refund of $21.6 million “as a way to gain leverage over MOX Services through baseless retaliation.” The court granted plaintiff’s partial motion for summary judgment, effectively requiring the government to return the provisional incentive fees to MOX Services until the project is completed. ABB Enter. Software, Inc., f/k/a/ Ventyx, ASBCA No. 60314 (Jan. 9, 2018) Tech-Assist, the corporate predecessor to ABB Enterprise Software, Inc., provided software and licenses to support naval maintenance requirements.  Pursuant to a master license agreement, the Navy was only allowed to install one copy of ABB’s software on ships and Navy bases, but ABB alleged that the Navy breached its licensing agreement by allowing two copies of the software to be installed on certain aircraft carriers.  After the Board granted the Navy’s motion to amend its answer to include an affirmative defense for equitable estoppel, ABB moved for summary judgment on its claim for entitlement based on its contention that the licensing agreement’s plain language only allowed for one copy of the software to be installed. The ASBCA (Kinner, A.J.) determined that the plain language of the licensing agreement controlled, and was explicitly clear that only one installation of software for each location would be allowed.  The Board also found that the Navy had not shouldered its burden to establish equitable estoppel by demonstrating that (1) the party to be stopped knew the facts; (2) the government intended that the conduct alleged to have induced continued performance will be acted on, or the contract must have a right to believe the conduct in question was intended to induce continued performance; (3) the contract must not be aware of the true facts; and (4) the contractor must rely on the government’s conduct to its detriment.  Thus, the Board granted ABB’s motion for summary judgment. Name Redacted, ASBCA No. 60783 (Feb. 8, 2018) In 2016, the government awarded a firm-fixed-price contract to Appellant for enhanced force protection and facility upgrades in Afghanistan.  The contract provided for a certain exchange rate between Afghani currency and U.S. dollars.  Following the contract’s termination for default, the contractor submitted a certified claim for additional costs, which the CO denied and the contractor appealed. In a subsequent modification converting the termination to one for convenience, the government agreed to pay over $93,000 to settle the pending appeal at the agreed upon exchange rate.  After some delay, the government paid Appellant, but Appellant countered that due to the delay there had been a change in the exchange rate, and that it was entitled to an additional $4,300.  The government moved to dismiss on the ground that the claim had been settled and Appellant had agreed to its dismissal. The Board (Melnick, A.J.) found that Appellant was not entitled to any additional costs because nothing in the modification allowed for additional compensation if the exchange rate fluctuated, and Appellant had released its claim when it agreed to the modification. Accordingly, the Board dismissed the appeal. UNIT Co., ASBCA No. 60581 (Feb. 12, 2018) The government awarded a contract for the construction of a battle command training center to UNIT.  During the course of the contract, UNIT subcontracted with other companies to perform certain mechanical work.  Due to various interpretations of design requirements, one of the subcontractors, Klebs Mechanical (“Klebs”) submitted “request for information” (“RFI”) forms to UNIT to pose questions to the government.  After some disagreement, UNIT submitted a claim for damages and costs for defective specifications, which the contracting officer denied.  The CO found that UNIT did not provide contractually required notice of the defective specifications and that its recovery was therefore barred. UNIT appealed the CO’s final decision and the government moved for summary judgment. The ASBCA (Newsom, A.J.) relied on FAR 52.236-21(a), Specifications and Drawings for Construction (Feb 1997) to find that UNIT had provided sufficient notice to the government in its RFI forms, or at the very least, that UNIT had created a disputed issue of material fact on whether or not sufficient notice was provided, and the Board accordingly denied summary judgment. MW Builders, Inc. v. United States, No. 13-1023C (Fed. Cl. Mar. 5, 2018) In our 2017 Year-End Update, we covered the Court of Federal Claims’ grant of partial judgment in favor of MW Builders, Inc. (“MW Builders”) on its claims that the Army Corps of Engineers breached its contract for electrical utility services and violated the duty of good faith and fair dealing. In a portion of the decision not covered in our Year-End Update, the COFC (Braden, C.J.) also determined that the claims of MW Builders’ subcontractor, Bergelectric, were waived as the result of a lien waiver in its subcontract providing that Bergelectric waived “any other claim whatsoever in connection with this Contract…” MW Builders moved for reconsideration of Bergelectric’s pass-through claims, arguing  that the precedent relied upon in the initial decision was inapplicable because that case was about a settlement dispute, whereas Bergelectric and MW agree that the contract does not evidence their intent. In the alternative, MW Builders claimed that the court should reform the release language. The court rejected both arguments. First, it held that the terms of the contractual release were unambiguous and that the court was therefore precluded from considering the extrinsic evidence regarding the parties’ intent even though the scope of the release included in the contract was unintentionally broad. Second, the COFC held that it does not have jurisdiction to reform an agreement between a contractor and its subcontractor, citing the Severin doctrine. Accordingly, the court denied the motion for reconsideration. V.  DAMAGES John Shaw LLC d/b/a/ Shaw Bldg. Maint., ASBCA No. 61379 (Mar. 8, 2018) In 2010, John Shaw LLC was awarded a contract to provide janitorial services at an Air Force base.  After the contract expired, Shaw presented a claim for “punitive damages” to the contracting officer, which was denied. Shaw appealed, and requested punitive damages and “missed opportunities” damages stemming from contracts allegedly not obtained due to the government’s handling of its contract.  The government moved to dismiss the claims for punitive and “missed opportunities” damages. The ASBCA (McIlmail, A.J.) dismissed Shaw’s damages claims, finding the connection between the government’s administration of the contract and the allegedly lost contracts with third parties was a claim for consequential damages, which were too remote and speculative to be recovered.  The Board further noted that it has no authority to award punitive damages, and dismissed both claims. Green Bay Logistic Servs. Co.,  ASBCA No. 61063 (Apr. 12, 2018) Green Bay appealed the Defense Contract Management Agency (“DCMA”)’s termination for convenience of its lease of two stakebed or flatbed trucks. Green Bay argued that it was owed twice the value of the contract because it attempted to deliver the vehicles twice. The ASBCA (Osterhout, A.J.) denied Green Bay’s appeal, finding that Green Bay failed to prove that it was entitled to any amount it presented to the government in its termination settlement proposal. Upon a termination for convenience of a commercial item contract, FAR 52.212-4(1) directs the government to pay the contractor: (1) a percentage of the contract price reflecting the percentage of the work performed prior to the notice of termination; and (2) reasonable charges the contractor can demonstrate to the satisfaction of the government using its standard record keeping system, have resulted from the termination. The Board concluded that because Green Bay delivered non-compliant vehicles, it did not complete any percentage of the contract, and that Green Bay did not present any reasonable charges that imposed upon the government a requirement to pay. Entergy Nuclear Generation Co. v. United States, No. 14-1248C (Fed. Cl. June 19, 2018) Entergy Nuclear Generation Company (“Entergy”) operates a nuclear power station. In 1983, Entergy’s predecessor, Boston Edison Company entered into a contract authorized by the Nuclear Waste Policy Act of 1982 for the disposal of spent nuclear fuel generated at the station to begin by January 31, 1998, but the Department of Energy (“DOE”) breached the contract and did not dispose of the spent fuel. In 2012, Entergy was awarded damages for the additional costs incurred in operating the plant due to the breach through December 31, 2008. In this second lawsuit, Entergy sought to recover damages allegedly incurred between December 31, 2008 and June 30, 2015 because Entergy could not recover future damages in the first suit. Because the government did not contest two-thirds of the damages sought by Entergy, Entergy sought partial summary judgment on liability and entry of partial final judgment on the uncontested amount. The court granted Entergy’s motion for partial summary judgment on liability for the uncontested amount, but found that the entry of partial final judgment as to the uncontested amount was improper under COFC Rule 54(b), which allows the court to direct final judgment “as to one or more, but fewer than all, claims” in an action. Here, where the COFC determined that Entergy is only alleging one “claim”—partial breach of contract—granting partial final judgment on some but not all of the harms arising out of a single claim “would be to enter judgment on less than one claim, violating Rule 54(b).” The government cross-moved for summary judgment as to Entergy’s claim for storage fees paid to the Nuclear Regulatory Commission (“NRC”). The court rejected the government’s argument that Entergy was foreclosed from proving causation between the breach and the increased fees because it had already presented such evidence, and the government’s argument had been rejected in a prior Federal Circuit case. The COFC denied the Government’s motion, finding that Entergy’s intent to present substantially different evidence from that considered in the prior Federal Circuit case created genuine dispute as to causation. Although not briefed by the parties, the court also found that because the COFC determined in a prior suit for damages brought by the Boston Edison Company that DOE’s breach was a but-for cause of the NRC fee change at the Pilgrim Nuclear Power Station, and the causation issue was not raised on appeal, issue preclusion may have provided an alternate basis to deny the Government’s motion. But the COFC had an opportunity to prohibit re-litigation of this same issue based on collateral estoppel in another case, discussed infra in Section VI(C). VI.  COMMON LAW PRINCIPLES The boards of contract appeals and COFC addressed a number of issues during the first half of 2018 arising out of the body of federal common law that has developed in the context of government contracts. A.  Application of Common Law in Government Contracts Cases Assessment and Training Solutions Consulting Corp., ASBCA No. 61047 (Mar. 6, 2018) ATSCC sought reconsideration of the ASBCA’s earlier decision sustaining ATSCC’s appeal, arguing that the Board erroneously applied a common law of bailment presumption of negligence and that the written contract should be enforced over the common law.  The Board (Clarke, A.J.) explained that the common law of bailment imposes upon the bailee the duty to protect property by exercising ordinary care and to return said property in substantially the same condition.  Thus, when the government receives property in good condition and returns it in damaged condition, there is a presumption that the cause of the damage was due to the government’s failure to exercise ordinary care.  The government argued that the presumption did not apply, and that where there was a written bailment contract, the contract should apply, not common law.  However, the Board noted that this was only true if the written contract and the common law differed.  Because the written contract and common law were the same in this instance, the Board concluded that the common law bailment presumption would apply.  Accordingly, the Board held, the prior decision’s reliance on the common law presumption was not legal error. B.  Fraud We have been following in our recent publications developments in the law of whether and to what extent the boards of contract appeals may exercise jurisdiction over claims and defenses sounding in fraud when the alleged fraud affects the administration of government contracts.  For example, in our 2016 Year-End Government Contracts Litigation Update, we covered the Federal Circuit’s decision in Laguna Construction Company, Inc. v. Carter, 828 F.3d 1364 (Fed. Cir. 2016), which held that as long as the ASBCA can rely upon prior factual determinations from other tribunals (such as through a guilty plea), the Board has jurisdiction to adjudicate legal defenses based upon those prior determinations of fraud.  In the first half of 2018, the ASBCA considered one case addressing the impact of Laguna on its jurisdiction, and another that evaluated the validity of a contracting officer’s final decision based partially on a decision of fraud. Int’l Oil Trading Co., ASBCA Nos. 57491, 57492, 57493 (Jan. 12, 2018) IOTC sought partial judgment on the pleadings or, alternatively, renewed its motion to strike the Government’s affirmative defense that IOTC obtained its contracts for fuel delivery to the government in Iraq through fraud or bribery, claiming that the Federal Circuit’s decision in Laguna abrogated the Board’s previous ruling denying IOTC’s initial motion to strike by preventing the Board from hearing the fraud-based affirmative defense. Citing ABS Development Corp., which we discussed in our 2017 Year-End Government Contracts Litigation Update, the ASBCA (Melnick, A.J.) held that Laguna did not impact its prior ruling that it was not precluded from considering fraud related claims based because the CDA’s statutory bar did not apply to an affirmative defense that a contract is void under the common law for fraud or bribery in its formation. The Board noted that the Federal Circuit’s decision did not restrict the Board’s power to determine the validity of a contract when the government has lodged an affirmative defense that the contract is void  ab initio due to fraud or bribery, as opposed to when the government is asserting a fraud claim (such as a claim under the False Claims Act) that the Board does not have jurisdiction to entertain. Accordingly, the Board denied IOTC’s motion. PROTEC GmbH, ASBCA Nos. 61161, 61162, 61185 (Mar. 20, 2018) The government moved to dismiss for lack of jurisdiction PROTEC’s appeals from the Army’s denials of its claims for unpaid invoices, arguing that the contracting officers’ final decisions were invalid because denials were based on  suspicion of fraud. None of the final decisions mentioned any suspicion of fraud; however, the U.S. Army Criminal Investigation Command was conducting an investigation into allegations of fraud at the time the final decisions were issued and at the time of the appeal. Under the FAR, a contracting officer’s authority to decide or resolve claims does not extend to settlement, compromise, payment, or adjustment of any claim involving fraud.  The COFC and CBCA have held that a final decision is therefore invalid if it is based upon a suspicion of fraud.  However, the Federal Circuit has clarified that a final decision is invalid only if the decision rests solely upon a suspicion of fraud.  Because the decisions issued to PROTEC were not based upon a suspicion of fraud and the decisions also relied upon other rationales,  it did not matter for jurisdictional purposes  that there was an ongoing criminal investigation into fraud allegations.  The Board (Sweet, A.J.) therefore denied the motion to dismiss. C.  Good Faith & Fair Dealing Ala. Power Co. v. United States, No. 17-1480, Ga. Power Co. v. United States, Nos.  17-1492C, 17-1481C (Fed. Cl. Mar. 26, 2018) In a pair of cases arising from ongoing litigation regarding the government’s failure to collect spent nuclear fuel (“SNF”) from the plaintiffs’ facilities pursuant to its contracts, the Government  sought to dismiss two claims—the first relating to the recovery of certain fees levied by the Nuclear Regulatory Commission (“NRC”), and the second to plaintiffs’ claim for breach of the covenant of good faith and fair dealing. In 2004, the COFC granted summary judgment in plaintiffs’ favor on their initial breach of contract suit. The plaintiffs sued again in 2010 to recover the damages accrued from the government’s continued breach by failing to remove the material between 2005 and 2010, including fees collected by the NRC. During that second phase of litigation, the COFC held that although the plaintiffs were entitled to recovery, they could not recover the additional NRC fees because they did not sufficiently prove the breach of contract caused the increase in the fees. The plaintiffs sued a third time to recover all costs incurred after 2011, at which point the COFC granted partial summary judgment for the government on the issue of the NRC fees as barred by the doctrine of collateral estoppel. This fourth case, based upon nearly identical facts, is framed as both a breach of contract claim and a breach of the implied covenant of good faith and fair dealing. The Government moved dismiss the breach claims related to the recovery of the NRC fees based on collateral estoppel and to dismiss the good faith and fair dealing claim as duplicative of the breach of contract claim for which liability had been established in the 1998 case. The COFC (Campbell-Smith, J.) granted the motion to dismiss the NRC fees because the allegations in the complaint were virtually identical to those in the previous complaint and there had been no change in the law between the two suits. The COFC also found that the good faith and fair dealing claim was duplicative of the breach of contract claim. To state a separate claim for breach of the implied covenant of good faith and fair dealing,  a plaintiff must allege some kind of subterfuge—evasion that goes against the spirit of the bargain, lack of diligence, willful rendering of imperfect performance, abuse of power, or interference with performance—founded upon different allegations than the breach of contract claim. The COFC found no alleged facts that even arguably support plaintiff’s conclusion that defendant was attempting to avoid its obligations, and therefore granted the motion to dismiss. Raytheon Co., ASBCA Nos. 60448, 60785 (Apr. 9, 2018) Raytheon appealed from the CO’s denial of two claims relating to additional services rendered under its “Lot 27” contract with the Air Force. About two months before the hearing, the government moved to amend its answer to add an additional “unclean hands” affirmative defense based on the latest round of government depositions of Raytheon personnel, which the government claimed revealed that Raytheon had an undisclosed pre-award plan to complete the Lot 27 contract work with future appropriated funds siphoned away from future missile production contracts that Raytheon hoped to obtain on an annual basis. Raytheon moved to dismiss the additional defense, arguing the ASBCA did not have jurisdiction to entertain the defense because it had not been submitted as  claim to the CO, and that the government did not justify the defense or the delay in raising it. The ASBCA (Scott, A.J.) granted the government’s motion to amend its answer. Although the Board recognized that the government’s amendment was filed only shortly before the hearing, there was insufficient information for the Board to conclude that the government delayed unduly in raising the defense. The Board also concluded that there was insufficient evidence to establish bad faith on the part of the government or for the Board to decide the futility of the amendment. The ASBCA did, however, allow Raytheon additional discovery and/or submissions both before and after the scheduled hearing. VII.  CASES TO WATCH While the Government Contracts Litigation Update does not typically analyze bid protest cases from the GAO or the Court of Federal Claims, two recent cases—a decision from the Court of Federal Claims, and a case still pending before the Federal Circuit— have wide-reaching implications of which government contractors should be aware. A.  Trade Agreements Act Acetris Health, LLC v. United States, No. 18-433C (Fed. Cl. May 8, 2018) The Court of Federal Claims considered Acetris Health, LLC’s challenge to the Department of Veterans Affairs’ reliance on a determination by Customs and Border Patrol that the pharmaceuticals Acetris provided under contract to the VA and the Department of Defense were considered a product of India because the active ingredient in the drug was not “substantially transformed” in the United States. The VA determined that Acetris was required to supply “only U.S.-made or designated country end products” under the contract because it was subject to the Trade Agreements Act of 1979 (“TAA”). Acetris claimed that the pharmaceuticals it provide were TAA compliant because the foreign ingredients were processed into the final product in the U.S. Acetris challenged CBP’s country of origin determination at the Court of International Trade (“CIT”) in March 2018. Before the COFC, Acetris lodged a pre-award bid protest challenge to the VA’s reliance on CBP’s determination in interpreting its solicitation. After receiving the CBP determination, the VA notified Acetris that it could no longer fulfill the relevant contract using the existing pharmaceutical supply, and solicited new proposals to supply a TAA-compliant version of the product. Acetris submitted a proposal that was rejected by the VA. The VA expressed its intention to “rely entirely” on the findings of CBP for the purpose of country of origin determinations for TAA compliance. Acetris challenged both the VA’s substantive interpretation of the TAA and its reliance on CBP to make the country of origin determination. The COFC (Sweeney, J.) denied the government’s motion to dismiss, finding that  “all of plaintiff’s claims are aimed at the actions (or inaction) of the VA” and thus are “properly the subject of a preaward bid protest.” The COFC also determined that 28 U.S.C. §1500 does not divest the COFC of jurisdiction because the court determined that the challenge to CBP’s country-of-origin determination pending before the CIT was not based on substantially the same operative facts, and that Acetris’ claims were ripe for review and stated claims upon which relief could be granted. After oral argument earlier this month, the COFC granted declaratory judgment in favor of Acetris. The COFC found that the VA misconstrued the Trade Agreements clause included in the solicitation as preventing the purchase of products that qualify as domestic end products under relevant FAR provisions. The COFC also held that the VA’s reliance on CBP’s country of origin determination, rather than independently assessing TAA compliance, was arbitrary and capricious. B.  Commercial Item Contracting Palantir USG Inc. v. United States, No. 17-1465 (Fed. Cir. Feb. 8, 2018) In February, Gibson Dunn argued before the Federal Circuit on behalf of its client Palantir Technologies to uphold a 2016 Court of Federal Claims ruling (Horn, J.) that the Army violated the Federal Acquisition Streamlining Act (“FASA”) when it decided to develop a new data-management platform from scratch without undertaking market research to determine whether its needs could be met by a commercially available product. The COFC found that Palantir was wrongly excluded from a $206 million intelligence software procurement when the Army refused to consider procuring its platform on a firm fixed price, commercial item basis, and instead issued a solicitation calling for developmental solutions on a cost-plus basis. On appeal, the Government argued that the COFC erroneously added a requirement to FASA that government market research must “fully investigate” whether commercial items could meet all or part of the agency’s requirements, and that the COFC wrongly substituted its judgment in determining that the Army’s market research was inadequate. Palantir argued that reversal of the COFC decision would “flout” the FASA procedures requiring that agencies acquire commercial items “to the maximum extent possible,” which were designed to prevent federal agencies from “wasting taxpayer funds by developing products that are already available in the commercial marketplace.” The Federal Circuit’s impending decision in this case will have wide reaching impacts on the procurement community and the deference afforded the Government’s market research in developing its solicitation requirements. VIII.  CONCLUSION We will continue to keep you informed on these and other related issues as they develop. The following Gibson Dunn lawyers assisted in preparing this client update: Karen L. Manos, Lindsay M. Paulin, Melinda Biancuzzo, Jessica Altman, Sydney Sherman, and Casper J. Yen. Gibson Dunn lawyers are available to assist in addressing any questions you may have regarding the issues discussed above.  Please contact the Gibson Dunn lawyer with whom you usually work, or any of the following: Washington, D.C. Karen L. Manos (+1 202-955-8536, kmanos@gibsondunn.com) Joseph D. West (+1 202-955-8658, jwest@gibsondunn.com) John W.F. Chesley (+1 202-887-3788, jchesley@gibsondunn.com) David P. Burns (+1 202-887-3786, dburns@gibsondunn.com) Michael Diamant (+1 202-887-3604, mdiamant@gibsondunn.com) Michael K. Murphy(+1 202-995-8238, mmurphy@gibsondunn.com) Jonathan M. Phillips (+1 202-887-3546, jphillips@gibsondunn.com) Melinda R. Biancuzzo (+1 202-887-3724, mbiancuzzo@gibsondunn.com) Ella Alves Capone (+1 202-887-3511, ecapone@gibsondunn.com) Michael R. Dziuban (+1 202-887-8252, mdziuban@gibsondunn.com) Melissa L. Farrar (+1 202-887-3579, mfarrar@gibsondunn.com) Lindsay M. Paulin (+1 202-887-3701, lpaulin@gibsondunn.com) Laura J. Plack (+1 202-887-3678, lplack@gibsondunn.com) Erin N. Rankin (+1 202-955-8246, erankin@gibsondunn.com) Jeffrey S. Rosenberg (+1 202-955-8297, jrosenberg@gibsondunn.com) Denver Robert C. Blume (+1 303-298-5758, rblume@gibsondunn.com) Jeremy S. Ochsenbein (+1 303-298-5773, jochsenbein@gibsondunn.com) Los Angeles Marcellus McRae (+1 213-229-7675, mmcrae@gibsondunn.com) Maurice M. Suh (+1 213-229-7260, msuh@gibsondunn.com) James L. Zelenay, Jr. (+1 213-229-7449, jzelenay@gibsondunn.com) Dhananjay S. Manthripragada (+1 213-229-7366, dmanthripragada@gibsondunn.com) Sean S. Twomey (+1 213-229-7284, stwomey@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

June 20, 2018 |
Acting Associate AG Panuccio Highlights DOJ’s False Claims Act Enforcement Reform Efforts

Click for PDF On June 14, 2018, Acting Associate Attorney General Jesse Panuccio gave remarks highlighting recent enforcement activity and policy initiatives by the Department of Justice (“DOJ”).  The remarks, delivered at the American Bar Association’s 12th National Institute on the Civil False Claims Act and Qui Tam Enforcement, included extensive commentary about DOJ’s ongoing efforts to introduce reforms to promote a more fair and consistent application of the False Claims Act (“FCA”).  While the impact of these policy initiatives remains to be seen, DOJ’s continued focus on these efforts, led by officials at the highest levels within DOJ, suggests that FCA enforcement reform is a priority for the Department. After giving an overview of several FCA settlements from the last eighteen months—apparently designed to demonstrate that this DOJ recognizes the importance of the FCA in a breadth of traditional enforcement areas—Mr. Panuccio discussed two particular priorities: the opioid epidemic and the nation’s elderly population.  He emphasized that DOJ would “actively employ” the FCA against any entity in the opioid distribution chain that engages in fraudulent conduct.  He then highlighted the crucial role of the FCA in protecting the nation’s elderly from fraud and abuse, citing examples of enforcement against a nursing home management company, hospices, and skilled rehabilitation facilities. The majority of Mr. Panuccio’s remarks focused, however, on policy initiatives DOJ is undertaking to ensure that enforcement “is fair and consistent with the rule of law.”  Mr. Panuccio alluded to general reform initiatives by the department, such as the ban on certain third-party payments in settlement agreements, before expanding on reforms specific to the FCA.  Mr. Panuccio highlighted that the recent FCA reform efforts have been spearheaded by Deputy Associate Attorney General Stephen Cox; Mr. Cox had delivered remarks at the Federal Bar Association Qui Tam Conference in February of this year that had provided insight into the positions articulated in the Brand and Granston memoranda.  In his speech, Mr. Panuccio described five policy initiatives being undertaken by DOJ to reform FCA enforcement: (i) qui tam dismissal criteria; (ii) the use of guidance in FCA cases; (iii) cooperation credit; (iv) compliance program credit; and (v) preventing “piling on.” Qui tam dismissals Mr. Panuccio acknowledged the tremendous increase in the number qui tam cases that are filed each year, which includes cases that are not in the public interest.  Recognizing that DOJ expends significant resources to monitor cases even when it declines to intervene, Mr. Panuccio noted that DOJ attorneys have been instructed to consider whether moving to dismiss the action would be an appropriate use of prosecutorial discretion under the FCA.  While DOJ previously exercised this authority only rarely, consistent with the Granston memo, Mr. Panuccio suggested that, going forward, DOJ may use that authority more frequently in order to free up DOJ’s resources for matters in the public interest. Although defendants generally may not yet be experiencing significant differences regarding the possibility of dismissal at the DOJ line level, the continued public discussion of the potential use of DOJ’s dismissal authority by high-level officials suggests that DOJ appreciates the problems caused by frivolous qui tams and may ultimately be more receptive to dismissal of actions lacking merit. Guidance As stated in the Brand Memorandum, DOJ will no longer use noncompliance with agency guidance that expands upon statutory or regulatory requirements as the basis for an FCA violation.  Mr. Panuccio explained that, in an FCA case, evidence that a party received a guidance document would be relevant in proving that the party had knowledge of the law explained in that guidance.  However, DOJ attorneys have been instructed “not to use [DOJ’s] enforcement authority to convert sub-regulatory guidance into rules that have the force or effect of law.” Cooperation With respect to cooperation credit, Mr. Panuccio indicated that DOJ is working on formalizing its practices and that modifications to prior practices should be expected.  That notwithstanding, Mr. Panuccio provided assurances that DOJ will continue to “expect and recognize genuine cooperation” in both civil and criminal matters.  He also noted that the extent of the discount provided when negotiating a settlement would depend on the nature of the cooperation, how helpful it was, and whether it helped identify individual wrongdoers. Though DOJ’s new policies on cooperation credit are still forthcoming, Mr. Panuccio’s remarks suggest that formal cooperation credit might be expanded to cover situations outside of those in which the defendant makes a self-disclosure. Compliance In recognition of the challenges of running large organizations, DOJ will “reward companies that invest in strong compliance measures.”  How this may differ, if at all, from current ad hoc considerations remains to be seen. Piling On Mr. Panuccio acknowledged that, when multiple regulatory bodies pursue a defendant for the same or substantially the same conduct, “unwarranted and disproportionate penalties” can result. In order to avoid this “piling on,” DOJ attorneys will promote coordination within the agency and other regulatory bodies to ensure that defendants are subject to fair punishment and receive the benefit of finality that should accompany a settlement.  Moreover, Mr. Panuccio remarked that DOJ attorneys should not “invoke the threat of criminal prosecution solely to persuade a company to pay a larger settlement in a civil case,” which really is simply a restatement of every attorney’s existing ethical duty.  Whether DOJ leadership’s interest here will result in significant practical developments is uncertain.  Such developments, though perhaps unlikely, could include eliminating the cross-designation of Assistant U.S. Attorneys as both Civil and Criminal; limiting the ability of Civil Division attorneys to invite Criminal Division lawyers to participate in meetings without the request or consent of defendants; or perhaps even somehow inhibiting the Civil Division from using the FCA, with its mandatory treble damages and per-claim penalties, following criminal fines and restitution. We will continue to monitor and report on these important developments. The following Gibson Dunn lawyers assisted in preparing this client update: Stephen Payne, Jonathan Phillips and Claudia Kraft. Gibson Dunn’s lawyers have handled hundreds of FCA investigations and have a long track record of litigation success.  Among other significant victories, Gibson Dunn successfully argued the landmark Allison Engine case in the Supreme Court, a unanimous decision that prompted Congressional action.  See Allison Engine Co. v. United States ex rel. Sanders, 128 S. Ct. 2123 (2008).  Our win rate and immersion in FCA issues gives us the ability to frame strategies to quickly dispose of FCA cases.  The firm has more than 30 attorneys with substantive FCA expertise and more than 30 former Assistant U.S. Attorneys and DOJ attorneys.  For more information, please feel free to contact the Gibson Dunn attorney with whom you work or the following attorneys. Washington, D.C. F. Joseph Warin (+1 202-887-3609, fwarin@gibsondunn.com) Stuart F. Delery (+1 202-887-3650, sdelery@gibsondunn.com) Joseph D. West (+1 202-955-8658, jwest@gibsondunn.com) Andrew S. Tulumello (+1 202-955-8657, atulumello@gibsondunn.com) Karen L. Manos (+1 202-955-8536, kmanos@gibsondunn.com) Stephen C. Payne (+1 202-887-3693, spayne@gibsondunn.com) Jonathan M. Phillips (+1 202-887-3546, jphillips@gibsondunn.com) New York Reed Brodsky (+1 212-351-5334, rbrodsky@gibsondunn.com) Alexander H. Southwell (+1 212-351-3981, asouthwell@gibsondunn.com) Denver Robert C. Blume (+1 303-298-5758, rblume@gibsondunn.com) Monica K. Loseman (+1 303-298-5784, mloseman@gibsondunn.com) John D.W. Partridge (+1 303-298-5931, jpartridge@gibsondunn.com) Ryan T. Bergsieker (+1 303-298-5774, rbergsieker@gibsondunn.com) Dallas Robert C. Walters (+1 214-698-3114, rwalters@gibsondunn.com) Los Angeles Timothy J. Hatch (+1 213-229-7368, thatch@gibsondunn.com) James L. Zelenay Jr. (+1 213-229-7449, jzelenay@gibsondunn.com) Palo Alto Benjamin Wagner (+1 650-849-5395, bwagner@gibsondunn.com) San Francisco Charles J. Stevens (+1 415-393-8391, cstevens@gibsondunn.com)Winston Y. Chan (+1 415-393-8362, wchan@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

May 25, 2018 |
Who’s Who Legal Recognizes Six Gibson Dunn Partners

Six Gibson Dunn partners were recognized by Who’s Who Legal in their respective fields. In Who’s Who Legal France 2018 guide Paris partners Nicolas Baverez and Jean-Pierre Farges were recognized in Administrative Litigation and Restructuring & Insolvency respectively. In Who’s Who Legal Restructuring & Insolvency 2018 Los Angeles partners Robert Klyman and Jeffrey Krause, and New York partner Michael Rosenthal were listed. Additionally in the Who’s Who Legal Life Sciences 2018 guide Orange County partner William Rooklidge was recognized.  

April 17, 2018 |
FDA Releases Draft Guidance Proposing a Significant Expansion of the Abbreviated 510(k) Pathway for Medical Devices

Click for PDF On April 12th, 2018, the Food and Drug Administration (“FDA”) released draft guidance proposing a significant expansion of the abbreviated 510(k) pathway for medical devices that would allow applicants to rely on performance characteristics rather than direct comparisons to predicate devices (“Draft Guidance”).[1]  FDA plans to maintain a list of device types appropriate for the Expanded Abbreviated 510(k) program on the FDA website and to issue additional guidance on specific performance criteria.[2]  Prior comments by FDA Commissioner Scott Gottlieb suggest that the new program could focus on device types with older predicate devices where direct testing has become challenging, and on “well-understood technologies like ultrasound imaging machines, common in vitro diagnostic devices, and blood pressure monitors.”[3] A 510(k) is a premarket submission to demonstrate that a proposed device for marketing is at least as safe and effective, that is, “substantially equivalent,” to a “predicate device,” which is a legally marketed device that is not subject to FDA’s premarket approval (“PMA”) requirements.[4]  Under the Abbreviated 510(k) clearance pathway, applicants could use conformity to FDA-recognized consensus standards or FDA guidance to demonstrate some of the performance characteristics necessary to support a finding of substantial equivalence to a predicate device.[5] The new Expanded Abbreviated 510(k) program would allow a submitter to use FDA guidance, FDA-recognized consensus standards, special controls, and other information to demonstrate all of the performance characteristics necessary to show substantial equivalence.  FDA reasons that “[i]f a legally marketed device performs at certain levels relevant to its safety and effectiveness, and a new device meets or exceeds those levels of performance for the same characteristics, FDA could find that the new device is as safe and effective as the legally marketed device.”[6]  In other words, direct head-to-head comparisons, including testing, against predicate devices would not be required to demonstrate substantial equivalence under the Expanded Abbreviated 510(k) program.[7]  An applicant would be required to submit a declaration of conformity, a summary of the data, and/or the underlying data, depending on the performance criteria specified for the device at issue. The Draft Guidance was foreshadowed by comments from Commissioner Gottlieb in an FDA Voice blog post in December 2017.  In that post, Commissioner Gottlieb explained that, as a result of significant advances in technology, device manufacturers were increasingly encountering challenges when they tested new devices against older predicate devices, many of which had been marketed for decades.  In light of this, the Commissioner announced that FDA would undertake steps to modernize 510(k) review, permitting increased flexibility and facilitating a streamlined process that could potentially accelerate the rate at which new innovations are brought to market.  In addition, the Commissioner noted that FDA’s new guidance would be consistent with requirements under the 21st Century Cures Act to use the “least burdensome” means available to demonstrate substantial equivalence.[8] FDA is accepting comments on the Draft Guidance until July 11, 2018.    [1]   FDA, Draft Guidance for Industry and FDA Staff: Expansion of the Abbreviated 510(k) Program: Demonstrating Substantial Equivalent Through Performance Criteria (Apr. 12, 2018).    [2]   FDA, Draft Guidance for Industry at 7.    [3]   Commissioner Scott Gottlieb, Advancing Policies to Promote Safe, Effective MedTech Innovation (FDA Voice Blog, Dec. 11, 2017), https://blogs.fda.gov/fdavoice/index.php/2017/12/advancing-policies-to-promote-safe-effective-medtech-innovation/.    [4]   21 U.S.C. § 360c(i).    [5]   FDA, Final Guidance: The New 510(k) Paradigm: Alternate Approaches to Demonstrating Substantial Equivalence in Premarket Notifications (Mar. 20, 1998).    [6]   FDA, Draft Guidance for Industry at 6.    [7]   Id. at 7.    [8]   Gottlieb, Advancing Policies to Promote Safe, Effective MedTech Innovation. The following Gibson Dunn lawyers assisted in the preparation of this client update:  Marian Lee, Stephen Payne and Claudia Kraft. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments.  Please contact the Gibson Dunn lawyer with whom you usually work or any of the following members of the FDA and Health Care practice group: Washington, D.C. Stephen C. Payne, Chair, FDA and Health Care Practice (+1 202-887-3693, spayne@gibsondunn.com) Marian J. Lee (+1 202-887-3732, mjlee@gibsondunn.com) F. Joseph Warin (+1 202-887-3609, fwarin@gibsondunn.com) Daniel P. Chung (+1 202-887-3729, dchung@gibsondunn.com) Jonathan M. Phillips (+1 202-887-3546, jphillips@gibsondunn.com) Claudia D. Kraft (+1 202-887-3794, ckraft@gibsondunn.com) Los Angeles Debra Wong Yang (+1 213-229-7472, dwongyang@gibsondunn.com) San Francisco Charles J. Stevens (+1 415-393-8391, cstevens@gibsondunn.com) Winston Y. Chan (+1 415-393-8362, wchan@gibsondunn.com) New York Alexander H. Southwell (+1 212-351-3981, asouthwell@gibsondunn.com) Denver Robert C. Blume (+1 303-298-5758, rblume@gibsondunn.com) John D. W. Partridge (+1 303-298-5931, jpartridge@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP, 333 South Grand Avenue, Los Angeles, CA 90071 Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

March 29, 2018 |
Federal Circuit Update (March 2018)

