Health Care and Life Sciences Industries Still Left in the Dark Following Publication of California Consumer Privacy Act Draft Regulations

Last Thursday, the California Attorney General, Xavier Becerra, released the long-awaited text of the proposed California Consumer Privacy Act (CCPA) regulations. Once finalized, these 24 pages of regulations will govern compliance with the CCPA. While the draft regulations provide insight into how regulated entities must address verification of consumer requests and clarifies aspects of how to notify consumers of their rights, among other things, it notably does not address or provide any guidance regarding the three exemptions most relevant to the health care industry, biotechnology companies, and drug and device manufacturers.

Untouched, unexplained and still ambiguous as ever, were the Health Insurance Portability and Accountability Act (HIPAA), California Medical Information Act (CMIA), and clinical research exemptions. As discussed below, the industry has grappled with interpretation and application of these provisions due to missing definitions and uncertainty in statutory construction.

As set forth in the statute, the HIPAA exemption states that the obligations imposed by the CCPA are not applicable to protected health information (PHI) collected by a “covered entity” or “business associate” governed by the privacy, security and breach notification rules issued pursuant to HIPAA. The exemption also provides that HIPAA-covered entities are not subject to the CCPA to the extent that they “maintain patient information in the same manner as medical information or protected health information.” A primary source of uncertainty that was left unaddressed by the proposed regulations, however, is whether other types of personal information held by these entities remain subject to the CCPA. To this end, the proposed regulations do not define “patient information,” and thus it remains unclear whether the HIPAA exemption would exempt non-PHI held by these types of entities.

Continue Reading

Join us for a webinar covering the roller coaster journey that was the past 12 months in health care law

Reed Smith will be hosting an upcoming webinar, “12 Months in Health Care Law: A Roller Coaster Journey”, on Tuesday, October 15, 2019 at 12:00 PM ET.

The webinar will deliver an informative and entertaining review of many of the key regulatory developments and court rulings in health care law over the past 12 months.

This fast-paced program (you will be amazed at how much we cover in just 60 minutes!) will provide an engaging look at the twists and turns of our industry’s legal developments, including:

  • Continuing adventures in health care reform
  • Fraud and abuse developments, including investigative and enforcement activity, and the Yates and Brand memos
  • Rising reimbursement challenges
  • HIPAA highlights and related state laws looming on the horizon (e.g., CCPA)
  • Pharmaceutical and medical device payment and regulatory developments
  • A variety of intriguing health care items you may have missed

This program is presumptively approved for 1.0 general CLE credit in California, Illinois, New Jersey, Pennsylvania, Texas and West Virginia. For lawyers licensed in New York, this course is eligible for 1.0 credit under New York’s Approved Jurisdiction Policy. Please allow four weeks after the program to receive a certificate of attendance.

Please click here to register for the webinar.

Join us for a webinar covering FDA inspections of health care facilities: How to keep calm and carry on when FDA walks through your door

As part of our FDA series, Reed Smith will be hosting the upcoming webinar, “FDA inspections of health care facilities: How to keep calm and carry on when FDA walks through your door” on Thursday, October 10, 2019 at 12:00 PM ET.

The webinar, presented by partner Rachael Pontikes and associate Emily Hussey, will provide attendees an opportunity to join a conversation on the ins and outs of FDA inspections of health care facilities, including pharmacies, distributors and similarly FDA-regulated health care facilities.

This program is presumptively approved for 1.0 general CLE credit in California, Illinois, New Jersey, Pennsylvania, Texas and West Virginia. For lawyers licensed in New York, this course is eligible for 1.0 credit under New York’s Approved Jurisdiction Policy. Please allow four weeks after the program to receive a certificate of attendance.

Please visit the event page to register for this webinar.

FDA Partners with the National Association of Boards of Pharmacy to Create an Information-Sharing System for Drug Compounding Activities

On October 2, 2019, the United States Food & Drug Administration (FDA) announced that it awarded a cooperative agreement grant to the National Association of Boards of Pharmacy (NABP) to establish an information-sharing system for drug compounding activities conducted in accordance with Section 503A of the Federal Food, Drug, & Cosmetic Act (FDCA). With this three-year pilot project, FDA’s stated hope is that it will improve the information available to federal and state regulators regarding the Agency’s interpretation of the interstate distribution of compounded medications.

While FDA identifies public health and patient safety as its primary motivation for this new information-sharing system with NABP, the Agency has also represented that this system is its attempt to make it easier for States to sign on to the proposed memorandum of understanding agreement (MOU). FDA’s current revised draft MOU limits interstate distribution of compounded drugs and triggers various reporting requirements for regulated State-entities. Many States have indicated that, due to the extensive reporting requirements in the draft MOU, they may choose not to sign on to a finalized MOU, which carries serious restrictions for compounding pharmacies located in States that decline to enter into an MOU.

