The Continuing Evolution of the French Sunshine Act

Since the general disclosure rule for provider-manufacturer relationships in France was enacted into law on January 1, 2012, its compliance and enforcement have been a common point of discussion for health care professionals, pharmaceutical and medical device manufacturers, and government officials, among others. As Reed Smith partner Daniel Kadar points out in “The French Sunshine Act Continues to Be a Challenge,” an article published in the April 2015 edition of eHealth Law & Policy, the law is viewed by many as a work-in-progress that requires frequent clarification. Daniel attributes this to the “erratic” evolution of the law, which he also chronicles in the December 2014 eHealth Law & Policy article “Implementation of the French Sunshine Act – One Year On.”

While the French Sunshine Act – which requires manufacturers of medical products such as drugs and medical devices to disclose any financial agreements or benefits with health care providers – formally came into law on January 1, 2012, its rules of implementation only came about in a decree adopted in May 2013 (which was applied retroactively to January 2012). June 2014 saw the introduction of a unique transparency portal to capture the disclosure information. And in late 2014, the French Directorate General of Health offered its own interpretation of the French Sunshine Act by deciding that the disclosure requirements should be extended to pharmaceutical and medical device manufacturers headquartered outside of France that have financial relationships with French health care providers.

Most recently, on February 24, 2015, the French Council of State expanded the scope of the French Sunshine Act even further. Under these new regulations, manufacturers of non-corrective contact lenses, cosmetic products and tattooing products are now required to disclose any financial relationships they may have with health care providers in France. The French Council of State also called for the disclosure of salaries given by companies to health care professionals such as physicians. This newest expansion to the law’s scope was covered in an article published in the March 2015 edition of eHealth Law & Policy in which Daniel is quoted. It is evident that the French Sunshine Act has gone through several transformations since its enactment, and the string of changes may very well continue into the near future.

21st Century Cures Markup Underway; Offsets Released

Today the House Energy and Commerce Committee is marking up H.R. 6, the 21st Century Cures Act, a high-profile, bipartisan bill that seeks to accelerate the pace of medical cures in the United States through a variety of reforms addressing drug and device development and approval, clinical trial design, research funding, interoperability of health technology, and other issues.  The amendments to be considered during markup have been posted, including Chairman Upton’s amendment with offsets/”pay-fors” for the bill, including provisions:

  • Limiting Medicaid durable medical equipment reimbursement rates to Medicare fee-for-service rates applicable in the state, effective January 1, 2020;
  • Making various changes to Medicare imaging policy; and
  • Implementing OIG recommendation to delay certain Medicare prescription drug plan prepayments, beginning with 2020.

Other amendments address other drug policy issues, including a Welch amendment that would direct the Secretary to negotiate with drug manufacturers regarding Part D prices and a Schakowsky amendment requiring manufacturers to submit drug R&D cost information as part of the drug approval/biological licensing process.

The full text of the version of HR 6 to be considered today and the various amendments are available here.

UPDATE:  The bill was just approved, with adoption of Chairman Upton’s amendment and no others, by a unanimous, 51-0 vote.

OCR Announces Settlement and Corrective Action Plan with Pharmacy Stemming from Alleged Violations

This post was written by Jennifer Pike and Jackie Godin.

On April 24, 2015, the HHS Office for Civil Rights (“OCR”) once again stressed the importance of properly disposing of protected health information (“PHI”) when it announced its settlement and corrective action plan with Cornell Prescription Pharmacy (“CPP”), a small for-profit, single location, compounding pharmacy located in Denver, Colorado. CPP has agreed to pay $125,000 and enter into a corrective action plan (“CAP”) to settle potential violations of the HIPAA Privacy Rule.