Click for PDF This March 2018 edition of Gibson Dunn’s Federal Circuit Update discusses the three pending Federal Circuit cases before the Supreme Court that consider issues regarding inter partes review proceedings and extraterritorial damages, and a brief summary of the process for seeking an interlocutory appeal.  This Update also provides a summary of the pending en banc case involving attorneys’ fees for litigation involving the PTO.  Also included are summaries of recent decisions regarding the fair use defense to copyright infringement, factual issues underlying patent eligibility under 35 U.S.C. § 101, and the jurisdiction of the Federal Circuit over Walker Process antitrust claims. Federal Circuit News On Friday, March 16, 2018, the Judicial Conference of the U.S. Court of Appeals for the Federal Circuit was held in Washington, D.C.  At the Conference, Judge Pauline Newman was recognized with the 2018 American Inns of Court Professionalism Award.  Judge Newman has served on the Federal Circuit in active status for the past 34 years. Supreme Court.  The Supreme Court has heard oral argument on two cases from the Federal Circuit this term, and recently granted certiorari on a third case: Case Status Issue WesternGeco LLC (Schlumberger) v. ION Geophysical Corp., No. 16-1011 Certiorari granted Jan. 12, 2018; Argument Apr. 16, 2018 Recoverability of lost profits for foreign use in cases where patent infringement is proven under 35 U.S.C. § 271(f) Oil States Energy Services, LLC v. Greene’s Energy Group, LLC, No. 16-712 Argued on Nov. 27, 2017 Constitutionality of inter partes review under Article III and the Seventh Amendment SAS Institute Inc. v. Matal, No. 16-969 Argued on Nov. 27, 2017 The number of claims that must be addressed by the Patent Trial and Appeal Board in a final written decision during inter partes review Upcoming En Banc Federal Circuit Cases NantKwest, Inc. v. Matal, No. 16-1794 (Fed. Cir.):  Whether the PTO can recover attorneys’ fees in litigation under 35 U.S.C. § 145. After the PTAB affirmed the examiner’s rejection of NantKwest’s patent application, NantKwest appealed to the United States District Court for the Eastern District of Virginia under 35 U.S.C. § 145.  The PTO prevailed on the merits of the appeal and moved to recover both attorneys’ fees and expert fees.  Section 145 provides that “[a]ll the expenses of the proceedings shall be paid by the applicant.”  Applying this provision, the district court granted the PTO’s request for expert fees, but rejected the PTO’s request for attorneys’ fees.  A panel of the Federal Circuit reversed the district court’s holding as to attorneys’ fees, holding that the “[a]ll expenses of the proceedings” provision under § 145 authorizes an award of attorneys’ fees.  (Decision available here.) The Federal Circuit sua sponte ordered that the panel decision be vacated and that the case be reheard en banc.  Seven amicus briefs were filed, five in support of NantKwest (the International Trademark Association, the Intellectual Property Owners Association, the Intellectual Property Law Association of Chicago, the Association of Amicus Counsel, and the American Bar Association) and two in support of neither party (Federal Circuit Bar Association and American Intellectual Property Law Association).  Oral argument was held on March 8, 2018.  (Audio recording is available here.) Question presented: Did the panel in NantKwest, Inc. v. Matal, 860 F.3d 1352 (Fed. Cir. 2017) correctly determine that 35 U.S.C. § 145’s “[a]ll the expenses of the proceedings” provision authorizes an award of the United States Patent and Trademark Office’s attorneys’ fees? Federal Circuit Practice Update How to Appeal from an Interlocutory Decision.  The Federal Circuit has exclusive jurisdiction over interlocutory orders in patent law cases.  See 28 U.S.C. § 1292(c)(1).  Interlocutory orders are appealable as of right if they relate to an injunction, receivers, or certain admiralty cases.  See § 1292(a)(1)–(3).  All other interlocutory appeals are discretionary and require that both the district court and the appeals court agree to hear the issue on appeal. The district court judge must first certify that the issue “involves a controlling question of law as to which there is substantial ground for difference of opinion and that an immediate appeal from the order may materially advance the ultimate termination of the litigation.”  28 U.S.C. § 1292(b).  There is no deadline after the substantive order to move for certification under section 1292(b), but the prospective appellant should move promptly.  If the district court declines to issue such a certification order, that is the end of the road (absent mandamus or other extraordinary relief). If the district court certifies an issue for interlocutory appeal, the appeals court has discretion to permit the appeal.  See § 1292(b); see also Regents of U. of Cal. v. Dako N. Am., Inc., 477 F.3d 1335, 1336 (Fed. Cir. 2007) (“Ultimately, this court must exercise its own discretion in deciding whether it will grant permission to appeal an interlocutory order certified by a trial court.”).  A party has ten days after the district court’s certification order to petition the court of appeals.  See § 1292(b); see also Fed. R. App. P. 5(a)(3).  The petition must contain a summary of relevant facts, the question presented, the relief sought, a statement of the reasons why the appeal should be allowed, and copies of the relevant district court orders.  Fed. R. App. P. 5(b)(1)(A)–(E).  A party then has ten days to file an answer in opposition to the petition.  Fed. R. App. P. 5(b)(2).  The petition is decided without the benefit of oral argument, unless the court of appeals orders otherwise.  Fed. R. App. P. 5(b)(3). Key Case Summaries (February – March 2018) Oracle Am., Inc. v. Google LLC, Nos. 17-1118, 17-1202 (Fed. Cir. Mar. 27, 2018):  Direct copying of a copyrighted work for use in a competing platform using the material for the same purpose and function did not, on the facts of the case, amount to fair use. After a jury had determined that Google’s use of Oracle’s copyright in Java API packages was a fair use, the district court denied Oracle’s post-trial motions for judgment as a matter of law and for a new trial.  Applying the four factors for fair use from 17 U.S.C. § 107, the district court held that a reasonable jury could have concluded that the use was fair because:  (1) the purpose and character of Google’s use was transformational; (2) the nature of the copyrighted work was not “highly creative”; (3) the amount and substantiality of the portion used was only as much of the work as was necessary for its transformative use; and (4) Google’s use of the code did not cause harm to the potential market for the copyrighted work. The Federal Circuit (O’Malley, J.) reversed.  At the outset, the Federal Circuit discussed the standard of review and found that fair use is “primarily a legal exercise” and thus, under the Supreme Court’s recent decision in U.S. Bank Nat’l Ass’n ex rel. CWCapital Asset Mgmt. LLC, No. 15-1509 (U.S. Mar. 5, 2018), the inferences to be drawn from the fair use factors are legal in nature and subject to de novo review. In analyzing the first factor, the court found that Google’s use of the Java APIs to create its Android platform was commercial under Ninth Circuit law even though Google gave a free open source license to Android because direct economic benefit is not required, and Google profited indirectly from the platform.  The court also found that Google’s use was not transformative because Google (1) used the API packages for the same purpose as they were used in the Java platform, (2) made no alterations to the expressive content of the copyrighted material, and (3) did not adapt the material for a “new context” when it provided Android for smartphones.  As to the second factor, the court found that the evidence presented at trial would allow reasonable jurors to conclude that functional considerations were substantial and important.  Addressing the third factor, the court noted that Google directly copied 37 API packages and 11,500 lines of code, even though only 170 lines of code were necessary to write in the Java language.  Although the amount of code was a small percentage of the roughly 2.86 million lines of code in Java libraries, the court found the copying qualitatively substantial because it copied 37 APIs in their entirety—even though Google admitted they could have written their own APIs—in order to make the Android platform familiar and attractive to Java programmers.  Turning to the fourth factor, the court noted that Android competed directly with Oracle’s Java platform and that the free nature of Android caused significant market harm to Oracle’s efforts to license Java. Based on those findings, the court noted that the second factor favored a finding of fair use, whereas the first and fourth factors weighed “heavily against” a finding of fair use.  The court considered the third factor to be neutral “at best.”  In balancing these factors, the court concluded that the factors weighed against a finding of fair use, and the court explained that “[t]here is nothing fair about taking a copyrighted work verbatim and using it for the same purpose and function as the original in a competing platform.”  The court added the caveat that it was “not conclud[ing] that a fair use defense could never be sustained in an action involving the copying of computer code.” Berkheimer v. HP Inc., No. 2017-1437 (Fed Cir. Feb. 8, 2018):  Patent eligibility under section 101 presents issues of fact and, under the facts of that case, summary judgment was not appropriate. The Federal Circuit held that the second prong of the Alice ineligibility inquiry under 35 U.S.C. § 101—whether the claim elements “transform the nature of the claim” into patent-eligible subject matter if they “involve more than performance of well-understood, routine, [and] conventional activities previously known to the industry”—is “a factual determination” that may not be suitable for summary judgment if facts are disputed. The district court ruled on summary judgment that eight claims from U.S. Patent No. 7,447,713 were directed to abstract ideas and thus ineligible for patenting under section 101.  The ‘713 Patent describes a means of digitally processing and archiving files by “parsing” the files into multiple parts, comparing those parts, and eliminating redundant material to allegedly improve storage efficiency and reduce storage costs. The Federal Circuit (Moore, J.) reversed.  Berkheimer alleged that the claims at issue covered linking data so as to facilitate “one-to-many” editing (i.e., allowing a single edit to populate to multiple points that use the same data).  The patentee asserted that this “inventive feature” operated in an “unconventional manner” versus mere “copy-and-paste” functionality in the prior art.  Although the panel agreed that all the challenged claims were directed to the abstract ideas of parsing and comparing data—the first prong of the Supreme Court’s Alice test—the panel reversed the district court’s ruling on the second Alice prong for four claims on the basis that the second prong “is a question of fact.”  Specifically, the Federal Circuit panel held that whether the “one-to-many” editing feature was “well-understood, routine, and conventional” was a disputed factual question that could not be decided on summary judgment.  In light of this, the Federal Circuit panel held that whether this added feature was “well-understood, routine, and conventional” was a disputed factual question that could not be decided on summary judgment. On March 12, HP petitioned for rehearing en banc, supported by several amici curiae.  On March 15, the Federal Circuit invited a response to HP’s petition. Aatrix Software, Inc. v. Green Shades Software, Inc., No. 2017-1452 (Fed. Cir. Feb. 14, 2018):  Patent eligibility presents issues of fact not amenable to a Rule 12 motion to dismiss. Following Berkheimer, the Federal Circuit (Moore, J.) issued a parallel ruling concerning the appropriateness of deciding patent eligibility at the Rule 12 stage.  Judge Reyna wrote separately in partial dissent. Aatrix Software asserted two patents directed to systems and methods for importing data onto a computer to allow that data to be processed and viewed.  The district court granted defendant’s motion to dismiss, holding that the claims were not directed to patentable subject matter. On appeal, the Federal Circuit reversed, holding that the complaint set forth a question of fact as to patentability because the complaint alleged that “the claimed software uses less memory, and results in faster processing speed” and thus is patent eligible because “the claimed invention is directed to an improvement in the computer technology itself.” Judge Reyna dissented, challenging the practical implications of the ruling and arguing that Federal Circuit precedent “is clear that the § 101 inquiry is a legal question” and a question “that can be appropriately decided on a motion to dismiss.” Xitronix Corp. v. KLA-Tencor Corp., No. 2016-2746 (Fed. Cir. Feb. 9, 2018):  Jurisdiction over Walker Process-antitrust claims is in the regional circuits, not the Federal Circuit. Under 28 U.S.C. § 1295(a)(1), the Federal Circuit has appellate jurisdiction over actions arising under “any Act of Congress relating to patents.”  Walker Process claims involve allegations that enforcing a patent procured by fraud on the PTO constitutes an antitrust violation under the Sherman Act.  The Federal Circuit has historically treated such claims as presenting “a substantial question of patent law” and thus accepted jurisdiction over them. In Gunn v. Minton, the Supreme Court held that a state law claim alleging legal malpractice in handling a patent case—which likewise implicates U.S. Patent law—did not itself “arise under” or depend on a question of patent law sufficient to convey jurisdiction to federal courts.  568 U.S. 251, 258 (2013). In Xitronix, both sides asserted that the Federal Circuit had appellate jurisdiction over the Walker Process claim under appeal in that case.  No other patent-related claim was asserted on which to base Federal Circuit jurisdiction.  The Federal Circuit, however, raised the question of jurisdiction sua sponte, ruling that, given the Supreme Court’s analogous view in Gunn, jurisdiction for Walker Process claims rested with the regional circuits.  Accordingly, the Federal Circuit overruled its prior contrary precedent and transferred the appeal to the Fifth Circuit. Upcoming Oral Argument Calendar For a list of upcoming arguments at the Federal Circuit, please click here. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Federal Circuit.  Please contact the Gibson Dunn lawyer with whom you usually work or the authors of this alert: Blaine H. Evanson – Orange County (+1 949-451-3805, bevanson@gibsondunn.com) Blair A. Silver – Washington, D.C. (+1 202-955-8690, bsilver@gibsondunn.com) Please also feel free to contact any of the following practice group co-chairs or any member of the firm’s Appellate and Constitutional Law or Intellectual Property practice groups: Appellate and Constitutional Law Group: Mark A. Perry – Washington, D.C. (+1 202-887-3667, mperry@gibsondunn.com) Caitlin J. Halligan – New York (+1 212-351-4000, challigan@gibsondunn.com) Nicole A. Saharsky – Washington, D.C. (+1 202-887-3669, nsaharsky@gibsondunn.com) Intellectual Property Group: Josh Krevitt – New York (+1 212-351-4000, jkrevitt@gibsondunn.com) Wayne Barsky – Los Angeles (+1 310-552-8500, wbarsky@gibsondunn.com) Mark Reiter – Dallas (+1 214-698-3100, mreiter@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

January 30, 2018 |
TC Heartland and Hatch-Waxman: Square Peg in a Round Hole

New York partners Jane Love, Robert Trenchard and Paul Torchia are the authors of “TC Heartland and Hatch-Waxman: Square Peg in a Round Hole,” published in Law360 on January 30, 2018.

January 23, 2018 |
2017 Year-End FDA and Health Care Compliance and Enforcement Update – Drugs and Devices

