Reed Smith’s Global Regulatory Enforcement Law Blog features a post on a recent meeting at which Justice ministers from across the European Union managed to agree on a partial general approach on several aspects of the draft Data Protection Regulation, which aims to set out a general EU framework for data protection. The ministers have not yet been able to reach a consensus on the proposed structure for resolving disputes related to data protection and privacy, which would involve the creation of a single European Data Protection Board. According to the press release, while the majority of ministers appear to be in favor of the “general architecture” of the proposed structure, more work will be needed before the final Data Protection Regulation is approved and adopted – which may not happen until 2016. For more information, read “EU Council Agrees on Partial General Approach to General Data Protection Regulation” by Reed Smith Partner Cynthia O’Donoghue.
The Consolidated and Further Continuing Appropriations Act, 2015, an omnibus spending bill that provides funding for many areas of federal government in the remainder of FY 2015, was passed by Congress and signed into law by President Obama on December 16, 2014. Among the allocations that the bill provides is $5.4 billion to several regulatory agencies tasked with responding to the Ebola epidemic, both within the United States and internationally. “FY 2015 Ebola Federal Funding: Congressional Increases and Program Support,” a post on Reed Smith’s Global Regulatory Enforcement Law Blog written by attorneys Lorraine Campos, Christopher Rissetto and Robert Helland, breaks down the Ebola-related funding by detailing the amount each regulatory agency will receive and specifically how the bill has designated that the money be used. The federal agencies that will be receiving funding for Ebola response in 2015 include the Centers for Disease Control and Prevention, Department of Defense, Food and Drug Administration, Department of Health and Human Services, National Institutes of Health and Department of State.
To read the full post, click here.
Reed Smith’s Global Regulatory Enforcement Law Blog features a post on a recent set of guidelines issued by the European Union’s Article 29 Data Protection Working Party outlining how EU Data Protection Authorities (DPAs) intend to implement the judgment of the Court of Justice of the European Union in Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González (C-131/12) (Google Spain), which set a milestone for EU data protection by granting individuals the right to request that search engines to delist search results relating to them. The guidelines provide a common interpretation of the ruling as well as the common criteria to be used by the DPAs when addressing complaints. For additional details, read “EU Art. 29 Releases Guidelines on the Right to be Forgotten,” by Reed Smith Partner Cynthia O’Donoghue.
On December 8, 2014, the HHS Office for Civil Rights (OCR) announced that it has agreed to settle potential HIPAA Security Rule violations with Anchorage Community Mental Health Services (ACMHS), a five-facility, nonprofit organization providing behavioral health care services to children, adults, and families in Anchorage, Alaska. ACMHS has agreed to pay $150,000 to settle potential violations of HIPAA following an OCR investigation triggered by a self-reported breach that affected 2,743 individuals.Continue Reading...
Over on the Drug & Device Law blog, Reed Smith partner Steven Boranian examines the Ninth Circuit Court of Appeals’ decision in Corber v. Xanodyne Pharmaceuticals, Inc. The question before the Ninth Circuit in Corber involved removal to federal court under the Class Action Fairness Act of 2005 (CAFA). Although the plaintiffs originally filed their complaints with less than 100 plaintiffs each, a later request for coordination raised the prospect that more than 100 plaintiffs were seeking to have their cases tried jointly. As Steven explains, the Ninth Circuit looked past the plaintiffs’ disclaimers that no such trial was intended, to the substance of their coordination petition and agreed the CAFA removal thresholds had been crossed. Read the full post here.
According to a recent study, the median amount of time between a breach of a company’s cybernetwork and the discovery of that breach is 229 days. Given this lengthy amount of time, companies should consider the benefits of an expanded cyberliability insurance policy period, particularly if the company is switching from one insurance provider to another. As discussed in “Hackers Don’t Care About the Terms of Your Insurance Policy: The Importance of Retroactive Dates and Extended Reporting Periods in Effective Cyberliability Insurance Coverage,” a client alert written by Reed Smith partners Brian Himmel, Andrew Moss, David Weiss and Cristina Shea, two such options for expanding the policy period are retroactive dates (shifting the effective date of coverage back, to capture events that occurred or were occurring but were not yet discovered when the policy was purchased) and extended reporting periods (which provide additional time to report events that are not discovered until after the end of the policy period).
To read the client alert, click here.
Proposed Rule Re Submitting Clinical Trial Registration and Results, Including Adverse Event Information, To ClinicalTrials.gov Database
As mentioned on our Health Industry Washington Watch blog, the National Institutes of Health has released a proposed rule designed to provide clarity on the requirements surrounding the submission of information to ClinicalTrials.gov, as mandated by the Food and Drug Administration Amendments Act of 2007.
Among the proposed requirements is summary results submission for clinical trials involving all pharmaceuticals, medical devices and biological products, regardless of whether they have been approved, licensed or cleared by the Food and Drug Administration, timetable restrictions for the registration of a clinical trial and submission of summary results, and guidelines for the reporting of adverse events.
The proposed rule will officially be published on November 21, 2014, and comments will be accepted for 90 days thereafter.
To read the entire post, click here.