Only two days after receiving a media report from a local news station regarding CPP’s disposal of PHI in an unsecured, publically accessible dumpster container located on CPP’s premises, OCR opened a compliance review and investigation of CPP on January 13, 2012. The media reported that the documents contained the PHI of 1,610. Despite CPP’s small size, OCR Director Jocelyn Samuels stressed that all covered entities are held to the same standards when it comes to HIPAA and the protection of PHI. Ms. Samuels stated, “Even in our increasingly electronic world, it is critical that policies and procedures be in place for secure disposal of patient information, whether that information is in electronic form or on paper.” Beyond the improper disposal of PHI, OCR’s investigation also indicated that CPP had failed to implement the proper written policies, procedures, and training on its policies and procedures to comply with the Privacy Rule.

Therefore, in addition to the $125,000 monetary settlement, the Resolution Agreement between CPP and OCR included a two-year CAP that requires CPP to, among other actions: (1) implement written policies and procedures that include physical and administrative safeguards for the secure disposal of all non-electronic PHI and comply with HIPAA standards governing the privacy of individually identifiable health information; (2) distribute the policies and procedures to members of CPP’s workforce; and (3) conduct regular training sessions for members of the workforce and require that these individuals execute a training certification form before accessing PHI in any manner. The CAP also requires CPP to notify OCR within 30 days of a violation of its implemented policies and procedures or the HIPAA Rules. Lastly, CPP must provide OCR with an “Implementation Report” summarizing the status of CPP’s obligations under the CAP and “Annual Reports” outlining CPP’s progress under the CAP.

As previously demonstrated, this investigation and resulting settlement demonstrates that OCR will not alter its enforcement response based on the small size of the covered entity or the relatively limited number of patients involved in any potential HIPAA violation. It also reminds covered entities and business associates that OCR is paying close attention to reports of potential violations that arise out of any media outlet or other viable source. Finally, this settlement reaffirms that covered entities and business associates must take proactive measures and implement and regularly update comprehensive policies and procedures that contain a process for the safe and secure disposal of paper and electronic documents containing PHI.

For additional information on OCR’s enforcement activities, visit the U.S. Department of Health and Human Services website.

First Steps for GCs in Assessing a Data Breach

When a data breach is discovered by a company, it is often the responsibility of the company’s in-house counsel to swiftly assess the breach and provide an initial report to company management. There are several steps that in-house counsel should follow if faced with a breach to allow for an adequate assessment that company management can use. As noted by Reed Smith partner Bill Cook in “The GC’s 30-Minute Breach Drill,” well-prepared in-house counsel should be able to compile this report in approximately 30 minutes. While the residual effects of a data breach can last for years, it is crucial that a company’s initial response is fast and effective.

To read the client alert, click here.

OIG Report: FDA Has Made Progress on Oversight/Inspections of Manufacturers of Generic Drugs

Yesterday the OIG posted a report entitled “FDA Has Made Progress on Oversight and Inspections of Manufacturers of Generic Drugs” in response to a Congressional request expressing concerns about the safety and quality of generic drugs produced by foreign manufacturers. Key findings from the report include the following:

  • FDA increased its preapproval inspections of manufacturers of generic drugs by 60% between 2011 and 2013, but it did not conduct all of the preapproval inspections requested by its own generic drug application reviewers during this time period.
  • FDA conducted surveillance inspections in 2013 of all generic manufacturers that it had identified as high risk.
  • FDA reported progress towards achieving parity in inspections of foreign and domestic manufacturers of generic drugs and ensuring compliance with generic manufacturer registration, as illustrated by this table detailing the distribution of generic manufacturers and surveillance inspections in FY 2013:
Source: OIG analysis of FDA FACTS data and FDA database of manufacturers of generic drugs, FY 2013.
Country or Region Number of Manufacturers Number of Surveillance Inspections
Asia 624 (41%) 180 (31%)
Europe 396 (26%) 126 (21%)
Canada 45 (3%) 20 (3%)
Other 46 (3%) 11 (2%)
United States 403 (27%) 252 (43%)
Total* 1,514 589
  • FDA has created certain policies and procedures to request manufacturer records in lieu or in advance of an inspection, but it has not yet used these procedures.