Click for PDF As 2016 came to a close, pharmaceutical and medical device companies waited expectantly and wondered aloud about what 2017 and the arrival of the Trump Administration would bring.  With 2017 behind us, we now have initial indications—and some answers—about what the arrival of this new Administration means for drug and device companies. On the enforcement front, the Department of Justice (“DOJ”), the Department of Health and Human Services, Office of Inspector General (“HHS OIG”), and the Food and Drug Administration (“FDA”) showed no signs of scaling back their efforts.  Instead, 2017 marked yet another year of massive recoveries from drug and device companies to settle the standard mélange of allegations under the False Claims Act (“FCA”), Anti-Kickback Statute (“AKS”), Federal Food, Drug, and Cosmetic Act (“FDCA”), Foreign Corrupt Practices Act (“FCPA”), and other enforcement statutes.  Although some of these settlements were leftovers from the Obama Administration, we have seen no evidence that the enforcement agencies are pulling punches under President Trump. On the regulatory front, meanwhile, the picture is more complicated.  On the one hand, pharmaceutical and medical device companies have yet to see the type of regulatory roll-back that the Trump Administration has promised—and started to deliver—in certain other industries.  On the other hand, there have been nascent efforts by the new Administration to reign in burdensome regulations.  For example, the Administration has undertaken efforts to streamline review processes for medical devices.  As the new Administration hits its stride, and (perhaps) leaves the oxygen-consuming debate over repeal of the Affordable Care Act in the past, it remains to be seen just how much regulatory relief pharmaceutical and medical device companies can expect. Below, we cover the most important regulatory and enforcement developments affecting drug and device manufacturers.  As in past updates, we begin with an overview of government enforcement efforts against drug and device companies under the FCA, the FDCA, and other laws.  We then address evolving regulatory guidance and action on topics of note to drug and device companies: promotional activities, manufacturing practices, and the AKS.  And we conclude with a discussion of developments of particular note to device manufacturers. As always, we would be happy to discuss these developments—and their implications for your business—with you. I.     DOJ ENFORCEMENT IN THE PHARMACEUTICAL AND MEDICAL DEVICE INDUSTRIES Despite a new Administration, DOJ remains committed to enforcing the FCA and other statutes against entities in the health care industry, and in the drugs and devices sectors in particular.  In sum, DOJ obtained more than $3.7 billion in civil settlements and judgments under the FCA during the 2017 fiscal year.[1]  With nearly 800 new FCA cases filed in 2017 and roughly $1.5 billion in federal recoveries alone from drug and device companies,[2] DOJ (and qui tam relators) have shown no sign of turning their attention elsewhere. FCA resolutions continue to drive the government’s recoveries from drug and device companies.  In 2017, those resolutions included Shire Pharmaceuticals LLC’s settlement for more than $200 million in January and Mylan Inc.’s $465 million settlement in August. Although recent federal FDCA and FCPA enforcement activity against drug and device companies has been relatively quiet, several of DOJ’s FCA resolutions involved FDCA-related allegations, and several high-profile FCPA investigations continue apace.  We address these and other notable developments in the enforcement arena, including the Trump Administration’s efforts to address the opioid crisis, in more detail below.      A.     False Claims Act Surpassing last year’s recoveries of $1.4 billion, approximately $1.5 billion of the FCA recoveries in 2017 stemmed from resolutions with drug and device manufacturers.  The total number of FCA cases settled by DOJ with these manufacturers (16) nearly matched that from last year (15), but the proportion of device-to-pharmaceutical settlements flipped.  In comparison with last year, in which DOJ settled twice as many cases against device manufacturers as against pharmaceutical manufacturers, DOJ settled 9 cases with pharmaceutical companies and only 6 cases with device manufacturers in 2017.  In addition, the vast majority of DOJ’s settlement recoveries this year—over 95%—resulted from cases against pharmaceutical companies.[3] As illustrated below,[4] DOJ continues to pursue FCA actions under multiple theories, including improper billing resulting from alleged violations of various federal health care program rules, illegal kickbacks under the AKS, and, to a much lesser extent, off-label promotion.  Of note, there were no off-label promotion recoveries this year against device manufacturers.     1.     Settlements in FCA Matters Relating to Federal Health Program Rules The largest recovery of the past six months came from DOJ’s settlement in August with Mylan Inc. and Mylan Specialty L.P. (collectively “Mylan”).[5]  Mylan, which markets numerous drugs and devices including EpiPen, agreed to pay $465 million to resolve allegations that it knowingly misclassified EpiPen as a generic drug to avoid paying rebates under the Medicaid Drug Rebate Program (and also secured large increases in the price of the drug on the private market).[6]  As part of the settlement, Mylan agreed to enter into a five-year corporate integrity agreement requiring independent annual review of its Medicaid drug rebate program practices.[7]  The case originated with a complaint by another pharmaceutical manufacturer, Sanofi-Aventis US LLC, which will receive approximately $38.7 million from the federal recovery.[8] In September, drug maker Aegerion also agreed to pay more than $35 million to settle allegations that it violated the FCA, FDCA, and the Health Insurance Portability and Accountability Act (“HIPAA”) through activities associated with its drug, Juxtapid.[9]  As described in further detail below, the government alleged that the drug was misbranded due to the company’s failure to comply with a Risk Evaluation and Mitigation Strategy (“REMS”).  According to the government, the company caused the submission of false claims through its alleged promotion of the drug for patients for whom the drug was not indicated, purportedly false and misleading statements to doctors regarding the appropriateness of using the drug for certain patients, and alleged falsification of medical necessity statements and prior authorizations submitted to federal health care programs.[10]  The settlement also resolved allegations that the company paid patients’ copay obligations with funds channeled through a purported non-profit patient assistance organization.  Of the total settlement, $28.8 million will go toward the resolution of federal and state FCA charges.  Further, Aegerion entered into a separate deferred prosecution agreement to resolve criminal allegations that it conspired to obtain patient health information for commercial gain without patient authorization in violation of HIPAA.[11] 2.     Settlements in AKS-Related FCA Matters As reported in our Mid-Year Update, 2017 began with the largest-ever FCA recovery in a kickback case involving a medical device.  Significant AKS-related enforcement actions in the latter half of 2017 included United Therapeutics’ $210 million settlement.  From 2010 to 2014, a tax-exempt non-profit foundation purportedly used donations made by the Maryland-based pharmaceutical company to pay Medicare patient copays for the company’s pulmonary arterial hypertension drugs; according to the government, this amounted to inducing patients to purchase the company’s drugs.[12]  The government claimed that, when deciding on donations, United Therapeutics obtained data from the foundation detailing the amounts spent by the foundation on patients who were using each of the company’s drugs.  The settlement is just one of a number of recent developments reflecting increased scrutiny of patient assistance programs by DOJ and HHS OIG, discussed further in Section V below. In addition to the settlement with Aegerion discussed above, DOJ reached two other notable AKS-related settlements with pharmaceutical and medical device companies in the last six months of 2017: In August, the government agreed to a $12 million settlement with Sightpath Medical, Inc., TLC Vision Corporation, and their former CEO, James Tiffany.[13]  According to the complaint, Sightpath and Cameron-Ehlen Group (the subject of an underlying lawsuit that the government likewise joined) allegedly provided kickbacks to ophthalmologists in the form of luxury ski vacations and other high-end fishing, golfing, and hunting trips to persuade the physicians to use the companies’ intraocular lenses and ophthalmic surgical equipment.[14] In September, Galena Biopharma agreed to pay more than $7.55 million to resolve allegations that it induced doctors to prescribe its fentanyl-based drug Abstral through free meals, speaker fees, and an advisory board planned and attended by Galena’s sales team, as well as through payments to a physician-owned pharmacy under a performance-based rebate agreement.[15]  The government also contended that Galena compensated doctors for referring patients to Galena’s RELIEF patient registry study—purportedly a sham program designed to obtain data on patients’ experiences with the company’s drug.[16]  Two of the doctors who allegedly received the kickbacks have been tried and convicted in the Southern District of Alabama for offenses related to their subsequent prescribing of the drug.[17] 3.     Resolution of Off-Label Promotion Investigations As reported in last year’s Year-End Update, developing case law has imposed potentially significant First Amendment obstacles to the enforcement of off-label promotion claims under the FCA.  In spite of this trend, however, DOJ has continued to recover settlements based on off-label theories. In July, for example, New Jersey-based pharmaceutical manufacturer Celgene Corp. agreed to a $280 million settlement to resolve allegations that the company promoted two of its cancer drugs for uses that were not approved by FDA or covered by federal and state health care programs.[18]  The settlement also resolved allegations that Celgene paid kickbacks to physicians and made false and misleading statements about the drugs. The government also reached a settlement with pharmaceutical manufacturer Novo Nordisk, Inc. in early September.  In addition to alleged FDCA violations discussed in further detail below, the settlement resolved allegations that the company promoted its Type II diabetes drug Victoza for use by adult patients who do not suffer from Type II diabetes—a use that FDA had not approved as safe and effective.[19]  Roughly $47 million of the $58 million total settlement will go towards resolving FCA allegations under theories of off-label promotion and other purported conduct.[20] 4.     Developments in the Implied Certification Theory’s Materiality Requirement Our 2016 Year-End and 2017 Mid-Year Updates discussed at length recent efforts to interpret the materiality requirement set forth by the Supreme Court in Universal Health Services, Inc. v. United States ex rel. Escobar, 136 S. Ct. 1989 (2016).  In particular, courts have continued to grapple with what, if any, impact continued government payments may have on the materiality analysis.  As recent case law developments have shown, how lower courts interpret Escobar will have particular relevance to drug and device companies, who are subject to a wide range of regulatory requirements that are steps removed from government payment but potentially could be subject to FCA actions under an implied certification theory. In September, the Fifth Circuit issued a per curiam opinion in United States ex rel. King v. Solvay Pharmaceuticals, Inc. hinting at potential new materiality obstacles that courts might erect in the way of the government or relators attempting to prove materiality in off-label cases under the FCA.  Among other purported violations, the relator in King alleged that the defendant caused false claims to be submitted under the FCA by promoting three of its drugs for off-label uses.[21]  Despite supposed evidence that the company discussed off-label drug uses with physicians and sponsored off-label use studies, the court found there was insufficient evidence to show that the company’s actions caused any false claims.[22] Affirming the district court’s grant of summary judgment as to the off-label claims on those grounds, the court went further, suggesting that it harbored doubts that mere allegations of off-label promotions would satisfy Escobar‘s materiality standard.[23]  Because “Medicaid pays for claims without asking whether the drugs were prescribed for off-label uses or asking for what purpose the drugs were prescribed[,]” and “given that it is not uncommon for physicians to make off-label prescriptions,” the Fifth Circuit reasoned that “it is unlikely that prescribing off-label is material to Medicaid’s payment decisions under the FCA.”[24]  Although dicta, those comments build upon the Supreme Court’s holding in Escobar that certain federal health care program requirements are not material where the government pays the claims despite knowing of violations of these requirements.[25]  Further, the Fifth Circuit’s observation may suggest it is receptive to arguments that failure of the government to take affirmative steps in assessing reimbursement requirements could undermine its materiality arguments.  In any event, King may prove a strong foothold for drug and device makers battling FCA claims predicated upon alleged off-label promotion in Medicaid and similar cases. The Supreme Court soon may have occasion to elaborate on the materiality requirements outlined in Escobar and on the implications of government action—or inaction—in particular.  In a recent petition for certiorari, Gilead Sciences asked the Supreme Court to review the Ninth Circuit’s decision in United States ex rel. Campie v. Gilead Sciences, Inc. As discussed in our 2017 Mid-Year Update, the relators in that case alleged that Gilead fraudulently obtained approval for certain of its drugs by making false statements to FDA about the manufacturing source of the drugs’ active ingredient and purported later contamination by that supplier.[26]  After finding that the defendant’s proprietary drug names could constitute actionable “specific representations,” and after concluding that fraud on one agency constitutes fraud on a separate agency as long as the two are “overseen” by the same cabinet secretary,[27] the court concluded that the relators adequately pled materiality.  Reasoning that “FDA approval is ‘the sine qua non‘ of federal funding here” and noting that the company had stopped using the manufacturing site in question, the Ninth Circuit rejected Gilead’s arguments focusing on the government’s continued drug reimbursements even after relators brought suit.  The Ninth Circuit also determined it was premature to decide whether the government paid despite knowing of the defendant’s noncompliance.[28]  Gilead’s petition for certiorari focuses narrowly on whether the government’s decision to continue reimbursement even “after learning of alleged regulatory infractions” would suffice to undermine the relators’ materiality arguments.[29]  Gilead takes issue with the potential impact on defendants’ ability to dismiss a complaint on materiality grounds at the motion to dismiss stage, as contemplated by Escobar.[30]  Given the brewing disagreement among federal circuit and district courts as to how to apply Escobar‘s materiality standard, the Supreme Court may well seize this opportunity to provide clarity on the subject of materiality and government knowledge. 5.     Rule 9(b) Particularity As detailed in our 2017 Mid-Year Update, federal circuit and district courts also have continued to take differing approaches as to how Federal Rule of Civil Procedure 9(b)’s heightened pleading requirements should be applied to FCA claims at the motion to dismiss stage.  Rule 9(b) requires FCA plaintiffs to plead allegations with particularity.  But questions about the extent of detail required to meet this standard have remained open to debate, especially in cases against drug and device manufacturers where there are allegations about the manufacturers’ conduct but scant details about the claims submitted by third-party physicians or pharmacies. The Sixth Circuit recently addressed this issue in United States ex rel. Ibanez v. Bristol-Myers Squibb Co., in affirming the lower court’s dismissal and denying leave to amend where relators failed to plead a specific, representative false claim submitted to the government for payment.[31]  Brought by former employees, the case involved allegations that Bristol-Myers Squibb and Otsuka America Pharmaceuticals Inc. engaged in an illegal nationwide scheme to promote the antipsychotic drug Abilify for off-label uses.[32]  Although the relators alleged some details regarding the purported promotional scheme, the lower court nonetheless dismissed the relators’ suit after finding that they failed to allege at least one representative claim submitted to the government that stemmed directly from the defendants’ allegedly illegal practices.[33] The Sixth Circuit agreed with the district court and refused to apply the “personal knowledge” exception to the Circuit’s otherwise strict application of Rule 9(b)’s particularity requirements.  Because the relators’ allegations only involved personal knowledge of an allegedly fraudulent scheme rather than of the defendant’s billing practices, the Sixth Circuit refused to allow the complaint to proceed based solely on other “reliable indicia” that claims actually were submitted.[34]  In so holding, the Sixth Circuit explained that the complaint must “adequately allege the entire chain—from start to finish—to fairly show defendants cause[d] false claims to be filed,” including any “specific intervening conduct” along the chain.[35]  For example, the complaint must allege that a physician targeted by the allegedly improper promotion “prescribed the medication for an off-label use or because of an improper inducement,” a patient filled the prescription, and the filling pharmacy submitted a claim “for reimbursement on the prescription.”[36]  The court also held that the relator’s proposed third amended complaint similarly failed to provide sufficient allegations to meet either the relaxed or strict particularity requirements.[37] Another FCA case from the First Circuit charted a different course in evaluating Rule 9(b)’s particularity standard.  In United States ex rel. Nargol v. DePuy Orthopaedics, Inc., the relators alleged that Depuy Orthapaedics, Inc., and related entities caused third parties to submit fraudulent claims after purportedly distributing implants with latent defects.[38]  Although the First Circuit typically has applied a “strict” Rule 9(b) pleading standard, the court accepted that a complaint can meet Rule 9(b) requirements where it “essentially alleges facts showing that it is statistically certain that [the defendant] cause[d] third parties to submit many false claims to the government.”[39]  Although the complaint did not allege specific information regarding submitted claims, the court reasoned that the doctors would not have been on notice not to subsequently bill federal health care programs since there was no reason to believe that anyone other than the defendants knew of the purported defects or that they could have been readily discovered during surgery.[40]  According to the First Circuit, because doctors presumably sought reimbursement for the defective devices, every sale of the devices likely “was accompanied by an express or plainly implicit representation” that the product was FDA-approved and not a “materially deviant version,” and because it was “highly likely” that uninsured patients did not bear the expense in most cases, it was “virtually certain that the insurance provider in many cases was Medicare, Medicaid, or another government program.”[41]  As such, the court distinguished the alleged scheme from other off-label promotion allegations and agreed that a different, “more flexible” Rule 9(b) standard of particularity was appropriate.[42]  Because the complaint alleged “the details of the scheme with reliable indicia that le[]d to a strong inference that claims were actually submitted,” the court overturned the district court’s dismissal of the relators’ claim.[43]             B.     Developments in Enforcement Actions Against Opioid Manufacturers and Distributors The nation’s opioid crisis and promises by the Trump Administration to take a more aggressive approach triggered a new DOJ initiative in 2017.  Attorney General Jeff Sessions announced the formation of the Opioid Fraud and Abuse Detection Unit—a DOJ pilot program aimed at “ulitiz[ing] data to help combat the devastating opioid crisis that is ravaging families and communities across America.”[44]  To aid this mission, DOJ announced that it has selected twelve districts across the country to participate in the program and has assigned a dozen prosecutors to focus entirely on investigating and prosecuting opioid-related health care fraud cases.[45]  Attorney General Sessions also announced increased funding for state and local law enforcement agencies,[46] as well as plans to designate “opioid coordinators” in each U.S. Attorney’s Office to advance DOJ’s “anti-opioid mission[.]”[47] The widespread DOJ scrutiny of opioid manufacturers and distributors already has led to several public enforcement actions.  In October, DOJ announced its first ever indictments against Chinese manufacturers of Fentanyl and other opioid substances.[48]  The indictments charge two Chinese nationals and their North American-based distributor counterparts with conspiracies to distribute large quantities of Fentanyl, Fentanyl analogues, and other opiate substances throughout the United States.[49]  Both Chinese nationals face potentially significant jail time and millions of dollars in fines.[50] Soon after, DOJ announced the arrest of John N. Kapoor—the founder and majority owner of Insys Therapeutics—for allegedly heading a nationwide conspiracy to illegally distribute a Fentanyl spray originally intended for cancer patients.[51]  The charges against Mr. Kapoor include conspiracy under the Racketeer Influenced and Corrupt Organizations Act (“RICO”), as well as conspiracy to violate the AKS and to defraud health insurance providers who initially were hesitant about approving the spray for non-cancer patients.[52]  Superseding indictments also leveled charges against numerous other executives of the company, which itself faced DOJ enforcement actions for allegedly deceptive marketing practices earlier this year.[53]  Although the final details of the company’s earlier settlement are not yet available, Insys has announced that it expects to face a nearly $150 million liability and pay out any settlement over the course of five years.[54]             C.     Notable Developments in FDCA Enforcement Several resolutions discussed above also involved FDCA-focused theories.  Novo Nordisk, for example, resolved alleged FDCA violations from 2010 to 2012 regarding its purported failure to comply with its required REMS.[55]  Specifically, the government alleged that the company obscured the REMS-required message about a risk of taking Novo Nordisk’s Type II diabetes drug Victoza for patients with a rare form of cancer known as Medullary Thyroid Carcinoma, thus rendering the drug “misbranded” under the FDCA.[56]  According to the complaint, Novo Nordisk instructed its sales force to provide statements to doctors that downplayed the potential risk rather than increasing awareness about it.  As part of the agreement, Novo Nordisk agreed to disgorge roughly $12.2 million for the alleged FDCA violations.[57] DOJ likewise resolved several misbranding allegations against Aegerion Pharmaceuticals Inc.[58]  Roughly one-fifth of the company’s overall $35 million settlement stemmed from allegations that Aegerion failed to provide complete and accurate information to health care providers regarding how Juxtapid—a drug approved to treat patients with a rare cholesterol-related condition—also may cause liver toxicity.[59]  The complaint further alleged that Aegerion violated the FDCA by distributing Juxtapid as a treatment for high cholesterol generally without providing adequate instructions for such use.[60] Apart from the FDCA settlements discussed above, DOJ also obtained several injunctions in the last six months against pharmaceutical manufacturers and distributors to prevent the distribution of allegedly unapproved and misbranded drugs.  In September, for example, DOJ announced that the U.S. District Court for the District of New Jersey entered a consent decree and permanent injunction against Flawless Beauty LLC, RDG Imports LLC, and two related individuals.[61]  DOJ alleged that the products distributed by the defendants were misbranded because they had been marketed with false and misleading claims, including that the products “contribute to good liver function” and “clinically treat degenerative brain and liver diseases[.]”[62] DOJ also secured permanent injunctions in October against Philips North America LLC and two executives of the company preventing Philips from distributing certain of its external defibrillators until the company takes remedial steps to comply with deficiencies discovered by FDA inspectors at one of its facilities in 2015, including the company’s purported failure to establish procedures for implementing corrective and preventive actions following customer complaints.[63]            D.     FCPA Investigations As we discussed in our 2016 Year-End Update, last year ended with the largest-ever FCPA payment by a pharmaceutical company (specifically, the U.S. government’s $519 million resolution with Teva Pharmaceuticals Industries Ltd.).  By comparison, the last six months of FCPA enforcement have not seen any resolutions involving drug and device makers.  Although DOJ and SEC investigations into the foreign sales practices of many drug and device companies (e.g., Alexion Pharmaceuticals Inc.) remain ongoing,[64] DOJ and SEC did not announce any major FCPA settlements with pharmaceutical and medical device manufacturers in the latter half of the year. Despite the recent dearth of settlements in this space, companies would do well to remain cautious.  As suggested in a July 25, 2017 speech by Sandra Moser, Principal Deputy Chief of DOJ’s Fraud Section, DOJ plans to ramp up its enforcement of the FCPA in the health care arena,[65] and FCPA prosecutors will partner with prosecutors from the Healthcare Fraud Unit’s Corporate Strike Force to scrutinize health care company practices abroad.[66] II.     PROMOTIONAL ISSUES Continuing the trend noted in our Mid-Year Update, 2017 was relatively quiet regarding the regulation of promotion of drugs and devices as compared to prior years.  And, once again, the year came and went with minimal progress in FDA’s long-awaited overhaul of its regulatory policies regarding truthful and non-misleading promotional speech.  Indeed, in January 2018, FDA announced yet again that it is delaying its controversial proposed rule that would allow the agency to consider the “totality of the evidence” when evaluating intended use under the FDCA.  But a number of other regulatory and enforcement developments in the latter half of 2017 show that promotional issues continue to receive a lot of government attention, even if they may not be as top-of-mind as they were in earlier years.  Below, we discuss the regulatory enforcement and guidance, jurisprudence, and legislative action concerning promotion of drugs and devices during the last six months of 2017. As discussed below, FDA’s enforcement and regulatory activity over the past six months focused largely on addressing misleading or deceptive advertisements, which FDA Commissioner Scott Gottlieb identified as a priority for the agency in remarks in December in connection with the issuance of the promotional guidance discussed below.  Commissioner Gottlieb’s remarks recognized that “[p]romotional material that drug makers share with patients and providers can be a helpful tool for encouraging patients to seek medical care and raising awareness about new and different treatment options.”[67]  At the same time, he cautioned that a key aspect of FDA’s oversight lies in combatting “claims in prescription drug promotion that have the potential to deceive or mislead consumers and healthcare professionals.”  Calling FDA’s efforts “part of an ongoing policymaking process aimed at making sure our practices protect consumers[,]” Commissioner Gottlieb recognized the need for “clear rules for how sponsors can present certain information, even elements as straightforward as the product name, and do so without introducing features that could mislead patients.”[68]  How the agency sharpens its focus on misleading or deceptive promotional practices, particularly against the backdrop of the new Administration’s general deregulatory posture, surely will be a key issue to watch in 2018.            A.     FDA Enforcement Activity—Advertising and Promotion The latter half of the year saw a slight uptick in FDA’s enforcement activity in this area, with the Office of Prescription Drug Promotion (“OPDP”) issuing three Warning Letters, up from the one letter issued during the first half of the year.[69]  The year’s grand total of just four letters represents a notable decrease in enforcement activity as compared to the eleven letters issued in 2016 and the nine letters issued in 2015.  As FDA’s agenda and priorities under the new Administration continue to take shape into 2018, they will continue to shed light on whether this decline in enforcement activity is a temporary artifact of the agency’s leadership transition, or represents the new normal. Each of the three Warning Letters issued during the past six months concerned the misleading omission of risk information in a drug’s promotional materials, which has been the focus of a majority of letters issued by OPDP in the past few years, as well as failure to include information concerning limitations on use contained in the FDA-approved indication for the product.  In contrast to OPDP’s prior focus on electronic advertising, the letters issued in the past six months pertained largely to product information contained in print materials directed at medical professionals, such as professional detail aids and exhibits at annual medical conferences. In an August 24, 2017 Warning Letter to Cipher Pharmaceuticals Inc., OPDP asserted that the company’s professional detail aid for a prescription opioid medication made false or misleading representations because it advertised the drug’s efficacy for pain relief without referencing any of the risks associated with the product, including the heightened risk of addiction, abuse, and misuse.[70]  OPDP further contended that the detail aid omitted material facts by failing to include the portion of the FDA-approved indication limiting the drug’s intended use solely to instances where alternative treatment options are inadequate.[71] In a November 14, 2017 Warning Letter addressed to both Amherst Pharmaceuticals, LLC and Magna Pharmaceuticals, Inc., OPDP raised similar objections with respect to the presentation of a prescription sleep aid on Amherst’s company website and on Magna’s exhibit panels at an annual conference on sleep medicine.[72]  According to OPDP, the materials contained false or misleading representations because they made claims about the drug’s efficacy while omitting any risk information.[73]  Additionally, OPDP concluded that the materials were false or misleading because they failed to cite references or data to support claims of efficacy and omitted material information regarding the FDA-approved indication for use.[74] Finally, in a December 19, 2017 Warning Letter to Avanthi, Inc., OPDP asserted that the company presented false or misleading information in an exhibit for a weight loss medication displayed at two annual medical conferences.[75]  As with the two letters issued earlier in the year, OPDP asserted that the promotional materials were misleading by making claims about the benefits of the product without communicating any information about the drug’s risks and omitting the limitations on use in the FDA-approved product indication.[76]            B.     FDA’s Promotional Guidance FDA did not deliver in 2017 on its promise to provide new promotional guidance for the industry regarding off-label promotion of drugs and devices, which FDA first pledged to issue more than three years ago as part of a comprehensive review of its policies in the face of rising First Amendment concerns.  Apart from the January 2017 memorandum in which FDA identified and rejected 12 alternative approaches to off-label promotion under the First Amendment, and the related commentary period discussed in our Mid-Year Update, the year saw no further public progress towards FDA’s announced goal.  We will continue to monitor FDA’s progress in the upcoming year. As 2017 came to a close, FDA issued one final guidance document on promotional issues—part of what Commissioner Gottlieb described at the time as FDA’s “ongoing” efforts to protect consumers against deceptive or misleading prescription drug advertising claims by setting “clear rules for how sponsors can present” such information in a non-misleading manner, as noted above.[77] Issued on December 11, 2017, FDA’s guidance clarifies the requirements for product name placement, size, prominence, and frequency in promotional labeling and advertising for prescription drugs, including biological drug products.[78]  The new guidance focuses specifically on the juxtaposition of the proprietary and established names of a drug and the frequency with which to use the established name on promotional materials.  The guidance applies to promotional labeling and advertisements across a range of media, including print, audiovisual, broadcasting, and electronic and computer-based materials.[79] With respect to drugs containing one active ingredient, the guidance provides specific recommendations for complying with the various requirements set forth in regulations 21 C.F.R. §§ 201.10(g)(1) and (2), and 202.1(b)(1) and (2), concerning the appropriate juxtaposition of proprietary and established names, the size of proprietary and established names on labeling and advertisements, the prominence of the established name in relation to the proprietary name, and frequency of disclosure of the proprietary and established names using various media.  With respect the last category, the guidance identifies examples in which FDA “does not intend to object” to fewer references to the established name, so long as certain criteria are met.[80] With respect to drugs containing two or more active ingredients, the guidance provides recommendations of how to appropriately reference proprietary and established names as set forth in regulations 21 C.F.R. §§ 201.10(h)(1) and 202.1(c) and (d)(1), in situations where a product “might not have a single established name corresponding to the proprietary name” or in which “a proprietary name might refer to a combination of active ingredients present in more than one preparation (e.g., individual preparations differing from each other as to quantities of active ingredients and/or the form of the finished preparation), and there might not be an established name corresponding to the proprietary name.”[81] As we noted in our 2017 Mid-Year Update, in January 2017, as part of the Obama Administration’s last-minute efforts to shape FDA promotional policies, FDA issued two draft guidance documents relating to promotional practices, the first being a “Questions and Answers” guidance entitled “Medical Product Communications That Are Consistent with the FDA-Required Labeling,”[82] and the second draft guidance document addressing communication of health care economic information to payors about both approved and investigational drugs and devices.[83]  As of the end of 2017, FDA has not taken further action with respect to these guidance documents, both of which remain in draft form. Finally, on January 12, 2018, FDA announced that it was yet again delaying—this time, “until further notice”—the effective date of a controversial final rule that would amend the agency’s definition of “intended use” for drugs and devices to allow the agency “additional time” for further consideration of the rule.[84]  The final rule, issued in January 2017, shortly prior to the change of administration, would adopt a “totality of the evidence” standard for assessing how a manufacturer intended for its product to be used by doctors and patients, carrying significant implications for drug and device manufacturers regarding promotional activities and related enforcement of the FDCA and its implementing regulations.  The proposed rule has been met with heavy criticism from the industry, including that it imposes an unworkably vague standard—a concern Commissioner Gottlieb expressly recognized in a statement issued in connection with the delay, in which he conceded that the regulation “wasn’t clear” and pledged that the agency would “ensure the clarity of our rules on the subject.”[85]  In the meantime, he noted, FDA was “reverting to the agency’s existing and longstanding regulations and interpretations on determining intended use for medical products.”[86]  FDA has opened a comment period through February 5, 2018, to solicit input on the decision to indefinitely delay the rule.[87] We will report on further developments in the coming year in regards to whether FDA modifies the final rule or permanently abandons its efforts to redefine the intended use standard.             C.     Notable Litigation Pertaining to Promotional Issues Although 2017 saw little in the way of jurisprudence concerning the intersection of promotional issues and the First Amendment, it produced several other notable cases. Opinions dismissing FCA actions predicated on off-label promotion from the Fifth Circuit in United States ex rel King v. Solvay Pharm., Inc.,[88] and Sixth Circuit in United States ex rel. Ibanez v. Bristol-Myers Squibb Co.,[89] discussed in detail above, underscored the importance of and difficultly involved in pleading and proving the causal chain in such cases.  The complex series of events involved create significant hurdles to pleading and proving that it was the defendant’s alleged off-label promotion that actually caused the submission of any false claims—i.e., that a physician to whom a product was allegedly improperly promoted prescribed the medication to a patient for an off-label use because of that promotion, resulting in the patient filling the prescription at a pharmacy, and the filling pharmacy then submitting a claim to the government for reimbursement.  Although these judicial opinions do not entirely foreclose any theory of FCA liability predicated on off-label promotion, they provide a useful tool for drug and device manufacturer defendants to assert lack of causation arguments. Based on similar causation principles, the Seventh Circuit held, in Sidney Hillman Health Ctr. of Rochester v. Abbott Labs., that as a matter of law third-party payors may not recover treble damages under RICO’s civil liability provision based on a manufacturer’s allegedly unlawful off-label representations made to physicians.[90]  There, two welfare benefit plans that paid for some off-label drug uses brought a suit seeking civil RICO recovery against the manufacturer following its 2012 guilty plea and payments to settle a criminal investigation and qui tam actions.  Joining the majority of circuit courts to have addressed the issue, the Seventh Circuit held that the causal chain involved in such a claim was “too long” and too rife with “independent decisions” to pass muster under Supreme Court precedent,[91] because it would require showing that physicians who received the off-label communications changed the medication they would have otherwise prescribed to certain patients as a result of the communications, that some of those patients were worse off as opposed to better, that payors bore some of the cost, and that those payors were made worse off to the extent the drug at issue was more expensive than the alternative drug.[92]            D.     Legislative Developments On the whole, 2017 saw relatively little legislative activity relating to off-label promotion at the state or federal levels. For its part, Congress took no further action on two draft bills on which we reported in our 2017 Mid-Year Update: (1) the Pharmaceutical Information Exchange Act, which would give drug and device manufacturers’ greater freedom to share economic information about expected cost-effectiveness with insurers prior to FDA approval of a product;[93] and (2) the Medical Product Communications Act of 2017, which would enable manufacturers to proactively discuss certain off-label information with health care provider, so long as the information is supported by competent and reliable scientific evidence and accompanied by various disclaimers.[94] The House Energy & Commerce Committee held hearings on both bills in July, at which time some lawmakers and industry groups expressed support for the proposed clarification concerning off-label communications and for providing for more information to payers and health-care decision makers aimed at improving patient access to new treatments.[95]  Other lawmakers and industry groups, however, expressed concern that the bills, and the Medical Product Communications Act in particular, would undermine efforts to prevent marketing of unsafe or ineffective medical products and could ultimately put patient health and safety at risk.[96]  To date, neither bill has advanced out of committee. At the state level, as we reported in our Mid-Year Update, Arizona became the first state to allow drug and device manufacturers to communicate directly with physicians and insurers about off-label uses of FDA-approved prescription drugs.  Although Arizona remains alone for the time being, that may change in the coming year as industry advocates continue to pursue the introduction of similar measures in other state legislatures.[97]            E.     Settlements One notable recent settlement this year also demonstrated the states’ interest and capacity for enforcement actions targeting off-label promotion as misleading or deceptive advertising under state law.  On December 20, 2017, Boehringer Ingelheim Pharmaceuticals, Inc. agreed to pay $13.5 million to all 50 states and the District of Columbia to resolve claims asserted under various state consumer protection laws predicated on its alleged off-label marketing and certain allegedly misleading representations it made in promoting the drugs at issue.[98]  Several years earlier BIPI resolved claims under the federal FCA based on the same alleged off-label marketing and alleged misrepresentations in a $93 million settlement with the federal government.[99] III.     DEVELOPMENTS IN CGMP REGULATIONS AND OTHER MANUFACTURING ISSUES In 2017, FDA continued the robust scrutiny of drug companies’ current good manufacturing practice (“cGMP”) compliance that we have come to expect in recent years.  These developments, which include relevant enforcement actions and new draft guidance, are discussed below.         A.     Notable cGMP Compliance and Enforcement Activity 1.     Executive of Pharmaceutical Company Pleads Guilty In June 2017, the owner/president, Paul Elmer, and compliance director, Caprice Bearden, of Indiana pharmacy Pharmakon Pharmaceuticals, Inc., were indicted for allegedly introducing adulterated drugs into interstate commerce by manufacturing and selling drugs whose potency differed than what was reflected on the label.[100]  According to DOJ, the officers’ actions resulted in several infants being given morphine sulfate that was nearly 25 times more potent than indicated, leading to severe health problems for at least one of the infants.  Although both initially pled not guilty, in November 2017, Bearden pled guilty to introducing adulterated drugs into interstate commerce and conspiracy to defraud the United States by obstructing FDA’s lawful functions.[101]  Commissioner Gottlieb called the case “an egregious example of how harmful conduct can result in risk to patients” and added that FDA “will not tolerate substandard practices, like failing to meet federal manufacturing standards like those found at Pharmakon” relating to out-of-specification drug potency test results, “that put patients at risk and will aggressively pursue individuals that put profit ahead of patient safety.”[102] 2.     Consent Decrees Involving Two Drug Manufacturers, One Device Manufacturer During the last six months, DOJ announced three notable consent decrees of permanent injunction entered by federal district courts against manufacturers to stop the distribution of unapproved, misbranded, and adulterated drugs and devices.  On July 5, 2017, the U.S. District Court for the Southern District of Alabama enjoined Medistat RX LLC, its owners, production manager, and quality manager from manufacturing, holding or distributing drugs until they comply with the FDCA and its regulations.[103]  The government alleged that the defendants failed to comply with cGMP because, after identifying a microbial contamination, they failed to adequately investigate or take sufficient corrective action, resulting in the contamination of certain sterile areas within the facility. On August 3, the U.S. District Court for the District of Utah entered a consent decree including a permanent injunction against Isomeric Pharmacy Solutions, LLC and three affiliated individuals, including the Chief Operating Officer.[104]  FDA accused the defendants of distributing drugs that had visible “black particles” in them, despite passing visual inspections conducted by the defendants’ employees.  The complaint alleged that the defendants’ manufacturing methods did not conform to cGMP because they failed to verify the drug products’ safety, identity, strength, and quality and purity characteristics, as required by the FDCA.  FDA also alleged that the company had a history of manufacturing drug products under suboptimal conditions and demonstrated an unwillingness or inability to take corrective actions to ensure the sterility of its products.  Consequently, the consent decree prohibits Isomeric from distributing drug products until they hire a consultant who makes a determination that the company is in compliance with cGMP requirements. Lastly, on October 31, the U.S. District Court for the District of Massachusetts enjoined Philips North America LLC and two of its executives from distributing certain medical devices until remedial steps are taken to bring the company in compliance with cGMP.[105]  FDA alleged that the company failed to establish and maintain adequate procedures for implementing corrective and preventative action in response to complaints about the performance of a certain defibrillator and cardiopulmonary resuscitation device.  The consent decree requires Philips to institute a number of remedial measures, including hiring an expert consultant to inspect its units and ensure that the devices are complying with cGMP regulations. 3.     cGMP-Based Warning Letters FDA’s Office of Manufacturing Quality in the Center for Drug Evaluation and Research (“CDER”) issued 22 warning letters in the second half of 2017 for a total of 48 letters for the year, exceeding the 44 letters it issued in 2016.[106]  In the latter half of this year, FDA focused primarily on companies’ failure to maintain adequate quality control units, incomplete testing procedures, subpar sterilization and sanitation techniques, and inadequate testing procedures. Consistent with prior years, FDA has continued its foreign-inspection activity, issuing warning letters to companies in Korea, Canada, China, India, Philippines, and Italy.  Notably, only one of the letters FDA issued in 2017 was to a U.S.-based company.[107]  Several of the more notable warning letters from the second half of the year are summarized below. One of the more common complaints by FDA in the latter half of this year was companies’ failure to maintain adequate quality control units: In October, Chinese drugmaker Guangdong Zhanjiang Jimin Pharmaceutical Co., Ltd., received a warning letter stating that it had failed to establish an adequate quality control unit and consequently used the wrong active pharmaceutical ingredient (API) in one of its products.[108]  Although the company recalled all of the product distributed in the U.S., it failed to document its investigation into the mistake or a plan to prevent its recurrence, nor did it have a program in place to monitor process controls.  As such, FDA strongly recommended that the company engage a consultant to assist with cGMP requirements. In December, FDA issued a warning letter to South Korean drug-maker Seindni Co. Ltd. for failing to establish a quality control unit that could oversee packaging, labeling, and other elements of drug production.[109]  Notably, FDA stressed the particular importance of such a unit in light of the company’s use of contract manufacturers to manufacture its over-the-counter (OTC) drug products.  FDA ordered Seindni to provide written procedures establishing an adequate quality control unit with the authority to carry out various responsibilities, including batch review and release processes and supplier and contractor qualification, selection, and oversight. Many of FDA’s warning letters this year focused on companies’ failure to adequately test and verify the identity of each component of their drug products. In August, FDA issued a warning letter to Canadian homeopathic manufacturer Homeolab USA Inc. in connection with toddler teething tablets that contained belladonna, a toxic substance also known as deadly nightshade.[110]  The letter alleged numerous cGMP violations, including the company’s failure to perform adequate testing for the purity, strength, and quality of components used in its manufacturing process.  It also stated that, during FDA’s inspection of the company’s facilities, a Homeolab employee “impeded the inspection by preventing [the] investigator from photographing” a piece of equipment.  FDA recommended that Homeolab hire a cGMP consultant to assist the company in meeting cGMP regulations. South Korean drug-maker Dasan E&T Co. Ltd. received a warning letter in September for failing to analyze glycerin raw material from a supplier prior to approving the material for use in its drug products.[111]  Specifically, it alleged that Dasan failed to screen for the presence of diethylene glycol (DEG), a chemical found in antifreeze that “has resulted in various lethal poisoning incidents in humans worldwide.”  FDA directed Dasan to develop a detailed risk assessment regarding glycerin-containing products. More recently, in November, Dae Young Foods Company, a Korean manufacturer of homeopathic smoking cessation gum and lozenges, received a warning letter alleging that the company failed to test drug components for identity, purity, strength, and quality.[112]  It also alleged that the suppliers Dae Young used were not properly vetted.  FDA ordered the company to provide a scientific justification for how it will ensure that all of its components will meet appropriate specifications before use in manufacturing, as well as a risk assessment for any drug product batches that were not already adequately tested. FDA also issued numerous letters identifying issues relating to the sanitization and/or sterilization of equipment and utensils involved in the manufacturing of drug products: In July 2017, FDA asserted that India-based Vista Pharmaceuticals violated cGMP by, among other things, failing to maintain several pieces of manufacturing equipment, which were observed to have “holes and corrosion.”[113]  The letter noted that FDA had received a claim that metal was found in one of its isoxsuprine hydrochloride tablets and, during a subsequent inspection, FDA was told that the company’s employee who investigated the claim “failed to consider whether the poor condition of [the] equipment may have contributed to the problem.”  Consequently, FDA directed the company to submit an evaluation of all production equipment to ensure that it is in appropriate condition for manufacturing. Similarly, on December 18, FDA sent a warning letter to Deserving Health International, a Canadian homeopathic drug manufacturer, stating that the company failed to implement an appropriate manufacturing process that could ensure the sterility of its Symbio Muc Eye Drops 5X, an ophthalmic product.[114]  Specifically, the letter claimed that the method used “to attempt sterilization” was not suitable for its intended use, and that the product was manufactured using “unsuitable water.”  The letter noted that FDA placed Deserving Health International on Import Alert on November 2 of this year and recommended that the company employ a cGMP consultant to assist in undertaking a “comprehensive assessment” of the company’s manufacturing operations to ensure compliance with cGMP regulations.              B.     cGMP Rulemaking and Guidance Activity 1.     FDA Draft Guidance While FDA has continued to be quite active in enforcement of manufacturing standards, since June, it has issued just one final guidance document pertaining to manufacturing and quality issues. Expiration Dating.  On August 8, 2017, FDA issued revised draft guidance addressing the repackaging of prescription and OTC solid oral dosage form drugs into individual unit-dose containers by commercial pharmaceutical repackaging firms.[115]  Under current FDA cGMP regulations, each drug product must have an expiration date determined by appropriate stability testing relating to storage conditions on the label, as determined by stability studies.  As the guidance observes, the increase in unit-dose repackaging over the last few decades has raised questions about the stability and expiration dates for such repackaged products.  Consequently, the latest draft guidance amends an earlier draft guidance published in 2005 to accomplish a number of objectives:  “shorten[ing] the expiration date to be used under certain conditions for solid oral dosage forms repackaged in unit-dose containers”; “provid[ing] an expiration date exceeding 6 months if supportive data from appropriate studies are available and other conditions are met”; “exclud[ing] from the scope of the guidance products repackaged by State-licensed pharmacies, Federal facilities, and outsourcing facilities”; “exclud[ing] from the scope of the guidance all dosage forms other than solid oral dosage forms”; and “provid[ing] for the use of containers meeting USP [] Class B standards if certain conditions are met.”[116] IV.     ANTI-KICKBACK STATUTE As the enforcement statistics discussed above make clear, compliance with the AKS remains one of the highest risk areas for pharmaceutical and medical device companies, with notable large settlements in AKS being announced virtually every year, including in 2017.  There were several notable developments in AKS enforcement during the second-half of 2017—from the courts and regulatory agencies—that affect and define the stakes.         A.     AKS-Related Case Law First, federal courts issued several noteworthy decisions interpreting the AKS during the second half of 2017 on the topics of causation and scienter. In September, the Fifth Circuit affirmed summary judgment for Solvay Pharmaceuticals, dismissing allegations that the company violated the FCA through off-label marketing efforts (as discussed above) and kickbacks to physicians.[117]  In addition to the Fifth Circuit’s rulings regarding off-label promotion theories, the Fifth Circuit also summarily dismissed the relator’s AKS allegations after finding no credible evidence on summary judgment that payments to physician-consultants caused those physicians to write prescriptions that were reimbursed by Medicaid.[118]  Evidence submitted to the court showed that physicians participated in Solvay speaker programs in which they were compensated for consultations or presentations.[119]  The court explained that “[t]here was nothing illegal about paying physicians for their participation in these types of [marketing] programs and there is no evidence that participation was conditioned upon prescribing Solvay’s drugs to Medicaid patients.”[120]  Although the court acknowledged that Solvay likely “intended these programs to boost prescriptions”―as is true with most marketing practices, of course―the court nonetheless held that “it would be speculation to infer that compensation for professional services legally rendered actually caused the physicians to prescribe Solvay’s drugs to Medicaid patients.”