Key questions linger after recent amendments to California Consumer Privacy Act

Last week marked the end of legislative activity in the state of California for 2019, and with the impending California Consumer Privacy Act (CCPA or the Act) going into effect on January 1, 2020, many businesses were waiting optimistically for some clarification on lingering questions. The California legislature did pass five bills amending the Act, presenting minimal real relief for businesses affected by this sweeping law. Some key questions remained: Would employee data be excluded? Would relief from possible limitations on customer loyalty programs pass? How would measures sought by businesses to provide certainty and some relief fare? In all, with the exception of provisions related to employee data, which brings some ease, it appears that the scope and complexity of the CCPA remains largely unchanged.

To read more about the recent CCPA amendments, visit Reed Smith’s website.


Proposed Rule Offers Clarity on Mandatory Protections for Substance Use Disorder Patient Records

Entities that provide treatment to patients with substance use disorders may find some clarity on federal requirements surrounding patient record confidentiality.  The Department of Health & Human Services (HHS) Substance Abuse and Mental Health Services Administration (SAMHSA) recently announced much-anticipated proposed changes to the federal regulations at 42 C.F.R. part 2 (Part 2), which govern the confidentiality of patient records created by federally-assisted substance use disorder treatment programs (Proposed Rule).  The proposed rulemaking comes at a time when SAMHSA is attempting to balance its continued efforts to align regulations with advances in the U.S. health care delivery system, particularly with respect to coordinated care, while retaining important privacy protections for individuals seeking treatment for substance use disorders (SUDs).

Importantly, much of the Proposed Rule seeks to clarify existing Part 2 standards, rather than establish new or revised standards, especially regarding the scope of records to which Part 2 applies, and the patient consent required for disclosures.  Further, with the exception of research, the Proposed Rule dims the hopes of many in the Health Insurance Portability and Accountability Act (HIPAA)-regulated health care industry, who anticipated SAMHSA would use the Proposed Rule to streamline aspects of the two regulatory regimes.  As it stands, the HIPAA and Part 2 protections for protected health information will continue to vary significantly and consequently may continue to cause confusion among providers about how to comply with both standards.

In finalizing amendments to Part 2, SAMHSA will consider public comments to the proposed rulemaking, which are due October 25, 2019 and can be submitted here.

Continue Reading

Recent Traction In FDA’s Development of the 503A and 503B Bulks Lists

Just as the U.S. Food & Drug Administration (“FDA”) promised in its 2019 compounding priorities statement, FDA published a notice and proposed rule in the Federal Register in the past week related to bulk drug substances that can be compounded subject to the conditions of Section 503A and Section 503B of the Federal Food, Drug, & Cosmetic Act (“FDCA”):

(1) On September 5, 2019, FDA published a proposed rule regarding its intent to amend its regulations to add five bulk drug substances that can be used in compounding under Section 503A (the “503A Bulks List”) and proposed excluding another 26 bulk drug substances from the 503A Bulks List. Specifically, FDA proposes to amend the 503A Bulks List to include glutaraldehyde, glycolic acid, L-citrulline, pyruvic acid, and trichloroacetic acid (TCA), and proposes not to include 7-keto dehydroepiandrosterone (DHEA), acetyl-L-carnitine (ALC), alanyl-L-glutamine, Aloe vera 200:1 freeze dried, artemisinin, astragalus extract 10:1, boswellia serrata extract (BWSE), cesium chloride, chondroitin sulfate, chrysin, curcumin, D-ribose, deoxy-D-glucose, diindolylmethane, domperidone, epigallocatechin gallate (EGCG), germanium sesquioxide, glycyrrhizin, kojic acid, nettle, nicotinamide adenine dinucleotide (NAD), nicotinamide adenine dinucleotide disodium reduced (NADH), rubidium chloride, sodium dichloroacetate, vanadyl sulfate, and vasoactive intestinal peptide (VIP).

(2) On September 3, 2019, FDA published notice of its intent to exclude nine more bulk drug substances from its 503B clinical need list (the “503B Bulks List”). These substances are: dipyridamole, ephedrine sulfate, famotidine, hydralazine hydrochloride, methacholine chloride, sodium bicarbonate, sodium tetradecyl sulfate, trypan blue, and vecuronium bromide.

If the bulk drug substances above are ultimately not included in the 503A Bulks List, compounding pharmacies will not be able to compound with the substance unless the substance appears on an applicable United States Pharmacopeia or National Formulary monograph or if the substance is part of a commercially available drug product. Additionally, if the bulk drug substance does not appear on the 503B Bulks List (which is based on FDA’s interpretation of whether there is a “clinical need” for the substance), FDA-registered outsourcing facilities will not be able to compound with that substance unless it appears on the FDA drug shortage list. The Agency’s revisions to these Bulks Lists could significantly impact the compounding practices of these facilities nationwide and their ability to get patients access to the unique and critical compounded medications they need.