In response to its findings, the OIG recommends that FDA:

  • Conduct outstanding preapproval inspections of manufacturers of generic drugs, where appropriate, which the OIG observes could lead to more timely approval of these drugs.
  • Ensure compliance with the requirement for manufacturers of generic drugs to register with FDA, since the OIG believes a complete and up-to-date registration database would facilitate implementation of the FDA’s plans for conducting inspections.
  • Use its authority to request records in lieu or in advance of an inspection, which OIG states could increase FDA’s capacity for inspections and free up staff time during the onsite portion of the inspection.

FDA concurred with these recommendations. The full report is available here.

3D Printing Medical Devices

This post was written by Colleen Davies, Lisa Baird, Farah Tabibkhoei and Matt Jacobson.

The recent news that certain Lowe’s stores will offer customers the ability to custom-make 3D printed items has garnered a lot of attention. But perhaps even more exciting is that 3D printing (also known as additive manufacturing) is giving physicians new options for treating patients underserved by existing technologies. Almost daily, reports emerge about novel, life-saving procedures made possible through 3D printing, from children implanted with a customized, 3D printed medical device made of material that will resorb over time as they grow, to surgeons able to perform complex, specialized operations successfully after they were able to practice the procedure on models printed from patients’ CT scans.

As one might imagine, 3D printing a medical device for use in humans carries particular challenges not present with 3D printing in other contexts. Design and design validation, quality control, cleaning, sterility, biocompatibility, and final device assessment are essential steps with any 3D printed medical device—and these processes are even more crucial for Class III, implanted devices. 3D printed medical devices already have the attention of the FDA’s Additive Manufacturing Working Group, and 510(K) clearances already have been granted for some 3D printed devices, from Invisalign braces to spinal cages. But as comments made during the FDA’s Additive Manufacturing Working Group’s October 2014 workshop make clear, industry and regulators need to continue working together to meet those challenges, and to continue to realize the full potential of this technology for patients.

Bipartisan Energy & Commerce Committee Leaders Release Updated 21st Century Cures Draft

Today the bipartisan leadership of the House Energy and Commerce Committee released their 2015 version of the 21st Century Cures Act, which is intended to bolster medical discovery, treatment development, and delivery of treatment to patients. The almost 200-page legislation is the product of a year of collaboration among lawmakers and stakeholders. As described by supporters, the bill would:

  • Incorporate the patient perspective in the discovery, development, and delivery process
  • Increase funding for the National Institutes of Health
  • Foster development of treatments for patients facing serious or life-threatening diseases
  • Repurpose drugs for serious or life-threatening diseases and conditions
  • Modernize clinical trials
  • Break down barriers to increased collaboration and data sharing among patients, researchers, providers, and innovators
  • Help the development of personalized and precision medicines so the right patient can receive the right treatment at the right time
  • Provide for continued work in the telehealth space
  • Advance a truly interoperable health care system
  • Provide clarity for developers of software products used in health management and medical care

The text of the legislation and a section-by-section analysis are available here. The legislation will be the subject of a Committee hearing tomorrow.

Amidst Increasing Security Concerns, Medicare to Drop Social Security Numbers from Cards

This post was written by Jennifer Pike.

In an effort to combat growing concerns of identity left, President Obama signed into law last week a bill that will require the removal of Social Security Numbers (SSNs) from all Medicare beneficiary cards. The change, which follows years of warnings to Medicare officials, will be implemented over the next eight years. Medicare has four years to begin issuing cards with new identifiers, and four years after that to reissue cards to current beneficiaries.