[121]  This is clearly at odds with DOJ’s persistent position that the payment of a kickback “taints” physician decision-making and that allegations of improper payments do not need to show that prescriptions or referrals were “caused” by the kickback.  For example, in 2015, DOJ reached a settlement with Novartis based on allegations that the company made payments to influence specialty pharmacies to provide patients one-sided advice about their product, without disclosing potentially serious side effects.  Then U.S. Attorney for Manhattan stated that that the AKS “was enacted to ensure that the medical treatment and advice patients receive, and federal programs pay for, are free from the taint of corporate kickbacks.”[122]  We will continue monitoring this development to see if courts continue to require a showing of cause, not mere “taint,” and DOJ’s response. In United States v. Nerey, meanwhile, the Eleventh Circuit reached a less favorable conclusion for the defendant in an alleged kickback scheme, holding that the government had sufficiently proved willful conduct in connection with a federal health care program because of the defendant’s attempts to hide illegal kickbacks.[123]  In so holding, the court reaffirmed that proving “willful conduct” under the AKS requires strong evidence of scienter, requiring that the act was “committed voluntarily and purposely, with the specific intent to do something the law forbids, that is with a bad purpose, either to disobey or disregard the law.”[124]  But the court had no problem finding willful conduct in light of the “overwhelming” evidence that the defendant explicitly sought cash payments to avoid a paper trail, attempted to funnel kickbacks by masking them as therapy services, referred to kickbacks by code names because of their illegal nature, pre-arranged a fallback story in the event of a Medicare audit, and was caught saying that it would be nice to “break [a suspected confidential informant’s] head.”[125]            B.     Guidance and Regulations 1.     HHS OIG Increases Scrutiny of Patient Assistance Programs For years, pharmaceutical and device manufacturers have supported, directly and indirectly, various patient assistance programs that help needy patients access their products.  And for years, OIG has approved of these arrangements, subject to certain recommended contours, through formal and informal guidance reflecting that these programs meet important access-to-care goals. Recently, however, OIG has issued updated guidance to refine its views on patient assistance programs and strongly suggest that it is taking a closer look at how these programs are organized and operated.  While the OIG formerly viewed these programs as important safety nets for patients who face chronic illnesses and high drug costs, newer guidance suggests that OIG is concerned that patient assistance programs that are limited to specific diseases or products—often with the support of pharmaceutical and medical device companies—pose a high risk of abuse.  That trend continued in 2017 amidst a broader landscape of DOJ enforcement actions, as discussed in Section I above. First, in March, HHS OIG revised previous guidance to address aspects of patient assistance programs that it has newly determined are “problematic.”[126]  Specifically, HHS OIG modified a prior advisory opinion to require that a non-profit operator of patient assistance programs make three new certifications to remain in compliance with the AKS:  (1) that the charity “will not define its disease funds by reference to specific symptoms, severity of symptoms, method of administration of drugs, stages of a particular disease, type of drug treatment, or any other way of narrowing the definition of widely recognized disease states”; (2) that the charity will “not maintain any disease fund that provides copayment assistance for only one drug or therapeutic device, or only the drugs or therapeutic devices made or marketed by one manufacturer or its affiliates”; and (3) that the charity will not limit its assistance to high-cost or specialty drugs.[127] Next, in November, HHS OIG took the unprecedented step of rescinding guidance it had previously issued related to a patient assistance program operated by the industry-funded charity Caring Voice Coalition (CVC).[128]  HHS OIG explained that the charity had allegedly breached two commitments related to independence from donors, which opened the door to steering Medicare beneficiaries toward specific prescription drugs.[129]  In one alleged breach, the charity gave patient-specific data to one or more donors, enabling them to “correlate the amount and frequency of their donations with the number of subsidized prescriptions or orders for their products.”[130]  In a second alleged breach, the charity “allowed donors to directly or indirectly influence the identification or delineation of [r]equestor’s disease categories.”[131]  According to HHS OIG, these violations “materially increased the risk that [r]equestor served as a conduit for financial assistance from a pharmaceutical manufacturer donor to a patient, and thus increased the risk that the patients who sought assistance from [r]equestor would be steered to federally reimbursable drugs that the manufacturer donor sold.”[132]  HHS OIG expressed concern that this steering can provide manufacturers with a greater ability to raise the prices of their drugs while protecting patients from the effects of the price increases, leaving federal programs and taxpayers to bear the cost.[133] HHS OIG and DOJ are clearly taking a hard look at these types of issues industry-wide, and the results of this scrutiny are beginning to show in more than just HHS OIG advisory opinions.  For example, as noted above, United Therapeutics Corp. paid $210 million to resolve allegations that it used a nonprofit organization as a conduit to give improper benefits to thousands of patients who used its medications from 2010 to 2014.[134]  Specifically, the government alleged that United Therapeutics donated money to CVC, which in turn paid the copay obligations of thousands of Medicare patients taking drugs manufactured by the company.[135]  Several other companies have reported being subject to similar probes in the past year, all launched by the U.S. Attorney’s Office for the District of Massachusetts.[136] Yet, even as DOJ and HHS OIG seek to reign in alleged abuses in patient assistance programs, HHS OIG, at least, has nevertheless continued to encourage manufacturers to provide access to free drugs for needy patients.  After its unprecedented action against CVC, which led CVC to announce it would not offer any financial assistance in 2018, HHS OIG wrote immediately to Pharmaceutical Research and Manufacturers of America (“PhRMA”) to urge pharmaceutical companies to offer free drugs to former CVC beneficiaries.[137]  To incentivize companies to participate in this stop-gap measure, HHS OIG promised that it “will not pursue administrative sanctions against any Drug Company for providing free drugs during 2018 to federal health care program beneficiaries who were receiving cost sharing support for those drugs from CVC as of November 28, 2017,” provided certain conditions are met, including that: (1) the “drugs are provided in a uniform and consistent manner to Federal health program beneficiaries” who were receiving drugs from CVC at the time of CVC’s decision; (2) “[t]he free drugs are awarded without regard to the beneficiary’s choice of provider, practitioner, supplier or health plan[;]” (3) “[t]he free drugs are not billed to any Federal health care program” or a third party payor; (4) “[t]he provision of free drugs is not contingent on future purchases” of drugs; and (5) the Drug Company maintains complete and accurate records of the free drugs provided to Federal health care program beneficiaries.[138]  Even with this significant policy statement early in the year, there may well be additional fallout for manufacturers’ charitable programs in 2018, given the government’s clear enforcement focus on this area. 2.     HHS OIG clarifies scope of warranty safe harbor The AKS makes it a criminal offense to knowingly and willfully exchange anything of value in an effort to induce the referral of services which are payable by a federal program, but the statute and its implementing regulations also create certain safe-harbors against liability.[139]  For example, the “warranty safe harbor” shields from penalty certain written warranties offered by drug and device companies, including (1) a written affirmation that relates to the nature of the material or workmanship of a product and that affirms or promises that the material or workmanship is defect-free or will meet a specified level of performance over a specified period of time; or (2) any undertaking in writing by a supplier to take remedial action if a product fails to meet the promises set forth by the supplier of a consumer product.[140]  Previous HHS OIG guidance had limited the scope of the warranty safe harbor to product failure.[141] In a new advisory opinion issued in August, however, HHS OIG seemingly expanded the scope of the warranty safe harbor.  Specifically, HHS OIG considered a “pharmaceutical manufacturer’s proposal to replace products that require specialized handling that could not be administered to patients for certain reasons, at no additional charge to the purchaser[.]”[142]  According to the opinion, the requestor sells a variety of products, some of which “are sensitive to temperature changes, direct sunlight, or movement[.]”[143]  Under the arrangement, the pharmaceutical manufacturer would replace products that had spoiled or otherwise become unusable after purchase so long as the customer had not administered the product or billed for it.[144] HHS OIG analyzed the proposal under the safe harbor for warranties, which it explained “protects remedial actions by suppliers to address products that fail to meet bargained-for requirements.”[145]  Although HHS OIG concluded that the proposal did not fall squarely within either of the safe harbor’s definitions, it nonetheless concluded that the proposed arrangement posed a “low risk of fraud and abuse under the [AKS].”[146]  HHS OIG reached this conclusion for a number of reasons.  First, the replacement would be restricted to unintentional circumstances.  Second, there was low risk that this arrangement would lead to increased cost or overutilization because, if the customer administered the product or billed for the product, then a replacement product would not be available.  Third, even though the proposed arrangement could affect competition, there was an acceptably low risk that a customer would choose products based on this arrangement.  Last, the proposed arrangement bears some similarity to an insurance policy and the cost of this can be built into the cost of the product.[147]  HHS OIG also noted that the proposal could increase patient safety and care.[148] This guidance expands the number of warranty types for which the OIG has recognized the availability of the warranty safe harbor, thereby affording manufacturers greater flexibility to tie product pricing to performance, further incentivizing providers to deal with product sellers and manufacturers who are willing to stand behind the performance of their products by sharing the risk on outcomes. 3.     HHS OIG permits pilot program to provide Medicare Advantage pharmacists with real-time access to patient discharge information In December, HHS OIG approved a proposal to allow a vendor to develop and make available an interface that would allow pharmacists to view relevant clinical data in real-time during discharge for Medicare Advantage plan beneficiaries who were admitted with one of five eligible diagnoses.[149]  The pilot program aims to “gain insight into the degree to which technology that provides . . . pharmacists with real-time access to discharge information can help improve transitions of care and decrease re-hospitalizations.”[150] HHS expressed concern that the interface would have an independent value, and therefore be an improper remuneration, because it would remove an administrative burden and that pharmacists would be in a position to influence which medications a patient is prescribed.[151]  Ultimately, HHS OIG concluded that it would not impose sanctions under the AKS.  Importantly, the manufacturer protected against the risk that the pharmacist would recommend the manufacturer’s product by including language in the agreements and operative documents that the collaboration would have no bearing on formulary recommendations or referrals of business, and ensuring that nothing in the interface would guide the pharmacist to choose one product over another.[152]  HHS OIG also focused on patient care and patient outcomes.  OIG concluded that the proposed arrangement would be unlikely to lead to increased costs or overutilization of federally reimbursable services because the Medicare Advantage plan, “as the payor, has a strong incentive for its members to receive the most appropriate and cost-effective treatment to promote their recovery and good health.”[153]  Further, the proposal would be unlikely to have a negative outcome on patient quality of care.[154]  And lastly, HHS OIG concluded that the small scale of the program—limited to approximately 200 patients and five diagnoses—reduces the risk that the remuneration involved would influence referrals to or recommendations for the manufacturer’s products.[155] V.     MEDICAL DEVICES After a relatively quiet start to the year, the second half of 2017 brought a number of guidance documents and enforcement actions concerning medical device manufacturers.  We begin this section with an overview of notable guidance issued by FDA before walking through recent device-related enforcement activity.            A.     FDA Guidance In the past six months, FDA issued guidance on several noteworthy subjects, including digital health, pre-market approval standards, and expedited approval processes.  As continued technological advances continue to pave the way for new clinical opportunities, FDA has emphasized its focus on streamlining the review process and providing access to newly vetted medical devices. In addition to the topics discussed in detail below, President Trump in August 2017 signed into law the FDA Reauthorization Act (“FDARA”), which, among other things, reauthorizes the Medical Device User Fee Amendments through fiscal year 2022.[156]  With the return of the Affordable Care Act’s medical device tax on the horizon in 2018, a new user fee will be assessed under FDARA for de novo classification requests, and user fees will be adjusted annually for inflation.[157]  FDARA also sets forth a risk-based inspection schedule for establishments engaged in the manufacture, propagation, compounding, or processing of devices and requires FDA to establish uniform inspection processes and standards.[158]  Be on the lookout in the coming year for possible inspection-related draft guidance.[159] 1.     Digital Health On July 27, 2017, FDA took a step into a new digital-health era with the announcement of its Digital Health Innovation Action Plan and the launch of its “Pre-Cert for Software Pilot Program.”[160]  Framed as FDA’s response to the “revolution in health care,” driven by technology such as mobile medical apps, fitness trackers, and decision-supporting software, the Action Plan outlines the Center for Devices and Radiological Health’s (“CDRH”) “vision for fostering digital health innovation while continuing to protect and promote the public health.”[161]  The plan contemplates providing guidance on the 21st Century Cures legislation’s medical software provisions, as well as launching a pilot pre-certification program that focuses on the developer instead of the product in the hopes of “replac[ing] the need for a premarket submission for certain products,” decreasing the required submission content, and speeding up the review of marketing submissions.[162]  FDA plans to share updates about the program at a public workshop in January 2018.[163] As anticipated by the Action Plan, on December 7, 2017, FDA announced three draft and final guidance documents that further clarify its approach to digital devices: Clinical and Patient Decision Support Software.  The revised definition of “medical device” in the 21st Century Cures Act excluded certain types of software intended to provide clinical decision support.  The first draft guidance describes FDA’s interpretation of this revised definition and generally extends this interpretation to patient decision support software.[164]  The guidance states that FDA will continue to regulate clinical decision support (“CDS”) software “intended to acquire, process, or analyze a medical image, a signal from an in vitro diagnostic device, or a pattern or signal from a signal acquisition system,” but it will not regulate software that provides health care professionals with recommendations or treatment decisions that are consistent with the FDA-required labeling or clinical guidelines and that the professionals could have made independently.[165]  The critical factor, in FDA’s interpretation, is that the user should be able to reach independently the clinical recommendation provided by the software.  Furthermore, the sources for the software recommendation should be publicly available, such as in the published scientific literature.  Likewise, with respect to software intended to support patient decision-making, FDA does not intend to focus its regulatory oversight on “low-risk” software that offers patients recommendations they could have reached independently without the software.[166] Changes to Medical Software Policies After the Cures Act.  In this draft guidance, FDA addressed the software functions that were excluded from the definition of “medical device” by the 21st Century Cures Act:  hospital administrative functions, software intended for maintaining or encouraging a healthy lifestyle, electronic health records, and software for transferring, storing, or displaying data [167]  As a result of the statutory amendments, certain types of software that were previously under FDA enforcement discretion are no longer classified as “medical devices” under the Federal Food, Drug, and Cosmetic Act.  The guidance clarifies that Laboratory Information Management Systems are not devices and reiterates that FDA does not intend to examine or regulate “low-risk general wellness products,” such as a mobile application that plays music to relieve stress.[168]  In describing its approach to such products, FDA references the General Wellness Guidance detailed in our 2016 Year-End Update[169] and offers examples illustrating when electronic patient record software and Medical Device Data Systems do not qualify as devices.[170]  FDA is updating the prior software-specific guidances to reflect the 21st Century Cures Act. Clinical Evaluation of Software as a Medical Device (SaMD).  On December 8, 2017, FDA issued final guidance on its approach to Software as a Medical Device (“SaMD”), which is software intended to be used for one or more medical purposes that perform these purposes without being part of a hardware medical device.[171]  This guidance adopts the principles set forth by the International Medical Device Regulators Forum (“IMDRF”), a group of international medical device regulators focused on harmonization of device regulation.  These principles address risk-based analysis and assessments of SaMD and considerations to use in evaluating the safety and effectiveness of SaMD.[172]  The guidance discusses the assessment of: (1) the clinical association between the SaMD and the targeted clinical condition; (2) the SaMD’s ability to correctly process data to provide accurate, reliable, and precise output data; and (3) the use of the output data to achieve the intended purpose in clinical care.  The guidance explains when independent review of a clinical evaluation of a SaMD may be necessary, offers considerations for continuous learning throughout a SaMD’s lifecycle, and provides a comparison of the SaMD clinical evaluation process to the process for generating clinical evidence for in vitro diagnostic medical devices.[173] 2.      “Least Burdensome Approach” Guidance In keeping with its focus on streamlined review processes, FDA issued new draft guidance on December 15, 2017, detailing updates to the “least burdensome approach” used during premarket review of devices.[174]  Commissioner Gottlieb and CDRH Director Dr. Jeffrey Shuren have touted the benefits of the program, emphasizing the ability to devote resources to the “issues of highest public health concern” and to approve greater numbers of medical devices.[175] The draft guidance defines “least burdensome” to be “the minimum amount of information necessary to adequately address a regulatory question or issue through the most efficient manner at the right time,”[176] and it encourages application of the “least burdensome” principle “widely . . . to all activities in the premarket and postmarket settings” in order to minimize “unnecessary burdens so that patients can have earlier and continued access to high quality, safe, and effective devices.”[177]  The guidance applies to all devices[178] and provides a number of examples and suggestions for the industry, such as using peer-reviewed literature in lieu of or to supplement other data, using real-world evidence or non-clinical data, and accepting alternative approaches to regulatory issues.[179]  In familiar fashion, FDA also emphasizes the use of benefit-risk assessments in regulatory decision-making,[180] and the guidance references a number of tools and practices to reduce administrative burden, including Medical Device Development Tools (i.e., qualified methods to assess the effectiveness of a device), on which FDA also finalized guidance in August.[181] 3.     Program to Expedite the Approval of “Breakthrough” Medical Devices On October 25, 2017, FDA also issued draft guidance on a voluntary “Breakthrough Devices Program,” which provides priority review to designated submissions for devices subject to premarket approval, 501(k) clearance, and de novo classification processes.[182]  Continuing with the emphasis on access to care, the guidance is aimed at expediting patient access to “breakthrough” medical devices that provide for “more effective treatment” or diagnosis of life-threatening or irreversibly debilitating conditions.[183] To be designated as “breakthrough” under the Program, a device must (1) “provide for more effective treatment or diagnosis of life-threatening or irreversibly debilitating human disease or conditions”; and (2) represent breakthrough technologies that offer significant advantages over existing alternatives, for which no approved or cleared alternatives exist, or that are in the best interest of patients.[184]  For sponsors of such devices, FDA details options including “sprint” discussions, coordination to reach early agreement on a Data Development Plan, a mechanism for obtaining written agreement for clinical protocols, and regular status updates.[185] 4.     Additional Guidance In addition to the above categories, FDA announced several other draft and final guidance documents on various topics throughout the latter half of the year. On September 6, 2017, FDA announced a final guidance on the importance of “interoperability,” or the ability of electronic medical devices to safely and effectively interact with each other and exchange and use information.[186]  The guidance directs medical device manufacturers to focus on interoperability when designing systems, and it recommends that premarket submissions include, among other elements, discussions of a device’s externally-facing electronic interfaces, what type of information a device will exchange and how, potential risks, and interface testing results.[187] Later on October 25, 2017, FDA finalized two draft guidance documents regarding when manufacturers should submit a 510(k) for changes made to existing devices or software.[188]  Declining to implement a significant policy shift on 501(k) submissions, FDA clarified that changes significantly affecting the safety or effectiveness of a device—whether intended or not—will require a new 510(k), as will complex changes to software infrastructure and changes to hard device control mechanisms, operating principles, or energy types.[189] Rounding out the year in December 2017, FDA finalized guidance on technical considerations specific to 3-dimensional printing devices, or “additive manufacturing (AM)” devices.[190]  To respond efficiently to frequently asked questions, FDA also issued a final guidance on what it generally considers in determining whether to classify a product as a drug or device,[191] as well as a final guidance on how it intends to approach the regulation of device “accessories” going forward.[192]  The latter guidance clarifies that accessories with a “lower risk profile” than their parent devices may be regulated in a lower class, and it explains pathways for classifying or reclassifying accessories.[193]              B.     Enforcement Letters In a busy second half of the year, FDA issued 23 device-related warning letters, with CDRH issuing 9 of those.[194]  Overall, enforcement activity in the second half of 2017 suggests that FDA will continue to actively enforce regulations governing manufacturing practices, Quality System Regulation issues, and submissions requirements.  The issued letters also indicate that FDA will continue to exercise broad jurisdiction over foreign companies that market products in the United States, a trend we noted in our 2016 Year-End Update and one that FDA shows no signs of ending in the new year. In July, CDRH issued a warning to a manufacturer in Netherlands alleging that the firm did not have an approved application for premarket approval (“PMA”) in effect, or an approved application for an investigational device exemption (“IDE”).[195]  FDA also chastised the manufacturer for allegedly failing to submit a premarket notification before introducing the product into interstate commerce and requested that the manufacturer cease distribution of the unapproved device, noting that FDA already took steps to refuse entry of the devices into the United States.[196] In September, FDA took issue with a manufacturer of an attention task performance recorder for not only allegedly failing to have an approved application for PMA or IDE, but also for promoting the device for uses not cleared under its initial 510(k)—specifically, for promoting therapeutic or rehabilitation effects when the device allegedly was cleared for use as a “measurement of reaction time.”[197]  In addition, CDRH followed up with three foreign companies regarding inadequate responses to alleged Quality System Regulation issues previously discovered at foreign manufacturing facilities located in Germany, Sweden, and France.[198] October brought several additional letters relating to manufacturing and Quality System Regulation issues and warnings regarding alleged failures to have approved applications for PMAs or IDEs,[199] and CDRH issued a lengthy warning letter to Telemed regarding manufacturing practices at a facility in Lithuania.[200]  Also in November, FDA rebuked a California-based manufacturer for its alleged failure to report to FDA that its bone fixation fashioner device may have caused or contributed to a death or serious injury.[201]  The activity slowed in December, with only one warning issuing regarding an alleged lack of an approved PMA.[202] VI.     CONCLUSION We expect the year ahead to provide more answers about what the Trump Administration will mean, long term, for the pharmaceutical and medical device industries.  We will continue to monitor the developments discussed above, and others, and report on them in our 2018 Mid-Year Update. [1] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Justice Department Recovers Over $3.7 Billion From False Claims Act Cases in Fiscal Uear 2017 (Dec. 21, 2017), https://www.justice.gov/opa/pr/justice-department-recovers-over-37-billion-false-claims-act-cases-fiscal-year-2017; see also U.S. Dep’t of Justice, Civil Div., Fraud Statistics – Overview (Dec. 19, 2017), https://www.justice.gov/opa/press-release/file/1020126/download. [2] Id. [3] In 2017, two cases involved both AKS and improper billing claims.  In such cases in which multiple theories are alleged, the case (and the settlement amount) are counted in the totals for each theory.  See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Oxygen Equipment Provider Pays $11.4 Million to resolve False Claims Act Allegations (April 25, 2017), https://www.justice.gov/opa/pr/oxygen-equipment-provider-pays-114-million-resolve-false-claims-act-allegations; Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Drug Maker Aegerion Agrees to Plead Guilty; Will Pay More than $35 million to Resolve Criminal Charges and Civil false Claims Allegations (Sept. 22, 2017), https://www.justice.gov/opa/pr/drug-maker-aegerion-agrees-plead-guilty-will-pay-more-35-million-resolve-criminal-charges-and. [4] The number of cases indicated by this table—18—is two more than the total number of cases for the reasons explained supra note 3. [5] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Mylan Agrees to Pay $465 Million to Resolve False Claims Act Liability for Underpaying EpiPen Rebates (Aug. 17, 2017), https://www.justice.gov/opa/pr/mylan-agrees-pay-465-million-resolve-false-claims-act-liability-underpaying-epipen-rebates. [6] Id. [7] Id. [8] Id. [9] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Drug Maker Aegerion Agrees to Plead Guilty; Will Pay More Than $35 Million to Resolve Criminal Charges and Civil False Claims Allegations (Sept. 22, 2017), https://www.justice.gov/opa/pr/drug-maker-aegerion-agrees-plead-guilty-will-pay-more-35-million-resolve-criminal-charges-and. [10] Id. [11] Id. [12] Press Release, U.S. Dep’t of Justice, Drug Maker United Therapeutics Agrees to Pay $210 Million to Resolve False Claims Act Liability for Paying Kickbacks (Dec. 20, 2017), https://www.justice.gov/opa/pr/drug-maker-united-therapeutics-agrees-pay-210-million-resolve-false-claims-act-liability. [13] Press Release, U.S. Dep’t of Justice, U.S. Attorney’s Office, D. of Minn., United States Recovers More Than $12 Million In False Claims Act Settlements For Alleged Kickback Scheme (Aug. 21, 2017), https://www.justice.gov/usao-mn/pr/united-states-recovers-more-12-million-false-claims-act-settlements-alleged-kickback. [14] Id. [15] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Galena Biopharma Inc. to Pay More Than $7.55 Million to Resolve Alleged False Claims Related to Opioid Drug (Sept. 8, 2017), https://www.justice.gov/opa/pr/galena-biopharma-inc-pay-more-755-million-resolve-alleged-false-claims-related-opioid-drug. [16] Id. [17] Id. [18] Press Release, U.S. Dep’t of Justice, U.S. Attorney’s Office, C.D. of Cal., Celgene Agrees to Pay $280 Million to Resolve Fraud Allegations Related to Promotion of Cancer Drugs For Uses Not Approved by FDA (July 24, 2017), https://www.justice.gov/usao-cdca/pr/celgene-agrees-pay-280-million-resolve-fraud-allegations-related-promotion-cancer-drugs. [19] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Novo Nordisk Agrees to Pay $58 Million for Failure to Comply with FDA-Mandated Risk Program (Sept. 5, 2017), https://www.justice.gov/opa/pr/novo-nordisk-agrees-pay-58-million-failure-comply-fda-mandated-risk-program. [20] Id. [21] United States ex rel King v. Solvay Pharm., Inc., 871 F.3d 318, 323 (5th Cir. 2017). [22] Id. at 330–31. [23] Id. at 329 n.9. [24] Id. [25] Universal Health Servs., Inc. v. United States ex rel. Escobar, 136 S. Ct. 1989, 2003–04 (2016). [26] 862 F.3d 890, 895–96 (9th Cir. 2017). [27] Id. at 902–03. [28] Id. at 905–06 (citation omitted). [29] Pet. for a Writ of Cert., Gilead Sciences, Inc. v. United States ex rel. Campie, at i (filed Dec. 26, 2017). [30] Id. at 19, 22. [31] United States ex rel. Ibanez v. Bristol-Myers Squibb Co., 874 F.3d 905, 917, 921 (6th Cir. 2017). [32] Id. at 912. [33] Id. at 915. [34] Id. at 915–16 (citation omitted).   [35] Id. at 914–15. [36] Id. at 915. [37] Id. at 920–21. [38] United States ex rel. Nargol v. DePuy Orthopaedics, Inc., 865 F.3d 29, 31–32 (1st Cir. 2017). [39] Id. (discussing the standard from United States ex rel. Duxbury v. Ortho Biotech Prods., L.P., 579 F.3d 13 (1st Cir. 2009)). [40] Id. at 40–41. [41] Id. [42] Id. at 41. [43] Id. at 39, 42. [44] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Attorney General Sessions Announces Opioid Fraud and Abuse Detection Unit, https://www.justice.gov/opa/pr/attorney-general-sessions-announces-opioid-fraud-and-abuse-detection-unit. [45] Id. [46] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Attorney General Jeff Sessions Delivers Remarks Announcing New Tools to Combat the Opioid Crisis, https://www.justice.gov/opa/speech/attorney-general-jeff-sessions-delivers-remarks-announcing-new-tools-combat-opioid-crisis. [47] Id. [48] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Justice Department Announces First Ever Indictments Against Designated Chinese Manufacturers of Deadly Fentanyl and Other Opiate Substances, https://www.justice.gov/opa/pr/justice-department-announces-first-ever-indictments-against-designated-chinese-manufacturers. [49] Id. [50] Id. [51] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Founder and Owner of Pharmaceutical Company Insys Arrested and Charged with Racketeering (Oct. 26, 2017), https://www.justice.gov/opa/pr/founder-and-owner-pharmaceutical-company-insys-arrested-and-charged-racketeering. [52] Id. [53] Id. [54] Insys Therapeutics, Inc., Quarterly Report (10-Q), at 14 (Nov. 3, 2017). [55] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Novo Nordisk Agrees to Pay $58 Million for Failure to Comply with FDA-Mandated Risk Program (Sept. 5, 2017), https://www.justice.gov/opa/pr/novo-nordisk-agrees-pay-58-million-failure-comply-fda-mandated-risk-program. [56] Id. [57] Id. [58] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Drug Maker Aegerion Agrees to Plead Guilty; Will Pay More Than $35 Million to Resolve Criminal Charges and Civil False Claims Allegations (Sept. 22, 2017), https://www.justice.gov/opa/pr/drug-maker-aegerion-agrees-plead-guilty-will-pay-more-35-million-resolve-criminal-charges-and. [59] Id. [60] Id. [61] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, District Court Enters Permanent Injunction Against Two New Jersey Companies and Two Individuals to Stop Distribution of Unapproved and Misbranded Drugs (Sept. 26, 2017), https://www.justice.gov/opa/pr/district-court-enters-permanent-injunction-against-two-new-jersey-companies-and-two. [62] Id. [63] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, District Court Enters Permanent Injunction Against Philips North America and Two Executives to Limit Distribution of Adulterated External Defibrillators (Oct. 31, 2017), https://www.justice.gov/opa/pr/district-court-enters-permanent-injunction-against-philips-north-america-and-two-executives. [64] Alexion Pharmaceuticals, Inc., Quarterly Report (Form 10-Q), at 19 (Oct. 26, 2017). [65] Sandra Moser, Remarks at the America Conference Institute’s 8th Global Forum on Anti-Corruption in High Risk Markets (July 25, 2017). [66] Id. [67] U.S. Food & Drug Admin., FDA In Brief: FDA takes new steps to help ensure clear presentation of health information in prescription drug promotion (Dec. 11, 2017), https://www.fda.gov/NewsEvents/Newsroom/FDAInBrief/ucm588419.htm. [68] Id. [69] Warning Letters 2017: Office of Prescription Drug Promotion, U.S. Food & Drug Admin (last updated Dec. 14, 2017). [70] Warning Letter from Andrew Haffer, Dir., Div. of Advert. & Promotion Review, Office of Prescription Drug Promotion, U.S. Food & Drug Admin. to Robert D. Tessarolo, President and Chief Exec. Officer, Cipher Pharmaceuticals Inc. (Aug. 24, 2017). [71] Id. at 3. [72] Warning Letter from Andrew Haffer, Dir., Div. of Advert. & Promotion Review, Office of Prescription Drug Promotion, U.S. Food & Drug Admin. to Ira Weisberg, President and CEO, Amherst Pharmaceuticals, Inc. and Dr. Warren P. Lesser, President and CEO, Magna Pharmaceuticals, Inc. (Nov. 14, 2017). [73] Id. at 2. [74] Id. at 3–4. [75] Warning Letter from Robert Dean, Dir., Div. of Advert. & Promotion Review, Office of Prescription Drug Promotion, U.S. Food & Drug Admin. to Vidya Vepuri, Dir., AVANTHI, INC. (Dec. 19, 2017). [76] Id. at 2. [77] U.S. Food & Drug Admin., FDA In Brief: FDA takes new steps to help ensure clear presentation of health information in prescription drug promotion (Dec. 11, 2017), https://www.fda.gov/NewsEvents/Newsroom/FDAInBrief/ucm588419.htm. [78] U.S. Food & Drug Admin., Guidance for Industry: Product Name, Placement, Size, and Prominence in Promotional Labeling and Advertisements (Dec. 2017),  https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM375784.pdf. [79] Id. at 2. [80] Id. at 5–6. [81] Id. at 6. [82] U.S. Food & Drug Admin., Draft Guidance for Industry: Medical Product Communications That Are Consistent With the FDA-Required Labeling—Questions and Answers (Jan. 2017), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM537130.pdf. [83] U.S. Food & Drug Admin., Draft Guidance for Industry and Review Staff:  Drug and Device Manufacturer Communications With Payors, Formulary Committees, and Similar Entities—Questions and Answers (Jan. 2017), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM537347.pdf. [84] U.S. Food & Drug Admin., Statement from FDA Commissioner Scott Gottlieb, M.D., on FDA decision to seek additional time to reassess rule that would have changed longstanding practices for how the agency determined the ?intended use’ of medical products (Jan. 12, 2018), https://www.fda.gov/NewsEvents/Newsroom/PressAnnouncements/ucm592358.htm. [85] Id. [86] Id. [87] U.S. Food & Drug Admin., Clarification of When Products Made or Derived From Tobacco Are Regulated as Drugs, Devices, or Combination Products; Amendments to Regulations Regarding “Intended Uses”; Proposed Partial Delay of Effective Date (Jan. 16, 2018), https://www.federalregister.gov/documents/2018/01/16/2018-00555/clarification-of-when-products-made-or-derived-from-tobacco-are-regulated-as-drugs-devices-or (83 Fed. Reg. 2092). [88] United States ex rel King v. Solvay Pharm., Inc., 871 F.3d 318, 329 (5th Cir. 2017) (per curiam). [89] United States ex rel. Ibanez, 874 F.3d at 915. [90] Sidney Hillman Health Ctr. of Rochester v. Abbott Labs., 873 F.3d 574, 578 (7th Cir. 2017). [91] Hemi Grp v. City of New York, 559 U.S. 1 (2010). [92] Sidney Hillman Health Ctr. of Rochester, 873 F.3d at 578 (7th Cir. 2017) (citing Sergeants Benevolent Ass’n Health and Welfare Fund v. Sanofi-Aventis U.S. LLP, 806 F.3d 71 (2d Cir. 2015), and UFCW Local 1776 v. Eli Lilly & Co., 620 F.3d 121 (2d Cir. 2010)). [93] Pharmaceutical Information Exchange Act, H.R. 2026, 115th Cong. (2017),  https://www.congress.gov/bill/115th-congress/house-bill/2026. [94] Medical Product Communications Act of 2017, H.R. 1703, 115th Cong. (2017),  https://www.congress.gov/bill/115th-congress/house-bill/1703/text. [95] Press Release, #SubHealth Reviews Legislation Addressing Medical Product Manufacturer Communications, H. Subcomm. on Health of the H. Comm. on Energy & Commerce (Jul. 12, 2017), https://energycommerce.house.gov/news/press-release/subhealth-reviews-legislation-addressing-medical-product-manufacturer-communications/. [96] Jeff Overley, Off-Label Drug Bills Get Little Traction On Capitol Hill, Law360, (Jul. 12, 2017), https://www.law360.com/health/articles/943303/off-label-drug-bills-get-little-traction-on-capitol-hill. [97] Michael Ollove, Pressure mounts to lift FDA restrictions on off-label drugs, Washington Post, (Oct. 8, 2017), https://www.washingtonpost.com/national/health-science/pressure-mounts-to-lift-fda-restrictions-on-off-label-drugs/2017/10/06/568204a0-a2f6-11e7-8cfe-d5b912fabc99_story.html?. [98] News Release, New Jersey Dept. of Justice, New Hampshire Joins $13.5 Million Consumer Settlement with Boehringer Ingelheim Pharmaceuticals, Inc. Concerning Its Off-Label Promotion of Four Prescription Drugs (Dec. 20, 2017), https://www.doj.nh.gov/media-center/press-releases/2017/20171220-boehringer-ingelheim-pharmaceuticals.htm [99] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Boehringer Ingelheim to Pay $95 Million to Resolve False Claims Act Allegations, (Oct. 25, 2012) https://www.justice.gov/opa/pr/boehringer-ingelheim-pay-95-million-resolve-false-claims-act-allegations. [100] United States v.Paul J. Elmer and Caprice R. Bearden, No. 1:17-cr-0113 (S.D. Ind. Jun. 20, 2017). [101] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Former Pharmacy Compliance Director Pleads Guilty to Introducing Adulterated Drugs into Interstate Commerce and Conspiracy to Defraud the United States (Nov. 22, 2017), https://www.justice.gov/opa/pr/former-pharmacy-compliance-director-pleads-guilty-introducing-adulterated-drugs-interstate. [102] Id. [103] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, District Court Enters Permanent Injunction Against Alabama Pharmacy and Individuals to Prevent Distribution of Adulterated and Misbranded Drugs and Unapproved New Drugs (Jul. 5, 2017), https://www.justice.gov/opa/pr/district-court-enters-permanent-injunction-against-alabama-pharmacy-and-individuals-prevent. [104] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, District Court Enters Permanent Injunction Against Utah Pharmacy and its Executives to Prevent Distribution of Adulterated, Misbranded and Unapproved New Drugs (Aug. 7, 2017), https://www.justice.gov/opa/pr/district-court-enters-permanent-injunction-against-utah-pharmacy-and-its-executives-prevent. [105] Press Release, District Court Enters Permanent Injunction Against Philips North America and Two Executives to Limit Distribution of Adulterated External Defibrillators (Oct. 31, 2017), https://www.justice.gov/opa/pr/district-court-enters-permanent-injunction-against-philips-north-america-and-two-executives. [106] See U.S. Food & Drug Admin., Warning Letters 2017 (Dec. 21, 2017), https://www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/default.htm (follow “Enforcement Activities by FDA” hyperlink; then follow “Warning Letters and Notice of Violation Letters to Pharmaceutical Companies” hyperlink; then follow “Warning Letters 2017” hyperlink). [107] See Warning Letter from Thomas J. Cosgrove, Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Mr. Rajiv Malik, President, Mylan Pharmaceuticals, Inc. (Apr. 3, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm550326.htm. [108] Warning Letter from Francis Godwin, Acting Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Mr. Guangjian Feng, Manager of Marketing, Guangdong Zhanjiang Jimin Pharmaceutical Co., Ltd. (Oct. 30, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm583939.htm. [109] Warning Letter from Francis Godwin, Acting Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Mr. Il Chong Chung, President and Owner, Seindni Co., Ltd. (Dec. 5, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm588215.htm. [110] Warning Letter from Thomas J. Cosgrove, Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Ms. Michele Boisvert, CEO, Homeolab USA Inc. (Aug. 2, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm570461.htm. [111] Warning Letter from Thomas J. Cosgrove, Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Ms. Jeong Soo Ahn, CEO, Dasan E&T Co., Ltd. (Sept. 22, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm577650.htm. [112] Warning Letter from Francis Godwin, Acting Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Mr. JongWoo Kim, CEO, Dae Young Foods Company, Ltd. (Nov. 20, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm586501.htm. [113] Warning Letter from Thomas J. Cosgrove, Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Dr. Dhananjaya Alli, Managing Director, Vista Pharmaceuticals Limited (July 5, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm565861.htm. [114] Warning Letter from Thomas J. Cosgrove, Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Mr. Bernard Armani, President, Deserving Health International Corp. (Dec. 18, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm589455.htm. [115] U.S. Food & Drug Admin., Draft Guidance for Industry: Expiration Dating of Unit-Dose Repackaged Solid Oral Dosage Form Drug Products (Aug. 8, 2017), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM070278.pdf. [116] U.S. Food & Drug Admin., Expiration Dating of Unit-Dose Repackaged Solid Oral Dosage Form Drug Products; Revised Draft Guidance for Industry; Availability, 82 Fed. Reg. 37229 (Aug. 9, 2017). [117] U.S. ex rel. King v. Solvay Pharmaceuticals, Inc., 871 F.3d 318, 323 (5th Cir. 2017) (per curiam); 31 U.S.C. § 3729(a)(1)(A)–(B). [118] Id. at 331–32. [119] Id. at 331. [120] Id. at 332. [121] Id. (emphasis added). [122] Press Release, U.S. Dep’t of Justice, U.S. Atty’s Office, S.D.N.Y., Manhattan U.S. Attorney Announces $370 Million Civil Fraud Settlement Against Novartis Pharmaceuticals for Kickback Scheme Involving High-Priced Prescription Drugs, Along With $20 Million Forfeiture of Proceeds From The Scheme (Nov.r 20, 2015), https://www.justice.gov/usao-sdny/pr/manhattan-us-attorney-announces-370-million-civil-fraud-settlement-against-novartis. [123] United States v. Nerey, 877 F.3d 956, 969 (11th Cir. 2017). [124] Id. (quoting United States v. Vernon, 723 F.3d 1234, 1256 (11th Cir. 2013)). [125] Id. [126] U.S. Dep’t of Health and Human Servs., Office of Inspector Gen., Notice of Modification of OIG Advisory Opinion No. 02-01 at 1 (Mar. 3, 2017), https://oig.hhs.gov/fraud/docs/advisoryopinions/2017/AdvOpn02-1-mod.pdf. [127] Id. at 2–3. [128] U.S. Dep’t of Health and Human Servs., Office of Inspector Gen., Redacted Final Notice of Rescission 06-04 at 1 (Nov. 28, 2017), https://oig.hhs.gov/fraud/docs/advisoryopinions/2017/AdvOpnRescission06-04.pdf. [129] Id. [130] Id. [131] Id. [132] Id. at 2. [133] Id. [134] Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Drug Maker United Therapeutics Agrees to Pay $210 Million to Resolve False Claims Act Liability for Paying Kickbacks (Dec. 20, 2017), https://www.justice.gov/opa/pr/drug-maker-united-therapeutics-agrees-pay-210-million-resolve-false-claims-act-liability. [135] See id. [136] Allison Noon, United Therapeutics Settles Charity-Kickback Claim for $210 Million, Law360 (Dec. 20, 2017), https://www.law360.com/articles/996916/united-therapeutics-settles-charity-kickback-claim-for-210m; see, e.g., Regeneron Pharmaceuticals, Inc., Form 10-K, at 58 (filed Feb. 9, 2017), http://investor.regeneron.com/secfiling.cfm?filingid=1532176-17-8&cik. [137] Letter from Gregory Demske, Chief Counsel to the Inspector General, U.S. Dep’t of Health and Human Servs., Office of Inspector Gen., to James Stansel, Executive Vice President and General Counsel, Pharmaceutical Research and Manufacturers of America (Jan. 04, 2018), https://dlbjbjzgnk95t.cloudfront.net/0999000/999154/stansel-letter.pdf. [138] Id. [139] 42 U.S.C. § 1320a-7b(b)(2)(A). [140] 15 U.S.C. § 2301(6) (defining written warranty); 42 C.F.R. § 1001.952(g) (setting out the safe harbor for warranties). [141] U.S. Dep’t of Health and Human Servs., Office of Inspector Gen., OIG Advisory Op. 02-06 at 5 (May 14, 2002), https://oig.hhs.gov/fraud/docs/advisoryopinions/2002/ao0206.pdf. [142] U.S. Dep’t of Health and Human Servs., Office of Inspector Gen., OIG Advisory Op. 17-03 at 1 (Aug.18, 2017), https://oig.hhs.gov/fraud/docs/advisoryopinions/2017/AdvOpn17-03.pdf. [143] Id. at 2. [144] Id. at 2–3. [145] Id. at 5. [146] Id. at 5. [147] See id. at 5–6. [148] See id. [149] U.S. Dep’t of Health and Human Servs., Office of Inspector Gen., OIG Advisory Op. 17-07 at 1–2 (Dec. 4, 2017) https://oig.hhs.gov/fraud/docs/advisoryopinions/2017/AdvOpn17-07.pdf.  The five diagnoses that would be eligible under the Hospital Readmission Reduction Program are pneumonia, congestive heart failure, acute myocardial infarction, chronic obstructive pulmonary disease, and elective total hip or knee arthoplasty.  Id. at 2. [150] Id. [151] Id. at 7–8. [152] Id. at 8­9.  Also important to HHS OIG’s determination is that the manufacturer does not make many products that apply to the specific diseases at issue. [153] Id. at 8. [154] Id. at 9. [155] Id. [156] See FDA Reauthorization Act of 2017, Pub. L. No. 115–52, § 203, 131 Stat. 1005, 1013–14 (2017). [157] See id. §§ 201–03, 131 Stat. at 1013–15. [158] See id. §§ 701–02, 131 Stat. at 1054–56. [159] See id. § 702(b), 131 Stat. at 1055–56. [160] See Scott Gottlieb, FDA Announces New Steps to Empower Consumers and Advance Digital Healthcare, FDA Voice (July 27, 2017), https://blogs.fda.gov/fdavoice/index.php/2017/07/fda-announces-new-steps-to-empower-consumers-and-advance-digital-healthcare/. [161] U.S. Food & Drug Admin., Digital Health Innovation Action Plan, at 1 (2017), https://www.fda.gov/downloads/MedicalDevices/DigitalHealth/UCM568735.pdf. [162] Id. at 1, 5. [163] Id. at 7. [164] U.S. Food & Drug Admin., Draft Guidance for Industry and Food and Drug Administration Staff: Clinical and Patient Decision Support Software (Dec. 8, 2017), https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM587819.pdf. [165] Id. at 5–9. [166] Id. at 11–13. [167] See U.S. Food & Drug Admin., Draft Guidance for Industry and Food and Drug Administration Staff: Changes to Existing Medical Software Policies Resulting from Section 3060 of the 21st Century Cures Act (Dec. 8, 2017), https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM587820.pdf. [168] See id. at 7–9. [169] See id. at 4, 7–9. [170] See id. at 9–14. [171] U.S. Food & Drug Admin., Guidance for Industry and Food and Drug Administration Staff: Software as a Medical Device (SAMD): Clinical Evaluation (Dec. 8, 2017), https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm524904.pdf. [172] See id. at FDA Preface, 4–5. [173] Id. at 16–21. [174] U.S. Food & Drug Admin., Draft Guidance for Industry and Food and Drug Administration Staff: The Least Burdensome Provisions: Concept and Principles (Dec. 15, 2017), https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM588914.pdf. [175] Scott Gottlieb and Jeffrey Shuren, New Steps to Facilitate Beneficial Medical Device Innovation, FDA Voice (Dec. 14, 2017), https://blogs.fda.gov/fdavoice/index.php/2017/12/new-steps-to-facilitate-beneficial-medical-device-innovation/. [176] U.S. Food & Drug Admin., Draft Guidance for Industry and Food and Drug Administration Staff: The Least Burdensome Provisions: Concept and Principles, at 4–5 (Dec. 15, 2017), https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM588914.pdf. [177] Id. at 7. [178] Id. [179] Id. at 9–14. [180] Id. at 16. [181] Id. at 16–17; see also U.S. Food & Drug Admin., Guidance for Industry, Tool Developers, and Food and Drug Administration Staff: Qualification of Medical Device Development Tools (Aug. 10, 2017), https://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm374432.pdf. [182] U.S. Food & Drug Admin., Draft Guidance for Industry and Food and Drug Administration Staff: Breakthrough Devices Program (Oct. 25, 2017), https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm581664.pdf. [183] Id. at 1. [184] Id. at 11–12; see also id. at 12–17. [185] Id. at 7–11. [186] U.S. Food & Drug Admin., Guidance for Industry and Food and Drug Administration Staff: Design Considerations and Pre-market Submission Recommendations for Interoperable Medical Devices (Sept. 6, 2017), https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm482649.pdf. [187] See id. at 3, 13–16. [188] U.S. Food & Drug Admin., Guidance for Industry and Food and Drug Administration Staff: Deciding When to Submit a 510(k) for a Change to an Existing Device (Oct. 25, 2017), https://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm514771.pdf; U.S. Food & Drug Admin., Guidance for Industry and Food and Drug Administration Staff: Deciding When to Submit a 510(k) for a Software Change to an Existing Device (Oct. 25, 2017), https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm514737.pdf. [189] See Change to an Existing Device, supra note 32, at 8–9, 25–31; Software Change to an Existing Device, supra note 32, at 5–6, 15. [190] U.S. Food & Drug Admin., Guidance for Industry and Food and Drug Administration Staff: Technical Considerations for Additive Manufactured Medical Devices (Dec. 5, 2017), https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm499809.pdf. [191] See U.S. Food & Drug Admin., Guidance for Industry and Food and Drug Administration Staff: Classification of Products as Drugs and Devices and Additional Product Classification Issues (Sept. 25, 2017), https://www.fda.gov/downloads/RegulatoryInformation/Guidances/UCM258957.pdf. [192] U.S. Food & Drug Admin., Guidance for Industry and Food and Drug Administration Staff: Medical Device Accessories – Describing Accessories and Classification Pathways (Dec. 20, 2017), https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm429672.pdf. [193] See id. at 3, 8–12. [194] See U.S. Food & Drug Admin., 2017 Warning Letters: Inspections, Compliance, Enforcement, and Criminal Investigations, https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/default.htm?Page=1. [195] Warning Letter from Alberto Gutierrez, Office Dir., Office of In Vitro Diagnostics and Radiological Health, Ctr. for Devices & Radiological Health, U.S. Food & Drug Admin. to Arjen Winkel, President and CEO, QLRAD Netherlands (July 20, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm574153.htm. [196] Id. [197] Warning Letter from Joseph Matrisciano, Jr., District Dir., Division 1/East, N.E. District, Office of Medical Device and Radiological Health Operations, U.S. Food & Drug Admin. to Mr. James Phillip Jones, Chief Executive Officer, Dynavision International, LLC (Sept. 5, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm574774.htm. [198] Warning Letter from Alberto Gutierrez, Office Dir., Office of In Vitro Diagnostics and Radiological Health, Ctr. for Devices & Radiological Health, U.S. Food & Drug Admin. to Wilhelm Sänger, General Manager, DRG Instruments GmbH (Sept. 19, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm580968.htm; Warning Letter from Alberto Gutierrez, Office Dir., Office of In Vitro Diagnostics and Radiological Health, Ctr. for Devices & Radiological Health, U.S. Food & Drug Admin. to Else Beth Trautner, Chief Executive Officer, Euro Diagnostica AB (Sept. 20, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm578374.htm; Warning Letter from Alberto Gutierrez, Office Dir., Office of In Vitro Diagnostics and Radiological Health, Ctr. for Devices & Radiological Health, U.S. Food & Drug Admin. to Christoph Gauer, CEO, ELITech Group SAS (Sept. 20, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm581033.htm. [199] See U.S. Food & Drug Admin., 2017 Warning Letters: Inspections, Compliance, Enforcement, and Criminal Investigations, https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/default.htm?Page=1. [200] Warning Letter from Donald J. St. Pierre, Acting Dir., Office of In Vitro Diagnostics and Radiological Health, Ctr. for Devices & Radiological Health, U.S. Food & Drug Admin. to Dmitry Novikov, TELEMED (Nov. 14, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm589996.htm. [201] Warning Letter from Kelly Sheppard, Acting Program Div. Dir., Division 3 West, L.A. District, Office of Medical Device and Radiological Health Operations, U.S. Food & Drug Admin. to Dr. John M. Agee, President and Owner, Hand Biomechanics Lab, Inc. (Nov. 16, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm587328.htm. [202] See U.S. Food & Drug Admin., 2017 Warning Letters: Inspections, Compliance, Enforcement, and Criminal Investigations, https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/default.htm?Page=1. The following Gibson Dunn lawyers assisted in the preparation of this client update:  Stephen Payne, Marian Lee, John Partridge, Jonathan Phillips, Sean Twomey, Reid Rector, Allison Chapin, Sarah Erickson-Muschko, Emily Riff, Jasper Hicks, Julie Hamilton, Lucie Duvall, and Stevie Pearl. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments.  Please contact the Gibson Dunn lawyer with whom you usually work or any of the following: Washington, D.C. Stephen C. Payne, Chair, FDA and Health Care Practice Group (+1 202-887-3693, spayne@gibsondunn.com) F. Joseph Warin (+1 202-887-3609, fwarin@gibsondunn.com) Marian J. Lee (+1 202-887-3732, mjlee@gibsondunn.com) Daniel P. Chung (+1 202-887-3729, dchung@gibsondunn.com) Jonathan M. Phillips (+1 202-887-3546, jphillips@gibsondunn.com) Los Angeles Debra Wong Yang (+1 213-229-7472, dwongyang@gibsondunn.com) San Francisco Charles J. Stevens (+1 415-393-8391, cstevens@gibsondunn.com) Winston Y. Chan (+1 415-393-8362, wchan@gibsondunn.com) New York Alexander H. Southwell (+1 212-351-3981, asouthwell@gibsondunn.com) Denver Robert C. Blume (+1 303-298-5758, rblume@gibsondunn.com) John D. W. Partridge (+1 303-298-5931, jpartridge@gibsondunn.com) © 2018 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