The Agency has indicated in its announcement that it intends to finalize the MOU this year, so we encourage industry stakeholders to remain apprised of this new information-sharing system and closely watch for the issuance of the finalized MOU. With the year quickly drawing to a close, this pilot project is further indication that the Agency remains actively engaged in the regulation of drug compounding.

Should you have any questions or concerns regarding any of the issues raised in this alert, please do not hesitate to reach out to Rachael Pontikes, Emily Hussey, Kelly Kearney, or Allyson Wilson for further discussion.

Join us for a webinar on the state of the California Consumer Privacy Act and what the latest amendments mean for you.

As part of our Countdown to CCPA Compliance webinar series, Reed Smith will be hosting an upcoming webinar, “Countdown to CCPA compliance: 3 months to go” on Wednesday, October 9, 2019 at 2:00 PM ET.

This program will explore the outcomes stemming from the September 2019 amendments on the CCPA, as well as the AG’s regulations. In addition, the webinar will include a discussion on how to keep your CCPA compliance project on a positive trajectory, with respect to the upcoming change in requirements.

Please visit the event page to read more and register for the webinar.

Note: This program is presumptively approved for 1.0 general CLE credit in California, Illinois, New Jersey, Pennsylvania, Texas and West Virginia. For lawyers licensed in New York, this course is eligible for 1.0 credit under New York’s Approved Jurisdiction Policy. Please allow four weeks after the program to receive a certificate of attendance.

New California ballot initiative would expand protections over health data

Californians may have a new privacy initiative on their November 2020 ballot after the California Privacy Rights and Enforcement Act of 2020 (CPREA) was proposed last week. If enacted, this new law would revise and expand upon the California Consumer Privacy Act (CCPA) – which goes into effect in January – by, among other features, creating heightened standards around the use and disclosure of “sensitive personal information.” Under the newly proposed CPREA, “sensitive personal information” explicitly includes consumer health data and biometric information, as well as other data including social security numbers, government ID numbers, account log-ins, precise geolocation, and sexual orientation information. The CPREA prohibits selling such information without a consumer’s affirmative authorization, and provides consumers with the right to opt out of the use or disclosure of these types of information for advertising or marketing purposes.

The CCPA, as currently enacted, carves out certain data that is already regulated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Medical Information Act (CMIA), though the law does apply to “biometric data,” which includes “sleep, health, or exercise data that contain identifying information.”  However, the CPREA would apply greater protections around health data and other data traditionally considered more sensitive.

The proposed initiative requires more than 623,000 signatures to qualify for the November 2020 ballot.

You can read more about the CPREA on our Technology Law Dispatch blog.

Outsourcing Facility Athenex Withdraws Appeal of District Court’s Ruling on FDA’s Placement of Bulk Drug Substances on its “Clinical Need” List

On September 23, 2019, New York-based outsourcing facility Athenex, Inc. (Athenex) withdrew its appeal of the U.S. District Court for the District of Columbia’s ruling related to the United States Food & Drug Administration’s (FDA) placement of Vasopressin on the Agency’s “clinical need” list.

As may be recalled from our previous alert, Athenex sued FDA in March 2019, based on allegations that the Agency’s interpretation of key provisions of Section 503B of the Federal Food, Drug, & Cosmetic Act (FDCA) ran afoul of Congress’ desire that FDA not interfere with the practice of medicine.  Specifically, Athenex challenged FDA’s decision to remove bulk drug substance Vasopressin from FDA’s “clinical need” list – that is, a list of bulk drug substances that FDA has approved for compounding by outsourcing facilities.  Without placement on this list, outsourcing facilities cannot compound with the bulk drug substance unless it appears on FDA’s drug shortage list.

In August 2019, the U.S. District Court for the District of Columbia ruled in FDA’s favor and against Athenex, finding that: (1) the Agency’s method of determining whether there is a “clinical need” for a bulk drug substance gives effect to the intent of Congress; and (2) the exclusion of Vasopressin from the 503B Bulks List was not arbitrary and capricious.  Although Athenex previously indicated its plans to appeal the ruling, Athenex recently withdrew its appeal and has ceased compounding with Vasopressin.

The District Court’s decision came out approximately one month before FDA published notice of its intent to exclude nine more bulk drug substances from its “clinical need” list in the Federal Register.  Stakeholders interested in submitting comments to FDA’s notice have until November 4, 2019, to comment.  Should you have any questions regarding the notice or any of the issues raised in this alert, please do not hesitate to reach out to Rachael Pontikes, Emily Hussey, or Kelly Kearney for further discussion.