Continue Reading

Join us for a webinar on the changing regulatory landscape of promotion: Drug/biologic advertising in the Trump era and beyond

As a part of our FDA Series, Reed Smith will be hosting an upcoming webinar, “The changing regulatory landscape of promotion: Drug/biologic advertising in the Trump era and beyond” on Thursday, September 19, 2019 at 2:00 PM ET.

This program will discuss promotional enforcement activity under the Trump Administration and how recent technological, demographic, and other developments are altering the landscape of drug and biologic promotion in the United States. In addition, we will take a closer look the new channels of advertising available to drug and biologic companies and their accompanying regulatory challenges.

Please click here to register for the webinar.

Malaysia seeks to hold listed companies accountable for implementing anti-corruption framework

It is imperative that life sciences companies operating globally stay on top of anti-corruption developments around the world, which is why we wanted to ensure our clients were aware of recent developments in Malaysia. In late July 2019, the Securities Commission Malaysia announced that it would implement an anti-corruption action plan (the Action Plan) seeking to improve the standards of corporate governance within the country.

The Action Plan supplements anti-corruption legislative changes recently introduced by the Malaysian government – the corporate liability provisions under a new Section 17A of Malaysia’s primary anti-corruption law, the Malaysian Anti-Corruption Commission Act (the MACCA). These provisions apply to Malaysian companies and foreign companies conducting business in Malaysia.

A key element of the Action Plan requires companies that are listed in Malaysia to implement an “effective anti-corruption framework” that corresponds with the Malaysian government’s Guidelines on Adequate Procedures provided in December 2018 (the Guidelines). This follows the Securities Commission’s May 31, 2019 evaluation of Malaysia-listed companies. The evaluation found that only 59 percent of these companies have an anti-corruption policy, with a majority of these policies having gaps with regard to the Guidelines.

To read more about Malaysia’s anti-corruption Action Plan and its implications, visit Reed Smith’s website.

Biometric privacy legislation trends rise nationwide

Several states are following the path of Illinois’ Biometric Information Privacy Act (BIPA), a law that has led to a rise in the volume of class action privacy litigation and underlined the significance of enterprise-level management of biometric data (e.g., fingerprint, voiceprint, and retina, facial, or iris image). Organizations that gather and utilize biometric data for employee tracking or consumer-facing uses (including the gathering and utilization of characteristics like heart rate or step counts) should be conscious of growing trends in biometric privacy laws (and corresponding risk of possible follow-on class actions) and should be proactive by assessing their compliance with existing and soon-to-be-effective laws and anticipating new laws in other states.

To read more on this topic, visit Technology Law Dispatch.

Join Us: Free CLE Webinar on Best Practices for Managing Privacy Risks in Vendor Engagements

Reed Smith will be hosting an upcoming CLE webinar, “Best Practices for managing privacy risks in vendor engagements – diligence, contracting, and oversight under the California law” on Wednesday, September 11, 2019 at 2:00 PM ET.

This program will offer a review on how organizations can approach third-party information sharing under the CCPA. Furthermore, as this webinar is just days before California’s 2019 legislative session ends, we will discuss the current status of various CCPA amendments that are still on the table.

This program is presumptively approved for 1.0 general CLE credit in California, Illinois, New Jersey, Pennsylvania, Texas and West Virginia. For lawyers licensed in New York, this course is eligible for 1.0 credit under New York’s Approved Jurisdiction Policy. Please allow four weeks after the program to receive a certificate of attendance.

Please click here to register for the webinar.

About That Brand Memo . . .

Issued in January 2018, the so-called Brand Memo reminded Department of Justice (DOJ) attorneys that “[g]uidance documents cannot create binding requirements that do not already exist by statute or regulation.” It also instructed DOJ attorneys that they “may not use noncompliance with guidance documents as a basis for proving violations of applicable law in affirmative civil enforcement cases” such as those brought under the False Claims Act (FCA). “That a party fails to comply with agency guidance expanding upon statutory or regulatory requirements,” the Brand Memo explained, “does not mean that the party violated those underlying legal requirements; agency guidance documents cannot create any additional legal obligations.”

The Brand Memo was welcomed by the defense bar and signaled an appropriate return to first principles of federal administrative law—principles that may easily get lost in the zeal to recover money for the Federal Treasury (and potentially for oneself in the case of a qui tam relator).