November 30, 2017 |
Federal Circuit Update (November 2017)

This November 2017 edition of Gibson Dunn’s Federal Circuit Update discusses the recent Friedman Lecture on Appellate Advocacy by Judge Alan Lourie, the two pending Federal Circuit cases before the Supreme Court that consider issues regarding inter partes review proceedings, and the Federal Circuit’s en banc procedures.  This Update also provides summaries of the two pending en banc cases involving judicial review of timeliness determinations in inter partes review proceedings and attorneys’ fees for litigation involving the PTO.  Also included is a summary of the recent en banc decision regarding motions to amend in inter partes review proceedings and a pair of decisions relating to patent venue and patent eligibility. Federal Circuit News On November 17, 2017, Judge Alan Lourie spoke at the Friedman Memorial Lecture on Excellence in Appellate Advocacy put on by the Federal Circuit Bar Association.  In his remarks, Judge Lourie chiefly addressed the Supreme Court’s recent reversal of a number of Federal Circuit decisions, such as TC Heartland LLC v. Kraft Foods Group Brands LLC.  Judge Lourie stated that the Federal Circuit “should not be affronted” by these reversals, as they have not necessarily occurred because the appellate court was “wrong.”  Instead, these reversals may be attributed to factors such as changes in technology and the Supreme Court’s apparent desire “to limit the continued existence of long-established rules specific to patent law, that set it apart from general law.”  Finally, Judge Lourie stated that he believes the Federal Circuit has been and continues to serve its purpose of providing uniformity in patent law. Supreme Court.  The Supreme Court has heard oral argument on two cases from the Federal Circuit this term: Case Status Issue Oil States Energy Services, LLC v. Greene’s Energy Group, LLC, No. 16-712 Argued on Nov. 27, 2017 Constitutionality of inter partes review under Article III and the Seventh Amendment SAS Institute Inc. v. Matal, No. 16-969 Argued on Nov. 27, 2017 The number of claims that must be addressed by the Patent Trial and Appeal Board in a final written decision during inter partes review Upcoming En Banc Federal Circuit Cases Wi-Fi One, LLC v. Broadcom Corp., No. 15-1944 (Fed. Cir.):  The Federal Circuit’s jurisdiction to review the PTAB’s determination that a petitioner is not time-barred under 35 U.S.C. § 315(b). The PTAB instituted an inter partes review proceeding against Wi-Fi One’s patent.  Wi-Fi One argued that Broadcom was time-barred under 35 U.S.C. § 315(b) from seeking review because Broadcom was in privity with time-barred district court litigants.  The PTAB disagreed, determining that Wi-Fi One did not establish that Broadcom had sufficient control over district court litigation to support a privity finding.  On appeal, the Federal Circuit held that it does not have jurisdiction to review the PTAB’s determination that Broadcom was not time-barred, holding that the Supreme Court’s decision in Cuozzo Speed Technologies, LLC v. Lee, 136 S. Ct. 2131 (2016), did not implicitly overrule prior Federal Circuit precedent on the issue (decision available here).  To date, two amicus briefs have been filed in support of Wi-Fi One (WesternGeco LLC and 3DS Innovations, LLC), eight amicus briefs have been filed in support of neither party (Jeremy Cooper Doerre, New York Intellectual Property Law Association, Federal Circuit Bar Association, Intellectual Property Owners Association, Boston Patent Law Association, Professors of Patent and Administrative Law, American Intellectual Property Law Association, and Biotechnology Innovation Organization), and three amicus briefs have been filed in support of Broadcom (Oracle, Intel, and Apple).  Oral argument was heard on May 4, 2017. Question presented: Should this court overrule Achates Reference Publishing, Inc. v. Apple Inc., 803 F.3d 652 (Fed. Cir. 2015) and hold that judicial review is available for a patent owner to challenge the PTO’s determination that the petitioner satisfied the timeliness requirement of 35 U.S.C. § 315(b) governing the filing of petitions for inter partes review? Nantkwest, Inc. v. Matal, No. 16-1794 (Fed. Cir.):  Whether the PTO can recover attorneys’ fees in litigation under 35 U.S.C. § 145. After the PTAB affirmed the examiner’s rejection of Nantkwest’s patent application, Nantkwest appealed to the United States District Court for the Eastern District of Virginia under 35 U.S.C. § 145.  The PTO prevailed on the merits of the appeal and moved to recover both attorneys’ fees and expert fees.  Section 145 provides that “[a]ll the expenses of the proceedings shall be paid by the applicant.”  Applying this provision, the district court granted the PTO’s request for expert fees, but rejected the PTO’s request for attorneys’ fees.  A panel of the Federal Circuit reversed the district court’s holding as to attorneys’ fees, holding that “[a]ll expenses of the proceedings,” under § 145, authorizes an award of attorneys’ fees.  (Decision available here.)  Following the entry of judgment, however, the Federal Circuit sua sponte ordered that the panel decision be vacated and that the case be reheard en banc.  To date, no amicus briefs have been filed, and oral argument has not yet been scheduled. Question presented: Did the panel in NantKwest, Inc. v. Matal, 860 F.3d 1352 (Fed. Cir. 2017) correctly determine that 35 U.S.C. § 145’s “[a]ll the expenses of the proceedings” provision authorizes an award of the United States Patent and Trademark Office’s attorneys’ fees? Federal Circuit Practice Update The Federal Circuit’s Internal Operating Procedure No. 14 governs which judges may vote on whether to take a case en banc, and which judges may participate in the en banc.  Consistent with 28 U.S.C. § 46(c), the composition of the en banc court generally consists of all active judges who are not recused and not disqualified, as well as any senior judge who participated in the panel decision that is now being reviewed by the en banc court.  IOP #14.7.  The decision of whether to rehear a case en banc is made by the active judges and panel judges.  IOP #14.2.  As such, judges sitting by designation on a panel may vote on whether to take a case en banc, but may not participate in the en banc itself.  Decisions for hearings en banc are only made by active judges.  IOP #14.1.  Therefore, it is possible that a highly contentious issue in an en banc case might turn on the composition of the original panel. By way of illustration, the en banc court issued its decision in Aqua Products, Inc. v. Matal (PTO), 2015-1177, on October 4, 2017 (summary of the decisions below).  The decision consisted of five written opinions (Judge Stoll did not participate): An opinion by Judge O’Malley, in which Judges Newman, Lourie, Moore, and Wallach joined, and Judges Dyk and Reyna concurred in the result; An opinion by Judge Moore, in which Judges Newman and O’Malley joined; An opinion by Judge Reyna, in which Judge Dyk joined, and Chief Judge Prost and Judges Taranto, Chen, and Hughes joined in part; An opinion by Judge Taranto, in which Chief Judge Prost and Judges Chen and Hughes joined, and Judges Dyk and Reyna joined in certain respects; and An opinion by Judge Hughes, in which Judge Chen joined. The original panel consisted of Chief Judge Prost, Judge Reyna, and Chief District Judge Stark, sitting by designation.  Judge Stark did not participate in the en banc proceedings because he was sitting by designation.  But if a senior judge had been on the panel instead of Judge Stark, he or she would have been permitted to participate in the en banc proceedings.  And if that judge had joined only Judge O’Malley’s opinion, then no part of Judge Reyna’s opinion or Judge Taranto’s opinion would have commanded a majority of the court’s vote. Key Case Summaries (October – November 2017) In re Aqua Prods., Inc., No. 15-1177 (Fed. Cir. Oct. 4, 2017) (en banc):  Allocation of the burdens of persuasion and production when a patent owner moves to amend in an inter partes review proceeding.  The PTAB instituted an inter partes review proceeding against Aqua’s patent, which relates to automated swimming pool cleaners.  Aqua moved to amend the challenged claims to distinguish the cited prior art.  The PTAB, however, denied Aqua’s motion, determining that Aqua failed to carry its burden of showing patentability of the proposed substitute claims over the prior art of record.  On appeal, the PTO intervened to defend the PTAB’s decision.  A panel of the Federal Circuit affirmed, but the court subsequently granted Aqua’s petition for rehearing en banc. Sitting en banc, the Federal Circuit issued five separate opinions: a lead opinion written by Judge O’Malley, concurring opinions by Judges Moore and Reyna, and dissenting opinions by Judges Taranto and Hughes.  A majority of the Federal Circuit held that the PTO has not set forth an interpretation of 35 U.S.C. § 316(e)—titled “Evidentiary Standards”—that is entitled to deference under Chevron.  The court further held that § 316(e) is ambiguous as to the allocation of the burden of persuasion of establishing the unpatentability of substitute claims, but that the most reasonable interpretation is that the petitioner bears the burden of persuasion.  A majority also held that 35 U.S.C. § 316(d) and 37 C.F.R. § 42.121 place a default burden of production on the patentee.  As to whether the PTAB can sua sponte raise patentability challenges to a substitute claim, a majority concluded that the record before the court did not present the “precise question,” and thus opted not to answer it.  The Federal Circuit thus vacated the PTAB’s denial of Aqua’s motion to amend and remanded for the PTAB to reconsider the motion without placing the burden of persuasion on the patent owner. Two-Way Media Ltd. v. Comcast Cable Commc’ns, LLC, Nos. 16-2531, 16-2532 (Fed. Cir. Nov. 1, 2017): Importance of claim scope in 101 eligibility determinations. Two-Way Media sued Comcast alleging infringement of four patents.  The patents all involved IP multicasting, which provided a way to transmit a packet of information to multiple recipients.  Comcast moved for judgment on the pleadings, arguing that the claims were ineligible under 35 U.S.C. § 101.  Two-Way Media argued that the motion was premature because claim construction was necessary to evaluate the claims, but Two-Way Media also provided proposed claim constructions for certain terms.  Two-Way Media also asked the district court to take judicial notice of expert reports and testimony from other cases addressing the novelty and nonobviousness of the claimed inventions.  The district court adopted Two-Way Media’s proposed claim constructions for its analysis of the motion but denied Two-Way Media’s request to take judicial notice of the expert materials because the evidence was irrelevant to an eligibility analysis under § 101.  The district court then found the claims patent ineligible under § 101, and Two-Way Media appealed. The Federal Circuit (Reyna, J.) affirmed.  The court separated its analysis of the four patents into two groups.  In analyzing step 1 for the first set, the court explained that the representative claim required the functional results of converting, routing, controlling, monitoring, and accumulating records, but the claim did not describe how to achieve those results “in a non-abstract way.”  The court concluded that the claim constructions proposed by Two-Way Media did not change the analysis because the constructions “recite only conventional components” and were not directed to a scalable network architecture—as argued by Two-Way Media—that improved the functioning of the system. Turning to step two, the court held that the claimed elements did not provide an inventive concept to render the claims patent eligible.  The court concluded that, although the specification described the system architecture as a technological innovation, the representative claim failed to recite the purportedly innovative system architecture.  The court explained: “[t]he main problem that Two-Way Media cannot overcome is that the claim—as opposed to something purportedly described in the specification—is missing an inventive concept.”  The court therefore found the representative claim ineligible, even though the specification purportedly described an innovative system architecture, because the claim did not cover the same scope as described in the specification.  The court also rejected Two-Way Media’s argument regarding its evidence of novelty and nonobviousness because such evidence was not material to the eligibility analysis. The court similarly found the second set of patents ineligible under § 101.  According to the court, the district court did not err in citing to the preamble of the patents to determine the “focus” of the claims.  The court noted that the claims were broader than the claims in the first set of patents and were similarly directed to abstract ideas.  The claims also suffered from the same problem as the representative claim of the first set of patents: the claims did not cover an inventive concept, such as the purportedly innovative system architecture, despite the specification’s discussion of that architecture. In re Micron Techs., Inc., No. 2017-138 (Fed. Cir. Nov 15, 2017): The venue defense in TC Heartland was not previously “available” to defendants and thus not waived under Rule 12. In 2016, the President and Fellows of Harvard College filed a patent infringement case in the District of Massachusetts against Micron Technologies, which is incorporated in Delaware.  Under the then-prevailing view of venue articulated in V.E. Holding Corp. v. Johnson Gas Appliance Co., 917 F.2d 1574, 1575 (Fed. Cir. 1990), venue would have been proper.  As such, Micron, like many defendants, did not object to venue with a motion under Rule 12(b)(3). After the Supreme Court’s TC Heartland decision earlier this year, venue under 28 U.S.C. § 1400(b) on the basis of where Micron resides became improper, as the Court determined that “a domestic corporation ‘resides’ only in its State of incorporation for purposes of the patent venue statue” (here, Delaware, not Massachusetts).  The Supreme Court, however, stated that this determination was not a “change” of law, but rather an articulation of what the law always had been (notwithstanding the Federal Circuit’s view in V.E. Holding). Accordingly, when Micron brought a post-TC Heartland motion objecting to venue, the district court held that Micron had waived its venue objection by not raising it in its initial Rule 12 motion, there being no change of law to make waiver inapplicable.  See Rule 12(g)(2), (h)(1)(A).  Other district courts, however, have reached different conclusions, holding that the venue defense stated in TC Heartland was not previously available, and thus waiver does not apply. In Micron, the Federal Circuit resolved the split, holding that, as a matter of “common sense” the venue objection was not “available” until after TC Heartland.  Writing for the panel, Judge Taranto explained:  “[B]efore then, it would have been improper, given controlling precedent, for the district court to dismiss or to transfer for lack of venue.”  Given that the Federal Circuit’s controlling V.E Holding decision precluded district courts from adopting a venue defense or objection of this type, “the defense or objection was not ‘available’ to the movant.” Nevertheless, the panel held that waiver by operation of Rule 12 “is not the sole basis” on which a district court might rule that a defendant had forfeited an otherwise valid venue defense.  Citing a district court’s inherent authority, the panel noted that a court could find forfeiture of a venue objection if not timely raised, barring defendants from taking a “tactical wait-and-see” approach and foregoing earlier opportunities to raise the defense. Upcoming Oral Argument Calendar For a list of upcoming arguments at the Federal Circuit, please click here. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Federal Circuit.  Please contact the Gibson Dunn lawyer with whom you usually work or the authors of this alert: Blaine H. Evanson – Los Angeles (213-229-7228, bevanson@gibsondunn.com) Blair A. Silver – Washington, D.C. (202-955-8690, bsilver@gibsondunn.com) Please also feel free to contact any of the following practice group co-chairs or any member of the firm’s Appellate and Constitutional Law or Intellectual Property practice groups: Appellate and Constitutional Law Group: Mark A. Perry – Washington, D.C. (202-887-3667, mperry@gibsondunn.com) James C. Ho – Dallas (214-698-3264, jho@gibsondunn.com) Caitlin J. Halligan – New York (212-351-4000, challigan@gibsondunn.com) Nicole A. Saharsky – Washington, D.C. (202-887-3669, nsaharsky@gibsondunn.com) Intellectual Property Group: Josh Krevitt – New York (212-351-4000, jkrevitt@gibsondunn.com) Wayne Barsky – Los Angeles (310-552-8500, wbarsky@gibsondunn.com) Mark Reiter – Dallas (214-698-3100, mreiter@gibsondunn.com) © 2017 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

August 25, 2017 |
2017 Mid-Year FDA and Health Care Compliance and Enforcement Update – Drugs and Devices