Key questions linger after recent amendments to California Consumer Privacy Act

Last week marked the end of legislative activity in the state of California for 2019, and with the impending California Consumer Privacy Act (CCPA or the Act) going into effect on January 1, 2020, many businesses were waiting optimistically for some clarification on lingering questions. The California legislature did pass five bills amending the Act, presenting minimal real relief for businesses affected by this sweeping law. Some key questions remained: Would employee data be excluded? Would relief from possible limitations on customer loyalty programs pass? How would measures sought by businesses to provide certainty and some relief fare? In all, with the exception of provisions related to employee data, which brings some ease, it appears that the scope and complexity of the CCPA remains largely unchanged.

To read more about the recent CCPA amendments, visit Reed Smith’s website.

 

Proposed Rule Offers Clarity on Mandatory Protections for Substance Use Disorder Patient Records

Entities that provide treatment to patients with substance use disorders may find some clarity on federal requirements surrounding patient record confidentiality.  The Department of Health & Human Services (HHS) Substance Abuse and Mental Health Services Administration (SAMHSA) recently announced much-anticipated proposed changes to the federal regulations at 42 C.F.R. part 2 (Part 2), which govern the confidentiality of patient records created by federally-assisted substance use disorder treatment programs (Proposed Rule).  The proposed rulemaking comes at a time when SAMHSA is attempting to balance its continued efforts to align regulations with advances in the U.S. health care delivery system, particularly with respect to coordinated care, while retaining important privacy protections for individuals seeking treatment for substance use disorders (SUDs).

Importantly, much of the Proposed Rule seeks to clarify existing Part 2 standards, rather than establish new or revised standards, especially regarding the scope of records to which Part 2 applies, and the patient consent required for disclosures.  Further, with the exception of research, the Proposed Rule dims the hopes of many in the Health Insurance Portability and Accountability Act (HIPAA)-regulated health care industry, who anticipated SAMHSA would use the Proposed Rule to streamline aspects of the two regulatory regimes.  As it stands, the HIPAA and Part 2 protections for protected health information will continue to vary significantly and consequently may continue to cause confusion among providers about how to comply with both standards.

In finalizing amendments to Part 2, SAMHSA will consider public comments to the proposed rulemaking, which are due October 25, 2019 and can be submitted here.

Continue Reading

Recent Traction In FDA’s Development of the 503A and 503B Bulks Lists

Just as the U.S. Food & Drug Administration (“FDA”) promised in its 2019 compounding priorities statement, FDA published a notice and proposed rule in the Federal Register in the past week related to bulk drug substances that can be compounded subject to the conditions of Section 503A and Section 503B of the Federal Food, Drug, & Cosmetic Act (“FDCA”):

(1) On September 5, 2019, FDA published a proposed rule regarding its intent to amend its regulations to add five bulk drug substances that can be used in compounding under Section 503A (the “503A Bulks List”) and proposed excluding another 26 bulk drug substances from the 503A Bulks List. Specifically, FDA proposes to amend the 503A Bulks List to include glutaraldehyde, glycolic acid, L-citrulline, pyruvic acid, and trichloroacetic acid (TCA), and proposes not to include 7-keto dehydroepiandrosterone (DHEA), acetyl-L-carnitine (ALC), alanyl-L-glutamine, Aloe vera 200:1 freeze dried, artemisinin, astragalus extract 10:1, boswellia serrata extract (BWSE), cesium chloride, chondroitin sulfate, chrysin, curcumin, D-ribose, deoxy-D-glucose, diindolylmethane, domperidone, epigallocatechin gallate (EGCG), germanium sesquioxide, glycyrrhizin, kojic acid, nettle, nicotinamide adenine dinucleotide (NAD), nicotinamide adenine dinucleotide disodium reduced (NADH), rubidium chloride, sodium dichloroacetate, vanadyl sulfate, and vasoactive intestinal peptide (VIP).

(2) On September 3, 2019, FDA published notice of its intent to exclude nine more bulk drug substances from its 503B clinical need list (the “503B Bulks List”). These substances are: dipyridamole, ephedrine sulfate, famotidine, hydralazine hydrochloride, methacholine chloride, sodium bicarbonate, sodium tetradecyl sulfate, trypan blue, and vecuronium bromide.

If the bulk drug substances above are ultimately not included in the 503A Bulks List, compounding pharmacies will not be able to compound with the substance unless the substance appears on an applicable United States Pharmacopeia or National Formulary monograph or if the substance is part of a commercially available drug product. Additionally, if the bulk drug substance does not appear on the 503B Bulks List (which is based on FDA’s interpretation of whether there is a “clinical need” for the substance), FDA-registered outsourcing facilities will not be able to compound with that substance unless it appears on the FDA drug shortage list. The Agency’s revisions to these Bulks Lists could significantly impact the compounding practices of these facilities nationwide and their ability to get patients access to the unique and critical compounded medications they need.

Continue Reading

LexBlog