The removal of SSNs from the cards is not only expected to decrease the risks associated with identity theft for Medicare beneficiaries, but also Medicare’s risk of exposure associated with breaches of protected health and personal information under the Health Insurance Portability and Accountability Act (HIPAA) and state privacy laws. The impermissible disclosure of SSNs by a health plan, such as Medicare, health care providers and health care clearinghouses (together “covered entities”) are generally considered breaches under the HIPAA Breach Notification Rule and similar state notification laws. Such laws require substantial, and often expensive, action, including notifications to affected individuals, the Office for Civil Rights, state Attorneys General, and consumer protection agencies. Moreover, some states require covered entities to provide complimentary identity theft protection to individuals whose SSNs are breached. Breaches of protected health and personal information may also result in significant monetary penalties.

Additional information on the new Medicare card requirements is available here.

FDA Releases Draft Guidance on Acceptance of Medical Device Clinical Data from Studies Conducted Abroad

This post was written by Vicki Morris and Jennifer Pike.

On April 21, 2015, the Food and Drug Administration (FDA) issued a notice announcing the availability of a draft guidance document clarifying the Agency’s acceptance of medical device clinical data from studies conducted outside of the United States (“OUS”). The guidance arises from the 2012 Food and Drug Administration Safety and Innovation Act § 1123, amending Food, Drug & Cosmetic Act § 569B, which codified FDA’s longstanding practice of accepting scientifically-valid clinical data obtained from foreign clinical studies in support of premarket submissions for devices. Thus, the guidance is not intended as a new policy announcement, but rather as a description of FDA’s existing approach to this topic.

The draft guidance highlights special considerations that apply when using foreign clinical data, including applicability to populations within the US, and provides recommendations to assist sponsors in ensuring their data are adequate under applicable FDA standards. Specifically, FDA focuses on considerations sponsors of device submissions should take into account when initiating, or relying on previously collected data from a foreign clinical study to support an Investigation Device Exemption (IDE), Premarket Notification (510k), De Novo Petition, Humanitarian Device Exemption (HDE), or Premarket Approval Application (PMA). To illustrate these considerations, FDA includes in the draft guidance several hypothetical examples depicting when data will be acceptable.

As noted in the draft guidance, the number of IDE applications and submissions for marketing authorization supported by OUS clinical trials has increased in recent years and will likely continue to increase in the future. This increasing globalization of clinical trials presents challenges to both US and foreign regulators. Among the challenges are resource constraints that impact the number of foreign clinical site inspections and unnecessary duplication of clinical studies and administrative burdens. As such, in publishing the draft guidance, FDA believes that promoting greater clarity concerning the Agency’s use of foreign study data will minimize the possibility for additional or duplicative U.S. studies, further efforts to harmonize global clinical trial standards, and promote public health and innovation.

Comments on the draft guidance are due to FDA by July 20, 2015 and can be submitted here.

MACRA Signed into Law by President; Reforms Medicare Payment Policy for Physician Services

On April 16, 2015, President Barack Obama signed into law the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA). The bill permanently transforms the structure of Medicare physician reimbursement and enacts several changes to Medicare payment, program integrity and policy provisions that will affect both health care providers and pharmaceutical/medical device manufacturers. The most notable change, according to a Reed Smith client alert written by Deb McCurdy, Elizabeth Carder-Thompson, Dan Cody, Gail Daubert, Tom Greeson, Paul Pitts, Trey Andrews, Katie Hurley and Rahul Narula, is the repeal of the Sustainable Growth Rate formula, ending an era in which Medicare physician fee schedule rates were subject to regular cuts and temporary adjustments by Congress. Under MACRA, physician payment updates will now pertain to quality, value and participation in alternative payment models.

Other changes under MACRA include a two-year extension of the Children’s Health Insurance Program (CHIP), a reduction of market basket updates for post-acute care providers, a revision of inpatient hospital payment rate updates, a restructuring of reductions under the Medicaid disproportionate share hospital program, an implementation of additional income-related adjustments for Medicare Part B and Part D premiums, and a ban on first-dollar Medigap coverage policies.

To read the full alert, click here.