At the midpoint of 2017, much has changed, and yet much has stayed the same for U.S. manufacturers of pharmaceuticals and medical devices.  Although the new administration arrived in January, Dr. Scott Gottlieb, the new U.S. Food and Drug Administration ("FDA") Commissioner, was not confirmed until May.  Not surprisingly, then, much of the regulatory activity for the year is still on the horizon. In the meantime, various federal and state government enforcement agencies continue to keep drug and device manufacturers in their sights.  As in recent years, the first half of 2017 saw a steady cadence of enforcement actions against drug and device companies under the standard set of enforcement statutes: the False Claims Act ("FCA"), Anti-Kickback Statute ("AKS"), Federal Food, Drug, and Cosmetic Act ("FDCA"), and Foreign Corrupt Practices Act ("FCPA").  This included, most notably, the largest-ever FCA recovery in a kickback case involving a device company, a $350 million settlement that served as a continuing reminder of the high stakes for companies facing investigations under these statutes.  Other notable enforcement developments included increasing scrutiny of companies that manufacture and market opioids.  In the courts, FCA jurisprudence continued to evolve in the wake of the Supreme Court’s decision in Universal Health Services v. United States ex rel. Escobar in June of 2016. On the regulatory and legislative fronts, the headline has been the lack of any real headlines.  With the exception of a few pieces of guidance from FDA hurried out during the last days of the Obama Administration—including several notable guidance documents related to promotional issues—the regulatory landscape has, perhaps unsurprisingly, remained largely unchanged since President Trump’s inauguration in January.  On the Hill, several key pieces of potential legislation percolated in Congress, which battled over the state of the Affordable Care Act and possible replacements, passed the FDA Reauthorization Act in July and continued to debate drug pricing and promotional issues. Below, we discuss the most notable enforcement and regulatory developments from the first half of 2017 affecting drug and device manufacturers.  As in past updates, we begin with an overview of government enforcement efforts against drug and device companies under the FCA, the FDCA, and other laws.  We then address evolving regulatory guidance and enforcement actions on topics of note to drug and device companies: promotional activities, manufacturing practices, medical device regulation, and the AKS. I.     Department of Justice Enforcement in the Pharmaceutical and Medical Device Industries The first half of 2017 saw yet another string of headline-worthy developments in the enforcement arena.      A.     False Claims Act We begin this update, as always, with an overview of FCA recoveries from the pharmaceutical, medical device, and durable medical equipment ("DME") sectors in the first half of 2017.  The U.S. Department of Justice ("DOJ") pulled in more than $419 million from settlements with seven companies.  That number was driven by two settlements involving allegations that were predicated on purported AKS violations, including Shire Pharmaceuticals LLC’s record-setting $350 million resolution.  Filling out the government’s civil recoveries in the first six months of the year were $54 million from cases involving alleged violations of government health program or contractual requirements, and a $2 million settlement involving alleged violations of the FDCA.  Notably, none of the settlements announced by DOJ thus far in 2017 have focused primarily on alleged off-label promotion. 1.     Settlements in AKS-Related FCA Matters The lion’s share of government recoveries in FCA matters from the first half of 2017 resulted from the settlement among DOJ, Shire Pharmaceuticals LLC, and other Shire subsidiaries on January 11, 2017.[1]  Shire, a global pharmaceutical and medical device company, agreed to pay $350 million to resolve allegations that it offered kickbacks to induce clinics and physicians to use its bioengineered human skin substitute, an FDA-approved medical device.  Sales personnel allegedly offered expensive dinners and entertainment, medical equipment and supplies, sham speaking engagements and case studies, and rebates to encourage the use of the device.  The settlement also resolved allegations that Shire marketed the product for uses not approved by FDA, made false statements to inflate the price of the device, and caused improper coding of claims for reimbursement.  According to DOJ, the settlement with Shire is the largest-ever FCA recovery in a kickback case involving a medical device.[2] 2.     Government Program and Contractual Requirements Most of the balance of settlement recoveries so far in 2017 has come from alleged violations of government health program requirements.  In April, DOJ announced that Sanofi-Pasteur agreed to pay $19.8 million to resolve allegations that it miscalculated the prices it reported to the U.S. Department of Veterans Affairs ("VA") and thereby overcharged the VA for vaccine products.[3]  Under the Veterans Health Care Act, pharmaceutical manufacturers must list their covered drugs on the Federal Supply Schedule and charge no more than a fixed ceiling price, which is determined as a percentage of the drug’s average manufacturer price.[4]  In April and June 2017, several durable medical equipment suppliers also resolved claims of alleged violations of government health program rules related to product utilization.  Two companies, Lincare and Pacific Pulmonary Services, paid $20 million and $11.4 million, respectively, to resolve allegations that they submitted claims for oxygen equipment and other services that were not supported by medical necessity.[5]  Another company, Innovative Therapies, paid $2.7 million to resolve allegations that its negative pressure wound treatment devices were billed to government programs as DME, but did not meet program requirements to qualify as DME for billing purposes.[6] 3.     Manufacturing Requirements In January 2017, Baxter Healthcare Corporation agreed to pay more than $18 million to resolve claims related to its alleged failure to abide by current Good Manufacturing Practices ("cGMPs") in producing drug products it sold to the VA.[7]  Baxter agreed to pay approximately $2.158 million to settle the civil FCA claims, which stood on the theory that Baxter submitted "false claims" to the VA as a result of the company’s purported violation of contractual requirements mandating compliance with the FDCA.  As outlined in more detail in the FDCA section below, the company allegedly failed to follow cGMPs by manufacturing its large-volume sterile intravenous solutions in a "clean room" that was ventilated by moldy air filters.[8]  Notably, the Statement of Facts included in Baxter’s deferred prosecution agreement acknowledges that there was no indication that any product was affected by the alleged cGMP violations.[9]  That is significant; historically, where DOJ has pursued FCA enforcement actions involving manufacturing issues, it has focused on whether the issues impacted product quality such that DOJ could assert FCA liability under a "worthless products" theory. 4.     Developments in the Implied Certification Theory The first half of the year also saw continued developments in the application of the Supreme Court’s 2016 Escobar decision, in which the Court recognized the viability of the "implied false certification theory" of FCA liability.[10]  Under the implied certification theory, FCA liability can be predicated on violations of material statutory, regulatory, or contractual requirements.[11]  In the first half of 2017, we continued to see the courts diverge in their interpretations of key aspects of Escobar, including what specific representations (if any) are needed to support an FCA claim, how a company’s track record of interacting with the government or regulatory agencies may or may not impact the courts’ materiality analyses, and whether fraud-on-the-FDA claims under the FCA are viable after Escobar. a.     Framework for Assessing "Implied Certification" Claims As outlined in more detail in our 2016 Year-End Update, the Supreme Court explained in Escobar that "the implied certification theory can be a basis for [FCA] liability, at least where two conditions" are met, including (1) "the claim does not merely request payment, but also makes specific representations about the goods or services provided," and (2) "the defendant’s failure to disclose noncompliance with material statutory, regulatory, or contractual requirements makes those representations misleading half-truths."[12] Since Escobar, courts have taken differing approaches regarding whether an FCA plaintiff must satisfy both of Escobar‘s "two conditions" to state a viable implied certification claim.  The question of whether there must be a "specific representation" made in the claim submission process is particularly significant for drug and device companies.  Indeed, these companies typically do not submit claims for reimbursement themselves, and prescribing physicians’ and pharmacists’ claims typically are true statements about patients’ diagnoses and the drugs being prescribed and dispensed to the patients.  In United States v. Sanford-Brown Ltd., which we discussed in our 2016 Year-End Update, the Seventh Circuit suggested that it would enforce a strict reading of Escobar‘s two conditions.  Explaining that "bare speculation that [a defendant] made misleading representations is insufficient," the Sanford-Brown court affirmed summary judgment in favor of the defendant where the relator offered no evidence that the defendant made "any representations at all."[13]  The Ninth Circuit also has adopted a strict interpretation of the Escobar conditions, stating in United States ex rel. Campie v. Gilead Sciences, Inc., that a defendant "must not merely request payment, but also make specific representations about the goods or services provided" to succeed on an implied certification theory.[14]  District courts in other circuits have followed this line of reasoning.  For example, the Eastern District of Pennsylvania held in March that the "Escobar standard," which requires proof of specific representations made to the government payer, is "the only [standard] available for proving FCA liability" under the implied certification theory.  Accordingly, the court dismissed the plaintiffs’ FCA claims, which were based on alleged violations of the Poison Prevention Packaging Act.[15]  But some other courts, such as the Fourth Circuit, have recently said that Escobar does not necessarily require "specific representations" for implied certification liability.[16] Even among the courts that require FCA plaintiffs to satisfy both of Escobar‘s conditions, some have not made the "specific representations" condition a very high bar to cross.  In Campie, for example, the relators alleged that the defendant, a biotechnology company, caused the submission of claims for reimbursement for drugs manufactured in a manner inconsistent with representations that the company made to FDA in securing approval.  The Ninth Circuit indicated that the drugs’ proprietary names alone could constitute a false representation, because the names "necessarily refer to specific drugs under the FDA’s regulatory regime" and thus themselves represent FDA approval.[17]  Given that the defendant allegedly "requested payment for drugs that fell outside of that approval," the court reasoned that relators adequately alleged that the defendant "omitted critical information regarding compliance with FDA standards."[18]  If other courts follow Campie‘s lead and loosen the "specific representations" standard, Escobar may provide far less protection to future FCA defendants than some anticipated. b.     Government Knowledge and Materiality The Supreme Court emphasized in Escobar that the FCA’s materiality element, which requires an FCA plaintiff to show that the alleged violation of a legal requirement was material to the government’s decision to pay the claims in question, is "demanding" and "rigorous."   Accordingly, the Court clarified that the government’s mere option to refuse payment is not sufficient to establish materiality.[19]  The Court explained further that the government’s refusal to pay claims based on the alleged noncompliance may serve as evidence of materiality and that the government’s payment of claims "in full despite its actual knowledge that certain requirements were violated" is "very strong evidence" that the requirements are not material.[20]  In light of this guidance, several courts have recently grappled with what credence (if any) to attribute to the inaction of government officials with responsibility for payment and of agencies investigating the alleged compliance issues. In United States ex rel. Petratos v. Genentech Inc., the Third Circuit affirmed the district court’s decision to dismiss claims that the defendant pharmaceutical company had "suppressed data that caused doctors to certify incorrectly that [a drug] was ‘reasonable and necessary’ for certain at-risk Medicare patients."[21]  The relator alleged that the defendant was liable under the FCA because disclosures of certain data showing more common and severe side effects of its cancer drug "would have required the company to file adverse-event reports with FDA, and could have resulted in changes" to the drug’s FDA-approved labeling.[22]  The relator also alleged that, had the defendant disclosed the side-effect information, physicians would have prescribed different doses of the drug or decided not to prescribe it at all.[23] In affirming, the Third Circuit held that the alleged suppression of data was not material to payment under Escobar, noting that the relator’s claims must fail, in large part, because he "not only fail[ed] to plead that CMS ‘consistently refuses to pay’ claims like those alleged . . . but essentially concede[d] that CMS would consistently reimburse these claims with full knowledge of the purported noncompliance."[24]  As to the government’s knowledge of alleged wrongdoing, the court observed that neither FDA nor DOJ took any adverse action against the defendant after the relator disclosed the allegations, FDA added more approved indications for the drug, and DOJ declined to intervene in the qui tam suit.[25]  The court concluded that because the relator "concede[d] that the expert agencies and government regulators have deemed these violations insubstantial (or at least would do so if made aware) . . . it [is not] appropriate for a private citizen to enforce these regulations through the [FCA]."[26] c.     The Ninth Circuit Recognizes "Fraud on the FDA" Theory under Escobar In our 2016 Year-End Update, we addressed the First Circuit’s decision in United States ex rel. D’Agostino v. ev3, Inc., which rejected the relator’s theory that an alleged fraud perpetuated on FDA could serve as a basis for FCA liability.[27]  Cautioning against "turn[ing] the FCA into a tool with which a jury . . . could retroactively eliminate the value of FDA approval . . . when the FDA itself sees no reason to do so,"[28] the First Circuit reasoned that allegations that the "fraudulent representations ‘could have’ influenced the FDA to approve [the drug]" fell short of pleading the necessary "causal link" between representations made to FDA and payments made from CMS.[29]  The court also emphasized that FDA did not withdraw its approval of the device or take any other action despite being aware of the alleged fraudulent statements.[30]  More recently, however, the Ninth Circuit reached a different result from the First Circuit’s.  As noted above, in Campie, the relators alleged that the defendant biotechnology company fraudulently obtained approval for certain of its drugs by making false statements to FDA about the manufacturing source of the drugs’ active ingredient and negative results of internal quality testing of the products.[31]  According to the relators, FDA would not have approved the drugs if it had been aware of the alleged quality issues at the manufacturing site; the relators also alleged that the defendant took various steps to fraudulently conceal that it was obtaining the active ingredient from an unapproved manufacturing site before FDA’s approval.[32]  The government declined to intervene, and the district court granted the defendant’s pre-Escobar motion to dismiss, concluding that the relators did not plead that the FDA regulations allegedly violated by the defendant were a material condition of payment and thus failed to state a claim for relief under an implied certification theory.[33] The Ninth Circuit reversed.  After deciding that the defendant’s proprietary drug names themselves could constitute actionable "specific representations," the court rejected the distinction, advanced by the defendant and adopted by the district court, that any misrepresentations were made to FDA, not the government agency that paid for the drugs.[34]  The Campie court—quite incredibly—observed that the purported fraud was "committed against the Department of Health and Human Services," which oversees FDA, and concluded that a fraud on one component agency amounts to a fraud on a separate component agency, as long as they are "overseen" by the same cabinet secretary.[35]  In any event, the court continued, "[i]t is not the distinction between the agencies that matters, but rather the connection between the regulatory omissions and the claim for payment."[36]  According to the Campie court, the crux of the inquiry is whether the false statement is "integral to [the] causal chain leading to payment[.]"[37] Turning to materiality, the court concluded that the relators adequately pleaded that element because "FDA approval is ‘the sine qua non‘ of federal funding here."[38]  The court then rejected the defendant’s argument that FDA’s choice not to withdraw approval, even after it became aware of the unsanctioned manufacturing site and the alleged quality issues, showed that the alleged conduct was not material.[39]  The court noted that "there are many reasons the FDA may choose not to withdraw a drug approval," and stated that FDA’s continued approval of the drugs was unremarkable because the company had stopped using the manufacturing site in question.[40] The Campie court’s analysis of materiality appears, at best, incomplete.  The court emphasized that FDA approval was material to payment, but it never analyzed how the alleged statements or regulatory violations were material to the FDA approval or whether relators pleaded those seemingly required facts.  Nevertheless, the court concluded that the "issues raised by the parties here are matters of proof, not legal grounds to dismiss relators’ complaint."[41]  In doing so, the Campie court appears not to have given much regard to Escobar’s admonition that questions about materiality in the implied certification context are "[not] too fact intensive for courts to dismiss [FCA] cases on a motion to dismiss . . . ."[42] 5.     Rule 9(b) Particularity Federal Rule of Civil Procedure 9(b), which requires allegations of fraud to be pleaded with particularity, applies to FCA cases.  But federal circuit and district courts have diverged widely over the years as to how much detail FCA plaintiffs—and especially relators in cases after the government has declined to intervene—must plead about actual false claims to survive a Rule 9(b) challenge on a motion to dismiss.  That is a particularly salient issue in claims against pharmaceutical and medical device companies.  Because those companies typically do not submit false claims themselves, FCA plaintiffs must plead some level of factual information about the claims for reimbursement submitted by the physicians who prescribe or use the defendants’ drugs or devices, or by retail pharmacies that fill subscriptions.  In United States ex rel. Booker v. Pfizer,[43] the First Circuit added another entry to the growing body of case law on this question and reaffirmed a prior ruling that pleading aggregate government expenditure data for the drugs at issue does not, without more, pass muster under Rule 9(b).[44] In Booker, the relators brought FCA claims against the defendant pharmaceutical company alleging that the defendant continued to induce third parties to submit false claims for off-label pediatric use of its psychotropic drug despite settling prior claims with the government based on those off-label uses (and that the defendant failed to report those purported violations as required by its prior corporate integrity agreement).[45]  After allowing limited discovery on some of the claims, the district court granted summary judgment in favor of the defendant on the relators’ off-label and kickback claims.[46]  The First Circuit affirmed the dismissal of relators’ reverse FCA claim, which was based on the defendant’s alleged failure to comply with the corporate integrity agreement’s reporting requirements, on the ground that the relators did not assert that the defendant acted unreasonably in determining that the complaint was not a "Reportable Event" for purposes of the agreement.[47]  The court then affirmed the grant of summary judgment on the off-label FCA claims, as the only evidence proffered by the relators "[a]fter six years of litigation" was aggregate Medicaid reimbursement data for the alleged off-label use.[48]  Applying Rule 9(b)’s particularity requirements, the court echoed prior precedent, holding that "where relators offer only ‘aggregate expenditure data by the government for’ the drug at issue, ‘with[out] identify[ing] specific entities who submitted claims[,] much less times, amounts, and circumstances,’ their claims ‘fall short.’"[49]  The court further clarified that the First Circuit had not held that "aggregate data together with strong circumstantial evidence" could be used "to demonstrate the existence of false claims in an FCA case."[50]  Because the relators’ data was "woefully inadequate to support their FCA claim[,]" the court affirmed the district court’s grant of summary judgment for the defendant on the claims.[51]  It is somewhat unusual that the First Circuit would apply Rule 9(b), a pleading requirement, at the summary judgment stage, but the takeaway from Booker is clear that FCA plaintiffs alleging off-label theories in the First Circuit risk early dismissal if their claims are based solely on aggregate reimbursement data without at least some detail regarding individual claims. 6.     Public Disclosure The first half of 2017 saw two decisions applying the FCA’s public disclosure bar, 31 U.S.C. § 3130(e)(4), that may prove useful to drug and device companies.  Both addressed the level of specificity with which previous public disclosures must discuss the allegations at issue for the bar to apply. In the first decision, the Eighth Circuit affirmed the dismissal of the relator’s claims in United States ex rel. Lager v. CSL Behring, L.L.C., because various public sources disclosed "enough information" to identify the defendant and its products.[52]  There, the relator alleged that the defendant manufacturer conspired with specialty pharmacies to submit false claims to the United States for reimbursement for prescription drugs.  In particular, the relator asserted that CSL falsely reported inflated wholesale prices of two durable medical equipment infusion drugs, allowing the pharmacies to charge Medicare higher prices for the drugs and resulting in $280 million in Medicare overpayments.  Rejecting the relator’s argument that he added value by identifying the specific defendant in question in this case, the court held that a public disclosure must either "explicitly identify" the defendant or "provide enough information about the participants in the scheme such that the defendant is identifiable."[53]  The court agreed that, collectively, the various sources outlining issues with the average wholesale price ("AWP"), including CMS data showing the defendant’s prices and a government report identifying the same class of products, "provide[d] enough information" to "directly identify" the defendant and its products.[54]  Because the same sources disclosed the concept of fraudulently marketing the "spread" between the actual costs and the AWP at which Medicare reimburses the products, the "elements critical to [relator’s] complaint theory were already in the public domain before [he] brought suit"; as such, the FCA’s statutory bar applied to relator’s suit.[55] In the second decision, the Ninth Circuit joined a number of other courts that have concluded that the FCA’s enumerated sources of public disclosures encompass pleadings and other public filings in civil litigation.  In Amphastar Pharmaceuticals Inc. v. Aventis Pharma SA, the court held that the public disclosure bar can apply if the relator developed the bases for the allegations and transactions in question during discovery in a prior suit.[56]  There, the relator, a generic pharmaceutical manufacturer, alleged that the defendant innovator manufacturer violated the FCA by submitting false information to the U.S. Patent and Trademark Office in obtaining a patent for one of its drugs; the relator further contended that this purportedly false submission facilitated the defendant’s monopoly for the drug and led to overcharging of the government.[57]  In an earlier patent infringement suit brought by the defendant, the relator asserted similar claims of inequitable conduct as an affirmative defense and counterclaim.[58]  Observing that "pleadings or other public filings" can provide the basis for public disclosures that trigger the statutory bar,[59] the Ninth Circuit held that the relator’s amended answer and counterclaim for inequitable conduct in the prior suit "made nearly identical allegations to those made" in the FCA case.[60]  The court rejected the argument that the relator had not previously raised FCA claims, explaining that an allegation "need not include an express reference to the [FCA,]" nor must it contain "every specific detail" for the bar to apply.[61]  Notably, although the relator had not previously alleged that the government was buying the drug in question while the defendant asserted its patent, the court reasoned that it was "an obvious inference based on the publicly disclosed allegations."[62]  And because the underlying information was developed during earlier litigation, the court also found that the relator lacked the "direct and independent knowledge" necessary to qualify as an original source under the public disclosure bar as it existed prior to the 2010 amendments in the Patient Protection and Affordable Care Act.[63]      B.     Developments in Enforcement Actions Against Opioid Manufacturers In its first six months, the Trump Administration has stated that it will focus on responding to public health crises involving opioid abuse around the country and that its enforcement agencies will scrutinize companies that manufacture and market opioid drugs. In a first-of-its-kind settlement announced on July 11, 2017, Mallinckrodt, one of the largest manufacturers of generic oxycodone, agreed to pay $35 million to settle allegations that it violated certain civil penalty provisions of the Controlled Substances Act.[64]  The government alleged that Mallinckrodt failed to meet its obligations to detect and notify the Drug Enforcement Agency ("DEA") of suspicious orders of oxycodone, which is a controlled substance and is subject to certain order monitoring requirements.  From 2008 to 2011, Mallinckrodt purportedly supplied distributors with "excessive" quantities of oxycodone without notifying the DEA of the allegedly suspicious orders.  The settlement also resolved recordkeeping allegations related to purported issues with the batch records at one of the company’s manufacturing plants.  According to DOJ, the Mallinckrodt settlement is the first of its size to resolve claims premised on violations of suspicious order monitoring and reporting requirements with a drug maker.[65] Of particular note, the settlement includes a parallel agreement with the DEA under which the company must conduct certain data analyses to identify suspicious orders in the future.  The settlement requires Mallinckrodt to use downstream customer purchase information (provided by the company’s distributors to inform the amount of discounts, or "chargebacks," that Mallinckrodt may offer based on sales to certain downstream customers) to monitor and then report suspicious sales of oxycodone by distributors to pharmacy and pain clinic customers.[66]       C.     Notable Developments in FDCA Enforcement As noted above, Baxter Healthcare Corporation agreed to pay more than $18 million to resolve allegations that it failed to comply with cGMPs when manufacturing sterile intravenous ("IV") solutions.  Of that settlement sum, Baxter will pay $16 million in connection with its criminal deferred prosecution agreement and related penalties and forfeiture.[67]  According to the criminal information, the drugs were adulterated as a result of the presence of mold on some of the high-efficiency particulate absorption filters installed in the clean rooms in which the IV solutions were manufactured.  A Baxter employee allegedly reported the presence of mold on the filters to the management of the manufacturing plant, but, according to the government, Baxter did not remove the moldy filters until after an unannounced FDA inspection identified the issue.  Although there was no evidence that mold had any impact on the IV solutions, Baxter admitted to distribution of adulterated drugs in violation of the FDCA in its deferred prosecution agreement and agreed to implement enhanced compliance provisions, including periodic certifications to the government.[68] On April 18, 2017, DOJ announced that SCM True Air Technologies, Inc. and the company’s former president pleaded guilty to a criminal information involving one count of operating an establishment that manufactured medical devices without proper registration.[69]  According to the government, between 2010 and 2012, the president delivered to the VA misbranded bariatric hospital beds (Class II medical devices) manufactured in Ohio and Kentucky establishments that were not registered properly with FDA, even though the president and SCM had been advised that such registration was required.  The former president also pleaded guilty to one count of obstruction of an FDA investigation and one count of introducing misbranded medical devices into commerce.[70] Turning to case law developments, the Supreme Court refused to hear a case challenging the contours of the Park doctrine.  The Park doctrine (also known as the "responsible corporate officer" doctrine) derives from United States v. Park,[71] in which the Supreme Court held corporate officers could be criminally liable under the FDCA for failing to prevent or correct an FDCA violation without the usual criminal state of mind.[72]  As we reported in our 2016 Year-End FDA Update, a divided panel of the Eighth Circuit in United States v. DeCoster upheld the misdemeanor convictions of two owners and operators of an egg-production company for introducing eggs into interstate commerce that had been adulterated with salmonella enteritidis.[73]  The panel refused to undercut the Park doctrine (and distinguished officer liability from vicarious liability).  Instead, the panel focused on the fact that the defendants knew or should have known of the risks posed by unsanitary conditions at their egg barns, and held that the "elimination of a mens rea requirement does not violate the Due Process Clause for a public welfare offense where the penalty is ‘relatively small[.]’"[74]    In petitioning for certiorari, the defendants argued that their convictions were based on vicarious liability and thus violated due process because the defendants did not have knowledge that the distribution company sold adulterated eggs.[75]  But the Supreme Court ultimately denied the defendants’ petition (without any written order),[76] leaving the Park doctrine undisturbed.      D.     FCPA Investigations Two FCPA settlements from early in the year illustrate the potential consequences companies may face after failing to correct (from the government’s perspective) issues identified in previous investigations. In the first, Zimmer Biomet Holdings ("Biomet") entered a joint FCPA resolution with DOJ and the Securities and Exchange Commission ("SEC") in January 2017, stemming from Biomet’s alleged failure to sever ties with an unauthorized third-party distributor in Brazil and its purportedly improper payments to customs officials in Mexico.[77]  To settle the allegations, Biomet agreed to pay more than $30 million and retain a compliance monitor for three years.  By way of background, Biomet previously settled FCPA charges in 2012 involving allegedly improper payments to doctors employed by public institutions in Argentina, Brazil, and China by entering into a deferred prosecution agreement signed prior to Zimmer’s acquisition of Biomet.  As part of that settlement, Biomet agreed to a three-year independent compliance monitor; the company had to extend that monitorship for one year in light of the new allegations in Brazil and Mexico, which arose in the midst of its previously established compliance program.[78] According to the 2017 charging documents, Biomet continued its relationship with one of the distributors in Brazil that allegedly made some of the corrupt payments underlying the 2012 settlement, despite representations to the contrary made even after an internal audit allegedly identified a related company through which Biomet interacted with the distributor.[79]  The government took issue with Biomet’s books and records, claiming that they inaccurately recorded transactions with the pass-through company instead of the unauthorized distributor that actually performed the work.[80]  As to Mexico, the government alleged that a subsidiary used improper payments to customs officials through customs brokers and sub-agents to move unlicensed dental implants across the border.[81] In its resolution with the SEC, Biomet consented to an administrative cease-and-desist order alleging FCPA bribery and accounting violations.[82]  And to resolve the DOJ investigation, Biomet entered into a deferred prosecution agreement charging willful failure to implement internal controls, and a subsidiary pleaded guilty to a single count of causing the parent company’s books and records to be inaccurate.[83]  With the implementation of Biomet’s new settlement terms, by the end of its obligations the company will have operated under the supervision of a monitor for a total of eight years. On January 18, 2017, the SEC announced a settled cease-and-desist action against Texas-based medical device company Orthofix International; the action involved alleged FCPA accounting violations related to purportedly improper payments to doctors at state-run hospitals in Brazil.[84]  From 2011 to 2013, the company’s Brazilian subsidiary allegedly used inaccurately recorded discounts and improper payments through third-party commercial representatives and distributors to persuade doctors to use the company’s products.[85]  The SEC contended that Orthofix lacked policies or mechanisms to centrally approve and monitor discounts and commissions provided by the subsidiary.[86]  In the action, the SEC specifically referenced Orthofix’s previous FCPA resolution in 2012, which focused on allegedly improper payments by its subsidiary in Mexico.[87]  Like the Biomet case discussed above, Orthofix disclosed the facts leading to this second FCPA settlement as part of the company’s reporting obligations from its settlement in 2012.[88] To settle the SEC’s FCPA allegations, Orthofix consented to an administrative cease-and-desist order and agreed to pay more than $6 million, including nearly $3.2 million in disgorgement and prejudgment interest and a $2.9 million civil penalty.[89]  Orthofix also agreed to retain an independent compliance consultant for one year[90] and, notably, was required to admit the facts forming the basis for the settlement.[91]  In a coordinated non-FCPA resolution, Orthofix and four former executives settled with the SEC revenue recognition charges relating to distributor sales.[92] Additional discussion of these and other FCPA developments can be found in Gibson Dunn’s 2017 Mid-Year FCPA Update. II.     Promotional Issues After a flurry of last-minute activity by the Obama Administration in January, the first half of the year saw relatively little regulatory activity regarding the promotion of drugs and devices.  That is unsurprising, given that Commissioner Gottlieb did not take the helm until May.[93]  Before taking his new post, Commissioner Gottlieb publicly proposed changing FDA’s culture.  For example, he decried "increasing regulatory obstacles," observed that the "practice of medicine is supposed to be regulated by state governments," and noted that physicians "are not always required to strictly follow labels or FDA directives."[94]  These remarks may signal that a shift away from strict regulation of promotional information, which many observers feel has been warranted for a long time, is near. Below, we address the limited regulatory and legislative  developments from the first six months of 2017, as well as recent developments in FDA enforcement involving promotional issues.      A.     FDA Enforcement Activity – Advertising and Promotion In our 2016 Year-End Update, we reported a flurry of year-end FDA enforcement activity related to advertising and promotion by the outgoing administration.  But so far this year, the agency’s enforcement activity has nearly ground to a halt.  FDA’s Office of Prescription Drug Promotion ("OPDP") has issued only one warning letter so far.[95]   It remains to be seen whether this is the new normal (in light of growing First Amendment concerns about enforcement in this arena), a sign of shifting agency priorities under its new leadership, or simply an anomaly. OPDP’s sole warning letter this year concerns misleading risk information in electronic advertising—an area that has been a focus of FDA enforcement efforts in the past.  As in previous OPDP letters, FDA took issue with the presentation of risk information in the advertisement as well as the substance of that information. In a May 18, 2017 untitled letter, OPDP asserted that Orexigen Therapeutics, Inc.’s television advertisement promoting a chronic weight management drug made false or misleading representations about the associated risks of the drug.[96]  According to OPDP, the advertisement contained numerous effectiveness claims, but omitted relevant risk information.  Further, OPDP contended that the advertisement misled consumers because it presented certain risk information in the visual portion of the advertisement while simultaneously communicating unrelated risk information in the audio portion.[97]      B.     FDA’s Promotional Guidance FDA has issued two draft guidance documents relating to promotional practices this year, both as part of the Obama Administration’s last-minute efforts to shape FDA promotional policies. In January, FDA issued a draft "Questions and Answers" guidance entitled "Medical Product Communications That Are Consistent With the FDA-Required Labeling."[98]  The draft guidance document is intended to illuminate "how FDA evaluates firms’ medical product communications, including promotional materials, that present information that is not contained in the FDA-required labeling for the product but that may be consistent with the FDA-required labeling for the product."  FDA issued this draft guidance in response to manufacturers’ expressed interest in communicating "the approved/cleared uses of their products that are not contained in their products’ FDA-required labeling."[99] According to the draft guidance, a manufacturer would not be subject to FDA enforcement action if its promotional communication is consistent with the FDA-required labeling, and is otherwise truthful and non-misleading—even if such information is not clearly contained in the labeling.  In determining whether promotional communication is "consistent" with the labeling, FDA would evaluate three factors: First, FDA would consider whether any representations regarding the product in the communication conflict with particular conditions of use in the FDA-required labeling.  If there is a conflict, FDA would treat the communication as inconsistent under the draft guidance. Second, FDA would look to whether the representations negatively alter the benefit-risk profile of a product in a way that may result in increased harm to health.  If so, the communication would be deemed inconsistent with FDA-required labeling. Third, the agency would consider whether the product can be used safely and effectively under the conditions represented in the communication.  If so, the communication would be deemed consistent with FDA-required labeling.[100] Also in January, FDA issued a draft guidance document regarding communication of health care economic information ("HCEI") to payors about both approved and investigational drugs and devices.[101]  This draft guidance emphasized FDA’s belief that "information provided by firms to payors about their drugs [should] be truthful and non-misleading."[102] In regard to approved drugs, FDA first clarified that HCEI can be communicated to "a payor, formulary committee, or other similar entity with knowledge and expertise in the area of health care economic analysis, carrying out its responsibilities for the selection of drugs for coverage or reimbursement."  FDA then clarified that HCEI would be considered truthful and non-misleading if it relates to an approved indication.  According to FDA, illustrative examples of HCEI that is related to an approved indication include:  duration of treatment in clinical trials, use in additional practice settings, variations in dosing regimens, alternative patient subgroups, and clinical outcome assessments.[103] In regard to investigational drugs and devices, the draft guidance would permit manufacturers to provide certain information prior to FDA approval, so long as it is done in an "unbiased, factual, accurate, and non-misleading" manner.  Approved topics include, for example, indications for which approval is sought, clinical results, pricing, and related product information.[104] Halfway through 2017, the drug and device industry is still awaiting the long-ago promised guidance from FDA regarding its comprehensive review of policies relating to promotion of drugs and devices for off-label uses.  Although we continue to await that final guidance, we can report on a few notable regulatory developments in this area from the first half of 2017. As we noted in our 2016 Year-End Update, FDA held a public meeting last November to solicit commentary on the issue of off-label promotion.  Following up on the meeting, FDA issued a January 2017 memorandum in which it identified 12 alternative approaches to off-label promotion under the First Amendment.[105]  FDA rejected every potential approach as inadequate in its memorandum.  But, the agency nevertheless extended the commentary period on its review (which had closed on January 9, 2017) to solicit further input on the First Amendment implications because some commenters had "expressed the view that FDA had not sufficiently discussed the First Amendment in the notification of public hearing."  The extended review period, which closed in April, resulted in nearly 100 additional comments.[106] On January 9, 2017, FDA issued a final rule that partially amended the agency’s definition of "intended use" for drugs and devices.[107]  Departing from the prior definition of "intended use," which focused on whether a manufacturer had "knowledge of facts that would give him notice" that a drug or device would be used for off-label purposes, the new rule adopts a "totality of the evidence" standard.  The rule provides that "where the totality of evidence is sufficient to establish a new intended use for a medical product, relevant provisions of the [FDCA] and its implementing regulations will be triggered." On March 20, 2017 (after the change in administrations), FDA delayed the rule’s effective date until March 19, 2018 to allow for additional public comment.[108]  Opponents of the rule have criticized its definition of intended use as overbroad, and various industry organizations submitted a petition requesting that FDA reconsider and permanently stay the rule on that basis.[109]      C.     Notable Litigation Relating to Promotional Issues Although the first half of 2017 produced little relevant jurisprudence, one opinion provides an important reminder about the practical limits to the First Amendment’s protection of promotional speech. In United States ex rel. Gohil v. Aventis, Inc., the Eastern District of Pennsylvania declined to dismiss, on First Amendment grounds, allegations that the defendant "misrepresent[ed] the safety and effectiveness of the off-label use" of an FDA-approved drug for the treatment of cancer, reasoning that "[t]hat sort of speech is not necessarily protected by the First Amendment."[110]  The court recognized that "[l]iability for truthful, non-misleading speech related to off-label marketing may be protected by the First Amendment."[111]  But because the issue arose at the pleadings stage, the court declined to resolve the factual issue of whether "the off-label promotion [was] actually false and/or misleading."[112]  Although the Gohil court allowed the case to proceed, it is noteworthy that the court recognized the viability of a potential First Amendment defense in an FCA case based on off-label theories.      D.     Legislative Developments Reflecting the momentum for broader recognition of more permissive promotion communications about FDA-approved drugs and devices, the first half of 2017 featured notable legislative activity relating to off-label promotion at both the state and federal levels. At the state level, one state took matters into its own hands in the absence of FDA policy reform regarding the exchange of truthful off-label information between industry participants and physicians.  On March 21, 2017, Arizona became the first state to enact a law permitting drug and device manufacturers to communicate with health care providers about off-label treatments by eliminating state penalties for such conduct.[113]  Arizona’s "Free Speech in Medicine Act" allows manufacturers to "engage in truthful promotion of an off-label use of a drug, biological product or device" with licensed health care professionals, but not directly to the public.  Of course, because FDA retains the authority to police off-label promotion at the federal level, Arizona’s effort to relax restrictions is largely a symbolic gesture.  Nevertheless, the bill received widespread media attention and may help to encourage similar activity by other states and may even influence FDA’s policy development. Congress also shuffled forward this year, with House lawmakers introducing a pair of draft bills that would loosen restrictions on off-label drug and device communications. The first bill, entitled the Pharmaceutical Information Exchange Act, is aimed at loosening restrictions on what information manufacturers are permitted to communicate prior to FDA approval of a product.[114]  Introduced by Rep. Brett Guthrie (R-KY), the bill would amend the FDCA to permit the provision of "health care economic information or scientific information . . . to a payor, formulary committee, or other similar entity . . . if it is based on competent and reliable scientific evidence and relates to an investigational new drug or an investigational use of an approved drug." The second bill, entitled the Medical Product Communications Act of 2017, would enable manufacturers to proactively discuss certain off-label information with health care providers.[115]  The bill, introduced by Rep. Morgan Griffith (R-VA), provides that "the scientific exchange of information about a drug, biological product, or device . . . shall not constitute labeling, advertising, or evidence of a new intended use."  Thus, the bill would permit drug manufacturers to communicate information related to unapproved uses with health care professionals, provided that the communication is supported by appropriate data and the manufacturer makes no claim that the unapproved product or use has been demonstrated to be safe or effective. Although some lawmakers and industry groups expressed support for the draft bills during recent committee hearings—praising the proposed clarification of off-label communications and provision of more information to payers and health-care decision makers aimed at improving patient access to new treatments—other lawmakers and consumer groups expressed concern that the bills could undermine existing regulatory processes intended to protect patient health and safety.[116]  To date, neither bill has been advanced out of committee in the House.  III.     Developments in cGMP Regulations and Other Manufacturing Issues The biggest headline in the cGMP and manufacturing arena during the first six months of 2017 was the criminal conviction and sentencing of Barry Cadden, who was responsible for a deadly meningitis outbreak that arguably is the largest public health crisis caused by the defective manufacturing of a pharmaceutical product.  The first half of the year saw robust enforcement efforts on the part of DOJ and FDA.  For its part, FDA continues to crack down on manufacturing issues with warning letters and is on pace to exceed last year’s total number of warning letters by year’s end.  These developments, as well as recently issued final and draft guidance documents, are discussed below.      A.     Notable cGMP Compliance and Enforcement Activity 1.     Owner of New England Compounding Center Is Convicted and Sentenced In late 2014, an indictment was unsealed charging Barry Cadden, owner and head pharmacist of New England Compounding Center ("NECC"), with a host of crimes in connection with a nationwide meningitis outbreak.  According to DOJ, Cadden authorized the shipment of contaminated methylprednisolone acetate ("MPA") to NECC customers nationwide and, as a result, 753 patients in twenty states were diagnosed with a fungal infection after receiving injections of MPA.  The outbreak led to the deaths of 64 patients in nine states.  Cadden allegedly authorized the shipment of drugs without waiting for the return of sterility tests, failed to notify customers of nonsterile results, and compounded drugs with expired ingredients.  According to DOJ, this series of cGMP failures led to an outbreak that was the "largest public health crisis ever caused by a pharmaceutical product," with hundreds suffering from debilitating and life-changing injuries and a tragic number of wholly preventable fatalities.  In May 2017, after a nine-week trial, a federal jury convicted Cadden of racketeering, racketeering conspiracy, mail fraud, and introduction of misbranded drugs into interstate commerce with the intent to defraud and mislead.  The jury acquitted Cadden of murder charges.  In late June 2017, Cadden was sentenced to nine years in prison, three years of supervised release, and forfeiture and restitution in amounts to be determined.[117] In the wake of sentencing, FDA Commissioner Gottlieb commented, "[p]atients should not have to worry about the safety and sterility of the drugs they are prescribed. . . . [W]e will continue to hold accountable those who violate the law and put patients at risk."  According to Commissioner Gottlieb, this outcome serves as a cautionary tale against corner cutting and putting "profits over patients."[118] 2.     Consent Decrees Involving Two Drug Makers During the last six months, DOJ announced two notable consent decrees of permanent injunction entered by federal district courts against drug manufacturers to stop the distribution of unapproved, misbranded, and adulterated drugs.  On March 15, 2017, the U.S. District Court for the District of Colorado enjoined EonNutra LLC, two related companies (CDSM LLC and HABW LLC), and their owner from selling or distributing adulterated and misbranded dietary supplements and unapproved and misbranded drugs.[119]  The cGMP-based claims underlying the injunction alleged that the defendants’ products were not manufactured in compliance with federal regulations; a 2016 FDA inspection cited the defendants’ failure to establish specifications for the identity, purity, strength, and composition of their products or prepare and follow manufacturing plans. More recently, on June 15, 2017, the U.S. District Court for the Southern District of Florida entered a consent decree including a permanent injunction against Florida-based Stratus Pharmaceuticals Inc. and New Jersey-based Sonar Products Inc., as well as two of their officers, Alberto Hoyo and Juan Carlos Billoch.[120]  FDA accused Stratus and Sonar of regularly shipping unapproved dermatological products, such as washes, creams, and ointments promoted to treat skin conditions like acne and rosacea.  Sonar made the drugs for Stratus, which distributed prescription and nonprescription drugs and also owned 80% of Sonar.  The agency asserted that the companies had been violating cGMP requirements since 2014.  The consent decree requires Sonar to stop all operations until it hires a cGMP expert and receives written permission from FDA to resume operations.  Stratus is barred from distributing unapproved drugs until it gets clearance from FDA on those products. 3.     cGMP-Based Warning Letters FDA’s Office of Manufacturing Quality in the Center for Drug Evaluation and Research ("CDER") issued 26 warning letters in the first half of 2017, putting it on pace to exceed the 44 warning letters issued in 2016.[121]  As in 2016, FDA continued to focus on issues identified during foreign inspections, with warning letters issued to companies in China and India, as well as Japan, Singapore, Italy and the United Kingdom.  Also consistent with FDA’s activity in 2016, the warning letters thus far this year underscore FDA’s focus on data integrity.  Data integrity citations and recommendations for "Data Integrity Remediation" cropped up in 11 of the 26 warning letters issued by CDER in 2017.  CDER often found these violations in manufacturing facilities in China and India.   A few of the most notable warning letters from the first half of the year are summarized below: Jinan Jinda Pharmaceutical Chemistry Co.[122]  In February 2017, a Chinese manufacturer received a warning letter that cited, among other things, the lack of controls in place to prevent staff from altering or deleting electronic data.  FDA noted that "[a]nalysts manipulated and deleted audit trails" and that full administrative rights were given to the quality control manager and deputy manager, allowing them to manipulate data and turn off audit trails.  FDA also cited the company for failures of its quality unit to meet specifications for quality and purity and failure to adequately investigate out-of-specification results. Badrivishal Chemicals & Pharmaceuticals.[123]  In March 2017, FDA cited Badrivishal in India for multiple violations including quality and data integrity deficiencies.  In detailing the many asserted violations, FDA noted that original laboratory and production records were found in trash bags behind the facility, data on the discarded documents did not match official records, and the quality unit did not investigate the discrepancies.  Investigators discovered later that the trash bags had been removed, preventing further examination of the documents.  FDA recommended that the company hire a cGMP consultant to correct deviations. USV Private Limited.[124]  After a 2016 inspection of the company’s facility in India, FDA issued a March 2017 warning letter to USV listing cGMP violations.  The alleged violations included data integrity deficiencies, e.g., computer systems that were not appropriately controlled, data in laboratory records that were not complete, a computer system that allowed for deletion of files, the failure to maintain a backup file, and unrestricted access to microbial identification instrument and external hard drives.  To address these issues, FDA recommended a comprehensive data integrity remediation.  In the warning letter, FDA also asserted that USV failed to establish proper laboratory controls and procedures to prevent microbiological contamination on sterile products and to correctly and routinely perform environmental monitoring tests.  Notably, FDA pointed out that it found similar violations at another of the company’s facilities in 2014, which also resulted in a warning letter.  FDA admonished USV that "[t]hese repeated problems at multiple sites demonstrate that your company’s oversight and control over the manufacture of drugs is inadequate" and called for an immediate and comprehensive assessment of the company’s global manufacturing operations.      B.     cGMP Rulemaking and Guidance Activity Since January, FDA has issued four draft and final guidance documents related to cGMP compliance.  Like the guidance activity relating to promotional issues discussed above, FDA released three of the guidance documents in a last-minute effort to advance guidelines that had long been in the works before the change in administration. Combination Products.  In January 2017, FDA published final guidance entitled Current Good Manufacturing Practice Requirements for Combination Products, which describes and explains the final rule on cGMP requirements for combination products that FDA issued on January 22, 2013, as codified in 21 CFR part 4.[125]  The guidance defines what a combination product is, provides an overview of the final rule, and discusses the purpose and content of specific cGMP requirements addressed in the final rule.  In separate sections, the guidance also addresses certain general considerations for cGMP compliance for combination products and presents hypothetical scenarios to illustrate how to comply with requirements for particular types of combination products—specifically, a prefilled syringe, drug-eluting stent, and drug-coated mesh. Repackaging.  In January 2017, FDA also issued final guidance on the topic of Repackaging of Certain Human Drug Products by Pharmacies and Outsourcing Facilities.[126]  Repackaged drugs, which are prepared to meet the specific needs of particular patients, are generally subject to the adulteration, misbranding, and approval provisions of the FDCA.  The agency stated in the guidance, however, that it does not intend to enforce those provisions against state-licensed pharmacies, federal facilities or outsourcing facilities so long as they meet the criteria outlined in the guidance (e.g., that a licensed pharmacist repackage or directly supervise the repackaging of the drug product). Mixing, Diluting or Repackaging.  FDA issued draft guidance in January 2017 called Mixing, Diluting, or Repackaging Biological Products Outside the Scope of an Approved Biologics License Application.  The draft guidance details the conditions under which state-licensed pharmacies, federal facilities or outsourcing facilities can mix, dilute, and repackage biologics.[127]  According to FDA, "diluting or mixing a biological product with other components, or repackaging a biological product by removing it from its approved container-closure system and transferring it to another container-closure system, is, in the absence of manufacturing controls, highly likely to affect the safety and/or effectiveness of the biological product."[128]  FDA recognized, however, that in certain circumstances, it is appropriate to mix, dilute, or repackage a biological product to meet the needs of a specific patient (e.g., in the pediatric care context).  Although any biological product that is mixed, diluted, or repackaged such that it falls outside the scope of an approved BLA as an "unlicensed biological product," this draft guidance details the appropriate conditions under which these steps can be taken without risk of FDA action.  Notably, this document appears to provide more flexibility for outsourcing facilities to repackage biologics than the 2015 draft guidance.[129] Medical Gases.  Finally, FDA issued draft guidance in June 2017 addressing Current Good Manufacturing Practice for Medical Gases.  This draft guidance superseded the far lengthier May 2003 draft guidance regarding the same topic.[130]  In its most recent version, FDA explained that in an effort to reduce the regulatory compliance burden on the industry, it tailored the draft guidance to provide "clear, up-to-date, detailed recommendations regarding CGMP issues that have been the subject of industry questions."[131]  Among other issues, the draft guidance addresses requirements with respect to organization and personnel; facility and equipment; production and process controls; packaging and labeling, distribution, and laboratory controls; and records and reports. IV.     Medical Devices The first half of 2017 saw some late Obama Administration guidance with respect to medical devices followed by relative silence as FDA’s leadership turned over with the new administration.  We summarize below recent regulatory and enforcement developments relating to medical device manufacturers.      A.     FDA Guidance Since the Trump Administration took the reins, there has been little new guidance from FDA directed at medical devices.  In the waning days of the Obama Administration, however, CDRH released significant guidance regarding investigational device exemptions ("IDE"). On January 13, 2017, CDRH released guidance intended to clarify the "principal factors that FDA considers when assessing the benefits and risks of IDE applications for human clinical studies."[132]  The guidance sets forth a flexible review process that takes into account the "total product lifecycle" and the inherent "uncertainty (i.e., lower level of evidence)" available at the early stages of device development and investigational clinical study.  By recognizing the inherent uncertainty in early-stage device development, the guidance gives IDE sponsors and investigators leeway to pursue investigational devices without perfect knowledge of the ultimate benefit-risk balance.  The guidance also "characterize[s] benefits in the context of investigational research" to include both "direct benefits to the subject" and "benefits to others (to the extent there are indirect benefits to subjects such as knowledge to be gained from the study or information that may contribute to developing a treatment)."      B.     Update on Regulation of Laboratory Developed Tests We have previously reported on FDA’s controversial efforts to regulate Laboratory Developed Tests ("LDTs")—diagnostic tests designed, manufactured, and performed in clinical laboratories—including FDA’s indication that it would finalize its 2014 draft guidance regarding regulation of LDTs as medical devices.[133]  The change of administrations, paired with intense feedback from industry stakeholders, delayed efforts to finalize that guidance.  Indeed, FDA announced at the end of 2016 that it would not issue final guidance  on the oversight of LDTs. In January 2017, FDA went back to the drawing board and released a "Discussion Paper on Laboratory Developed Tests" that sets out a "possible approach to LDT oversight" based on the "extensive, and often conflicting, feedback [FDA] received from a broad range of stakeholders" on the aborted draft guidance.[134]  According to FDA, the approach outlined in the paper seeks to strike a balance between encouraging innovation, on the one hand, and ensuring that patients and health care providers have access to "accurate, reliable, and clinically valid tests," on the other.  To this end, the paper floats the possibility of requiring approval for "new and significantly modified high and moderate risk LDTs," while exempting "previously marketed LDTs" from "most or all FDA regulatory requirements" unless "necessary to protect the public health."[135]  Although the paper is non-binding and "does not represent the formal position of FDA," it previews an approach that could be more palatable to many stakeholders in continuing development of LDTs.[136]  There is no timeline for implementing or finalizing this framework, but FDA said it will continue to "work with all stakeholders in future conversations around the right path forward on LDT oversight."[137]      C.     Enforcement Letters FDA issued 11 device-related warning letters during the first six months of 2017, with only one of those coming from CDRH.[138]  Of those letters, all but one were related to manufacturing and Quality System Regulation issues.  Two letters warrant mention here. In January, Rapid Release Technologies received a warning letter concerning its "RPT PRO2" vibration pain therapy device; the Letter alleged that the company did not have an approved application for premarket approval or an approved application for an IDE.[139] In April, CDRH issued a warning letter to Abbott (St. Jude Medical Inc.) in connection with alleged battery defects in its defibrillators and alleged cybersecurity vulnerabilities in its home monitoring devices.[140]  CDRH’s focus on cybersecurity represents FDA’s first enforcement foray on that topic.  V.     Anti-Kickback Statute      A.     AKS-Related Case Law Developments Federal courts issued several notable decisions interpreting the AKS in the first half of 2017, including some that further expand the conduct reached by the AKS.  Continuing a trend we have noted in past updates, these courts broadly interpreted key language in the statute’s prohibition on drug and device manufacturers providing or receiving "remuneration" to induce, "arrange for," or reward referrals or business involving goods or services for which payment "may be made" by a federal health care program. Two notable opinions involved issues tied to the promotion of prescription drugs.  First, in United States ex rel. Brown v. Pfizer, Inc.,[141] the Eastern District of Pennsylvania declined to dismiss a case involving alleged speaker fees and other payments the defendant made to physicians to encourage prescriptions of an anti-infection drug.[142]  Although the defendant argued that imposing AKS liability on such allegations "would effectively criminalize the promotion of prescription drugs," the court disagreed.  The court recognized that the personal services and management contracts "safe harbor" to the AKS permits paid contractual  arrangements between pharmaceutical companies and physicians provided that they meet certain requirements (e.g., that the payments were set at "fair market value").  But the court concluded that relators had sufficiently alleged that the defendant’s payments were not made at fair market value, and, as a result, the defendant could not—at least at the pleadings stage—establish that it met the personal services and management contracts safe harbor.[143] In a second case, United States ex rel. Wood v. Allergan Inc.,[144] the Southern District of New York considered whether prescription drug sampling—a practice expressly permitted by the Prescription Drug Marketing Act ("PDMA")—could constitute "remuneration" under the AKS.  Specifically, the court declined to dismiss an FCA claim predicated on the defendant’s alleged payment of kickbacks to physicians in the form of prescription drug samples to encourage drug prescriptions.  The defendant argued that the PDMA permits pharmaceutical companies to provide drug samples to encourage physicians to prescribe the drugs and that HHS OIG guidance expressly acknowledges that prescription drug samples have no value to physicians unless resold or billed to government health care programs.  The court sidestepped the apparent conflict between the AKS and PDMA, however, and instead relied on the relator’s allegations that absent the provision of free samples, physicians may have had to purchase some amount of those drugs to use in their practices, rather than having prescriptions filled at retail pharmacies.  As a result, the court concluded that the samples could be "remuneration" insofar as they had value to physicians by allegedly "subsidiz[ing] . . . [their] costs."[145] Another federal court also adopted an expansive interpretation of the AKS in analyzing what it means to "arrange for" the provision of federally reimbursable goods or services, which the AKS penalizes if done in exchange for remuneration.[146]  In MedPricer.com, Inc. v. Becton, Dixon & Co.,[147] the court declared unenforceable a contract between a device manufacturer and the operator of an auction website under which the website operator would post device listings because performing the contract would violate the AKS’s "arrange for" provision.[148]  The court held that the website operator "arranged" for sales of devices within the meaning of the AKS despite the fact that the operator neither participated as a buyer or a seller, nor "cho[se] which particular suppliers participate[d] in the sales [or] which products [were] sold."[149]  In reaching this conclusion, the court relied largely on the website operator’s description of its business model as "facilitat[ing] sales" of medical devices.[150]  Notably, the MedPricer.com opinion has potentially broader applicability in that the court determined that AKS liability "requires only a minimal showing" that the goods or services in question are provided to a government program beneficiary and "may be" federally reimbursable—rejecting the argument that AKS liability only attaches when the goods or services are, in fact, actually reimbursed by the federal government.[151]  In reaching the latter conclusion, the court relied on the HHS OIG’s view in past advisory opinions that whether a product or service is in fact reimbursed by federal health care programs bears only on HHS OIG enforcement decisions, not on the scope of conduct covered by the AKS.[152]      B.     HHS OIG Final Rule Regarding AKS Statute of Limitations In January 2017, HHS OIG finalized a rule that imposes a 10-year limitations period on HHS OIG exclusion actions brought on the basis of violations of the AKS.[153]  HHS OIG had originally proposed to amend the relevant regulation to clarify that there was no limitations period.[154]  However, in response to numerous comments objecting to the proposal, HHS OIG decided to adopt a 10-year limitations period.[155]  In doing so, HHS OIG expressed concern that "any limitations period on . . . exclusions may force OIG to either initiate administrative proceedings while [a given FCA] matter is proceeding or lose the ability to protect the programs and beneficiaries through an exclusion.  Litigating FCA and exclusion actions on parallel tracks wastes Government (both administrative and judicial) and private resources."[156]  Nonetheless, HHS OIG concluded that "such situations will be less frequent with a 10-year period than with a shorter period," and that a 10-year period balances the goal of avoiding government waste against the goals of "provid[ing] certainty" and avoiding the "administrative burden" of indefinite document retention that regulated parties could incur were HHS OIG to explicitly adopt an indefinite limitations period.[157]  HHS OIG’s response to the comments it received also noted the alignment between a 10-year limitations period and the FCA’s 10-year statute of repose,[158] and stated that, while recent conduct is more relevant to exclusion decisions, HHS OIG’s experience has shown that "exclusion can be necessary to protect the Federal health care programs even when the conduct is up to 10 years old."[159]      C.     Notable HHS OIG Guidance Among a number of advisory opinions issued by HHS OIG so far in 2017, one opinion had particular relevance for drug and device companies in the context of clinical studies and patient assistance programs. In an advisory opinion issued on June 29, 2017, HHS OIG considered a proposal to "reduce or waive, on a non-routine, unadvertised basis, cost-sharing amounts owed by financially needy Medicare beneficiaries for items and services furnished in connection with a clinical research study."[160]  The study involved a biomedical system indicated for treating ulcers and other chronic wounds.[161]  In the proposal advanced by the parties seeking the advisory opinion, a particular hospital participating in the study would "reduce or waive applicable cost-sharing amounts owed by financially needy beneficiaries for all Study-related items and services."[162]  The manufacturer of the system under study would not cover any of these reductions or waivers.  The hospital would only inform a given patient of the possibility of reduction or waiver if that patient, upon receiving notice that he or she "may owe cost-sharing amounts in connection with the Study," informed the hospital that he or she could not afford these payments.[163]  The hospital would then evaluate the patient’s financial need according to a set of uniform criteria.  Neither the hospital nor the manufacturer would advertise the possibility of waiver or reduction of patients’ cost-sharing obligations.[164] Analyzing the proposal under the Beneficiary Inducement CMP,[165] HHS OIG found that the proposal fits within an exception from the definition of remuneration for any waiver of coinsurance or deductible amounts that "is not offered as part of any advertisement or solicitation"; that is not "routinely" provided; and that is only granted either after a "good faith" determination of financial need, or after "reasonable collection efforts" have failed.[166]  Given the non-advertised and "case-by-case" nature of the proposed reductions and waivers in this particular case, along with the "objective criteria" used to determine financial need, HHS OIG found that the proposal fit within this exception.[167]  For the same reasons, HHS OIG determined that it would not seek administrative sanctions under the AKS, provided that "the requisite intent to induce or reward referrals of Federal health care program business" remained absent.[168] VI.     Conclusion As these issues, and others, in the drug device industries continue to develop, we will track them and report back in our 2017 Year-End Update. [1]      Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Shire PLC Subsidiaries to Pay $350 Million to Settle False Claims Act Allegations (Jan. 11, 2017), https://www.justice.gov/opa/pr/ shire-plc-subsidiaries-pay-350-million-settle-false-claims-act-allegations. [2]      Id. [3]      Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Sanofi Pasteur Agrees to Pay $19.8 Million to Resolve Drug Overcharges to the Department of Veterans Affairs (Apr. 3, 2017), https://www.justice.gov/ opa/pr/sanofi-pasteur-agrees-pay-198-million-resolve-drug-overcharges-department-veterans-affairs. [4]      See 38 U.S.C. § 8126. [5]      Nate Raymond, Linde’s Lincare settles U.S. whistleblower case for $20 million, Reuters, June 27, 2017, http://www.reuters.com/article/us-linde-lawsuit-idUSKBN19I2GX; Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Oxygen Equipment Provider Pays $11.4 Million to Resolve False Claims Act Allegations (Apr. 25, 2017), https://www.justice.gov/opa/pr/oxygen-equipment-provider-pays-114-million-resolve-false-claims-act-allegations. [6]      Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Durable Medical Equipment Manufacturer Agrees To Pay $2.715 Million To Resolve False Claims Allegations (June 29, 2017), https://www.justice.gov/usao-mdtn/pr/ durable-medical-equipment-manufacturer-agrees-pay-2715-million-resolve-false-claims. [7]      Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Baxter Healthcare Corporation to Pay More Than $18 Million to Resolve Criminal and Civil Liability Relating to Sterile Products (Jan. 12, 2017), https://www.justice.gov/opa/pr/baxter-healthcare-corporation-pay-more-18-million-resolve-criminal-and-civil-liability. [8]      Id. [9]      See Statement of Facts ¶¶ 37–40, United States v. Baxter Healthcare Corp., No. 1:17-mj-00010-DLH (W.D.N.C. Jan. 12, 2017), ECF No. 1-1. [10]     See generally Universal Health Servs., Inc. v. United States ex rel. Escobar, 136 S. Ct. 1989 (2016). [11]     See id. at 1995. [12]     Id. at 2001 (emphasis added). [13]     840 F.3d 445, 447 (7th Cir. 2016). [14]     862 F.3d 890, 902 (9th Cir. 2017). [15]     United States ex rel. Schiemelpfenig v. Dr. Reddy’s Labs. Ltd., No. 11-4607, 2017 WL 1133956, at *6 (E.D. Pa. Mar. 27, 2017) (interpreting language from the Third Circuit’s decision in United States ex rel. Whatley v. Eastwick College, 657 F. App’x 89 (3d Cir. 2016)) [16]     See United States ex rel. Badr v. Triple Canopy, Inc., 857 F.3d 174, 178 (4th Cir. 2017); see also United States ex rel. Landis v. Tailwind Sports Corp., 2017 WL 573470, at *11 (D.D.C. Feb. 13, 2017). [17]     Campie, 862 F.3d at 902–03. [18]     Id. at 903. [19]     136 S. Ct. at 2002–04. [20]     Id. at 2003. [21]     855 F.3d 481, 485 (3d Cir. 2017). [22]     Id. [23]     Id. at 486. [24]     Id. at 490 (quoting Escobar, 136 S. Ct. at 2003). [25]     Petratos, 855 F.3d at 490. [26]     Id. [27]     845 F.3d 1 (1st Cir. 2016). [28]     Id. at 8. [29]     Id. at 7. [30]     Id. at 8. [31]     862 F.3d at 895–96. [32]     Id. at 896–97. [33]     See id. at 898; see also United States ex rel. Campie v. Gilead Sci., Inc., No. C-11-0941 EMC, 2015 WL 3659765, at *6–8 (N.D. Cal. June 12, 2015). [34]     862 F.3d at 902–03. [35]     Id. at 903. [36]     Id. [37]     Id. (citation and internal quotation marks omitted). [38]     Id. at 905 (citation omitted). [39]     Id. at 906. [40]     Id. [41]     Id. at 907. [42]     136 S. Ct. at 2004 n.6. [43]     847 F.3d 52 (1st Cir. 2017). [44]     See id. at 58 (upholding United States ex rel. Ge v. Takeda Pharm. Co. Ltd., 737 F.3d 116, 121, 124 (1st Cir. 2013)). [45]     847 F.3d at 54–55. [46]     See id. at 55. [47]     Id. at 57. [48]     Id. at 58. [49]     Id. (quoting United States ex rel. Ge v. Takeda Pharm. Co., 737 F.3d 116, 121, 124 (1st Cir. 2013) (alterations in original)). [50]     847 F.3d at 58. [51]     Id. at 58–59. [52]     855 F.3d 935, 945–46 (8th Cir. 2017) (citation and internal quotation marks omitted). [53]     Id. at 944 (citation and internal quotation marks omitted). [54]     Id. at 945–46 (citation and internal quotation marks omitted). [55]     Id. at 948–49. [56]     856 F.3d 696 (9th Cir. 2017).  Gibson, Dunn & Crutcher LLP represented the defendants-appellants in the district court and in their successful appeal of this matter in the Ninth Circuit. [57]     Id. at 702. [58]     Id. at 701. [59]     Id. at 703. [60]     Id. at 704. [61]     Id. (citation and internal quotation marks omitted). [62]     Id. [63]     Id. at 706–08. [64]     Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Mallinckrodt Agrees to Pay Record $35 Million Settlement for Failure to Report Suspicious Orders of Pharmaceutical Drugs and for Recordkeeping Violations (July 11, 2017), https://www.justice.gov/opa/pr/mallinckrodt-agrees-pay-record-35-million-settlement-failure-report-suspicious-orders. [65]     Id. [66]     Id. [67]     See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Baxter Healthcare Corporation to Pay More Than $18 Million to Resolve Criminal and Civil Liability Relating to Sterile Products (Jan. 12, 2017), https://www.justice.gov/opa/pr/baxter-healthcare-corporation-pay-more-18-million-resolve-criminal-and-civil-liability. [68]     See id. [69]     Press Release, U.S. Dep’t of Justice, U.S. Attorney’s Office, W.D. of Ky., SCM True Air Technologies, Of Ohio And Kentucky, And Its Former Company President – Guilty Of Delivering Misbranded Medical Devices From Unregistered Facilities To A Georgia V.A. Medical Center And Obstructing An FDA Investigation Into Their Conduct (Apr. 18, 2017), https://www.justice.gov/usao-wdky/pr/scm-true-air-technologies-ohio-and-kentucky-and-its-former-company-president-guilty. [70]     Id. [71]     421 U.S. 658 (1975). [72]     Id. at 670–76. [73]     United States v. DeCoster, 828 F.3d 626, 629–33 (8th Cir. 2016). [74]     Id. at 633. [75]     See Petition for Writ of Certiorari at 2–4, DeCoster v. United States (No. 16-877). [76]     137 S. Ct. 2160 (2017). [77]     Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Zimmer Biomet Holdings Inc. Agrees to Pay $17.4 Million to Resolve Foreign Corrupt Practices Act Charges (Jan. 12, 2017), https://www.justice.gov/opa/pr/ zimmer-biomet-holdings-inc-agrees-pay-174-million-resolve-foreign-corrupt-practices-act. [78]     See id. [79]     See Superseding Information ¶¶ 20, 22–44, United States v. Zimmer Biomet Holdings, Inc., No. 12-CR-00080 RBW (D.D.C. Jan. 12, 2017). [80]     See id. at ¶¶ 72–75. [81]     See id. at ¶ 45. [82]     Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Zimmer Biomet Holdings Inc. Agrees to Pay $17.4 Million to Resolve Foreign Corrupt Practices Act Charges (Jan. 12, 2017), https://www.justice.gov/opa/ pr/zimmer-biomet-holdings-inc-agrees-pay-174-million-resolve-foreign-corrupt-practices-act; Press Release, U.S. Sec. & Exch. Comm’n, Biomet Charged With Repeating FCPA Violations (Jan. 12, 2017), https://www.sec.gov/news/pressrelease/2017-8.html. [83]     Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Zimmer Biomet Holdings Inc. Agrees to Pay $17.4 Million to Resolve Foreign Corrupt Practices Act Charges (Jan. 12, 2017), https://www.justice.gov/opa/pr/zimmer-biomet-holdings-inc-agrees-pay-174-million-resolve-foreign-corrupt-practices-act. [84]     Press Release, U.S. Sec. & Exch. Comm’n, Medical Device Company Charged With Accounting Failures and FCPA Violations (Jan. 18, 2017), https://www.sec.gov/news/pressrelease/2017-18.html. [85]     Id. [86]     See Order Instituting Cease-and-Desist Proceedings 2, In the Matter of Orthofix Int’l N.V., Admin. Proc. File No. 3-17800 (Jan. 18, 2017), https://www.sec.gov/litigation/admin/2017/34-79828.pdf. [87]     See id. at 2, 3.18, 2017), https://www.sec.gov/litigation/admin/2017/34-79828.pdf. [88]     See id. at 6. [89]     See Press Release, U.S. Sec. & Exch. Comm’n, Medical Device Company Charged With Accounting Failures and FCPA Violations (Jan. 18, 2017), https://www.sec.gov/news/pressrelease/2017-18.html. [90]     See Order Instituting Cease-and-Desist Proceedings 9, In the Matter of Orthofix Int’l N.V., Admin. Proc. File No. 3-17800 (Jan. 18, 2017), https://www.sec.gov/litigation/admin/2017/34-79828.pdf. [91]     See id. at 1. [92]     See Press Release, U.S. Sec. & Exch. Comm’n, Medical Device Company Charged With Accounting Failures and FCPA Violations (Jan. 18, 2017), https://www.sec.gov/news/pressrelease/2017-18.html. [93]     Meet Scott Gottlieb, M.D., Commissioner of Food and Drugs, U.S. Food & Drug Admin., https://www.fda.gov/AboutFDA/CentersOffices/ucm557569.htm (last updated May 18, 2017). [94]     Scott Gottlieb, Changing the FDA’s Culture, Nat’l Affairs (2012), https://www.nationalaffairs.com/publications/detail/changing-the-fdas-culture. [95]     Warning Letters 2017: Office of Prescription Drug Promotion, U.S. Food & Drug Admin., https://www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/default.htm (follow "Enforcement Activities by FDA" hyperlink; then follow "Warning Letters and Notice of Violation Letters to Pharmaceutical Companies" hyperlink; then follow "Warning Letters 2017" hyperlink) (last updated Aug. 3, 2017). [96]     Untitled Letter from Meena Ramachandra, Regulatory Review Officer, Office of Prescription Drug Promotion, U.S. Food & Drug Admin. to Stacy Hennings, Senior Director, Regulatory Affairs Advertising & Promotions, Orexigen Therapeutics, Inc. (May 18, 2017), https://www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/default.htm (follow "Enforcement Activities by FDA" hyperlink; then follow "Warning Letters and Notice of Violation Letters to Pharmaceutical Companies" hyperlink; then follow "Warning Letters 2017" hyperlink; then follow "Untitled Letter" hyperlink under "Office of Prescription Drug Promotion"). [97]     Id. [98]     U.S. Food & Drug Admin., Draft Guidance for Industry: Medical Product Communications That Are Consistent With the FDA-Required Labeling—Questions and Answers (Jan. 2017), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM537130.pdf. [99]     Id. at 1–2. [100]   Id. at 3–5. [101]   U.S. Food & Drug Admin., Draft Guidance for Industry and Review Staff:  Drug and Device Manufacturer Communications With Payors, Formulary Committees, and Similar Entities—Questions and Answers (Jan. 2017), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM537347.pdf. [102]   Id. at 3. [103]   Id. at 4–8. [104]   Id. at 16. [105]   U.S. Food & Drug Admin., Public Health Interests and First Amendment Considerations Related to Manufacturer Communications Regarding Unapproved Uses of Approved or Cleared Medical Products 1, 26–34 (Jan. 2017), https://www.federalregister.gov/documents/2017/01/19/2017-01013/manufacturer-communications-regarding-unapproved-uses-of-approved-or-cleared-medical-products. [106]   U.S. Food & Drug Admin., Manufacturer Communications Regarding Unapproved Uses of Approved or Cleared Medical Products; Availability of Memorandum; Reopening of the Comment Period, 82 Fed. Reg. 6367, 6368 (Jan. 19, 2017). [107]   U.S. Food & Drug Admin., Clarification of When Products Made or Derived From Tobacco Are Regulated as Drugs, Devices, or Combination Products; Amendments to Regulations Regarding "Intended Uses," 82 Fed. Reg. 2193 (Jan. 9, 2017). [108]   U.S. Food & Drug Admin., Clarification of When Products Made or Derived From Tobacco Are Regulated as Drugs, Devices, or Combination Products; Amendments to Regulations Regarding "Intended Uses"; Further Delayed Effective Date; Request for Comments, 82 Fed. Reg. 14319 (Mar. 20, 2017), https://www.federalregister.gov/documents/2017/03/20/2017-05526/ clarification-of-when-products-made-or-derived-from-tobacco-are-regulated-as-drugs-devices-or. [109]   Id. [110]   United States ex rel. Gohil v. Aventis, Inc., No. 02-2964, 2017 WL 85375, at *1, 8 (E.D. Pa. Jan. 10, 2017). [111]   Id. at *8 (citation omitted). [112]   Id. [113]   Free Speech in Medicine Act, HB 2382 (2017), http://www.azleg.gov/legtext/53leg/1r/bills/hb2382p.pdf. [114]   Pharmaceutical Information Exchange Act, H.R. 2026, 115th Cong. (2017), https://www.congress.gov/bill/115th-congress/house-bill/2026. [115]   Medical Product Communications Act of 2017, H.R. 1703, 115th Cong. (2017), https://www.congress.gov/bill/115th-congress/house-bill/1703/text. [116]   Jeff Overley, Off-Label Drug Bills Get Little Traction On Capitol Hill, Law360, https://www.law360.com/health/articles/943303/off-label-drug-bills-get-little-traction-on-capitol-hill. [117]   Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Owner of New England Compounding Center Sentenced for Racketeering Leading to Nationwide Fungal Meningitis Outbreak (June. 26, 2017), https://www.justice.gov/opa/pr/ owner-new-england-compounding-center-sentenced-racketeering-leading-nationwide-fungal; see also Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Owner of New England Compounding Center Convicted of Racketeering Leading to Nationwide Fungal Meningitis Outbreak (Mar. 22, 2017), https://www.justice.gov/opa/pr/ owner-new-england-compounding-center-convicted-racketeering-leading-nationwide-fungal. [118]   Id. [119]   Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, District Court Enters Permanent Injunction Against Colorado Companies to Stop Distribution of Adulterated And Misbranded Dietary Supplements and Unapproved and Misbranded Drugs (Mar. 15, 2017), https://www.justice.gov/opa/pr/district-court-enters-permanent-injunction-against-colorado-companies-stop-distribution. [120]   Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, District Court Enters Permanent Injunction Against Florida and New Jersey Companies and Senior Managers to Stop the Distribution of Unapproved, Misbranded, and Adulterated Drugs (June 15, 2017), https://www.justice.gov/opa/pr/district-court-enters-permanent-injunction-against-florida-and-new-jersey-companies-and. [121]   See U.S. Food & Drug Admin., Warning Letters 2017 (Aug. 8, 2017), https://www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/default.htm (follow "Enforcement Activities by FDA" hyperlink; then follow "Warning Letters and Notice of Violation Letters to Pharmaceutical Companies" hyperlink; then follow "Warning Letters 2017" hyperlink). [122]   Warning Letter from Thomas J. Cosgrove, Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Mr. Yu Shui Cheng, General Manager, Jinan Jinda Pharmaceutical Chemistry Co., Ltd (Feb. 24, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm546319.htm. [123]   Warning Letter from Thomas J. Cosgrove, Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Mr. Deepak Rawat, CEO, Badrivishal Chemicals & Pharmaceuticals (Mar. 2, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm545454.htm. [124]   Warning Letter from Thomas J. Cosgrove, Dir., Office of Mfg. Quality, U.S. Food & Drug Admin. to Mr. Prashant K. Tewari, Managing Dir., USV Private Limited (Mar. 10, 2017), https://www.fda.gov/ICECI/EnforcementActions/ WarningLetters/2017/ucm546483.htm. [125]   U.S. Food & Drug Admin., Guidance for Industry and FDA Staff: Current Good Manufacturing Practice Requirements for Combination Products (Jan. 10, 2017), https://www.fda.gov/downloads/ RegulatoryInformation/Guidances/UCM429304.pdf. [126]   U.S. Food & Drug Admin., Guidance for Industry: Repackaging of Certain Human Drug Products by Pharmacies and Outsourcing Facilities (Jan. 12, 2017), https://www.fda.gov/downloads/Drugs/ GuidanceComplianceRegulatoryInformation/Guidances/UCM434174.pdf. [127]   U.S. Food & Drug Admin., Draft Guidance for Industry: Mixing, Diluting, or Repackaging Biological Products Outside the Scope of an Approved Biologics License Application (Jan. 12, 2017), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM434176.pdf. [128]   Id. at 3. [129]   U.S. Food & Drug Admin., Draft Guidance for Industry: Mixing, Diluting, or Repackaging Biological Products Outside the Scope of an Approved Biologics License Application (Feb. 2015), https://www.regulations.gov/document?D=FDA-2014-D-1525-0356. [130]   U.S. Food & Drug Admin., Draft Guidance for Industry: Current Good Manufacturing Practice for Medical Gases (June 28, 2017), https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM070270.pdf.    [131]   Id. at 2. [132]   U.S. Food & Drug Admin., Factors to Consider When Making Benefit-Risk Determinations for Medical Device Investigational Device Exemptions 5–6 (Jan. 13, 2017), https://www.fda.gov/downloads/MedicalDevices/‌DeviceRegulationandGuidance/GuidanceDocuments/UCM451440.pdf. [133]   See U.S. Food & Drug Admin., Draft Guidance for Industry, Food and Drug Administration Staff, and Clinical Laboratories: FDA Notification and Medical Device Reporting for Laboratory Developed Tests (LDTs) (Oct. 3, 2014), http://www.fda.gov/downloads/%20MedicalDevices/‌ DeviceRegulationandGuidance/GuidanceDocuments/UCM416684.pdf; U.S. Food & Drug Admin., Draft Guidance for Industry, Food and Drug Administration Staff, and Clinical Laboratories: Framework for Regulatory Oversight of Laboratory Developed Tests (LDTs) (Oct. 3, 2014), https://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm416685.pdf. [134]   U.S. Food & Drug Admin., Discussion Paper on Laboratory Developed Tests (LDTs) (Jan. 13, 2017), https://www.fda.gov/downloads/medicaldevices/productsandmedicalprocedures/ invitrodiagnostics/laboratorydevelopedtests/ucm536965.pdf. [135]   Id. at 4. [136]   Id. at 1. [137]   Id. at 10. [138]   Warning Letters 2017, U.S. Food & Drug Admin., https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/default.htm (last updated Aug. 24, 2017). [139]   Warning Letter from Steven E. Porter, L.A. District Dir., U.S. Food & Drug Admin. to Dr. Stanley R. Stanbridge, Vice President of R&D, Rapid Release Technologies (Jan. 17, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm538234.htm. [140]   Warning Letter from Sean M. Boyd, Deputy Dir. for Regulatory Affairs, Office of Compliance, Ctr. for Devices & Radiological Health, U.S. Food & Drug Admin. to Mike Rousseau, President, Abbott (Apr. 12, 2017), https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm552687.htm. [141]   No. 05-6795, 2017 WL 1344365, at *1 (E.D. Pa. Apr. 12, 2017). [142]   Id. at *6. [143]   Id. at *8. [144]   No. 10-CV-5645, 2017 WL 1233991, at *1 (S.D.N.Y. Mar. 31, 2017). [145]   Id. at *21. [146]   The AKS prohibits remuneration solicited or received "in return for purchasing, leasing, ordering, or arranging for . . . any good, facility, service, or item for which payment may be made in whole or in part under a Federal health care program."  42 U.S.C. § 1320a-7b(b)(1)(B) (emphasis added).  A similar prohibition exists for remuneration offered or given as an inducement for the recipient to "arrange for" a covered item or service.  See 42 U.S.C. § 1320a-7b(b)(2)(B). [147]   No. 3:13-cv-1545 (MPS), 2017 WL 888479 (D. Conn. Mar. 6, 2017). [148]   Id. at *1. [149]   Id. at *5. [150]   Id. The court also found that the AKS’s scienter requirement does not need to be fulfilled in order for a contract to be illegal under the AKS and thus unenforceable.  See id. at *9. [151]   See id. at *8. [152]   See id.. [153]   See U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., Health Care Programs: Fraud and Abuse; Revisions to the Office of Inspector General’s Exclusion Authorities, 82 Fed. Reg. 4100, 4114 (Jan. 12, 2017), https://www.gpo.gov/fdsys/pkg/FR-2017-01-12/pdf/2016-31390.pdf. [154]   See id. at 4101. [155]   See id. at 4101–02. [156]   Id. at 4102. [157]   See id. at 4101–02. [158]   See id. at 4102; 31 U.S.C. § 3731(b)(2). [159]   82 Fed. Reg. at 4102.  The final rule applies both to exclusions for conduct that violates the AKS, as well as exclusions for conduct that violates the CMP statute. See id. at 4114; 42 C.F.R. §§ 1001.901(c), 1001.951(c). [160]   U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., OIG Advisory Op. 17-02 at 1 (June 29, 2017), https://oig.hhs.gov/fraud/docs/advisoryopinions/2017/AdvOpn17-02.pdf. [161]   Id. at 3. [162]   Id. [163]   Id. at 3–4. [164]   Id. at 4, 7. [165]   42 U.S.C. § 1320a-7a(a)(5). [166]   See 42 U.S.C. § 1320a-7a(i)(6)(A).  As HHS OIG noted in the advisory opinion, the same exception to the definition of "remuneration" is found in the CMP statute’s implementing regulations.  See OIG Advisory Op. 17-02 at 6 n.6; 42 C.F.R. § 1003.110. [167]   See OIG Advisory Op. 17-02 at 6–7. [168]   See id. at 7.   The following Gibson Dunn lawyers assisted in the preparation of this client update:  Stephen Payne, Marian Lee, John Partridge, Jonathan Phillips, Sean Twomey, Reid Rector, Naomi Takagi, Allison Chapin, Coreen Mao, and Michael Dziuban.    Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments.  Please contact the Gibson Dunn lawyer with whom you usually work or any of the following:  Washington, D.C.Stephen C. Payne, Chair, FDA and Health Care Practice Group (202-887-3693, spayne@gibsondunn.com)F. Joseph Warin (202-887-3609, fwarin@gibsondunn.com)Marian J. Lee (202-887-3732, mjlee@gibsondunn.com)Daniel P. Chung (202-887-3729, dchung@gibsondunn.com)Jonathan M. Phillips (202-887-3546, jphillips@gibsondunn.com) Los AngelesDebra Wong Yang (213-229-7472, dwongyang@gibsondunn.com) San FranciscoCharles J. Stevens (415-393-8391, cstevens@gibsondunn.com)Winston Y. Chan (415-393-8362, wchan@gibsondunn.com) Orange CountyNicola T. Hanna (949-451-4270, nhanna@gibsondunn.com) New YorkAlexander H. Southwell (212-351-3981, asouthwell@gibsondunn.com) DenverRobert C. Blume (303-298-5758, rblume@gibsondunn.com)John D. W. Partridge (303-298-5931, jpartridge@gibsondunn.com) © 2017 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