In light of the recent Ebola outbreak and concerns over health safety, members of the U.S. Senate’s Health, Education, Labor, and Pensions (HELP) Committee have introduced a bill that would add Ebola to the Food and Drug Administration’s (FDA) priority review voucher program, which is designed as an incentive for developers of treatments and vaccines for neglected tropical diseases. Senators Tom Harkin (D-IA), Chairman of the HELP Committee, and Lamar Alexander (R-TN), Ranking Member of the HELP Committee, both expressed hope that passing this bill would encourage developers to devote knowledge and effort towards treating and preventing Ebola.
The HELP Committee is scheduled to vote on the bill on November 19th. To read the HELP Committee’s press release discussing the bill, click here.
The Drug & Device Law bloggers have taken an in-depth look at how each U.S. state (plus Washington, D.C. and Puerto Rico) has opted to address the concept of the heeding presumption—whether it is presumed that the learned intermediary would have “heeded” a different warning had it been given, and if so, how that presumption operates.
As Reed Smith attorney Jim Beck points out, there are plenty of differences in approach, from states that employ the heeding presumption, to those that recognize it in a limited capacity, and those that reject it entirely. To see the survey, click here.
This post was written by Jennifer Pike.
The recent Ebola outbreak has prompted the US Department of Health and Human Services, Office for Civil Rights (“OCR”), the agency responsible for enforcing the Health Insurance Portability and Accountability Act (“HIPAA”), to release a new bulletin for covered entities and business associates regarding their privacy obligations in emergency situations. The bulletin, entitled “HIPAA Privacy In Emergency Situations,” provides an overview of the limited ways in which covered entities and business associates may use and disclose protected health information in emergencies, such as the Ebola outbreak. The bulletin is available at http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/emergency/hipaa-privacy-emergency-situations.pdf.
Over on the Drug & Device Law blog, Reed Smith partner Jim Beck applauds the recent decision in Tyree v. Boston Scientific Corp., a case filed in the Southern District of West Virginia. Tyree manages to narrow the scope of the 2007 decision in State ex rel. Johnson & Johnson v. Karl, in which the court stated that the learned intermediary rule did not apply in West Virginia, making it the only U.S. state to reject the rule as a valid defense for manufacturers. In Tyree, the court has ruled that the Karl decision does not apply to medical device manufacturers that never engaged in direct-to-consumer (DTC) advertising. As a result, the learned intermediary rule’s invalidity in West Virginia has now been restricted to cases involving “drug manufacturers that engage in DTC advertising.” Read the full post here.
The number of qui tam actions brought under the False Claims Act (FCA) has increased dramatically over the past several years, as the incentives for bringing such claims have grown.
Reed Smith attorneys Brian Himmel and Natalie Metropulos have authored “Insuring Against FCA Suits in the Health Care Industry” in Corporate Counsel discussing the steps that health care service providers should take to insure themselves against allegations of FCA violations. Recommendations include assessing current insurance coverage for defending and resolving such claims, and additional types of policies that can provide FCA coverage.
To read the article, click here.
The bloggers at Drug & Device Law regularly keep up-to-date scorecards and cheat sheets on a host of topics useful to drug and device manufacturers in product liability litigation. Their adverse event report cheat sheet is one such resource, citing cases from across the country that have addressed whether adverse event reports (AERs) are admissible evidence on causation. Reed Smith associate Kevin Hara has updated this cheat sheet with the most recent decisions, and it is worth a look. In a post summarizing these updates, Kevin mentions the Wendell v. Johnson & Johnson decision, in which the court ruled that AERs cited by experts were insufficient in demonstrating medical causation. Such rulings support a legal tenet that is both simple and fair – if a plaintiff cannot prove that a particular product is even capable of causing an adverse event, the case should be decided in the defendant’s favor. Read the full post here.
Reed Smith’s Policyholder Perspective blog recently posted about an October 21, 2014 ruling in the U.S. District Court in South Carolina that sounds as if it came from a Hollywood film. In Evanston Insurance Company v. Agape Senior Primary Care, et al., 2014 WL 5365679, the court held that despite a false application for professional liability insurance submitted by an applicant pretending to be a doctor, the insurance afforded to the company and other doctors and nurses identified as named insureds under the policy remained in force, and was not void ab initio as to the innocent co-insureds. To read the full alert by Reed Smith attorneys Kevin Dreher and Natalie Metropulos, click here.
How will Protected Health Information (PHI) be used in the future? Reed Smith partner Brad Rostolsky strives to answer this question in “HIPAA Enforcement: The Next Step,” an interview and accompanying article that appeared on HealthcareInfoSecurity on October 14th. The article discusses a number of trends predicted for the near future stemming from the HIPAA Omnibus Rule introduced last year, such as an increase in the number of investigations by the Department of Health and Human Services’ Office for Civil Rights regarding the illegal use, disclosure, and sale of PHI without patient authorization, particularly when used for marketing and fundraising purposes. The article also provides recommendations for companies preparing for HIPAA compliance audits, privacy concerns related to the use of consumer health information on social media, and potential HIPAA privacy issues involving wearable consumer health devices.
To listen to the interview and read the article, click here.