The party didn’t last long, although relatively few people yet realize it.

In late December 2018, DOJ made little-noticed changes to a DOJ manual and, in so doing, effectively reversed course in a wide swath of FCA cases involving Medicare and/or Medicaid. The Justice Manual (formerly known as the United States Attorneys’ Manual) serves as a collection of DOJ policies and procedures. In the midst of the holiday season and without fanfare, DOJ added a new section 1-20.202 to the Justice Manual. Section 1-20.202, which applies equally to federal criminal cases, states in relevant part:

[DOJ] may use a guidance document as probative evidence that a party has satisfied, or failed to satisfy, professional or industry standards or practices relating to applicable statutory or regulatory requirements. . . . This rationale applies more broadly in the healthcare arena, where guidance documents, like other statements of professional standards such as CMS’s Medicare Benefit Policy Manual or Local Coverage Determinations, are relevant evidence of violations of the principal requirement that procedures billed to Medicare or Medicaid be medically “reasonable and necessary.”  E.g., 42 U.S.C. § 1395y(a)(1)(A); 42 U.S.C. § 1396 et seq.; 42 C.F.R. § 410.50. Such usage does not give these documents the force of law, but rather aids in demonstrating that the standards in the relevant statutory and regulatory requirements have been or have not been satisfied.

Lest there be any lingering doubt regarding the Brand Memo’s continued viability, the December 2018 amendments to the Justice Manual concluded by stating: “This section fully implements, clarifies, and supersedes prior [DOJ] memoranda on this topic.”

In other words, bye-bye Brand Memo.

It remains to be seen whether this course reversal will hold up in court. It shouldn’t. FCA cases based on questions of medical necessity are a growing and highly controversial segment of FCA cases generally. While such cases typically involve significant amounts of money, that fact alone does not justify disregarding the fundamental principle of federal administrative law that guidance documents such as agency manuals are non-binding and do not have the force of law. And following the recent decision by the Supreme Court of the United States in Azar v. Allina Health Services, No. 17-1484 (June 3, 2019)—which reinforced the importance of the Medicare Act’s unique notice-and-comment rulemaking requirements and their applicability to any “rule, requirement, or other statement of policy . . . that establishes or changes a substantive legal standard governing the scope of [Medicare] benefits, the payment for services, or the eligibility of individuals, entities, or organizations to furnish or receive services or benefits”—DOJ may soon have to revisit its December 2018 amendments to the Justice Manual.

Join Us: Free CLE Webinar on Value-Based Reimbursement Programs

Reed Smith will be hosting an upcoming CLE webinar, “Physician Compensation Issues in the World of Evolving Value-Based Payment Programs” on Wednesday, August 28, 2019 at 12:00 PM ET.

This program will provide an overview of the most prevalent value-based reimbursement programs in the market today. This overview will be followed by a discussion of what it takes for providers to transition to and thrive in a value-based reimbursement environment, including a discussion of the operational and regulatory considerations for doing so.

This program is presumptively approved for 1.0 general CLE credit in California, Illinois, New Jersey, Pennsylvania, Texas and West Virginia. For lawyers licensed in New York, this course is eligible for 1.0 credit under New York’s Approved Jurisdiction Policy. Please allow four weeks after the program to receive a certificate of attendance.

Please click here to register for the webinar.

Join Us: Free CLE Webinar on Privacy Practices in Compliance with the CCPA

Reed Smith presents the latest installment in our Countdown to CCPA Compliance webinar series, “Privacy by Accident”, now available to watch on demand.

Whether by accident or by design, many organizations have implemented privacy practices or programs that will help toward compliance with the CCPA. This webinar will discuss these practices and how they can be leveraged as the countdown to the CCPA continues.

Specifically, we will discuss:

  • How compliance for the GDPR will translate to the CCPA and what additional measures may be needed to fill compliance gaps
  • How having a strong general privacy program in place could mean that not much more needs to be done
  • Where a strong data security program and vendor management program meets the standards of the CCPA

This webinar is part of our Countdown to CCPA Compliance webinar series that will go beyond simply explaining the CCPA and its requirements. Each webinar will dive deep into different key provisions, exemptions and exceptions, and operational challenges. The series will provide case studies, tools, techniques, and practical tips for compliance with the CCPA.

This program is presumptively approved for 1.0 general CLE credit in California, Illinois, New Jersey, Pennsylvania, Texas and West Virginia. For lawyers licensed in New York, this course is eligible for 1.0 credit under New York’s Approved Jurisdiction Policy. Please allow four weeks after the program to receive a certificate of attendance.

You can register to view the webinar on demand here.