August 8, 2017 |
Cybersecurity & Data Privacy: An Overview for Health Care, Pharmaceutical, and Biotech Companies

Cyberthreats are ubiquitous, and significant cyberattacks on private and publicly traded companies occur on a near-daily basis.  As a result of the ongoing barrage of increasingly advanced and evolving cyberattacks, even companies with sophisticated security systems are potentially susceptible to a cybersecurity breach.  A breach may lead to unauthorized access to sensitive company and personal data and have far-ranging and costly consequences.  Immediately following a cyberattack, a company must work to secure its systems from further damage and/or data loss, handle media inquiries, and confront often-complex legal issues concerning notification to consumers, business partners, and government agencies.  Thereafter, there may be civil lawsuits (including litigation with business partners, consumer class actions, and, for publicly traded companies, actions by shareholders), regulatory enforcement actions, and investigations by federal and state agencies.  As breaches have become more frequent, federal, state, and foreign government regulators have responded by strengthening and expanding laws, regulations, and enforcement concerning cybersecurity and data privacy.  This article provides an overview of the key issues health care, pharmaceutical, and biotech companies face with regard to cybersecurity and data privacy.  The article begins with a discussion of federal regulations, guidance, and enforcement actions.  With myriad federal regulators asserting jurisdiction to regulate data security, companies are subject to an increasingly complex regulatory framework.  The article also reviews certain notable state regulations and guidance that address cybersecurity and data security issues, and briefly summarizes some of the key issues related to data privacy outside the United States.  Finally, the article closes with a discussion of the private civil litigation that can result from a data breach.  ________________________________________ Table of Contents 1.             Federal Regulation, Enforcement, and Guidance 1.1           Federal Trade Commission 1.1.1        Authority to Regulate Privacy and Cybersecurity1.1.2        Enforcement1.1.3        Guidance 1.2           Department of Health and Human Services 1.2.1        Applicability to Health Care, Pharmaceutical, and Biotech Companies1.2.2        The Privacy Rule1.2.3        The Security Rule1.2.4        The Breach Notification Rule1.2.5        HHS OCR Enforcement 1.3           Securities and Exchange Commission 1.3.1        Guidance 1.3.2       Enforcement 1.4           Food and Drug Administration 1.4.1        Guidance1.4.2       Enforcement 2.                     State Regulation, Enforcement, and Guidance 3.                     International Issues 3.1            Key Non-U.S. Regulators 3.2           EU-U.S. Safe Harbor and Data Transfer 3.3           New European Regulations: NIS and GDPR 3.4           New Asia-Pacific Regulations 4.                     Civil Litigation 4.1           Data that Creates Exposure to Civil Litigation 4.1.1        Consumer Data4.1.2        Employee Data4.1.3        Intellectual Property and Trade Secrets 4.2           Theories of Liability 4.2.1         Common Law Liability—Negligence and Related Theories4.2.2        Statutory Liability4.2.3        Contractual Liability 4.3           Standing in Data Breach Litigation 4.4           Shareholder and Securities Litigation 4.4.1         Shareholder Derivative Litigation4.4.2        Securities Class Action Litigation 5.                     Conclusion ________________________________________   1.    Federal Regulation, Enforcement, and Guidance There is no single regulatory body tasked with enforcing a uniform set of cybersecurity standards.  For many years, the Federal Trade Commission ("FTC" or the "Commission") and the Department of Health and Human Services ("HHS") have been the primary federal regulators in the cybersecurity area.  Recently, however, a number of other federal regulators have also entered the arena and have issued guidance and/or taken legal action against companies that allegedly have failed to implement adequate cybersecurity measures.  These regulators include the Securities and Exchange Commission ("SEC"), the Food and Drug Administration ("FDA"), the Federal Communications Commission ("FCC"), the Consumer Financial Protection Bureau ("CFPB"), the Department of Energy ("DOE"), the Federal Deposit Insurance Corporation ("FDIC"), and the Financial Industry Regulatory Authority ("FINRA"), among others. Although there are many federal regulators asserting jurisdiction over cybersecurity issues, the primary cybersecurity and privacy regulators for health care, pharmaceutical, and biotech companies (and those covered in this article) are the FTC, HHS, SEC, and FDA.  The recent trends in guidance and enforcement actions by these agencies are described below. 1.1     Federal Trade Commission 1.1.1     Authority to Regulate Privacy and Cybersecurity The FTC derives its authority to regulate cybersecurity practices from Section 5 of the FTC Act, which states that "unfair or deceptive acts or practices in or affecting commerce, are . . . unlawful."[1]  Because the FTC Act dates to 1914, it does not mention cybersecurity.  However, the FTC has long taken the position that Congress intended "unfair" practices to be defined broadly and flexibly to allow the agency to effectively protect consumers as the economy and technology develop.[2] The FTC first asserted that its authority under Section 5 encompassed investigating and prosecuting companies for insufficient data security procedures in 2002.[3]  Since that time, the FTC has brought more than 60 data security cases—with more than half of those initiated since 2010.  Although most FTC enforcement actions have settled with a company agreeing to a consent order (discussed further below), there have been several high-profile challenges to the FTC’s authority to bring data security enforcement actions.  For example, companies have argued that Congress did not intend for the FTC to have broad regulatory authority over corporate cybersecurity practices under the FTC Act.[4] While courts have thus far accepted the FTC’s assertions of jurisdiction, a case regarding that issue is currently pending before the Eleventh Circuit.  The case involves LabMD, a now-defunct medical testing laboratory.  In 2013, the FTC sued LabMD, alleging that the company had failed to "develop, implement, or maintain a comprehensive information security program" to protect consumers’ sensitive personal and health information.[5]  After an Administrative Law Judge ruled in favor of LabMD on the company’s argument that the FTC lacked authority to bring the action, the Commission overturned that decision and entered an order against the company.  LabMD sought relief from the Eleventh Circuit, challenging the FTC’s broad regulatory authority over cybersecurity practices.[6]  Oral argument was heard on June 21, 2017, but the case remains pending; a three-judge panel granted LabMD’s request to stay enforcement of the FTC’s decision pending appeal.[7] 1.1.2     Enforcement As noted above, the FTC has used its regulatory authority to initiate a number of civil enforcement actions in recent years.  When the FTC brings these actions, data security liability under Section 5 is governed by a "reasonableness" test.  This test considers data security measures (and statements made about such measures) in light of factors such as the sensitivity and volume of consumer information being stored; the size and complexity of the data storage operations; and the costs and benefits of taking additional steps to improve security and reduce vulnerabilities within the system.  The FTC has stressed that because a perfect data security system is neither expected nor required, the mere fact that a data breach occurred will not necessarily subject a company to liability—so long as the security system and all statements issued about it were reasonable under the circumstances.  The LabMD case described above is relatively unique because most enforcement actions brought by the FTC are not litigated but, rather, result in the FTC entering into a consent order with the targeted company.  Consent orders often include civil penalties and require that companies establish comprehensive security programs subject to independent audits or monitoring for up to 20 years; agree to make no misrepresentations regarding their handling of consumer data; and agree to notify consumers about the data breach and about methods to safeguard their personal information.[8] 1.1.3     Guidance The FTC also has issued cybersecurity guidance to companies falling within its purview.  For example, in June 2015 the FTC launched the "Start with Security" business education initiative.[9]  The initiative includes guidance for businesses drawing on lessons learned from the data security cases previously brought by the FTC.  The guidance outlines ten steps to implement in order to achieve effective data security.  The steps are high-level, consisting of general advice such as "control access to data sensibly"; "require secure passwords and authentication"; "secure remote access to your network"; and "make sure your service providers implement reasonable security measures." In September 2016, the FTC published a guide specifically relating to data breaches, Data Breach Response: A Guide for Business.[10]  The guide features steps for securing operations, preventing additional data loss, fixing vulnerabilities, and notifying the appropriate parties of a data breach—including law enforcement, regulators, affected businesses and individuals, and the media.  In May 2017, the FTC also launched a new website, ftc.gov/SmallBusiness, that includes articles, videos, and other information aimed at helping small businesses protect their computers and networks from scams and cyberattacks.[11] Notably, whether or not a company follows the FTC’s cybersecurity guidance has been cited as a factor in determining liability in FTC enforcement actions.  For example, in FTC v. Wyndham Worldwide Corp., the Third Circuit held that the defendant was on sufficient notice that its cybersecurity practices fell short of the FTC’s cybersecurity standards.[12]  In reaching its decision, the court pointed to several FTC publications and enforcement actions regarding cybersecurity, and noted that the company should have been aware that its practices fell short of those the FTC had previously deemed necessary.[13] The FTC seems determined to maintain its position as the primary federal regulator of cybersecurity issues, as evidenced by recent statements regarding the regulation of broadband providers.  In March 2017, Acting FTC Chair Maureen K. Ohlhausen issued a statement, together with the Chair of the FCC, stating that "jurisdiction over broadband providers’ privacy and data security practices should be returned [from the FCC] to the FTC, the nation’s expert agency with respect to these important subjects."[14]  Ohlhausen expressed that all online actors should be governed by the same rules, enforced by one agency, stating that the federal government shouldn’t favor one set of companies over another—and certainly not when it comes to a marketplace as dynamic as the Internet.  So going forward, we will work together to establish a technology-neutral privacy framework for the online world.  Such a uniform approach is in the best interests of consumers and has a long track record of success. 1.2     Department of Health and Human Services The United States Department of Health and Human Services Office for Civil Rights ("HHS OCR") has enforcement responsibility for the Health Insurance Portability and Accountability Act of 1996 ("HIPAA").  HIPAA provides a comprehensive framework for the use and disclosure of certain protected health information ("PHI").  Its requirements govern how such data may be used (the "Privacy Rule"); physical, technical, and administrative security standards that companies must have in place (the "Security Rule"); and notice obligations in the case of unauthorized use or disclosure (the "Breach Notification Rule"). Enacted in 1996, HIPAA is in many ways the oldest and most well-developed data security regime under federal law.  Although most other government agencies have only begun to address cyber-related issues in recent years, HHS OCR has been addressing these issues for more than two decades. There has been a recent increase in both attention and enforcement proceedings related to HIPAA.  As data security gets more attention, HHS OCR has increased the aggressiveness and scope of its enforcement efforts.  Moreover, as health care companies increasingly become the target of cyberattacks, HIPAA has emerged as a key backdrop for all sorts of data breach litigation, in cases brought by both the government and private plaintiffs.  1.2.1     Applicability to Health Care, Pharmaceutical, and Biotech Companies HIPAA regulations are directly applicable to "covered entities," which include health plans (e.g. insurers), certain health care providers (e.g., hospitals), and health care clearinghouses.  However, HIPAA also is applicable to "business associates" of those covered entities, including companies that perform functions or activities on behalf of, or provide certain services to, a covered entity that involve the use or disclosure of individually identifiable health information. By the very nature of their businesses, health care, pharmaceutical, and biotech companies are very likely to encounter some type of protected health information.  Although not every such company will be covered by HIPAA, many will, at least in some capacity.  Indeed, it is possible that certain aspects of a company’s business will be covered, for example, in its role as a business associate, even while others may not.  1.2.2     The Privacy Rule The HIPAA Privacy Rule[15] establishes a set of standards for the protection of certain health information, and requires that covered entities and business associates use or disclose PHI only as permitted by the rule.[16]  Although the rule is meant to allow for ordinary business operations, the regulations are nonetheless complicated and demand significant attention.  Uses generally permitted under the rule include those connected with the treatment of a patient, payment requests, and a company’s own health care operations (e.g., quality assessment and improvement activities).[17]  There is also a hierarchy of other permitted uses, which are organized according to the type of permission or authorization required: some uses are permitted only with express patient authorization (e.g., commercial sale of PHI);[18] other uses require an opportunity for the individual to agree or object (e.g., listing in facility directories or for disaster relief purposes);[19] and finally, some uses are permitted even without authorization, so long as certain protections are in place (e.g., in litigation when there is a HIPAA-qualified protective order in place).[20]  The Privacy Rule also establishes standards that govern the use of PHI for marketing purposes (e.g., prescription refill reminders),[21] research purposes,[22] and reporting related to public health activities, including reporting to the FDA.[23]  The Privacy Rule is directly applicable to both covered entities and business associates, and also requires that covered entities have agreements in place with their business associates that limit the use of PHI to the specific purposes enumerated by the agreement and permitted by HIPAA.[24]  Before using or disclosing PHI in any fashion, it is important to understand how HIPAA treats that type of use under the hierarchy just described, and what rules therefore might apply. 1.2.3     The Security Rule Whereas the Privacy Rule establishes how and when protected information may be used and disclosed, the Security Rule establishes standards for how that information must be protected.[25]  The Security Rule references a variety of administrative, technical, and physical safeguards, and it includes required standards and implementation specifications related exclusively to electronic PHI ("ePHI").  Those standards and specifications deal at a relatively granular level with system requirements where ePHI is kept or stored.  For example, HIPAA includes implementation specifications that govern encryption, automatic logoff, password management, and other detailed issues.  Like the Privacy Rule, the Security Rule is also directly applicable to business associates. Importantly, the Security Rule also requires that companies "conduct an accurate and thorough assessment of the potential risks and vulnerabilities to . . . electronic protected health information."[26]  These mandatory HIPAA risk assessments can be complicated and time-consuming, and HHS OCR has demonstrated its willingness to take enforcement action where a comprehensive and up-to-date assessment is not in place, as discussed below.  A risk analysis process includes: (1) evaluating the likelihood and impact of potential risks to ePHI; (2) implementing appropriate security measures to address the risks identified in the risk analysis; (3) documenting the chosen security measures and, where required, the rationale for adopting those measures; and (4) maintaining continuous, reasonable, and appropriate security protections.  Every company that deals with ePHI should therefore carefully evaluate its obligation to conduct a risk analysis and ensure it has a current, well documented, and comprehensive assessment in place. 1.2.4     The Breach Notification Rule The third major component of HIPAA is the Breach Notification Rule.[27]  Under the Breach Notification Rule, a covered entity must report unauthorized uses or disclosures of PHI to the government, the media, and affected individuals, with certain exceptions for small breaches.[28]  Business associates are required to report breaches to the covered entity.[29]  Under HIPAA, a breach is (1) the acquisition, access, use, or disclosure (2) of PHI (3) in a manner not permitted under the HIPAA Privacy Rule (4) that compromises the security or privacy of the PHI.[30]  Any disclosure of PHI in a manner not permitted under the Privacy Rule is presumed to be a breach unless the covered entity performs a required "Risk Assessment" under 45 C.F.R. § 164.402(2) and demonstrates that there is a "low probability that the [PHI] has been compromised."  Generally speaking, breach notifications must be sent within 60 days of the discovery of the breach.[31]  HIPAA’s notification obligations are in addition to state law requirements, which may impose notice obligations of shorter than 60 days. 1.2.5     HHS OCR Enforcement HHS OCR has increased its enforcement efforts related to HIPAA in recent years.  Several recent enforcement actions illustrate the types of incidents that can draw scrutiny from HHS OCR and the types of failures under the Privacy and Security Rules that can lead to large settlements.[32] In April 2017, HHS OCR announced the first ever settlement involving a wireless health service provider, CardioNet, which provides mobile monitoring and rapid response to patients with cardiac arrhythmias.  CardioNet agreed to pay $2.5 million in a HIPAA settlement after an employee’s laptop containing the ePHI of over 1,300 individuals was stolen from a parked vehicle.[33]  OCR’s investigation revealed that CardioNet’s policies and procedures were in draft form and had not yet been implemented, and CardioNet had "insufficient risk analysis and risk management processes in place." In February 2017, Memorial Healthcare System paid a $5.5 million HIPAA settlement with HHS.[34]  Memorial Healthcare System reported to HHS OCR that the ePHI of more than 115,000 individuals had been impermissibly accessed by its employees and improperly disclosed to affiliated physician office staff when the login credentials of a former employee had been used to access ePHI on a daily basis without detection for a year.  HHS noted that although Memorial Healthcare System had workforce access policies and procedures in place, it failed to implement the procedure with regard to reviewing, modifying, or terminating users’ rights of access. In January 2017, HHS OCR issued a notice of Final Determination and a $3.3 million civil monetary penalty against Children’s Medical Center of Dallas ("Children’s") following impermissible disclosure of ePHI and many years of alleged non-compliance with the Security Rule.[35]  The penalty followed several separate incidents resulting in the loss of ePHI, including loss of an employee’s BlackBerry and theft of an unencrypted laptop.  OCR’s investigation of these incidents revealed that Children’s failed to implement risk management plans even after they received external recommendations to do so, and they failed to deploy encryption measures on their devices, despite knowledge of the risk of maintaining unencrypted devices containing ePHI.  The OCR Acting Director stated that "[a]lthough OCR prefers to settle cases and assist entities in implementing corrective action plans, a lack of risk management not only costs individuals the security of their data, but it can also cost covered entities a sizable fine." In November 2016, the University of Massachusetts – Amherst ("UMass") agreed to pay $650,000 and enter a corrective action plan to settle alleged HIPAA violations.[36]  UMass reported to OCR that "a workstation . . . was infected with a malware program, which resulted in the impermissible disclosure of electronic protected health information (ePHI) of 1,670 individuals, including names, addresses, social security numbers, dates of birth, health insurance information, diagnoses and procedure codes."[37]  According to OCR, UMass "determined that the malware was a generic remote access Trojan that infiltrated their system, providing impermissible access to ePHI, because UMass did not have a firewall in place."[38]  OCR’s investigation found that UMass had failed to categorize components of its operations appropriately under HIPAA, resulting in ePHI being present on systems that were not HIPAA compliant.  OCR’s investigation also faulted UMass for its failure to complete an accurate and thorough risk analysis and the lack of a firewall. In August 2016, Advocate Health Care System ("Advocate") agreed to pay $5.55 million to settle a variety of HIPAA violations.[39]  Among the violations was a data breach of Advocate’s subcontractor billing company that exposed sensitive patient information.  HHS found that Advocate failed to obtain written assurances from its business associate that electronic patient data would be appropriately protected. Finally, in December 2015, the University of Washington ("UW") agreed to pay $750,000 and enter into a corrective action plan to resolve allegations that it violated the HIPAA Security Rule.[40]  OCR initiated an investigation of UW after it received a breach report indicating that ePHI for more than 90,000 individuals was "accessed after an employee downloaded an email attachment that contained malicious malware."[41]  According to OCR, the malware "compromised the organization’s IT system," including patient data such as names, medical record numbers, dates of service, bill balances, social security numbers, and insurance identification or Medicare numbers.[42]  OCR’s investigation found that UW failed to ensure that its affiliates conducted risk assessments and responded to risks and vulnerabilities in their environments. 1.3     Securities and Exchange Commission In the last few years, the SEC has increased its focus on cybersecurity, particularly in the areas of protecting client data, creating disclosure standards for cybersecurity risks and incidents, and ensuring the orderly functioning of the markets.  In May 2016, then-SEC Chair Mary Jo White explained that cybersecurity is the biggest risk facing the financial system, stating that the "[SEC] can’t do enough in this sector[.]"[43]  The SEC’s Office of Compliance Inspections and Examinations identified cybersecurity as one of its examination priorities in 2015, 2016 and 2017.[44]  And most recently, Trump administration officials reiterated the SEC’s dedication to cybersecurity issues and enforcement, with SEC Chairman Jay Clayton affirming that the SEC is working "to improve [its] ability to receive critical information and alerts and react to cyber threats."[45] In addition, as explained below, the SEC staff has issued disclosure guidance relating to cybersecurity that is applicable to all public companies, including those in the health care, pharmaceutical, and biotech industries.  1.3.1     Guidance In 2011, the SEC staff released CF Disclosure Guidance: Topic No. 2, which relates to public company disclosures regarding cybersecurity risks and cyber incidents.[46]  The guidance provides that registrants should disclose risks of cybersecurity incidents if "these issues are among the most significant factors that make an investment in the company speculative or risky."[47]  The guidance provides recommendations on a number of topics.  For example, the SEC instructs that companies should disclose the risk of cyber incidents and that disclosures should not be generic or boilerplate.  However, companies are not required to disclose threats if doing so would compromise the companies’ cybersecurity.  The guidance also advises that companies should address cybersecurity risks in their Management’s Discussion and Analysis of Financial Condition and Results of Operations ("MD&A") if the costs associated with the risks are likely to have a material effect on the company’s operations, liquidity, or financial condition, or would cause reported financial information not to be necessarily indicative of future operating results or financial condition.  The SEC staff further advises that companies should disclose cyber incidents that materially affect their operations in their Description of Business and Legal Proceedings disclosures.  Finally, the SEC staff provides guidance on how to account for cybersecurity risks and incidents in company financial statements.  Additionally, in a June 2014 speech, then-SEC Commissioner Luis A. Aguilar provided boards of directors with important, albeit informal, cybersecurity guidance.[48]  He advised that boards of directors should ensure the adequacy of a company’s cybersecurity measures and, as a guide, should look to the industry standards and best practices described in the Framework for Improving Critical Infrastructure Cybersecurity, released by the National Institute of Standards and Technology ("NIST").  Commissioner Aguilar’s other recommendations included cyber-risk education for directors, creating a separate enterprise risk committee on the board, ensuring that the company has cyber-risk management personnel who report regularly to the board, and developing a well-constructed, deliberate company cyber incident response plan.[49] The SEC also issued a Ransomware Alert in response to the WannaCry ransomware attack of May 2017, which affected numerous organizations in over one hundred countries.[50]   The alert explained how hackers gain access to servers, and encouraged organizations to review the alert published by the U.S. Department of Homeland Security’s Computer Emergency Readiness Team and evaluate whether applicable operating system patches had been installed.  The SEC alert also discussed the importance of conducting periodic cyber-risk assessments, conducting penetration tests and vulnerability scans, and updating system maintenance.  1.3.2     Enforcement  To date, the SEC has brought only a few cybersecurity enforcement actions, involving companies’ failure to adequately safeguard their customers’ personal information.  The enforcement actions involved companies in the financial sector and alleged violations of Rule 30(a) of Regulation S-P, also know n as the "Safeguards Rule."  This regulation requires brokers, dealers, investment companies, and registered investment advisers to "adopt written policies and procedures that address administrative, technical and physical safeguards for the protection of customer records and information."[51] In 2015, investment adviser R.T. Jones Capital Equities Management agreed to pay a $75,000 penalty as a settlement for the firm’s failure to establish cybersecurity policies and practices.[52]  The penalty was levied in response to a June 2013 breach of the company’s server, which exposed the personal information of 100,000 customers.  On April 12, 2016, Craig Scott Capital agreed to pay $100,000 to resolve allegations that it violated the Safeguards Rule by using email addresses other than those with the company’s domain name to electronically receive more than 4,000 faxes from customers and other third parties.[53]  The SEC found that this practice was evidence of a "failure to adopt written policies and procedures reasonably designed to insure the security and confidentiality of customer records and information." On June 8, 2016, Morgan Stanley agreed to pay a $1 million penalty to settle charges "related to its failures to protect customer information, some of which was hacked and offered for sale online."[54]  These alleged failures included the company’s decision not to conduct auditing or testing of its "portals" that allowed for access to customer data.[55]  As a result of these failures, the company suffered a breach, which exposed customer data on the internet.  Despite the fact that Morgan Stanley had acted quickly to respond to the breach, take the customer data offline, and alert the proper authorities, the SEC found that Morgan Stanley violated the "Safeguards Rule."[56] In each of these matters, the SEC found against the companies even though there was no apparent financial harm to their customers.  Thus, companies should be aware that lax cybersecurity standards could lead to an SEC enforcement action even if there is no appreciable harm to customers resulting from such practices.  That said, it is important to note that these cases involved companies in the financial sector, which are subject to the SEC’s Regulation S-P.  It is not clear whether the SEC would treat companies outside the financial sector (and not subject to Regulation S-P) in a similar manner.  In addition, while the SEC has now acted three times against companies for failure to protect investor data, it has yet to initiate an enforcement action against a company for the failure to disclose a cybersecurity incident or threat.  However, in April 2016, the SEC warned that it expects to initiate more cybersecurity enforcement actions in the future.[57] 1.4     Food and Drug Administration Thus far, the FDA has not been a leader in cybersecurity enforcement.  In fact, a recent report analyzing the FDA’s cybersecurity regulatory practices criticized the FDA as being "in a constant state of offering subtle suggestions where regulatory enforcement is needed."[58] In the absence of clarity on the agency’s cybersecurity priorities based on past enforcement actions, health care, pharmaceutical, and biotech companies should pay particular attention to recent cybersecurity guidance issued by the FDA.  The guidance is most applicable to medical device companies, as medical devices have been the primary focus of those guidance efforts.  1.4.1     Guidance In December 2016, the FDA released the Postmarket Management of Cybersecurity in Medical Devices Guidance, which outlines steps manufacturers should take to continually address cybersecurity risks associated with medical devices.[59]  The "Internet of Things" (which refers to everyday objects, such as thermostats and refrigerators, with connectivity to the Internet) now includes medical devices, which are often connected to both the Internet and hospital intranets and are vulnerable to cyberattacks.  The FDA’s guidance is aimed at ensuring the security of such devices in light of these vulnerabilities.  To that end, the FDA recommends that medical device manufacturers conduct routine post-market surveillance of their products and develop programs to assess the cyber risks that could potentially be associated with their products.  In January 2017, the FDA held a webinar on the guidance.[60]  The 2016 guidance follows guidance issued by the FDA in 2014 regarding pre-market steps medical device companies should take to implement security into the design and development of medical devices.[61] 1.4.2     Enforcement In April 2017, the FDA sent a warning letter to Abbott (St. Jude Medical Inc.), marking its most public enforcement effort to date in the cybersecurity space.[62]  Specifically, the letter addressed alleged cybersecurity issues related to Abbott’s at-home monitoring devices.  It remains to be seen, however, whether this is the beginning of a trend of FDA enforcement actions related to cybersecurity, or an isolated foray into the field. 2.     State Regulation, Enforcement, and Guidance State attorneys general play a significant role in policing cybersecurity issues.  Several states have enacted statutes or regulations that establish specific cybersecurity standards.[63]  State attorneys general also use state consumer protection laws, including laws patterned after the FTC Act (known as "Little FTC Acts"), and the Uniform Deceptive Trade Practice Act to address data security issues using theories analogous to those applied by the FTC in enforcing Section 5 of the FTC Act.  Companies may look to FTC guidance (supra, Section 1.1.3) to understand what these state analogues typically require with regard to data security practices. In addition, nearly every state has adopted laws that impose notification requirements on entities that have suffered a data breach.  These laws generally contain provisions describing who must comply with the law (e.g., businesses, data/information brokers, government entities); definitions of "personal information" (e.g., name combined with social security number, driver’s license or state ID numbers, account numbers); what constitutes a breach (e.g., unauthorized acquisition of data); requirements for notice (e.g., timing or method of notice, who must be notified); and exemptions (e.g., for encrypted information).  State attorneys general have brought enforcement actions pursuant to these provisions.[64]  One such action revolves around Target’s 2013 data breach that resulted in the theft of the names, credit card numbers, and email addresses of approximately forty million customers.  In May 2017, Target reached a $18.5 million settlement agreement with forty-seven state attorneys general and the District of Columbia.[65]  In addition to the monetary settlement, Target agreed to better maintain software encryption programs, separate cardholder data from its normal computer network, and pay for an independent assessment of its security efforts.   Some states also have issued specific guidance or regulations on data security.  In 2014, the California Attorney General released "Cybersecurity in the Golden State," a framework for protecting against and responding to data breaches and other cyber incidents.[66]  The California report, like other guidance, emphasizes risk assessment, involvement from a company’s leadership, adherence to industry best practices, training and education, and incident response planning.  Likewise, in New York, new regulations relating to data security standards in the financial industry have recently come into effect; these regulations may affect many health insurance providers, among others.[67]  Companies should be aware of the regulations in those states in which they do business.  3.     International Issues 3.1     Key Non-U.S. Regulators In addition to the many U.S. government regulations, companies with operations overseas must also consider data protection regulations of foreign jurisdictions.  Prominent foreign regulators include those in the European Union (European Data Protection Supervisor), the United Kingdom (Information Commissioners Office – ICO), Germany (the Federal Data Protection Commissioner, the states’ Data Protection Authority), and Canada (Office of the Privacy Commission of Canada, provincial Information and Privacy Commissioners).  While a full discussion of cybersecurity requirements outside the United States is beyond the scope of this article, every company should evaluate the laws, regulations, and other requirements of each country in which it operates so that it complies with all applicable requirements and is prepared to interact quickly with regulators in the event of a breach. 3.2     EU-U.S. Safe Harbor and Data Transfer One important international privacy law issue for many companies involves European data transfer law, which governs the protection of personal data in the European Union and limits how U.S.-based companies may use and transfer data originating in Europe. The Charter of the Fundamental Rights of the European Union (the "Charter") creates a right to protection of personal data.[68]  The European Union also issued Directive 95/46/EC ("EU Data Protection Directive") in 1995, governing the protection of individuals with regard to the processing of their personal data within the EU.[69]  Article 28(1) of the EU Data Protection Directive requires Member States to establish public authorities responsible for independent monitoring of compliance with EU rules on the protection of individuals and processing of personal data.  Article 25(1) of the EU Data Protection Directive also specifies a principle that transfers of personal data from the Member States to third countries may take place only if the third country ensures an "adequate level of protection."[70] To facilitate international commerce between EU Member States and the United States, the U.S. Department of Commerce issued the Safe Harbor Privacy Principles (the "Safe Harbor") in 2000.[71]  The Safe Harbor included a number of principles on protection of personal data to which U.S. companies could subscribe voluntarily.  For years, the Safe Harbor was used by U.S. organizations receiving personal data from the EU.  Companies pledged adherence to Safe Harbor principles through a process of self-certification.  Despite European acceptance of the Safe Harbor for many years, the Safe Harbor became increasingly questioned, with EU policymakers calling for an overhaul of the system.  Then, in 2015, the European Court of Justice ("ECJ") invalidated the EU-U.S. Safe Harbor.[72] In mid-2016, the U.S. Department of Commerce announced the approval of the EU-U.S. Privacy Shield Framework ("Privacy Shield"), which replaces the Safe Harbor.  The Privacy Shield allows U.S. businesses to develop a conforming privacy policy, identify an independent recourse mechanism, and self-certify through a Commerce Department website.  Among other benefits, the Privacy Shield states that participating organizations will be deemed to provide "adequate" privacy protection for the transfer of personal data outside of the European Union under the EU Data Protection Directive.[73] However, legal challenges against the Privacy Shield already have been filed, asserting many of the same arguments used against the Safe Harbor.  Given the potential that the Privacy Shield, like the Safe Harbor, may be disallowed by the ECJ, companies would be well-served to consider a "belt and suspenders" approach to data transfer, pairing Privacy Shield participation with the adoption of other measures—such as Binding Corporate Resolutions ("BCRs") regarding the manner in which the company will handle EU data that can facilitate such transfers in accordance with EU law.  3.3     New European Regulations: NIS and GDPR In 2016, the European Union announced the adoption of the Network and Information Security ("NIS") Directive and General Data Protection Regulation ("GDPR"), which will go into effect in May 2018.  The GDPR establishes security and notification provisions to protect personal data, while the NIS establishes security obligations for operators of essential services and digital service providers.  The NIS and GDPR, taken together, amount to a comprehensive overhaul of EU data protection regulations, and impose steep penalties for non-compliance.  These regulations deserve close scrutiny from any company performing business in Europe or processing data on EU residents. The United Kingdom has repeatedly reaffirmed its commitment to data privacy in the wake of its decision to exit the European Union.  For example, in a June 2017 speech, Queen Elizabeth II outlined the UK’s proposed Data Protection Bill, which would replace the Data Protection Act of 1998.[74]  Importantly, the UK will implement the EU’s GDPR while the UK is still a member of the EU.  Once the UK has left the European Union, the UK appears poised to enable members of the UK to have the same ability to share data with the EU as they did previously. 3.4     New Asia-Pacific Regulations On June 1, 2017, a new Chinese law went into effect that "bans the collection and sale of users’ personal information" and requires that firms store sensitive user data on servers in China.[75]  Commentators have expressed concerns with the new law because it is unclear what information will be considered sensitive.  Additionally, the scope of some of the key provisions of the law, such as the requirement that companies submit their products to the Chinese government for cybersecurity checks, remains unknown.  It is unclear how often such checks will be required and how the Chinese government will determine what products need to be checked.[76]  Failure to comply with the new law could result in fines up to one million yuan (about $150,000) and potential criminal charges.[77] 4.     Civil Litigation In addition to government regulatory action, in the wake of a data breach companies handling sensitive data also face the risk of private civil litigation.  To date, pharmaceutical and biotech companies have not been frequent targets of such litigation.  But because no company is immune in the wake of a cyberattack, any comprehensive data security assessment and plan should account for the specific risks posed by civil litigation. This section (1) provides an overview of the types of information that create the greatest exposure to civil litigation, (2) reviews the most common theories of liability in civil litigation, and (3) discusses the key issue of a plaintiff’s standing to bring data breach litigation.  4.1     Data that Creates Exposure to Civil Litigation 4.1.1     Consumer Data Most data security litigation is premised on the loss or exposure of consumer data.  Often, these cases involve retailers, health care providers, and technology companies that collect personal identifying information ("PII") from customers, including names, addresses, credit card numbers, and social security numbers.  Any amount of consumer data—if accessed in a data breach—can create exposure for a company.  Indeed, while the greatest risks come from purported class actions involving compromises of hundreds of thousands of consumers’ information, plaintiffs have shown a willingness to bring suits even when far fewer consumer records are exposed in a breach.[78]  As such, health care, pharmaceutical and biotech companies should understand and identify what consumer data they collect and retain as part of their business operations, whether it is from clinical trials, customer lists, or other sources. 4.1.2     Employee Data Data breach litigation also can be premised on the loss or exposure of employee data.  Most companies have extensive information about their employees, including PII (e.g., name, address, social security number), financial information (e.g., bank account numbers, retirement account numbers), and even protected health information (e.g., medical insurance information, disability claims information).  Large companies may maintain such information for tens- or even hundreds-of-thousands of individuals.  To facilitate business functions related to human resources, benefits administration, and information technology systems, among other things, this information is often centrally managed and accessible.  It is no surprise then, that employee data can be a rich target for cyber criminals.  The loss of such data inevitably gives rise to civil litigation.  In one high-profile data breach, for example, employees at a media company sued their employer for allegedly failing to protect their personal data, claims that the company eventually settled for more than $8 million.[79] 4.1.3     Intellectual Property and Trade Secrets Although the vast majority of data breach litigation is based on the loss of consumer or employee data, health care, pharmaceutical, and biotech companies also may face a risk of litigation related to the theft of intellectual property or trade secrets during any data breach.  For companies that depend on research, development, and innovation to drive their business, loss of such information can be highly costly in its own right.  Although it has not been the basis of many prominent cases to date, theft of that information could also give rise to private litigation, whether from business partners, shareholders, or other affected groups. 4.2     Theories of Liability Data breach litigation is a relatively new area, with most cases having been filed within the last five years.  As such, few cases have proceeded to adjudication on the merits—whether through summary judgment or trial—and therefore substantive standards of liability are underdeveloped.  There are, however, several common theories of liability that plaintiffs routinely advance.  Under any of these claims, a company’s liability will, of course, depend on the facts of the case.  But in evaluating the risks associated with a data breach, companies should be mindful of how their actions could be viewed under different legal theories.  Some of the common claims and legal theories that have been advanced by plaintiffs are discussed below. 4.2.1     Common Law Liability—Negligence and Related Theories The most common claim in data breach litigation is common law negligence.  Plaintiffs argue that companies have a duty to provide security for customer, employee, and other sensitive information, and that a company violates that duty by failing to protect against a data breach.[80]  In negligence cases, the fundamental standard against which companies are judged is "reasonableness"—that is, did the company take reasonable precautions to understand risks, prepare for, and prevent a data breach.  In the event of a breach, the reasonableness of a company’s response, including adequate breach notification under relevant notice statutes (discussed below), is equally important.  Until a body of case law develops to determine what is considered "reasonable," the touchstone for reasonableness is likely to be the government guidance discussed in Section 2 above, along with industry best practices.  Even then, given the rapidly evolving nature of cyber threats and defenses, reasonableness is likely to be a moving target. In addition to negligence, other common law theories of liability advanced by plaintiffs include invasion of privacy,[81] unjust enrichment,[82] negligent misrepresentation, and fraud.[83]  Compared to negligence, which plaintiffs allege in almost every case, these are secondary theories of liability.  But they present some unique risks.  For example, to guard against the risk of negligent misrepresentation and fraud claims (in addition to securities actions and FTC enforcement actions, among others), companies must remain attuned to what they say and represent about their security practices, not only the objective reasonableness of those practices. 4.2.2     Statutory Liability There are also several federal and state statutes that, in certain circumstances, provide for a private right of action for an individual plaintiff in cases of data breaches. At the federal level, plaintiffs have attempted to bring suit under a variety of federal statutes in the wake of data breaches, including the Fair Credit Reporting Act,[84] the federal Privacy Act,[85] and the Stored Communications Act.[86]  Thus far, plaintiffs have not been very successful under these statutes,[87] which tend to require intentional or knowing behavior that results in a disclosure of information, and therefore are inapplicable to most data breach situations (where a company, along with its consumers or employees, is a victim of a criminal third party).  As such, these federal statutes, as interpreted and applied to date, have presented a relatively low risk in the civil litigation context—at least insofar as data breaches are concerned.[88] At the state level, there are several different theories of liability that plaintiffs have pursued with more success.  First, state consumer protection statutes often provide plaintiffs with private causes of action for unfair and deceptive trade practices, and plaintiffs have been able to use such statutes to pursue data breach litigation premised on those allegedly unfair business practices.[89]  Like FTC enforcement actions and claims premised on fraud and misrepresentation, these claims are most often based on statements a company makes about its data security practices, and are most successful when those statements are inconsistent with a company’s actual practices.  Second, some states have passed laws or regulations specific to data security or consumer records.[90]  And third, nearly every state also has a data breach notification statute that requires companies to notify consumers in the event of a data breach.[91]  Most data breach litigation includes at least some of these state law claims in addition to common law theories of liability discussed above.[92]  And in nationwide breaches, companies can often face numerous state law claims from different jurisdictions.[93] 4.2.3     Contractual Liability Health care, pharmaceutical, and biotech companies may also be subject to liability, based on an express or implied contract, for data security issues that affect their customers or business partners.[94]  Although these theories are less common than negligence-based and statutory theories by customers, their existence counsels in favor of careful consideration of contractual approaches to limiting risk in the event of a data breach.[95] There is also the potential for more novel theories of contractual liability.  For example, an area of risk for biotech companies is the possibility that medical devices may be hacked to create a "back-door" into networks at health care companies.  Indeed, some reports have warned against a threat of cyber criminals hacking devices such as X-ray machines, CT scanners, and MRI machines—which are connected to hospital networks—to gain broader access to patient records and other sensitive information at health care providers.[96]  Contracts should address the risks of improper use and cyberattacks of such devices.  Without contractual indemnification, this type of attack potentially could give rise to liability for manufacturers. 4.3     Standing in Data Breach Litigation As noted, very few data breach cases have reached adjudication on the merits.  Instead, much of the litigation by private plaintiffs has focused on the threshold issue of whether plaintiffs have standing to pursue their cases.  Because of the importance of standing issues to data breach litigation, this issue is addressed in more detail below. For many years, companies facing civil suits related to data breaches often succeeded at the motion to dismiss stage by arguing that plaintiffs could not show actual harm, and therefore did not have standing to pursue their claims.  As one court observed, "despite generating little or no discussion in most other cases, the issue of injury-in-fact has become standard fare in cases involving data privacy[, and] the court is hard-pressed to find even one recent data privacy case . . . in which injury-in-fact has not been challenged."[97]  Indeed, one of the first and most powerful defense tools in any data breach litigation is to challenge, with a motion to dismiss, whether a plaintiff or class of plaintiffs has sufficiently alleged actual harm.  Reflecting the importance of this issue, the Supreme Court has weighed in with two decisions in recent years that set the framework for analyzing standing in data breach cases. In Clapper v. Amnesty International USA[98] the Supreme Court established the test for the injury-in-fact element of Article III standing in data security cases.  In Clapper, human rights organizations and media groups challenged the constitutionality of an amendment to the Foreign Intelligence Surveillance Act that made it easier for the government to obtain wiretaps on intelligence targets outside of the United States.  The plaintiffs, all U.S. persons, alleged that they had standing because their work included privileged telephone and email communications with people who were likely foreign targets of surveillance and such communications could be intercepted in the future.  The plaintiffs also alleged that they had suffered injury by undertaking costly steps to protect their communications from surveillance.  The Supreme Court held that the allegations of potential interception of privileged communications were too speculative to sustain a claim, determining that "a highly attenuated chain of possibilities [] does not satisfy the requirement that threatened injury must be certainly impending"[99] and that plaintiffs cannot manufacture standing "merely by inflicting harm on themselves based on their fears of hypothetical future harm."[100] Where plaintiffs might not otherwise be able to satisfy Article III standing requirements—in particular the element of actual injury—they have often tried to predicate their privacy claims on statutory rights of action, under the theory that a statutory violation is a sufficient harm to create Article III standing.  That is the issue the Supreme Court took up in Spokeo, Inc. v. Robins.[101]  In Spokeo, the plaintiff, Thomas Robins, filed a class action complaint claiming that Spokeo—which operates a "people search engine" that gathers and provides information about individuals —willfully failed to comply with the requirements of the Fair Credit Reporting Act, 15 U.S.C. § 1681e(b).[102]  The Ninth Circuit ruled that Robins had satisfied the Article III injury-in-fact requirement because "Spokeo violated his statutory rights, not just the statutory rights of other people" and his "personal interests in the handling of his credit information are individualized rather than collective."[103] The Supreme Court vacated and remanded, holding that the Ninth Circuit’s Article III analysis was "incomplete"; although it considered whether the alleged injury was "particularized," it had "overlooked" whether Robins had also alleged a "concrete" injury.[104]  The Court explained that it has "made it clear time and time again that an injury in fact must be both concrete and particularized."[105] An injury must be "particularized" in that it "must affect the plaintiff in a personal and individual way."[106]  But while "[p]articularization is necessary to establish injury in fact, . . . it is not sufficient" because "[a]n injury in fact must also be ‘concrete.’"[107] While the Court did not resolve whether Robins had alleged a concrete injury, it provided guidance on the meaning of this requirement and the role that statutes play in assessing whether a plaintiff has standing under Article III.  The Court first explained that "[a]lthough tangible injuries are perhaps easier to recognize, . . . intangible injuries can nevertheless be concrete."[108] The Court made clear that this "does not mean that a plaintiff automatically satisfies the injury-in-fact requirement whenever a statute grants a person a statutory right and purports to authorize that person to sue to vindicate that right."[109]  Rather, "Article III standing requires a concrete injury even in the context of a statutory violation."[110]  Thus, "Robins could not, for example, allege a bare procedural violation, divorced from any concrete harm, and satisfy the injury-in-fact requirement of Article III."[111]  The Court, however, noted that it is possible for a "risk of real harm" to "satisfy the requirement of concreteness," and acknowledged that "the violation of a procedural right granted by statute can be sufficient in some circumstances to constitute injury in fact."[112] After the decisions in Clapper and Spokeo, plaintiffs have become more adept at pleading standing, and more and more suits are therefore surviving motions to dismiss.  In the immediate wake of Clapper, the majority of courts deciding data breach cases held that absent allegations of actual identity theft or other fraud, increased risk of harm alone is insufficient to confer Article III standing.[113]  But plaintiffs have succeeded in pleading the requisite "certainly impending" harm when they are able to point to alleged injuries such as unlawful charges, restricted or blocked access to bank accounts, inability to pay bills, or late payment charges or new card fees.[114]  In the short time since the Supreme Court’s decision in Spokeo, lower courts have continued to grapple with when, and how, a statutory violation can create standing.  While several courts have held that plaintiffs fail to allege a concrete injury when their harm is based on a procedural violation of a statute,[115] others have found that plaintiffs can survive under Spokeo, especially where a statute creates substantive, not only procedural, rights.[116] One issue that could arise for health care, pharmaceutical and biotech companies in this context relates to the nature of the information they possess.  Whereas plaintiffs have had difficulty showing that mere disclosure of their identity—without more—creates standing, health-related information is more sensitive.  Thus far, medical information has not necessarily been subject to any heightened standard absent a showing of actual harm.  Indeed, several courts that have considered alleged breaches related to medical records and personal health information have declined to find standing.[117]  But as plaintiffs become more adept at pleading around the standing requirement, precisely how courts analyze standing in the context of health-related information after Clapper and Spokeo remains to be seen. 4.4     Shareholder and Securities Litigation 4.4.1      Shareholder Derivative Litigation Some corporate data breaches also may result in shareholder derivative litigation against a company’s officers and directors, alleging breaches of fiduciary duties, mismanagement, abuse of control, and/or corporate waste relating to a company’s policies and procedures concerning cybersecurity, disclosures, and response to cyberattacks.  To date, plaintiffs have not had great success pursuing such claims.  But the risk of shareholder derivative litigation remains alive in any data breach situation, so boards and officers should be proactive in addressing cybersecurity practices and disclosures both before and after any breach to protect themselves against liability. In Palkon v. Holmes, one of the few cases to address claims against directors and officers after a cyberattack, plaintiff filed a derivative lawsuit in the District of New Jersey against directors and officers of Wyndham Hotels.  After making a demand on the board that was refused, plaintiff brought an action asserting claims for breach of fiduciary duty, waste of corporate assets, and unjust enrichment, relating to three separate data breaches that took place between April 2008 and January 2010 and impacted more than 600,000 customers, alleging that the defendants failed to implement adequate data security mechanisms and failed to timely disclose the breaches after they occurred.[118]  In October 2014, the district court dismissed the action, finding that the board’s refusal of the shareholder demand constituted a legitimate exercise of the business judgment rule.  The court based this finding on a number of factors, including the fact that the board and audit committee had discussed the breaches and data security at numerous meetings, the company had hired technology security firms to investigate the breaches and make recommendations, and the company had begun to implement the recommendations.[119] One of the most prominent derivative actions based on a cyberattack was brought against directors and officers of Target after a breach in 2013 compromised credit card and personal data of up to 110 million people.  In Davis v. Steinhafel, plaintiffs filed derivative lawsuits against Target directors and officers, asserting claims of breach of fiduciary duty, gross mismanagement, waste of corporate assets, and abuse of control.  Plaintiffs alleged that the defendants failed to take adequate steps to prevent a cyberattack, concealed facts from the public, and "bungled" the company’s response to the attack.  In response to the derivative lawsuits and a demand on the board, Target’s board established a Special Litigation Committee, which conducted an extensive, two-year investigation into whether it was in the corporation’s best interests to pursue any of the claims.  The Special Litigation Committee ultimately concluded that it was not in Target’s best interests to pursue such claims based on numerous factual and legal considerations, including the applicability of the business judgment rule protecting reasonably prudent good faith business decisions.[120] After issuing a report containing its conclusions, the Committee made a motion to dismiss the action, which was unopposed by plaintiffs, and was granted in July 2016.[121] Plaintiffs brought similar claims against directors and officers of Home Depot following another high-profile data breach.  In In re the Home Depot, Inc. Shareholder Derivative Litigation, Home Depot shareholders filed a derivative lawsuit in September 2015 in district court in Georgia.  On November 30, 2016, the court dismissed the action on grounds that shareholders failed to either demand that the board take action or demonstrate that such a demand would have been futile.[122]  Since the Home Depot plaintiffs made no demand prior to filing suit, the court turned to the issue of demand futility.[123]  To demonstrate demand futility under Delaware law, a plaintiff must plead particularized facts that establish reasonable doubt regarding the ability and willingness of the board to evaluate a demand in a disinterested manner.[124]  With regard to plaintiffs’ primary claim for breach of the duty of loyalty, the court found that "[w]hen added to the general demand futility standard, the Plaintiffs essentially need to show with particularized facts beyond a reasonable doubt that a majority of the Board faced substantial liability because it consciously failed to act in the face of a known duty to act."[125]  The court concluded that plaintiffs’ allegations that the board violated this duty by disbanding Home Depot’s infrastructure committee and moving too slowly in addressing the security breach were insufficient to overcome this "incredibly high hurdle."[126]  After arriving at a similar conclusion for the claims for corporate waste[127] and violations of Section 14(a) of the Securities Exchange Act,[128] the court held that plaintiffs’ failure to make a pre-suit demand was not excused, dismissed the case with prejudice, and permitted defendants to recover costs.[129] Although the hurdles for success of such shareholder claims remain high, a company experiencing a major breach should be prepared for such litigation.  As the decisions to date demonstrate, in such litigation, it will be important for any defense of directors and officers to be able to show that cybersecurity risks are routinely considered and addressed, even before a breach occurs.  4.4.2     Securities Class Action Litigation In addition to shareholder derivative litigation, in the wake of a cyberattack, there is also a risk of securities class actions premised on a company’s public disclosures about its cybersecurity practices and risks, particularly if a disclosure concerning a breach causes a significant stock price drop. A good starting point for any company seeking to understand its obligations with regard to disclosures about data security is the SEC’s 2011 guidance.[130]  As discussed above in Section 2.3.1, the SEC has recommended that registrants make disclosures related to data security in certain circumstances, including where the risks associated with potential or actual cyber incidents represents a material event for the company or could have a material effect on the financial condition of the company.[131] In the few securities cases that have been filed, plaintiffs have argued that companies committed securities fraud by making misleading statements about their data security practices or the risks posed by cybersecurity incidents or breaches.  For example, in January 2017, Yahoo! Inc. (now Altaba Inc.) was sued after announcements in September and December 2016 that it had suffered significant cybersecurity breaches..[132]  Thus far, however, these types of theories have been largely unsuccessful.  Indeed, in one of the few cases to address such theories, a court rejected plaintiffs’ claims and recognized that even a company’s good-faith statements can be quickly outdated given the challenges of data security issues.[133]  As one court has noted, "[t]he fact that a company has suffered a security breach does not demonstrate that the company did not place significant emphasis on maintaining a high level of security."[134] Nonetheless, the threat of securities fraud litigation is another reason that every company should carefully evaluate its public disclosures regarding its data security practices and risks. 5.     Conclusion Given the varied cybersecurity-related regulatory and litigation risks that health care, pharmaceutical, and biotech companies face, planning, assessment, and preparation are key.  Among other things, such activities require close coordination between companies’ legal, IT, and senior management teams with regard to setting strategy; auditing areas of cyber risk; and developing, implementing, and testing response plans.  While no defense is perfect, making such preparations may help companies minimize the impact of any cybersecurity incidents when such incidents occur.  [1]   15 U.S.C. § 45(a)(1).    [2]   See FTC v. Wyndham Worldwide Corp., 799 F.3d 236, 242 (3d Cir. 2015).     [3]   See Fed. Trade Comm’n, "Commission Statement Marking the FTC’s 50th Data Security Settlement" (Jan. 31, 2014), available at https://www.ftc.gov/system/files/documents/cases/140131gmrstatement.pdf.    [4]   See Wyndham, 799 F.3d at 247.  The hotel chain Wyndham Worldwide Corp. raised this argument (among others) in response to an enforcement action brought by the FTC in the wake of three data breaches suffered by the company.  The FTC alleged that the hotelier’s failure to use encryption, firewalls, and non-obvious passwords constituted an "unfair" practice under Section 5 of the FTC Act.  After Wyndham challenged the FTC’s ability to bring its case, in 2015 the Third Circuit unanimously upheld the FTC’s jurisdiction over such issues.  Id. at 240.  Wyndham entered into a consent order with the FTC shortly thereafter.  Press Release, Fed. Trade Comm’n, Wyndham Settles FTC Charges It Unfairly Placed Consumers’ Payment Card Information At Risk (Dec. 9, 2015), available athttps://www.ftc.gov/news-events/press-releases/2015/12/wyndham-settles-ftc-charges-it-unfairly-placed-consumers-payment.     [5]   Complaint, In the Matter of LabMD, Inc., No. 102-3099 (Aug. 28, 2013), No. 9357.    [6]   Specifically, LabMD challenged the FTC’s authority to bring an enforcement action on three bases, arguing: (1) only HHS is empowered to regulate patient-related or health care data-security practices, and the FTC is thus preempted from initiating enforcement actions in this area; (2) Congress intended for the FTC’s Section 5 "unfairness" authority to be limited and very narrow in scope, demonstrated by the fact that Congress has enacted many other specific statutes governing data security; and (3) the FTC had failed to publish guidelines or standards for data security practices that LabMD could follow and, as a result, the company did not have fair notice as to what a violation of Section 5 would entail.[6]  See Petition for Review from the Fed. Trade Comm’n, In the Matter of LabMD Inc., No. 16-16270, 2016 WL 7474626 (11th Cir. Dec. 27, 2016).    [7]   See Order, In the Matter of LabMD Inc., No. 16-16270 (11th Cir. Nov. 10, 2016).    [8]   For example, a recent settlement involving mobile advertising company inMobi required the company to pay $950,000 in civil penalties and implement a new privacy program that will be independently audited for the next 20 years.  See Press Release, Fed. Trade Comm’n, Mobile Advertising Network InMobi Settles FTC Charges It Tracked Hundreds of Millions of Consumers’ Locations Without Permission (June 22, 2016), available athttps://www.ftc.gov/news-events/press-releases/2016/06/mobile-advertising-network-inmobi-settles-ftc-charges-it-tracked.  See also Press Release, Fed. Trade Comm’n, ASUS Settles FTC Charges That Insecure Home Routers and "Cloud" Services Put Consumers’ Privacy At Risk (Feb. 23, 2016), available athttps://www.ftc.gov/news-events/press-releases/2016/02/asus-settles-ftc-charges-insecure-home-routers-cloud-services-put; Press Release, Fed. Trade Comm’n, FTC Approves Final Order In TRUSTe Privacy Case (Mar. 18, 2015), available athttps://www.ftc.gov/news-events/press-releases/2015/03/ftc-approves-final-order-truste-privacy-case.     [9]   Fed. Trade Comm’n, Start with Security: A Guide for Business, Lessons Learned from FTC Cases (June 2015), available athttps://www.ftc.gov/system/files/documents/plain-language/pdf0205-startwithsecurity.pdf.   [10]   Fed. Trade Comm’n, Data Breach Response: A Guide for Business (Sept. 2016), available athttps://www.ftc.gov/tips-advice/business-center/guidance/data-breach-response-guide-business. [11]   Press Release, Fed. Trade Comm’n, New FTC Website Helps Small Businesses Avoid Scams and Cyber Attacks (May 19, 2017), available athttps://www.ftc.gov/news-events/press-releases/2017/05/new-ftc-website-helps-small-businesses-avoid-scams-cyber-attacks. [12]   799 F.3d at 259. [13]   Id. at 256–57. [14]   Press Release, Fed. Trade Comm’n, Joint Statement of Acting FTC Chairman Maureen K. Ohlhausen and FCC Chairman Ajit Pai on Protecting Americans’ Online Privacy (Mar. 1, 2017), available at https://www.ftc.gov/news-events/press-releases/2017/03/joint-statement-acting-ftc-chairman-maureen-k-ohlhausen-fcc.  [15]   45 C.F.R. § 164.500 et seq. [16]   Id. § 164.504. [17]   Id. § 164.506. [18]   Id. § 164.508. [19]   Id. § 164.510. [20]   Id. § 164.512. [21]   Id. § 164.508. [22]   Id. § 164.512(i). [23]   Id. § 164.512(b). [24]   Id. § 164.504. [25]   Id. §§ 164.302–164.318. [26]   Id. § 164.308. [27]   Id. § 164.400, et seq. [28]   Id. §§ 164.404, 406, 408. [29]   Id. § 164.410. [30]   Id. § 164.402. [31]   E.g., id. § 164.404(b). [32]   The settlements detailed below are only a sample of recent HHS OCR settlements and fines.  Nine settlements have been reached between HHS and various covered entities in the first half of 2017 alone.  A list of settlements can be accessed at https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/index.html. [33]   Press Release, U.S. Dep’t of Health and Human Servs., Office for Civil Rights, $2.5 million settlement shows that not understanding HIPAA requirements creates risk (Apr. 24, 2017), available at https://www.hhs.gov/about/news/2017/04/24/2-5-million-settlement-shows-not-understanding-hipaa-requirements-creates-risk.html. [34]   Press Release, U.S. Dep’t of Health and Human Servs., $5.5 million HIPAA settlement shines light on the importance of audit controls (Feb. 16, 2017), available athttps://www.hhs.gov/about/news/2017/02/16/hipaa-settlement-shines-light-on-the-importance-of-audit-controls.html. [35]   Press Release, U.S. Dep’t of Health and Human Servs., Office for Civil Rights, Lack of timely action risks security and costs money (Feb. 1, 2017), available athttps://www.hhs.gov/about/news/2017/02/01/lack-timely-action-risks-security-and-costs-money.html. [36]   Press Release, U.S. Dep’t of Health and Human Servs., Office for Civil Rights, UMass settles potential HIPAA violations following malware infection (Nov. 22, 2016), available athttps://www.hhs.gov/about/news/2016/11/22/umass-settles-potential-hipaa-violations-following-malware-infection.html. [37]   Id. [38]   Id. [39]  Press Release, U.S. Dep’t of Health and Human Servs., Advocate Health Care Settles Potential HIPAA Penalties for $5.55 Million, available at http://www.hhs.gov/about/news/2016/08/04/advocate-health-care-settles-potential-hipaa-penalties-555-million.html. [40]   Press Release, U.S. Dep’t of Health and Human Servs., Office for Civil Rights, $750,000 HIPAA settlement underscores the need for organization-wide risk analysis (Dec. 14, 2015), available athttps://www.hhs.gov/about/news/2015/12/14/750000-hipaa-settlement-underscores-need-for-organization-wide-risk-analysis.html?language=en. [41]   Id. [42]   Id. [43]   Lisa Lambert & Suzanne Barlyn, SEC says cyber security biggest risk to financial system, Reuters (May 18, 2016), available at http://www.reuters.com/article/us-finance-summit-sec-idUSKCN0Y82K4. [44]   SeeOCIE’s 2015 Cybersecurity Examination Initiative, Nat’l Exam Program Risk Alert, Vol. IV, Issue 8 (Sept. 15, 2015), available at https://www.sec.gov/ocie/announcement/ocie-2015-cybersecurity-examination-initiative.pdf; Carmen Germain, SEC Poised to Turn Cybersecurity Focus Into Enforcement, Law360.com, July 7, 2017, available athttps://www.law360.com/cybersecurity-privacy/articles/937197/sec-poised-to-turn-cybersecurity-focus-into-enforcement?nl_pk=daebfb21-b47a-48aa-a4f0-e78841e97f3a&utm_‌source=newsletter&‌utm_‌medium=email&utm_campaign=cybersecurity-privacy. [45]   Jay Clayton, Chairman, Sec. and Exch. Comm’n, Remarks at the Economic Club of New York (July 12, 2017), available at https://www.sec.gov/news/speech/remarks-economic-club-new-york. [46]   Sec. and Exch. Comm’n, CF Disclosure Guidance: Topic No. 2, Cybersecurity (Oct. 13, 2011), available at https://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm. [47]   Id. [48]   Comm’r Luis Aguilar, Sec. and Exch. Comm’n, Boards of Directors, Corporate Governance and Cyber-Risks: Sharpening the Focus (June 10, 2014), available at https://www.sec.gov/News/Speech/Detail/Speech/1370542057946. [49]   Id. [50]   OCIE’s Cybersecurity: Ransomware Alert, Nat’l Exam Program Risk Alert, Vol. VI, Issue 4 (May 17, 2017), available at https://www.sec.gov/files/risk-alert-cybersecurity-ransomware-alert.pdf. [51]   17 C.F.R. § 248.30; see also Sec. and Exch. Comm’n, Regulation S-P, available at https://www.sec.gov/spotlight/regulation-s-p.htm. [52]   Teri Robinson, "R.T. Jones reaches settlement with SEC in data breach case," SC Magazine (Sept. 23, 2015), available athttp://www.scmagazine.com/sec-hits-security-adviser-with-75000-penalty-in-breach-settlement/article/440268/. [53]   SeeIn re Craig Scott Capital, Sec. Exch. Act Release No. 77595, Admin. Proceeding File No. 3-17206 (Apr. 12, 2016) (Order), available athttps://www.sec.gov/litigation/admin/2016/34-77595.pdf. [54]   Press Release, Sec. and Exch. Comm’n, SEC: Morgan Stanley Failed to Safeguard Customer Data (June 8, 2016), available at https://www.sec.gov/news/pressrelease/2016-112.html. [55]   See In re Morgan Stanley Smith Barney LLC, Sec. Exch. Act Release No. 78021, Inv. Advisers Act Release No. 4415, Admin. Proceeding File No. 3-17280 (June 8, 2016), available athttps://www.sec.gov/litigation/admin/2016/34-78021.pdf. [56]   Id. at 6. [57]   Andrew Ceresney, Dir., Sec. and Exch. Comm’n, Compliance Outreach Program – 2016 National Seminar for Inv. Adviser and Inv. Co. Senior Officers, Webcast (Apr. 19, 2016), available athttps://www.sec.gov/video/webcast-archive-player.shtml?document_id=041916ccoia. [58]   James Scott & Drew Spaniel, Assessing the FDA’s Cybersecurity Guidelines for Medical Device Manufacturers: Why Subtle ‘Suggestions’ May Not Be Enough 1 (2016), available at http://icitech.org/wp-content/uploads/2016/02/ICIT-Blog-FDA-Cyber-Security-Guidelines2.pdf. [59]   Food and Drug Admin., Postmarket Management of Cybersecurity in Medical Devices: Guidance for Industry and Food and Drug Administration Staff (Dec. 2016), available at https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM482022.pdf. [60]   Food and Drug Admin., Webinar – Postmarket Management of Cybersecurity in Medical Devices Final Guidance (Jan. 12, 2017), available at https://www.fda.gov/MedicalDevices/NewsEvents/WorkshopsConferences/ucm534592.htm. [61]   Food and Drug Admin., Content of Premarket Submissions for Management of Cybersecurity in Medical Devices; Guidance for Industry and Food and Drug Administration Staff; Availability, 79 Fed. Reg. 59,493 (Oct. 2, 2014), available at https://www.federalregister.gov/documents/2014/10/02/2014-23457/content-of-premarket-submissions-for-management-of-cybersecurity-in-medical-devices-guidance-for. [62]   Food and Drug Admin., Warning Letter to Abbott (St. Jude Medical Inc.) (Apr. 12, 2017), available at https://www.fda.gov/iceci/enforcementactions/warningletters/2017/ucm552687.htm. [63]   See, e.g., 201 CMR 17.00 (promulgated under Mass. Gen. Law 93H) (establishing minimum data security standards for storing consumers’ personal information); Nev. Rev. Stat. 603A.210 (same). [64]   See, e.g., California v. Kaiser Foundation Health Plan, Inc., No. RG14711370 (Cal. Sup. Ct., Alameda Co., Feb. 10, 2014) (Kaiser paid $150,000 to settle claims by the California Attorney General that Kaiser’s notification regarding a breach of personal information was unreasonably delayed; according to the California Attorney General, Kaiser should have provided notice as soon as it determined that particular individuals’ information had been or was "reasonably believed to have been" breached.). [65]   Rachel Abrams, Target to Pay $18.5 Million to 47 States in Security Breach Settlement (May 23, 2017), available at https://www.nytimes.com/2017/05/23/business/target-security-breach-settlement.html. [66]   Atty. Gen. Kamala D. Harris, Cybersecurity in the Golden State: How California Businesses Can Protect Against and Respond to Malware, Data Breaches and Other Cyberincidents (Feb. 2014), available athttps://oag.ca.gov/sites/all/files/agweb/pdfs/cybersecurity/2014_cybersecurity_guide.pdf. [67]   On March 1, 2017, new cybersecurity regulations enforced by the New York State Department of Financial Services ("DFS") became effective.  See http://www.dfs.ny.gov/about/cybersecurity.htm.  [68]   See Charter of Fundamental Rights of the European Union art. 8, 2000 O.J. C 364/01, available athttp://www.europarl.europa.eu/charter/pdf/text_en.pdf. [69]   See Directive 95/46/EC of the European Parliament and of the Council of 24 Oct. 1995 on the Protection Of Individuals With Regard To The Processing Of Personal Data And On The Free Movement Of Such Data, 1995 O.J. L 281/31, available athttp://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:31995L0046&from=EN.‌ [70]   See id. at 47–48. [71]   Issuance of Safe Harbor Principles and Transmission to European Commission, 65 Fed. Reg. 45666 (July 24, 2000). [72]   See Case C-362/14, Maximillian Schrems v. Data Prot. Comm’r, 2015 E.C.R. I-1-35, available athttps://cdt.org/files/2015/10/schrems.pdf. [73]   A complete overview of the requirements and benefits of the Framework is maintained at www.privacyshield.gov. [74]   Queen’s Speech: new data protection law, BBC (June 21, 2017), available at http://www.bbc.com/news/technology-40353424. [75]   China data protection tightened in new laws, BBC (May 31, 2017), available athttp://www.bbc.com/news/technology-40106826. [76]   Mike Orcutt, Unprecedented Cyber Law Signals Its Intent to Protect a Precious Commodity: Data, MIT Technology Review (June 1, 2017), available athttps://www.technologyreview.com/s/608010/chinas-unprecedented-cyber-law-signals-its-intent-to-protect-a-precious-commodity-data/. [77]   Sophia Yan, China’s new cybersecurity law takes effect today, and many are confused, CNBC (June 1, 2017), available at http://www.cnbc.com/2017/05/31/chinas-new-cybersecurity-law-takes-effect-today.html. [78]   E.g., Smith v. Triad of Ala., LLC, 2017 WL 1044692 (M.D. Ala. Mar. 17, 2017) (discussing data breach that allegedly involved a maximum of 1,208 affected individuals); Khan v. Children’s Nat’l Health Sys., 188 F. Supp. 3d 524, 527 (D. Md. 2016) (allegations based on purported disclosure of 18,000 patient records). [79]   See Order re Motion for Preliminary Approval of Class Settlement, Corona v. Sony Pictures Entm’t, Inc., No. 14-cv-09600 (C.D. Cal. Nov. 24, 2015); see also Ben Fritz, Sony Pictures Settles Emp. Class Action Over Hack, Wall St. J., Oct. 20, 2015, available athttp://www.wsj.com/articles/sony-pictures-settles-employee-class-action-over-hack-1445369345. [80]   See, e.g., Dugas v. Starwood Hotels & Resorts Worldwide, Inc., No. 16-CV-00014, 2016 WL 6523428, at *12 (S.D. Cal. Nov. 3, 2016) (discussing allegations that defendant "did not take adequate security measures to protect the information they obtained, [] and that Defendants owed a duty to Plaintiff and class members to exercise reasonable care in [] securing, safeguarding, and protecting [] personal information" (internal quotations and citations omitted)); see also In re Sony Gaming Networks & Customer Data Sec. Breach Litig., 996 F. Supp. 2d 942, 963 (S.D. Cal. 2014) (discussing allegations that "Sony had a duty to provide reasonable security consistent with industry standards, to ensure Sony Online Services were secure, and to protect Plaintiffs’ Personal Information from theft or misuse . . . . [and that] Sony breached this duty by failing to adequately secure its network"). [81]   See, e.g., In re Barnes & Noble Pin Pad Litig., No. 12-CV-8617, 2013 WL 4759588, at *4 (N.D. Ill. Sept. 3, 2013) (dismissing invasion of privacy claim for lack of standing). [82]   See, e.g., In re Target Corp. Data Sec. Breach Litig., 66 F. Supp. 3d 1154, 1177–78 (D. Minn. 2014) (discussing theory of unjust enrichment in data breach cases). [83]   See, e.g., In re Sony Gaming Networks & Customer Data Sec. Breach Litig., 996 F. Supp. 2d 942, 976, 990 (S.D. Cal. 2014) (granting in part and denying in part a motion to dismiss claim for negligent and fraudulent misrepresentations). [84]   15 U.S.C. § 1681. [85]   5 U.S.C. § 552a. [86]   18 U.S.C. § 2702(a)(1). [87]   See, e.g., Holmes v. Countrywide Fin. Corp., No. 08-CV-00205, 2012 WL 2873892, at *15–17 (W.D. Ky. July 12, 2012) (granting motion to dismiss under FCRA where claims were not against a "consumer credit reporting agency"); In re Sci. Applications Int’l Corp. (SAIC) Backup Tape Data Theft Litig., 45 F. Supp. 3d 14, 28–34 (D.D.C. 2014) (granting motion to dismiss claims under the Privacy Act); Worix v. MedAssets, Inc., 857 F. Supp. 2d 699, 701 (N.D. Ill. 2012) (granting motion to dismiss under Stored Communications Act). [88]   There are also a handful of federal statutes that plaintiffs use to litigate data privacy issues—separate from instances of data breaches.  These statutes (e.g., the Wiretap Act or the Telephone Consumer Protection Act) most often focus on the collection or disclosure of communications. [89]   In re Michaels Stores Pin Pad Litig., 830 F. Supp. 2d 518, 528 (N.D. Ill. 2011) (denying motion to dismiss under Illinois Consumer Fraud Act). [90]   See, e.g., 201 CMR 17.00 (Massachusetts’ "Standards for the Protection of Personal Information of Residents of the Commonwealth"). [91]   See, e.g., Cal. Civ. Code §§ 1798.29, 1798.80 et seq.; N.Y. Gen. Bus. Law § 899-aa; N.Y. State Tech. Law § 208. [92]   See, e.g., Remijas v. Neiman Marcus Grp., LLC, 794 F.3d 688, 690–91 (7th Cir. 2015) (discussing claims for "negligence, breach of implied contract, unjust enrichment, unfair and deceptive business practices, invasion of privacy, and violation of multiple state data breach laws"). [93]   See, e.g., In re Anthem, Inc. Data Breach Litig., No. 15-MD-02617, 2016 WL 3029783, at *39 (N.D. Cal. May 27, 2016) (discussing claims under state laws in New Jersey, New York, California, and Georgia). [94]   See, e.g., In re Target Corp. Data Sec. Breach Litig., 66 F. Supp. 3d at 1176–77 (discussing claims for breach of a credit card contract and "an implied contract in which Plaintiffs agreed to use their credit or debit cards to purchase goods at Target and Target agreed to safeguard Plaintiffs’ personal and financial information"). [95]   For example, companies have been subject to lawsuits by business partners, including financial institutions and other entities which suffered financial losses associated with a cyberattack on a business partner.  This type of litigation has arisen most frequently against retailers when credit and debit cards have been compromised.  See, e.g., Consolidated Class Action Complaint, In re Target Corp. Customer Data Sec. Breach Litig., No. 14-md- 02522 (D. Minn. Aug. 1, 2014) ECF No. 163. [96]   See, e.g., Darlene Storm, MEDJACK: Hackers hijacking medical devices to create backdoors in hospital networks, Computerworld (June 8, 2015), available at http://www.computerworld.com/article/2932371/cybercrime-hacking/medjack-hackers-hijacking-medicaldevices-to-create-backdoors-in-hospital-networks.html. [97]   In re Google, Inc. Privacy Policy Litig., No. 12-CV-01382, 2013 WL 6248499, at *4 (N.D. Cal. Dec. 3, 2013). [98]   133 S. Ct. 1138, 1147 (2013). [99]   Id. at 1148. [100]   Id. at 1151. [101]   136 S. Ct. 1540 (2016), as revised (May 24, 2016). [102]   Id. at 1543 [103]   Robins v. Spokeo, Inc., 742 F.3d 409, 413–14 (9th Cir. 2014) (emphasis in original). [104]   Spokeo, Inc., 136 S. Ct. at 1548–50. [105]   Id. at 1548 (emphasis in original). [106]   Id. [107]   Id. [108]   Id. at 1549. [109]   Id. [110]   Id. [111]   Id. [112]   Id. [113]   See, e.g., Storm v. Paytime, Inc., 90 F. Supp. 3d 359, 368 (M.D. Pa. 2015) (finding no standing where plaintiffs did not allege that they actually suffered any form of identity theft as a result of the defendant’s data breach); Green v. eBay Inc., No. 14-1688, 2015 WL 2066531, *1, *5 (E.D. La. May 4, 2015) (citing Clapper and finding threat of future harm stemming from disclosure of names, passwords, birthdates, email and physical addresses "far too hypothetical or speculative"); Peters v. St. Joseph Servs. Corp., 74 F. Supp. 3d 847, 850, 854 (S.D. Tex. 2015) (finding alleged future harm "speculative" where disclosed information included social security numbers, addresses, medical records and bank account information, and where fraudulent credit card purchase was declined); In re Zappos.com, Inc., 108 F. Supp. 3d 949, 958–59 (D. Nev. 2015) (distinguishing cases within the Ninth Circuit that conferred standing based on increased risk of harm alone, and holding that increased risk of future harm was insufficient to confer standing given no evidence of personal data misuse in three-year period). [114]   See, e.g., Galaria v. Nationwide Mut. Ins. Co., No. 15-3386, 2016 WL 4728027, at *3 (6th Cir. Sept. 12, 2016) (finding standing based on "a substantial risk of harm, coupled with reasonably incurred mitigation costs"); Remijas, 794 F.3d at 692 (finding standing based on allegations of, among other things, "lost time and money resolving [] fraudulent charges" and "protecting [] against future identity theft"). [115]   See, e.g., Smith v. Ohio State Univ., No. 15-CV-3030, 2016 WL 3182675, at *4 (S.D. Ohio June 8, 2016) (finding no Article III standing under FCRA); Gubala v. Time Warner Cable, Inc., No. 15-cv-1078, 2016 WL 3390415, at *5 (E.D. Wis. June 17, 2016) (finding plaintiff failed to allege a concrete harm where his suit was based on the defendant’s failure to comply with the Cable Communications Policy Act); Khan, 188 F. Supp. 3d at 534 (finding plaintiff failed to connect the alleged statutory and common law violations to a concrete harm). [116]   Aranda v. Caribbean Cruise Line, Inc., No. 12 C 4069, 2016 WL 4439935, at *6 (N.D. Ill. Aug. 23, 2016) (finding plaintiff’s allegations of harm under the Telephone Consumer Protection Act were "concrete and particularized, traceable to defendants’ conduct, and judicially redressable"). [117]   See Fernandez v. Leidos, Inc., 127 F. Supp. 3d 1078, 1087 (E.D. Cal. 2015)  (holding plaintiff had not "shown he has standing to bring actual identity theft, identity fraud and/or medical fraud claims"); In re Sci. Applications Int’l Corp. (SAIC) Backup Tape Data Theft Litig., 45 F. Supp. 3d at 19 ("[T]he mere loss of data—without evidence that it has been either viewed or misused—does not constitute an injury sufficient to confer standing."). [118]   Verified Shareholder Derivative Complaint for Breach of Fiduciary Duty, Waste of Corporate Assets, and Unjust Enrichment, Palkon v. Holmes, No. 14-cv-01234, 2014 WL 11071195 (D.N.J. May 2, 2014). [119]   Palkon v. Holmes, No. 14-cv-01234, 2014 WL 5341880, at *5–7 (D.N.J. Oct. 20, 2014). [120]   Target Corp. Report of the Special Litig. Comm., Davis v. Steinhafel, No. 14-cv-00203 (D. Minn. May 5, 2016), ECF No. 62-2. [121]   Davis v. Steinhafel, No. 14-cv-00203 (D. Minn. July 7, 2016), ECF No. 88. [122]   Opinion and Order at 11, In re The Home Depot, Inc. S’holder Derivative Litig., No. 1:15-cv-2999-TWT (N.D. Ga. Nov. 30, 2016), ECF No. 62. [123]   Id. at 11–12. [124]   Id. at 13–14. [125]   Id. at 14. [126]   Id. at 14–18. [127]   Id. at 22. [128]   Id. at 30. [129]   Judgment at 1, In re The Home Depot, Inc. S’holder Derivative Litig., No. 1:15-cv-2999-TWT (N.D. Ga. Nov. 30, 2016), ECF No. 63.  Before plaintiffs appealed, the parties reached a settlement including $1,125,000 in attorneys’ fees to plaintiffs.  See  In re The Home Depot, Inc. S’holder Derivative Litig., No. 1:15-CV-2999, 2017 WL 1830055 (N.D. Ga. Apr. 28, 2017) (stipulation of settlement and release agreement). [130]   See Sec. & Exch. Comm’n, Div. of Corp. Fin., CF Disclosure Guidance: Topic No. 2 – Cybersecurity (Oct. 13, 2011), available at https://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm. [131]   See id. [132]   See Complaint, Madrack v. Yahoo! Inc., No. 5:17-cv-00373 (N.D. Cal. Jan. 24, 2017). [133]   See, e.g., In re Heartland Payment Sys., Inc. Sec. Litig., No. 09-1043, 2009 WL 4798148, at *2, *7 (D.N.J. Dec. 7, 2009) (granting motion to dismiss where plaintiffs alleged that "statements concerning the general state of security [] [we]re fraudulent because [company officers] were aware that Heartland had poor data security and had not remedied the problem"); Avila v. LifeLock Inc., No. 15-01398, 2016 WL 4157358, at *7 (D. Ariz. Aug. 3, 2016) (granting motion to dismiss claims of misrepresentations concerning effectiveness of identity theft protection services and compliance with applicable payment card industry standards because plaintiffs failed to show that public statements regarding the company’s data security practices were made with scienter). [134]   In re Heartland Payment Sys., 2009 WL 4798148, at *5 (internal quotations omitted). The following Gibson Dunn lawyers prepared this client update: Jennifer L. Conn, Ryan T. Bergsieker, Reid F. Rector and Danielle Serbin. Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding the above developments.  Please contact the Gibson Dunn lawyer with whom you usually work, or the following authors: Jennifer L. Conn – New York (+1 212-351-4086, jconn@gibsondunn.com)Ryan T. Bergsieker – Denver (+1 303-298-5774, rbergsieker@gibsondunn.com) Please also feel free to contact the following practice group leaders: Alexander H. Southwell – Chair, Privacy, Cybersecurity and Consumer Protection Practice, New York (+1 212-351-3981, asouthwell@gibsondunn.com) Caroline Krass – Chair, National Security Practice, Washington, D.C. (+1 202-887-3784, ckrass@gibsondunn.com) Daniel J. Thomasch – Co-Chair, Life Sciences Practice, New York (+1 212-351-3800, dthomasch@gibsondunn.com) Tracey B. Davies – Co-Chair, Life Sciences Practice, Dallas (+1 214-698-3335, tdavies@gibsondunn.com) Ryan A. Murr – Co-Chair, Life Sciences Practice, San Francisco (+1 415-393-8373, rmurr@gibsondunn.com) Stephen C. Payne – Chair, FDA and Health Care Practice, Washington, D.C. (+1 202-887-3693, spayne@gibsondunn.com)   © 2017 Gibson, Dunn & Crutcher LLP Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

August 2, 2017 |
Webcast: 2017 Mid-Year Update: The False Claims Act and Drug and Device Manufacturers

​The False Claims Act (FCA) is well-known as one of the most powerful tools in the government’s arsenal to combat fraud, waste and abuse anywhere government funds are implicated. The U.S. Department of Justice has made clear that vigorous FCA enforcement is here to stay,  with newly filed cases remaining at historical peak levels and the DOJ  on pace to recover more than $3 billion from FCA cases for the seventh straight year.  More than ever, any company that deals in government funds—including companies in the education, health care and life sciences, government contracting and financial services sectors—needs to stay abreast of how the government and private whistleblowers alike are wielding this tool, and how they can prepare and defend themselves. Please join Gibson Dunn for a 90-minute discussion of the latest developments in FCA, including: The latest trends in FCA enforcement actions and associated litigation involving drug and device manufacturers; Updates on the Trump Administration’s approach to FCA enforcement; Notable legislative and administrative developments affecting the FCA’s statutory framework and application; and The latest developments in FCA case law following the Supreme Court’s Escobar decision. View Slides PDF   PANELISTS: Stuart Delery is a partner in the Washington, D.C. office. He represents corporations and individuals in high-stakes litigation and investigations that involve the federal government across the spectrum of regulatory litigation and enforcement. Previously, as the Acting Associate Attorney General of the United States (the third-ranking position at the Department of Justice) and as Assistant Attorney General for the Civil Division, he supervised the DOJ’s enforcement efforts under the FCA, FIRREA and the Food, Drug and Cosmetic Act. Marian J. Lee is a partner in the Washington, D.C. office, where she provides FDA regulatory and compliance counseling to life science and health care companies. She has significant experience advising clients on FDA regulatory strategy, risk management, and enforcement actions. She regularly advises companies during FDA inspections and investigations, and she has led an array of regulatory assessments for mergers, acquisitions, and other transactions involving FDA-regulated entities. John Partridge is a partner in the Denver office. He focuses on white collar defense, internal investigations, regulatory inquiries, corporate compliance programs, and complex commercial litigation. He has particular experience with the FCA and the FCPA, including advising major corporations regarding their compliance programs. Jonathan Phillips is a senior associate in the Washington, D.C. office, where his practice focuses on FDA and health care compliance, enforcement, and litigation, as well as other government enforcement matters and related litigation. He has substantial experience representing pharmaceutical, medical device, and health care provider clients in investigations by the DOJ, FDA, and Department of Health and Human Services Office of Inspector General. Previously, he served as a Trial Attorney in the Civil Division, Fraud Section of the DOJ, where he investigated and prosecuted allegations of fraud against the U.S. under the FCA and related statutes.   MCLE CREDIT INFORMATION: This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 1.80 credit hours, of which 1.80 credit hours may be applied toward the areas of professional practice requirement.  This course is approved for transitional/non-transitional credit only. Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast.  Please contact Jeanine McKeown (National Training Administrator), at 213-229-7140 or jmckeown@gibsondunn.com  to request the MCLE form. Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.50 hours. California attorneys may claim “self-study” credit for viewing the archived version of this webcast.  No certificate of attendance is required for California “self-study” credit.